Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2e7fd7-0556-4dd9-b6b2-f31510771185/1/IvYXc131S8LdM_A-fTjGGzCriQk.roa
File:                     IvYXc131S8LdM_A-fTjGGzCriQk.roa (raw, json)
Hash identifier:          mW9gX/ftRRt8QmaVyVnz/BzZyNFj2upVlrYuos3a43w=
Subject key identifier:   22:F6:17:73:5D:F5:4B:C2:DD:33:F0:3E:7D:38:C6:1B:30:AB:89:09
Certificate issuer:       /CN=559c64a6ac4c4976ad3621412a137459e649ab9e
Certificate serial:       018CC9BBE8873B87ECB3DFA2CDFD767C8F17
Authority key identifier: 55:9C:64:A6:AC:4C:49:76:AD:36:21:41:2A:13:74:59:E6:49:AB:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZxkpqxMSXatNiFBKhN0WeZJq54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2e7fd7-0556-4dd9-b6b2-f31510771185/1/IvYXc131S8LdM_A-fTjGGzCriQk.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202004
IP address blocks:        45.11.60.0/22 maxlen: 22
                          185.56.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2e7fd7-0556-4dd9-b6b2-f31510771185/1/VZxkpqxMSXatNiFBKhN0WeZJq54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2e7fd7-0556-4dd9-b6b2-f31510771185/1/VZxkpqxMSXatNiFBKhN0WeZJq54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZxkpqxMSXatNiFBKhN0WeZJq54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e8:87:3b:87:ec:b3:df:a2:cd:fd:76:7c:8f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=559c64a6ac4c4976ad3621412a137459e649ab9e
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f617735df54bc2dd33f03e7d38c61b30ab8909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:63:d7:a9:9b:7d:1e:8d:f3:cd:ea:ae:12:
                    ae:10:44:b9:2a:3a:f1:cf:49:f0:72:0b:5b:3e:e2:
                    ed:34:90:da:11:f6:e4:cd:45:33:03:b5:8c:71:ed:
                    37:67:26:54:6a:08:eb:c4:00:0f:f1:64:b6:1b:07:
                    a7:e6:b7:8f:eb:aa:2b:7b:b0:4c:65:59:76:72:35:
                    89:7a:64:3b:82:cd:cf:1d:59:8f:f2:49:24:64:41:
                    dd:01:f2:20:e8:e5:f5:f9:c4:b6:0e:29:3b:f7:d6:
                    af:75:78:d1:cd:a3:10:fd:63:7e:0d:6b:b6:e8:b5:
                    ac:20:38:a9:98:5f:f7:d2:f5:79:cc:c7:46:e0:26:
                    a2:b8:15:15:c8:d3:8a:73:5d:1b:e8:ba:26:4b:bc:
                    5f:f7:44:26:6d:76:c9:0f:af:c0:98:07:f4:0b:6f:
                    30:d9:50:32:48:eb:d6:d0:1b:b4:d2:2a:db:70:40:
                    49:c0:e1:ed:e2:94:9c:f1:a2:70:23:f4:78:f9:8b:
                    da:ed:30:2d:0b:53:a2:5e:6e:a3:b4:ae:13:40:34:
                    01:ff:c3:22:5b:b3:fb:33:66:79:91:ad:03:b9:21:
                    fc:3b:7e:d9:ec:19:d5:1f:df:a5:70:61:1c:91:87:
                    39:ee:d0:8d:42:64:70:9a:b0:b5:6b:05:8e:6e:6a:
                    65:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F6:17:73:5D:F5:4B:C2:DD:33:F0:3E:7D:38:C6:1B:30:AB:89:09
            X509v3 Authority Key Identifier:
                keyid:55:9C:64:A6:AC:4C:49:76:AD:36:21:41:2A:13:74:59:E6:49:AB:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZxkpqxMSXatNiFBKhN0WeZJq54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2e7fd7-0556-4dd9-b6b2-f31510771185/1/IvYXc131S8LdM_A-fTjGGzCriQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2e7fd7-0556-4dd9-b6b2-f31510771185/1/VZxkpqxMSXatNiFBKhN0WeZJq54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.60.0/22
                  185.56.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:90:72:5d:28:60:0a:0b:51:5b:63:89:29:8c:19:12:2f:89:
         4f:31:e0:24:aa:6c:3d:99:3f:cc:e5:ad:21:ea:a5:27:67:57:
         7a:fe:07:a9:c5:26:68:e9:06:ff:cd:5a:2b:0b:bf:9d:02:1a:
         46:9d:2d:2a:fd:f6:f7:f3:47:63:dc:6e:87:02:7e:b3:95:a8:
         2f:da:07:56:60:2e:76:42:9d:46:d7:d5:c7:e1:b1:92:a2:a9:
         b2:4d:b6:7c:8f:ac:95:15:78:fa:38:f0:16:ef:26:00:8a:aa:
         93:c6:a8:1f:cc:14:64:71:6e:90:78:e7:4d:bf:d8:f7:d3:13:
         6b:89:76:9c:64:4c:24:81:95:1e:21:16:04:75:83:e4:5a:37:
         55:4a:c6:12:c3:fc:44:cb:f5:cb:81:87:84:c2:21:5f:bf:e7:
         22:ca:af:a8:2d:60:17:b1:df:71:a4:7a:43:9e:f8:82:8e:89:
         b7:fe:6a:ec:b7:a6:c5:bd:ef:c6:05:dc:99:7a:31:af:94:55:
         11:a4:4d:3b:86:76:59:1d:62:f6:bd:ab:c4:3c:44:87:60:a2:
         3f:27:58:6a:36:66:5d:53:b7:9b:ed:92:94:7d:f0:69:fe:70:
         54:0a:35:78:d2:fa:2d:2f:40:26:74:b0:38:ce:b7:64:96:69:
         ba:6c:28:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJu+iHO4fss9+izf12fI8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OWM2NGE2YWM0YzQ5NzZhZDM2MjE0MTJhMTM3NDU5ZTY0
OWFiOWUwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY2MTc3MzVkZjU0YmMyZGQzM2YwM2U3ZDM4YzYxYjMwYWI4OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAontj16mbfR6N883qrhKuEES5Kjrx
z0nwcgtbPuLtNJDaEfbkzUUzA7WMce03ZyZUagjrxAAP8WS2Gwen5reP66ore7BM
ZVl2cjWJemQ7gs3PHVmP8kkkZEHdAfIg6OX1+cS2Dik799avdXjRzaMQ/WN+DWu2
6LWsIDipmF/30vV5zMdG4CaiuBUVyNOKc10b6LomS7xf90QmbXbJD6/AmAf0C28w
2VAySOvW0Bu00irbcEBJwOHt4pSc8aJwI/R4+Yva7TAtC1OiXm6jtK4TQDQB/8Mi
W7P7M2Z5ka0DuSH8O37Z7BnVH9+lcGEckYc57tCNQmRwmrC1awWObmpl9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCL2F3Nd9UvC3TPwPn04xhswq4kJMB8GA1UdIwQY
MBaAFFWcZKasTEl2rTYhQSoTdFnmSaueMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlp4a3BxeE1TWGF0TmlGQktoTjBXZVpKcTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yZTdmZDctMDU1Ni00ZGQ5LWI2YjIt
ZjMxNTEwNzcxMTg1LzEvSXZZWGMxMzFTOExkTV9BLWZUakdHekNyaVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yZTdmZDctMDU1Ni00ZGQ5LWI2YjItZjMxNTEwNzcxMTg1
LzEvVlp4a3BxeE1TWGF0TmlGQktoTjBXZVpKcTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLQs8AwQC
uTjQMA0GCSqGSIb3DQEBCwUAA4IBAQANkHJdKGAKC1FbY4kpjBkSL4lPMeAkqmw9
mT/M5a0h6qUnZ1d6/gepxSZo6Qb/zVorC7+dAhpGnS0q/fb380dj3G6HAn6zlagv
2gdWYC52Qp1G19XH4bGSoqmyTbZ8j6yVFXj6OPAW7yYAiqqTxqgfzBRkcW6QeOdN
v9j30xNriXacZEwkgZUeIRYEdYPkWjdVSsYSw/xEy/XLgYeEwiFfv+ciyq+oLWAX
sd9xpHpDnviCjom3/mrst6bFve/GBdyZejGvlFURpE07hnZZHWL2vavEPESHYKI/
J1hqNmZdU7eb7ZKUffBp/nBUCjV40votL0AmdLA4zrdklmm6bCgv
-----END CERTIFICATE-----