Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VkAZxwo-QY3dDgz--OZ3AQ6WLSs.roa
File:                     VkAZxwo-QY3dDgz--OZ3AQ6WLSs.roa (raw, json)
Hash identifier:          Xmj5cK/mYxbgvVzmQwsavWKrjuYnRvFKalt1DmTANX8=
Subject key identifier:   56:40:19:C7:0A:3E:41:8D:DD:0E:0C:FE:F8:E6:77:01:0E:96:2D:2B
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019078DA6C44C199D5D4DED9C0588838D55E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VkAZxwo-QY3dDgz--OZ3AQ6WLSs.roa
Signing time:             Wed 03 Jul 2024 13:48:18 +0000
ROA not before:           Wed 03 Jul 2024 13:48:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48449
IP address blocks:        185.226.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:da:6c:44:c1:99:d5:d4:de:d9:c0:58:88:38:d5:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul  3 13:48:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=564019c70a3e418ddd0e0cfef8e677010e962d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:eb:57:5d:be:c0:5d:93:f9:57:fd:b6:1d:61:
                    60:03:3a:0e:fc:fc:04:c4:bd:70:d9:41:bb:cc:99:
                    c2:57:01:e8:45:2a:67:95:e3:e1:16:54:6a:6f:36:
                    d7:a5:4b:61:09:1a:67:35:73:87:5d:e5:37:16:b1:
                    dd:5e:8e:3f:36:b6:46:10:5f:08:bb:f2:c0:3e:42:
                    15:fd:e8:1b:2b:46:c1:31:a2:16:99:13:57:1c:30:
                    b2:61:45:f0:82:06:f5:00:58:a4:f5:1c:6d:37:f8:
                    74:4c:d3:43:d7:67:e8:38:f6:30:c7:03:f6:9e:a7:
                    b5:af:57:d0:64:b9:63:7c:65:b6:d9:58:e8:9b:a5:
                    97:c2:70:a7:d6:5a:b5:4b:e5:4f:f7:29:f5:18:5d:
                    8f:c8:db:f2:d3:bb:b4:c4:d3:82:61:8a:fc:2c:51:
                    6a:20:5d:07:f8:5f:de:d3:f4:29:0d:2b:b6:43:27:
                    6c:5f:4a:44:d2:76:2a:54:b2:39:92:3b:fb:a1:3c:
                    fe:3d:71:bb:4f:dc:89:a9:cc:a6:79:c0:aa:3a:fd:
                    76:f5:ef:69:b8:5b:30:9d:bd:0f:ba:cf:e5:0d:60:
                    4b:78:e8:62:07:f8:f3:a5:d9:db:58:fa:dd:00:25:
                    ba:fc:9a:2d:81:37:ef:ff:69:80:80:c6:c2:57:51:
                    cb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:40:19:C7:0A:3E:41:8D:DD:0E:0C:FE:F8:E6:77:01:0E:96:2D:2B
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VkAZxwo-QY3dDgz--OZ3AQ6WLSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:86:84:1d:08:3a:9a:5a:20:b3:d2:f7:5d:84:19:0f:af:2c:
         68:d7:dc:77:82:e1:51:4a:92:ca:96:b4:2d:6d:ac:70:2c:62:
         4e:c6:8b:01:dc:c4:c5:1b:b9:4e:f5:36:2f:6c:e9:ed:63:9f:
         2b:6e:ac:ac:7d:35:1f:23:29:02:5e:06:aa:b4:c4:bb:8a:0a:
         7b:c8:ec:17:63:1b:68:08:cf:60:b8:95:a9:f9:fe:eb:12:6f:
         5f:27:e2:a2:f0:b4:0d:58:5d:44:9a:da:73:8f:c6:29:0b:bc:
         89:73:0b:f9:f8:6e:1e:f2:04:4a:ed:3b:53:77:be:f4:40:43:
         51:d0:c7:aa:9b:82:ae:dc:64:0b:e1:0a:96:95:7f:0c:b8:4c:
         62:95:79:c4:17:6b:4b:3c:14:7f:d0:ff:a6:18:c0:f3:86:84:
         57:2d:3b:50:2f:4c:97:c4:ac:0b:b0:d5:b3:75:f4:42:3c:60:
         33:01:c2:d6:5d:1f:f9:26:20:b2:cb:e9:f2:c9:9b:f7:02:00:
         6f:ff:31:5d:ab:91:12:ff:24:33:dd:f8:56:6f:89:c2:ce:4a:
         16:af:e9:f3:00:13:14:b5:97:f2:00:28:15:27:4c:e0:31:ff:
         05:2c:ac:c0:a1:2f:9a:fb:52:7e:32:dd:17:22:02:f4:b3:5f:
         79:ec:26:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB42mxEwZnV1N7ZwFiIONVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNzAzMTM0ODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjQwMTljNzBhM2U0MThkZGQwZTBjZmVmOGU2NzcwMTBlOTYyZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OtXXb7AXZP5V/22HWFgAzoO/PwE
xL1w2UG7zJnCVwHoRSpnlePhFlRqbzbXpUthCRpnNXOHXeU3FrHdXo4/NrZGEF8I
u/LAPkIV/egbK0bBMaIWmRNXHDCyYUXwggb1AFik9RxtN/h0TNND12foOPYwxwP2
nqe1r1fQZLljfGW22Vjom6WXwnCn1lq1S+VP9yn1GF2PyNvy07u0xNOCYYr8LFFq
IF0H+F/e0/QpDSu2QydsX0pE0nYqVLI5kjv7oTz+PXG7T9yJqcymecCqOv129e9p
uFswnb0Pus/lDWBLeOhiB/jzpdnbWPrdACW6/JotgTfv/2mAgMbCV1HLkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZAGccKPkGN3Q4M/vjmdwEOli0rMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVmtBWnh3by1RWTNkRGd6LS1PWjNBUTZXTFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKtMA0G
CSqGSIb3DQEBCwUAA4IBAQCLhoQdCDqaWiCz0vddhBkPryxo19x3guFRSpLKlrQt
baxwLGJOxosB3MTFG7lO9TYvbOntY58rbqysfTUfIykCXgaqtMS7igp7yOwXYxto
CM9guJWp+f7rEm9fJ+Ki8LQNWF1Emtpzj8YpC7yJcwv5+G4e8gRK7TtTd770QENR
0Meqm4Ku3GQL4QqWlX8MuExilXnEF2tLPBR/0P+mGMDzhoRXLTtQL0yXxKwLsNWz
dfRCPGAzAcLWXR/5JiCyy+nyyZv3AgBv/zFdq5ES/yQz3fhWb4nCzkoWr+nzABMU
tZfyACgVJ0zgMf8FLKzAoS+a+1J+Mt0XIgL0s1957CYH
-----END CERTIFICATE-----