Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/VSKaxahZF2K-DIR3WFefzrGQR54.roa
File:                     VSKaxahZF2K-DIR3WFefzrGQR54.roa (raw, json)
Hash identifier:          rz9D2ovG2mx7pSKDAJ0a/qytt3zNMII6FMrlYzL7ygE=
Subject key identifier:   55:22:9A:C5:A8:59:17:62:BE:0C:84:77:58:57:9F:CE:B1:90:47:9E
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F3473D432EA1483039BC4D414F863
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/VSKaxahZF2K-DIR3WFefzrGQR54.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        91.221.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:34:73:d4:32:ea:14:83:03:9b:c4:d4:14:f8:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55229ac5a8591762be0c847758579fceb190479e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9e:49:f8:30:e9:0a:9d:87:ef:cf:11:2d:da:
                    fe:0f:d2:11:8d:17:45:e8:e5:b8:d8:c4:3b:f8:26:
                    0f:5b:7c:db:be:a6:85:42:ab:01:3a:00:8e:95:90:
                    c1:67:97:47:c4:67:03:f3:50:d5:c2:54:f1:22:f3:
                    e3:99:d8:15:55:cc:ec:f6:3e:9f:6d:6b:76:4f:48:
                    5c:62:83:bf:f1:f8:4d:5b:15:19:75:b8:33:cc:60:
                    31:d3:e0:be:ba:1e:8e:c8:fc:a1:79:ea:98:d8:ba:
                    34:06:01:ec:51:89:7f:7f:d2:aa:56:6f:36:df:0f:
                    18:a8:ab:6e:87:22:fc:48:8c:f6:86:34:81:4a:3f:
                    a1:ba:40:fe:22:64:c1:18:80:43:64:ab:94:d9:52:
                    65:a4:2c:f0:f5:d3:7f:f5:75:f4:c2:cd:ed:a5:c4:
                    46:d2:33:e8:c0:18:b9:c7:b9:25:c5:b4:38:07:cd:
                    8d:28:09:5a:53:fd:04:ee:0d:ea:fc:5a:69:fa:6e:
                    92:f8:67:41:fb:fe:13:7f:ce:e0:06:60:49:1d:46:
                    95:41:7e:58:45:fb:05:fe:e7:97:4e:af:b8:ab:b9:
                    e4:d0:48:93:39:f4:e8:84:80:2a:da:be:b2:03:a5:
                    39:36:f7:57:a9:11:e0:62:12:38:72:c7:00:c7:1e:
                    eb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:22:9A:C5:A8:59:17:62:BE:0C:84:77:58:57:9F:CE:B1:90:47:9E
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/VSKaxahZF2K-DIR3WFefzrGQR54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b6:65:f2:b9:6c:4a:42:88:30:e9:1a:63:82:11:a3:c2:b4:
         6f:2a:d4:99:17:0d:8c:bd:1f:36:fe:47:e4:96:ca:c9:ce:fa:
         c7:da:11:1d:85:74:b2:5d:bf:00:f0:d5:3d:3f:77:c7:46:1e:
         6d:ac:37:68:2e:57:50:ba:13:7f:ae:35:31:2e:90:b6:f4:1c:
         92:a7:89:37:ee:02:1b:ca:93:1a:1b:19:14:48:1a:72:e9:9d:
         a8:da:15:4b:bd:59:37:87:68:04:fd:e2:98:1b:2b:c0:2d:ca:
         65:33:5a:be:b7:e9:25:ff:bd:6b:1f:62:39:37:6b:90:24:8e:
         64:3c:2a:87:a1:6c:d6:42:e5:ef:fa:4e:8f:73:d1:2a:06:41:
         ec:73:85:bc:7e:6e:18:7e:d9:16:a4:d6:50:f6:f1:bb:9f:59:
         7f:4d:14:e8:f2:84:93:00:88:77:8c:9c:85:83:15:87:57:33:
         e2:f4:03:2e:17:de:09:03:5d:4d:86:84:39:f0:19:e0:0a:b8:
         e6:ec:da:c7:fa:83:a1:fd:61:7c:65:3a:fb:41:cf:46:59:f0:
         1d:86:b9:7c:db:9b:8c:0c:42:78:59:6b:bf:ef:8b:c7:35:02:
         f3:c3:06:95:c0:1c:62:61:8a:b7:7b:b0:6a:9a:5c:37:93:89:
         7a:21:cb:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzRz1DLqFIMDm8TUFPhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTIyOWFjNWE4NTkxNzYyYmUwYzg0Nzc1ODU3OWZjZWIxOTA0NzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ5J+DDpCp2H788RLdr+D9IRjRdF
6OW42MQ7+CYPW3zbvqaFQqsBOgCOlZDBZ5dHxGcD81DVwlTxIvPjmdgVVczs9j6f
bWt2T0hcYoO/8fhNWxUZdbgzzGAx0+C+uh6OyPyheeqY2Lo0BgHsUYl/f9KqVm82
3w8YqKtuhyL8SIz2hjSBSj+hukD+ImTBGIBDZKuU2VJlpCzw9dN/9XX0ws3tpcRG
0jPowBi5x7klxbQ4B82NKAlaU/0E7g3q/Fpp+m6S+GdB+/4Tf87gBmBJHUaVQX5Y
RfsF/ueXTq+4q7nk0EiTOfTohIAq2r6yA6U5NvdXqRHgYhI4cscAxx7rQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFUimsWoWRdivgyEd1hXn86xkEeeMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvVlNLYXhhaFpGMkstRElSM1dGZWZ6ckdRUjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW93oMA0G
CSqGSIb3DQEBCwUAA4IBAQBytmXyuWxKQogw6RpjghGjwrRvKtSZFw2MvR82/kfk
lsrJzvrH2hEdhXSyXb8A8NU9P3fHRh5trDdoLldQuhN/rjUxLpC29BySp4k37gIb
ypMaGxkUSBpy6Z2o2hVLvVk3h2gE/eKYGyvALcplM1q+t+kl/71rH2I5N2uQJI5k
PCqHoWzWQuXv+k6Pc9EqBkHsc4W8fm4YftkWpNZQ9vG7n1l/TRTo8oSTAIh3jJyF
gxWHVzPi9AMuF94JA11NhoQ58BngCrjm7NrH+oOh/WF8ZTr7Qc9GWfAdhrl825uM
DEJ4WWu/74vHNQLzwwaVwBxiYYq3e7Bqmlw3k4l6Icsb
-----END CERTIFICATE-----