Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/cbb741-b692-4f09-8cba-c6aec68ab364/1/Vcyur_roscMOhTtXz2Hg-AgAk6A.roa
File:                     Vcyur_roscMOhTtXz2Hg-AgAk6A.roa (raw, json)
Hash identifier:          YqbdDHnQ8xpJD/w09qrvs2ueyVYiT8BkkoSiObQgg5s=
Subject key identifier:   55:CC:AE:AF:FA:E8:B1:C3:0E:85:3B:57:CF:61:E0:F8:08:00:93:A0
Certificate issuer:       /CN=36117a6815a918478d3f8c00d671a57166bfeeca
Certificate serial:       018CC5009D8287A2DD9A09AA3743BF567F9B
Authority key identifier: 36:11:7A:68:15:A9:18:47:8D:3F:8C:00:D6:71:A5:71:66:BF:EE:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhF6aBWpGEeNP4wA1nGlcWa_7so.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/cbb741-b692-4f09-8cba-c6aec68ab364/1/Vcyur_roscMOhTtXz2Hg-AgAk6A.roa
Signing time:             Mon 01 Jan 2024 12:30:01 +0000
ROA not before:           Mon 01 Jan 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21086
IP address blocks:        193.109.40.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/cbb741-b692-4f09-8cba-c6aec68ab364/1/NhF6aBWpGEeNP4wA1nGlcWa_7so.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/cbb741-b692-4f09-8cba-c6aec68ab364/1/NhF6aBWpGEeNP4wA1nGlcWa_7so.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhF6aBWpGEeNP4wA1nGlcWa_7so.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9d:82:87:a2:dd:9a:09:aa:37:43:bf:56:7f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36117a6815a918478d3f8c00d671a57166bfeeca
        Validity
            Not Before: Jan  1 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55ccaeaffae8b1c30e853b57cf61e0f8080093a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a8:58:ff:3a:31:4f:2d:89:b7:eb:c7:8e:6f:
                    45:9c:f0:c5:fa:46:e9:dd:f6:1d:1c:f6:d8:6f:d5:
                    e5:7a:ac:b6:93:cd:f4:86:86:71:dc:7c:06:03:5e:
                    a0:bf:f4:2c:cf:06:d3:7e:60:b9:82:a8:d1:77:58:
                    96:10:cd:a2:83:b4:27:b8:96:86:d9:10:69:ee:ce:
                    95:85:ca:d4:ad:92:5d:42:21:a2:db:c8:d7:35:a9:
                    ed:e5:6c:07:b5:75:c1:7e:e2:03:23:11:ae:54:66:
                    3a:6b:b4:4e:22:72:70:c3:18:62:fd:9a:eb:2b:07:
                    b5:2d:a9:be:36:58:ef:d1:5d:ca:1e:fe:6b:56:da:
                    5c:0e:29:40:59:d6:81:8c:33:23:07:e5:00:98:16:
                    06:84:17:dc:69:32:e2:dc:50:d5:55:60:3b:0b:e2:
                    72:e6:d1:2b:d1:bb:23:19:55:8b:fb:92:20:63:dc:
                    36:44:71:bb:91:c1:8c:89:1f:ed:ed:7d:4a:41:bf:
                    d4:63:bc:de:29:f2:53:a0:93:de:b0:02:6a:85:36:
                    ba:3c:ce:ba:e6:fc:d0:98:f0:f5:c3:cf:dc:c7:c5:
                    c0:b9:71:96:f8:d1:2a:87:3b:af:d0:28:85:05:6e:
                    e0:a2:12:65:da:04:47:ef:93:96:b6:73:bf:b1:d3:
                    ca:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:CC:AE:AF:FA:E8:B1:C3:0E:85:3B:57:CF:61:E0:F8:08:00:93:A0
            X509v3 Authority Key Identifier:
                keyid:36:11:7A:68:15:A9:18:47:8D:3F:8C:00:D6:71:A5:71:66:BF:EE:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhF6aBWpGEeNP4wA1nGlcWa_7so.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/cbb741-b692-4f09-8cba-c6aec68ab364/1/Vcyur_roscMOhTtXz2Hg-AgAk6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/cbb741-b692-4f09-8cba-c6aec68ab364/1/NhF6aBWpGEeNP4wA1nGlcWa_7so.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         58:40:91:5b:28:7d:6b:50:b0:87:16:e7:c4:db:56:07:24:aa:
         15:16:3d:3f:ad:0d:6f:33:06:9b:b3:ae:75:c9:84:31:00:79:
         c2:db:25:1b:39:85:66:14:c5:9c:42:a9:65:a5:88:44:6c:6d:
         f8:a4:f6:78:9d:49:fb:62:9c:70:5c:a0:b7:ba:b3:44:ce:0f:
         20:57:09:17:78:05:08:34:66:cd:6e:01:e9:5f:de:ba:2b:2b:
         10:4c:d4:0a:96:58:68:e5:09:8e:a1:59:1e:af:90:9c:4d:c5:
         8c:74:7a:92:0e:04:1c:0a:91:50:d6:62:22:a7:f9:82:bf:ec:
         2d:0d:c6:28:80:20:ab:77:a1:0c:a7:bd:1a:ef:c5:fe:2c:7f:
         0a:e2:ea:a8:0f:92:87:59:39:11:d6:24:6a:56:dc:ed:72:2c:
         c6:c9:42:0c:6a:22:02:52:44:cc:d8:12:18:a1:42:d6:8a:26:
         a8:34:5d:82:8b:27:04:d4:28:4a:3f:dc:1d:a9:cd:fb:3a:1e:
         4e:19:90:a0:f3:6a:ca:26:f2:50:ba:1b:01:17:98:bb:9f:bd:
         4c:85:13:6a:30:49:79:3b:8e:75:b1:62:d1:ec:42:8a:15:88:
         fd:76:58:5a:a6:41:62:13:19:61:c7:39:68:7d:8f:8b:cd:87:
         6a:5a:86:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAJ2Ch6LdmgmqN0O/Vn+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTE3YTY4MTVhOTE4NDc4ZDNmOGMwMGQ2NzFhNTcxNjZi
ZmVlY2EwHhcNMjQwMTAxMTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWNjYWVhZmZhZThiMWMzMGU4NTNiNTdjZjYxZTBmODA4MDA5M2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6hY/zoxTy2Jt+vHjm9FnPDF+kbp
3fYdHPbYb9Xleqy2k830hoZx3HwGA16gv/QszwbTfmC5gqjRd1iWEM2ig7QnuJaG
2RBp7s6VhcrUrZJdQiGi28jXNant5WwHtXXBfuIDIxGuVGY6a7ROInJwwxhi/Zrr
Kwe1Lam+Nljv0V3KHv5rVtpcDilAWdaBjDMjB+UAmBYGhBfcaTLi3FDVVWA7C+Jy
5tEr0bsjGVWL+5IgY9w2RHG7kcGMiR/t7X1KQb/UY7zeKfJToJPesAJqhTa6PM66
5vzQmPD1w8/cx8XAuXGW+NEqhzuv0CiFBW7gohJl2gRH75OWtnO/sdPKbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXMrq/66LHDDoU7V89h4PgIAJOgMB8GA1UdIwQY
MBaAFDYRemgVqRhHjT+MANZxpXFmv+7KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhGNmFCV3BHRWVOUDR3QTFuR2xjV2FfN3NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9jYmI3NDEtYjY5Mi00ZjA5LThjYmEt
YzZhZWM2OGFiMzY0LzEvVmN5dXJfcm9zY01PaFR0WHoySGctQWdBazZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9jYmI3NDEtYjY5Mi00ZjA5LThjYmEtYzZhZWM2OGFiMzY0
LzEvTmhGNmFCV3BHRWVOUDR3QTFuR2xjV2FfN3NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwW0oMA0G
CSqGSIb3DQEBCwUAA4IBAQBYQJFbKH1rULCHFufE21YHJKoVFj0/rQ1vMwabs651
yYQxAHnC2yUbOYVmFMWcQqllpYhEbG34pPZ4nUn7YpxwXKC3urNEzg8gVwkXeAUI
NGbNbgHpX966KysQTNQKllho5QmOoVker5CcTcWMdHqSDgQcCpFQ1mIip/mCv+wt
DcYogCCrd6EMp70a78X+LH8K4uqoD5KHWTkR1iRqVtztcizGyUIMaiICUkTM2BIY
oULWiiaoNF2CiycE1ChKP9wdqc37Oh5OGZCg82rKJvJQuhsBF5i7n71MhRNqMEl5
O451sWLR7EKKFYj9dlhapkFiExlhxzlofY+LzYdqWoZY
-----END CERTIFICATE-----