Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e5195d-6698-4604-9114-68b3768f50dc/1/vSZZvgftuYb43rrGh-q4LjaDCuQ.roa
File:                     vSZZvgftuYb43rrGh-q4LjaDCuQ.roa (raw, json)
Hash identifier:          rWGDYVpr0QqsdkjQne/LrNy/Qk+z0CuqVL6ZhDDaDdI=
Subject key identifier:   BD:26:59:BE:07:ED:B9:86:F8:DE:BA:C6:87:EA:B8:2E:36:83:0A:E4
Certificate issuer:       /CN=4d7683d6ea539fef1b6b6dbdd74a31d05e5f0a23
Certificate serial:       018CC3493A3FBFEAE1E73EF96BBE0C55583E
Authority key identifier: 4D:76:83:D6:EA:53:9F:EF:1B:6B:6D:BD:D7:4A:31:D0:5E:5F:0A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TXaD1upTn-8ba22910ox0F5fCiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e5195d-6698-4604-9114-68b3768f50dc/1/vSZZvgftuYb43rrGh-q4LjaDCuQ.roa
Signing time:             Mon 01 Jan 2024 04:30:05 +0000
ROA not before:           Mon 01 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200271
IP address blocks:        185.255.84.0/22 maxlen: 22
                          2a02:4ba::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e5195d-6698-4604-9114-68b3768f50dc/1/TXaD1upTn-8ba22910ox0F5fCiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e5195d-6698-4604-9114-68b3768f50dc/1/TXaD1upTn-8ba22910ox0F5fCiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TXaD1upTn-8ba22910ox0F5fCiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 19:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3a:3f:bf:ea:e1:e7:3e:f9:6b:be:0c:55:58:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d7683d6ea539fef1b6b6dbdd74a31d05e5f0a23
        Validity
            Not Before: Jan  1 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd2659be07edb986f8debac687eab82e36830ae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:68:7e:1c:01:b3:00:d0:17:63:69:ce:d5:53:
                    db:fa:ef:5e:44:27:95:99:a7:20:75:3a:9f:ca:be:
                    b1:63:d8:b2:d5:cc:5a:58:b0:1b:7e:e7:ab:cf:81:
                    b3:c6:d9:e6:9f:51:b1:45:f1:d2:ef:e7:ae:75:5d:
                    43:71:bc:9f:f6:15:e3:58:99:83:e0:c0:07:22:d2:
                    a8:29:2c:78:3b:4e:2b:53:c8:7e:3a:e3:a7:9f:ee:
                    5a:06:f1:9d:e7:57:e8:91:b4:15:85:8e:2c:67:ca:
                    ae:86:f4:ad:88:38:d0:78:45:85:b8:99:22:bf:43:
                    41:19:0a:9e:35:96:b9:a1:48:96:77:d0:f6:10:c1:
                    81:ad:40:28:e5:7f:80:14:25:2b:41:24:6d:65:2a:
                    67:2f:c6:1d:0b:04:e4:21:c1:1c:3c:d1:7c:23:75:
                    3b:e4:36:82:09:8a:bf:96:8d:ec:51:e6:03:10:93:
                    18:92:a5:fb:53:44:72:9d:6d:91:69:3a:bf:c0:cc:
                    29:db:2f:3d:d0:d8:e2:3f:3f:bf:da:aa:f9:c4:e2:
                    30:0a:1a:75:5c:8c:c8:f4:75:e1:8b:d3:a4:34:c1:
                    82:cb:df:3d:5f:c0:1c:e7:9a:57:0e:77:4c:16:27:
                    9f:13:3e:e8:ea:82:49:36:3f:ba:1a:43:93:25:14:
                    2d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:26:59:BE:07:ED:B9:86:F8:DE:BA:C6:87:EA:B8:2E:36:83:0A:E4
            X509v3 Authority Key Identifier:
                keyid:4D:76:83:D6:EA:53:9F:EF:1B:6B:6D:BD:D7:4A:31:D0:5E:5F:0A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TXaD1upTn-8ba22910ox0F5fCiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e5195d-6698-4604-9114-68b3768f50dc/1/vSZZvgftuYb43rrGh-q4LjaDCuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e5195d-6698-4604-9114-68b3768f50dc/1/TXaD1upTn-8ba22910ox0F5fCiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.84.0/22
                IPv6:
                  2a02:4ba::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:cd:bd:5b:e5:9b:48:36:7c:b7:c6:1f:dd:20:ef:6e:0a:02:
         28:c5:5e:e3:f7:65:3c:c7:b1:fd:bd:8c:6c:50:26:e6:f5:8d:
         67:82:49:71:af:f7:45:d2:84:10:8c:23:08:1e:cd:d5:37:16:
         59:ec:30:cd:89:cb:9e:2b:2b:d9:85:c1:f8:dc:ba:de:3d:78:
         97:5b:c6:6c:e7:6a:4a:3c:18:5d:03:eb:4e:46:69:63:c1:98:
         fc:6d:19:0a:3a:c4:b7:51:03:ec:51:89:a3:41:02:da:bf:e8:
         21:ae:14:d4:a0:5e:c0:ab:cd:35:b6:8d:e4:3b:49:61:d4:24:
         d3:3e:59:dc:87:39:aa:d0:02:c6:0b:eb:f0:36:aa:35:29:be:
         25:d6:62:b6:27:f1:3a:e4:d6:d0:ea:2e:b3:d9:d7:1b:3c:4d:
         ab:49:16:86:25:cc:70:1c:f1:f7:9c:37:48:b2:1e:64:a0:f7:
         07:e1:ea:82:b7:4b:a0:d5:81:59:1a:4e:bf:58:0b:49:83:e8:
         4e:a1:a9:4a:89:52:d8:1b:71:56:cb:c1:14:8f:ff:3b:22:94:
         aa:93:aa:be:2f:2d:aa:8f:05:56:01:bd:57:0f:2d:81:59:5c:
         c2:3c:2e:ec:12:c1:8b:84:7f:41:9d:df:6b:57:9a:89:e4:2d:
         6d:5f:6c:81
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSTo/v+rh5z75a74MVVg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNzY4M2Q2ZWE1MzlmZWYxYjZiNmRiZGQ3NGEzMWQwNWU1
ZjBhMjMwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDI2NTliZTA3ZWRiOTg2ZjhkZWJhYzY4N2VhYjgyZTM2ODMwYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2h+HAGzANAXY2nO1VPb+u9eRCeV
macgdTqfyr6xY9iy1cxaWLAbfuerz4Gzxtnmn1GxRfHS7+eudV1Dcbyf9hXjWJmD
4MAHItKoKSx4O04rU8h+OuOnn+5aBvGd51fokbQVhY4sZ8quhvStiDjQeEWFuJki
v0NBGQqeNZa5oUiWd9D2EMGBrUAo5X+AFCUrQSRtZSpnL8YdCwTkIcEcPNF8I3U7
5DaCCYq/lo3sUeYDEJMYkqX7U0RynW2RaTq/wMwp2y890NjiPz+/2qr5xOIwChp1
XIzI9HXhi9OkNMGCy989X8Ac55pXDndMFiefEz7o6oJJNj+6GkOTJRQtWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL0mWb4H7bmG+N66xofquC42gwrkMB8GA1UdIwQY
MBaAFE12g9bqU5/vG2ttvddKMdBeXwojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFhhRDF1cFRuLThiYTIyOTEwb3gwRjVmQ2lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lNTE5NWQtNjY5OC00NjA0LTkxMTQt
NjhiMzc2OGY1MGRjLzEvdlNaWnZnZnR1WWI0M3JyR2gtcTRMamFEQ3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lNTE5NWQtNjY5OC00NjA0LTkxMTQtNjhiMzc2OGY1MGRj
LzEvVFhhRDF1cFRuLThiYTIyOTEwb3gwRjVmQ2lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf9UMA0E
AgACMAcDBQAqAgS6MA0GCSqGSIb3DQEBCwUAA4IBAQABzb1b5ZtINny3xh/dIO9u
CgIoxV7j92U8x7H9vYxsUCbm9Y1ngklxr/dF0oQQjCMIHs3VNxZZ7DDNicueKyvZ
hcH43LrePXiXW8Zs52pKPBhdA+tORmljwZj8bRkKOsS3UQPsUYmjQQLav+ghrhTU
oF7Aq801to3kO0lh1CTTPlnchzmq0ALGC+vwNqo1Kb4l1mK2J/E65NbQ6i6z2dcb
PE2rSRaGJcxwHPH3nDdIsh5koPcH4eqCt0ug1YFZGk6/WAtJg+hOoalKiVLYG3FW
y8EUj/87IpSqk6q+Ly2qjwVWAb1XDy2BWVzCPC7sEsGLhH9Bnd9rV5qJ5C1tX2yB
-----END CERTIFICATE-----