Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/Vsa30PdDJFmLzB131-6EtJNrev4.roa
File:                     Vsa30PdDJFmLzB131-6EtJNrev4.roa (raw, json)
Hash identifier:          VP57NZNddpkQG3fKfqLYtbDANc1nO2q0gwu/t9BKyj0=
Subject key identifier:   56:C6:B7:D0:F7:43:24:59:8B:CC:1D:77:D7:EE:84:B4:93:6B:7A:FE
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492DDF69B909EE7611F30C42E90836C
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/Vsa30PdDJFmLzB131-6EtJNrev4.roa
Signing time:             Mon 01 Jan 2024 10:30:08 +0000
ROA not before:           Mon 01 Jan 2024 10:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59912
IP address blocks:        46.209.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:dd:f6:9b:90:9e:e7:61:1f:30:c4:2e:90:83:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56c6b7d0f74324598bcc1d77d7ee84b4936b7afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:52:c9:45:84:05:42:8e:25:04:20:a7:dd:8e:
                    1c:3d:40:2a:4e:8a:5d:14:13:54:c0:94:56:cd:59:
                    7f:76:67:bf:07:64:98:ef:69:d3:cc:52:5a:ee:34:
                    9b:07:46:0f:33:30:d7:f0:1e:54:4c:8f:c3:d1:19:
                    21:f1:29:53:80:41:f0:f7:5d:79:43:72:c6:27:1d:
                    47:58:fc:53:a7:62:89:a8:9b:97:87:04:86:e0:85:
                    26:4c:a5:4a:06:57:a2:8e:f7:b9:cc:53:67:95:c8:
                    e1:2b:5c:1c:bc:5d:c5:b8:ce:36:36:aa:30:49:2c:
                    c9:04:3a:de:7e:0a:a6:92:55:5e:f3:db:66:3f:6c:
                    74:c8:10:c0:c5:08:85:35:5a:3b:83:3d:9a:6f:c1:
                    9f:77:72:9a:71:38:03:0e:8c:60:9a:a7:1b:4a:0f:
                    40:bd:82:21:98:90:f3:6a:a4:a9:24:37:fd:3d:0e:
                    45:17:e1:62:98:90:db:1a:8f:bf:a5:91:cf:a0:e5:
                    58:13:b4:51:6e:d9:61:a9:6e:23:55:2b:49:5c:4e:
                    f5:26:a0:0a:08:10:f0:01:b7:1c:b2:3a:2c:a4:9e:
                    32:ed:b6:1d:a1:45:3d:c7:0a:f0:e0:20:ea:1f:d9:
                    88:e4:b7:fe:1d:90:81:3e:6e:d1:7d:74:d9:25:3e:
                    cb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:C6:B7:D0:F7:43:24:59:8B:CC:1D:77:D7:EE:84:B4:93:6B:7A:FE
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/Vsa30PdDJFmLzB131-6EtJNrev4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.209.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:8f:07:34:21:66:f0:ae:2a:40:9c:18:77:ec:71:f2:57:36:
         23:46:7c:bc:ae:f0:d8:01:41:f3:ea:c0:1f:13:16:b1:b5:8b:
         ea:75:7b:7b:3c:5f:36:fd:70:ce:04:3b:6b:46:e6:72:98:99:
         51:5f:78:13:03:d3:9c:fa:b5:7f:3e:19:23:5c:a7:41:4c:36:
         e6:3c:65:be:08:c3:6a:6e:3a:e5:07:d7:2d:a7:61:52:9a:83:
         c8:df:3b:a2:73:af:9b:3c:41:b7:07:d3:b5:29:81:6a:cf:27:
         a5:be:bd:7a:33:80:93:26:c8:58:6a:26:ce:c7:4d:61:b5:8d:
         6b:c1:a3:1a:95:32:4c:52:cb:48:b1:9d:33:a5:fb:08:53:76:
         a6:93:1f:0e:d7:50:9c:af:47:f9:0b:0f:6e:ef:df:8b:9f:e5:
         c1:86:ce:b2:12:4a:61:9a:9c:00:0a:32:b1:b7:18:1f:8e:4f:
         f5:54:47:6d:fd:e0:e5:b4:d7:26:df:ea:60:54:3d:c9:c9:a4:
         1f:43:2e:29:8b:85:c2:88:7d:0a:c5:56:c0:e9:b8:a0:c3:98:
         38:ed:af:33:fd:cf:21:7c:83:6e:11:75:96:0b:37:19:1a:12:
         44:9b:9f:81:b1:4d:89:21:ed:4b:48:ba:ca:09:4d:cc:81:c3:
         3b:38:07:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkt32m5Ce52EfMMQukINsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmM2YjdkMGY3NDMyNDU5OGJjYzFkNzdkN2VlODRiNDkzNmI3YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFLJRYQFQo4lBCCn3Y4cPUAqTopd
FBNUwJRWzVl/dme/B2SY72nTzFJa7jSbB0YPMzDX8B5UTI/D0Rkh8SlTgEHw9115
Q3LGJx1HWPxTp2KJqJuXhwSG4IUmTKVKBleijve5zFNnlcjhK1wcvF3FuM42Nqow
SSzJBDrefgqmklVe89tmP2x0yBDAxQiFNVo7gz2ab8Gfd3KacTgDDoxgmqcbSg9A
vYIhmJDzaqSpJDf9PQ5FF+FimJDbGo+/pZHPoOVYE7RRbtlhqW4jVStJXE71JqAK
CBDwAbccsjospJ4y7bYdoUU9xwrw4CDqH9mI5Lf+HZCBPm7RfXTZJT7LEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbGt9D3QyRZi8wdd9fuhLSTa3r+MB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvVnNhMzBQZERKRm1MekIxMzEtNkV0Sk5yZXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLtG2MA0G
CSqGSIb3DQEBCwUAA4IBAQBsjwc0IWbwripAnBh37HHyVzYjRny8rvDYAUHz6sAf
ExaxtYvqdXt7PF82/XDOBDtrRuZymJlRX3gTA9Oc+rV/PhkjXKdBTDbmPGW+CMNq
bjrlB9ctp2FSmoPI3zuic6+bPEG3B9O1KYFqzyelvr16M4CTJshYaibOx01htY1r
waMalTJMUstIsZ0zpfsIU3amkx8O11Ccr0f5Cw9u79+Ln+XBhs6yEkphmpwACjKx
txgfjk/1VEdt/eDltNcm3+pgVD3JyaQfQy4pi4XCiH0KxVbA6bigw5g47a8z/c8h
fINuEXWWCzcZGhJEm5+BsU2JIe1LSLrKCU3MgcM7OAdH
-----END CERTIFICATE-----