Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vck_m662L3N2BT3wkzMiBLQW6TI.roa
File:                     Vck_m662L3N2BT3wkzMiBLQW6TI.roa (raw, json)
Hash identifier:          WNpsM/CkwC75FVcFLs7zIm3gsxMNTE/dOWvQeBehH6o=
Subject key identifier:   55:C9:3F:9B:AE:B6:2F:73:76:05:3D:F0:93:33:22:04:B4:16:E9:32
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E7595A670F396B6150B7665E1EC513275
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vck_m662L3N2BT3wkzMiBLQW6TI.roa
Signing time:             Mon 25 Mar 2024 12:28:45 +0000
ROA not before:           Mon 25 Mar 2024 12:28:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204227
IP address blocks:        2a00:1728:2e::/48 maxlen: 48
                          2a00:1728:2f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:95:a6:70:f3:96:b6:15:0b:76:65:e1:ec:51:32:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 25 12:28:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55c93f9baeb62f7376053df093332204b416e932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d9:41:7a:2b:15:26:ec:45:a1:0c:ba:06:fb:
                    ce:05:1f:8c:34:61:13:40:07:af:9f:b2:46:a5:84:
                    28:47:41:d5:30:5d:54:fd:7b:54:e7:6c:d5:6c:ca:
                    b7:21:f7:bc:59:d5:36:5f:40:a7:08:24:81:44:0d:
                    e1:ee:67:d1:a9:a6:dc:92:c1:79:6a:85:96:33:e1:
                    bb:3c:b3:97:64:5c:4a:cc:ae:51:01:18:2f:28:b9:
                    0c:7d:5c:0f:9a:69:9c:93:6a:c0:c4:bd:e5:4d:b2:
                    76:ac:2c:98:2d:5e:fa:2a:84:ab:07:1b:a1:ce:35:
                    96:79:d5:90:e7:54:57:f1:aa:da:18:dd:90:68:9f:
                    77:33:a9:6f:ee:a5:56:c3:3a:42:9b:24:99:a6:8d:
                    61:80:09:b2:4e:29:9c:9e:08:33:c6:fd:2e:e0:77:
                    56:97:ea:0c:b2:ae:f8:96:00:3a:cc:a2:65:64:26:
                    cc:07:49:aa:f0:c6:4e:32:c4:4b:cf:79:c4:eb:f4:
                    99:ab:cf:85:6b:a4:9d:2a:67:91:32:cb:35:b1:04:
                    b0:65:34:3c:3e:f9:73:c9:0d:43:03:39:df:99:8f:
                    09:d5:69:06:c7:87:f4:8c:53:bd:ed:f0:8e:82:c3:
                    41:9d:7b:15:1d:96:de:24:c9:5a:8a:4c:ef:e8:f1:
                    be:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C9:3F:9B:AE:B6:2F:73:76:05:3D:F0:93:33:22:04:B4:16:E9:32
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vck_m662L3N2BT3wkzMiBLQW6TI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1728:2e::/47

    Signature Algorithm: sha256WithRSAEncryption
         17:fb:84:f5:b0:d3:dd:23:83:63:8e:56:ad:c5:a7:8a:44:f0:
         bd:50:cf:f6:28:dc:b5:fa:7f:8c:27:e7:00:7c:6f:01:40:29:
         d0:42:2a:d0:7c:66:b1:4f:84:2f:3a:05:1d:3e:f8:2f:3e:5e:
         fa:24:67:74:28:e1:8a:4d:63:9c:d0:33:6f:1e:44:d8:b0:84:
         95:a0:17:2a:53:e7:5a:1b:7a:27:74:60:2a:4d:6e:d7:35:7d:
         aa:fa:1b:20:b9:1f:69:cb:34:17:8a:10:6e:55:0a:12:e6:88:
         4d:bc:02:81:16:6f:24:d0:65:af:a2:7b:6a:cc:ec:69:10:9c:
         c4:35:be:30:d2:14:90:73:47:ca:fb:e0:54:e7:86:f2:5c:bb:
         dc:64:81:36:18:8a:7e:0b:00:11:c9:1d:68:f5:64:36:d9:7c:
         2c:e3:d2:80:6b:3b:11:79:dd:07:04:c7:2a:22:98:89:46:fa:
         ca:7c:e5:1f:fd:d5:28:07:17:99:c8:67:75:d1:94:64:af:e9:
         19:65:3e:15:76:97:2d:8f:40:de:a6:e9:a2:13:a4:c8:e6:2e:
         43:57:d8:43:fc:97:49:96:18:c8:01:9e:a2:d1:35:99:41:00:
         42:ed:26:82:02:d2:52:71:a1:25:68:5e:1f:3d:e2:d8:9a:c7:
         a4:53:f7:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY51laZw85a2FQt2ZeHsUTJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzI1MTIyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWM5M2Y5YmFlYjYyZjczNzYwNTNkZjA5MzMzMjIwNGI0MTZlOTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9lBeisVJuxFoQy6BvvOBR+MNGET
QAevn7JGpYQoR0HVMF1U/XtU52zVbMq3Ife8WdU2X0CnCCSBRA3h7mfRqabcksF5
aoWWM+G7PLOXZFxKzK5RARgvKLkMfVwPmmmck2rAxL3lTbJ2rCyYLV76KoSrBxuh
zjWWedWQ51RX8araGN2QaJ93M6lv7qVWwzpCmySZpo1hgAmyTimcnggzxv0u4HdW
l+oMsq74lgA6zKJlZCbMB0mq8MZOMsRLz3nE6/SZq8+Fa6SdKmeRMss1sQSwZTQ8
PvlzyQ1DAznfmY8J1WkGx4f0jFO97fCOgsNBnXsVHZbeJMlaikzv6PG+EwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFXJP5uuti9zdgU98JMzIgS0FukyMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVmNrX202NjJMM04yQlQzd2t6TWlCTFFXNlRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgAXKAAu
MA0GCSqGSIb3DQEBCwUAA4IBAQAX+4T1sNPdI4NjjlatxaeKRPC9UM/2KNy1+n+M
J+cAfG8BQCnQQirQfGaxT4QvOgUdPvgvPl76JGd0KOGKTWOc0DNvHkTYsISVoBcq
U+daG3ondGAqTW7XNX2q+hsguR9pyzQXihBuVQoS5ohNvAKBFm8k0GWvontqzOxp
EJzENb4w0hSQc0fK++BU54byXLvcZIE2GIp+CwARyR1o9WQ22Xws49KAazsRed0H
BMcqIpiJRvrKfOUf/dUoBxeZyGd10ZRkr+kZZT4Vdpctj0DepumiE6TI5i5DV9hD
/JdJlhjIAZ6i0TWZQQBC7SaCAtJScaElaF4fPeLYmsekU/eE
-----END CERTIFICATE-----