Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VfMSZab8WQDZtdzassM1RJO0svg.roa
File:                     VfMSZab8WQDZtdzassM1RJO0svg.roa (raw, json)
Hash identifier:          VYRMokvNhZ8KbIiE2x6UPOrc8pYusDGRF9zuhi/EhMA=
Subject key identifier:   55:F3:12:65:A6:FC:59:00:D9:B5:DC:DA:B2:C3:35:44:93:B4:B2:F8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0190774E00EBCCCA4618AC507348C3E251A1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VfMSZab8WQDZtdzassM1RJO0svg.roa
Signing time:             Wed 03 Jul 2024 06:35:18 +0000
ROA not before:           Wed 03 Jul 2024 06:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213323
IP address blocks:        79.110.50.0/24 maxlen: 24
                          194.48.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:77:4e:00:eb:cc:ca:46:18:ac:50:73:48:c3:e2:51:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul  3 06:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55f31265a6fc5900d9b5dcdab2c3354493b4b2f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:b3:0e:08:9c:c6:0a:90:75:3b:95:48:6c:d7:
                    65:e0:99:fd:09:05:55:56:6e:38:07:f2:a6:c5:8b:
                    e5:30:92:13:d5:a1:da:10:8f:21:40:8e:63:a5:cf:
                    9c:8d:d8:3b:d7:b4:f7:11:ad:1a:ff:6a:0e:de:1a:
                    9a:a4:64:1b:0a:92:93:f2:b9:b7:38:ef:04:6e:be:
                    aa:9b:77:3b:e6:ed:cd:d9:8f:9b:d2:f6:2a:2e:c6:
                    17:56:55:93:75:0d:98:78:62:1e:f2:70:ba:0e:b3:
                    03:b1:f2:36:5b:5c:4c:6c:26:33:4a:80:f5:86:bf:
                    f1:2c:63:d6:ed:98:e2:70:31:66:d5:a3:01:57:7e:
                    52:90:b6:b3:a7:98:58:f8:ee:e6:7c:71:8c:98:ca:
                    a6:74:2e:d3:c6:58:25:12:e7:58:bf:a0:15:44:86:
                    0b:62:2b:da:e1:d5:63:9e:77:2a:84:62:08:e4:d7:
                    26:05:10:1a:63:b0:6e:8d:fb:67:a6:38:1e:99:dd:
                    fe:80:d9:e2:78:00:e4:25:0e:98:9c:f1:70:f2:98:
                    d6:7a:c3:2e:dd:64:55:65:92:9f:78:f5:01:63:66:
                    dd:9c:cd:64:64:ed:9b:0b:c0:37:80:19:cb:8c:53:
                    02:77:82:5d:fb:19:cf:92:7d:09:92:93:84:42:85:
                    98:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:F3:12:65:A6:FC:59:00:D9:B5:DC:DA:B2:C3:35:44:93:B4:B2:F8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VfMSZab8WQDZtdzassM1RJO0svg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.50.0/24
                  194.48.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:3f:1e:2a:98:e7:8a:01:2c:fd:a2:9b:37:8e:3d:19:08:08:
         8f:e2:85:3d:7d:b7:ac:cb:ef:99:4e:ad:31:2d:43:98:b7:2b:
         97:34:7b:81:ee:49:97:f6:e3:d8:36:17:62:18:97:9b:b8:fa:
         ea:1f:5f:0c:6c:cf:94:55:46:28:8d:9b:7d:9d:02:3d:f6:c4:
         e0:e9:00:07:e2:27:f1:0a:89:95:56:05:57:c1:22:de:71:dc:
         30:e3:da:29:99:25:04:d6:3f:b5:af:14:b5:f8:49:73:30:1a:
         b1:c4:a7:e6:ae:41:ce:33:7f:12:83:26:77:69:3f:52:87:d0:
         b6:91:55:e0:57:96:58:b1:2c:b6:ef:6c:da:39:5c:c7:11:05:
         5c:8a:d3:79:3c:46:23:01:c4:01:64:0e:f8:71:ca:1d:58:03:
         80:45:c9:42:65:69:ff:d9:78:c5:e8:9b:dc:91:3b:98:31:8e:
         75:3b:eb:1b:8e:06:f0:e9:b3:4b:8d:06:c5:8c:60:48:ad:88:
         08:af:8c:dc:fd:2f:15:76:0e:cd:64:d6:c1:8b:b4:25:11:f7:
         4c:a3:10:bc:c0:d1:8c:19:b4:ab:55:4a:9d:c8:f4:e2:98:eb:
         ee:d7:aa:b3:c0:cc:e4:e1:c0:77:3a:d7:20:e1:72:64:c4:b9:
         61:c1:ac:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZB3TgDrzMpGGKxQc0jD4lGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzAzMDYzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWYzMTI2NWE2ZmM1OTAwZDliNWRjZGFiMmMzMzU0NDkzYjRiMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bMOCJzGCpB1O5VIbNdl4Jn9CQVV
Vm44B/KmxYvlMJIT1aHaEI8hQI5jpc+cjdg717T3Ea0a/2oO3hqapGQbCpKT8rm3
OO8Ebr6qm3c75u3N2Y+b0vYqLsYXVlWTdQ2YeGIe8nC6DrMDsfI2W1xMbCYzSoD1
hr/xLGPW7ZjicDFm1aMBV35SkLazp5hY+O7mfHGMmMqmdC7TxlglEudYv6AVRIYL
Yiva4dVjnncqhGII5NcmBRAaY7Bujftnpjgemd3+gNnieADkJQ6YnPFw8pjWesMu
3WRVZZKfePUBY2bdnM1kZO2bC8A3gBnLjFMCd4Jd+xnPkn0JkpOEQoWYWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXzEmWm/FkA2bXc2rLDNUSTtLL4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVmZNU1phYjhXUURadGR6YXNzTTFSSk8wc3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT24yAwQA
wjD6MA0GCSqGSIb3DQEBCwUAA4IBAQAXPx4qmOeKASz9ops3jj0ZCAiP4oU9fbes
y++ZTq0xLUOYtyuXNHuB7kmX9uPYNhdiGJebuPrqH18MbM+UVUYojZt9nQI99sTg
6QAH4ifxComVVgVXwSLecdww49opmSUE1j+1rxS1+ElzMBqxxKfmrkHOM38SgyZ3
aT9Sh9C2kVXgV5ZYsSy272zaOVzHEQVcitN5PEYjAcQBZA74ccodWAOARclCZWn/
2XjF6JvckTuYMY51O+sbjgbw6bNLjQbFjGBIrYgIr4zc/S8Vdg7NZNbBi7QlEfdM
oxC8wNGMGbSrVUqdyPTimOvu16qzwMzk4cB3Otcg4XJkxLlhwaw/
-----END CERTIFICATE-----