Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/42bda6-a5da-471b-a3bf-81ecb490fb86/1/VjykQu_Q7uoPfbGYLydHQBk1cmg.roa
File:                     VjykQu_Q7uoPfbGYLydHQBk1cmg.roa (raw, json)
Hash identifier:          aW6VCVqdlc4Y9b6xNUmCFDjwNxF2Pis1rzP/vm2uj74=
Subject key identifier:   56:3C:A4:42:EF:D0:EE:EA:0F:7D:B1:98:2F:27:47:40:19:35:72:68
Certificate issuer:       /CN=01b3fa2ab8901b415e10838872c63d9f0ce136ad
Certificate serial:       018CCA2A6AC0E533967C216DCD784E84B7F4
Authority key identifier: 01:B3:FA:2A:B8:90:1B:41:5E:10:83:88:72:C6:3D:9F:0C:E1:36:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AbP6KriQG0FeEIOIcsY9nwzhNq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/42bda6-a5da-471b-a3bf-81ecb490fb86/1/VjykQu_Q7uoPfbGYLydHQBk1cmg.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203329
IP address blocks:        185.138.140.0/22 maxlen: 24
                          149.233.0.0/19 maxlen: 24
                          2a07:e80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/42bda6-a5da-471b-a3bf-81ecb490fb86/1/AbP6KriQG0FeEIOIcsY9nwzhNq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/42bda6-a5da-471b-a3bf-81ecb490fb86/1/AbP6KriQG0FeEIOIcsY9nwzhNq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AbP6KriQG0FeEIOIcsY9nwzhNq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6a:c0:e5:33:96:7c:21:6d:cd:78:4e:84:b7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01b3fa2ab8901b415e10838872c63d9f0ce136ad
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=563ca442efd0eeea0f7db1982f27474019357268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:c7:1b:9e:a9:1a:09:50:2b:2f:a1:99:c9:
                    d9:04:64:d4:b2:41:f4:59:53:e5:1f:11:c7:f5:d9:
                    30:d0:f0:3a:f3:72:96:bd:65:b4:f5:8d:f1:2a:6c:
                    22:01:52:92:29:f1:2f:0c:e4:84:98:b2:f7:e0:36:
                    79:fe:1d:a8:d8:1e:73:2f:d0:fc:74:04:d7:c2:cd:
                    4a:49:34:19:39:60:89:0d:4e:ce:be:c0:f7:e6:3e:
                    25:77:02:bd:cd:71:99:28:73:1d:e2:51:0b:24:0a:
                    ae:ca:17:70:45:65:1b:a3:e7:8f:af:49:5d:f7:34:
                    4f:a4:b6:df:5d:1c:1d:23:40:03:21:46:27:f6:76:
                    6c:99:ca:98:68:04:6b:69:e6:a3:9f:01:18:99:82:
                    6f:55:7e:16:53:f1:92:1e:5b:3b:3e:92:56:10:fd:
                    6a:10:f7:48:b4:5e:8f:47:2f:9e:5a:04:d0:5f:a1:
                    c2:42:bb:7c:a7:2b:bd:e7:90:8c:d5:21:da:a3:15:
                    a3:99:64:e1:aa:c5:b3:f9:88:84:c7:f8:00:9c:eb:
                    d5:fd:83:72:83:2b:bd:a1:aa:21:0e:fd:82:a0:d2:
                    7a:99:88:65:1c:ce:61:d1:a4:ba:0f:9c:ce:cb:dd:
                    88:15:e2:9c:d2:df:e3:39:4c:71:f6:34:d7:58:52:
                    7a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:3C:A4:42:EF:D0:EE:EA:0F:7D:B1:98:2F:27:47:40:19:35:72:68
            X509v3 Authority Key Identifier:
                keyid:01:B3:FA:2A:B8:90:1B:41:5E:10:83:88:72:C6:3D:9F:0C:E1:36:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AbP6KriQG0FeEIOIcsY9nwzhNq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/42bda6-a5da-471b-a3bf-81ecb490fb86/1/VjykQu_Q7uoPfbGYLydHQBk1cmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/42bda6-a5da-471b-a3bf-81ecb490fb86/1/AbP6KriQG0FeEIOIcsY9nwzhNq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.233.0.0/19
                  185.138.140.0/22
                IPv6:
                  2a07:e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:95:9f:ef:07:7e:33:76:88:e7:f9:4d:93:f5:f6:17:11:91:
         86:9e:43:6b:31:36:05:e9:b1:d3:68:33:f6:15:38:23:59:4b:
         a3:8b:3a:ef:b8:41:f4:14:7d:6b:fd:8e:f0:98:c5:1c:e9:f2:
         ef:a3:b5:6e:ec:54:eb:32:7b:be:66:ab:f0:7e:7b:76:de:d6:
         47:4c:68:9f:9d:dd:a3:89:92:30:f6:26:4e:62:48:1b:70:9d:
         64:a9:71:1c:f0:d9:44:d5:c2:ed:e8:f4:b7:9e:a0:e6:7d:58:
         59:f2:25:43:d2:cd:4b:82:60:e4:0f:78:9a:12:d9:43:78:f8:
         97:fc:fc:29:16:61:9a:12:1b:08:44:c7:dd:c0:40:37:71:fc:
         bd:e9:ea:c4:05:54:0a:e9:9d:2b:ff:e1:80:40:1e:12:d5:f3:
         aa:41:68:e2:54:a1:bc:92:0d:a7:e0:65:63:23:20:b7:0d:64:
         16:ad:2e:e8:08:7f:e3:2c:52:86:f7:ce:67:f6:1c:41:c3:3d:
         3a:bd:85:ac:e4:b7:b3:ea:f2:7b:e1:68:73:69:d3:67:a9:c0:
         17:70:41:73:bb:7a:ac:a0:60:75:2d:50:02:1e:20:12:78:cd:
         b5:23:11:1f:76:f1:87:18:57:f3:de:a1:e4:b5:f8:a5:42:ed:
         f2:98:b8:48
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKmrA5TOWfCFtzXhOhLf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxYjNmYTJhYjg5MDFiNDE1ZTEwODM4ODcyYzYzZDlmMGNl
MTM2YWQwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjNjYTQ0MmVmZDBlZWVhMGY3ZGIxOTgyZjI3NDc0MDE5MzU3MjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAperHG56pGglQKy+hmcnZBGTUskH0
WVPlHxHH9dkw0PA683KWvWW09Y3xKmwiAVKSKfEvDOSEmLL34DZ5/h2o2B5zL9D8
dATXws1KSTQZOWCJDU7OvsD35j4ldwK9zXGZKHMd4lELJAquyhdwRWUbo+ePr0ld
9zRPpLbfXRwdI0ADIUYn9nZsmcqYaARraeajnwEYmYJvVX4WU/GSHls7PpJWEP1q
EPdItF6PRy+eWgTQX6HCQrt8pyu955CM1SHaoxWjmWThqsWz+YiEx/gAnOvV/YNy
gyu9oaohDv2CoNJ6mYhlHM5h0aS6D5zOy92IFeKc0t/jOUxx9jTXWFJ6rwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFY8pELv0O7qD32xmC8nR0AZNXJoMB8GA1UdIwQY
MBaAFAGz+iq4kBtBXhCDiHLGPZ8M4TatMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWJQNktyaVFHMEZlRUlPSWNzWTlud3poTnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS80MmJkYTYtYTVkYS00NzFiLWEzYmYt
ODFlY2I0OTBmYjg2LzEvVmp5a1F1X1E3dW9QZmJHWUx5ZEhRQmsxY21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS80MmJkYTYtYTVkYS00NzFiLWEzYmYtODFlY2I0OTBmYjg2
LzEvQWJQNktyaVFHMEZlRUlPSWNzWTlud3poTnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFlekAAwQC
uYqMMA0EAgACMAcDBQMqBw6AMA0GCSqGSIb3DQEBCwUAA4IBAQBvlZ/vB34zdojn
+U2T9fYXEZGGnkNrMTYF6bHTaDP2FTgjWUujizrvuEH0FH1r/Y7wmMUc6fLvo7Vu
7FTrMnu+Zqvwfnt23tZHTGifnd2jiZIw9iZOYkgbcJ1kqXEc8NlE1cLt6PS3nqDm
fVhZ8iVD0s1LgmDkD3iaEtlDePiX/PwpFmGaEhsIRMfdwEA3cfy96erEBVQK6Z0r
/+GAQB4S1fOqQWjiVKG8kg2n4GVjIyC3DWQWrS7oCH/jLFKG985n9hxBwz06vYWs
5Lez6vJ74WhzadNnqcAXcEFzu3qsoGB1LVACHiASeM21IxEfdvGHGFfz3qHktfil
Qu3ymLhI
-----END CERTIFICATE-----