Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/VCDmw1wPdgyTNveMTkdADopcHeg.roa
File:                     VCDmw1wPdgyTNveMTkdADopcHeg.roa (raw, json)
Hash identifier:          dCRcdEDyKJ3sRLHF2hul4hXSfGT/p+QgWbpiTv4E40E=
Subject key identifier:   54:20:E6:C3:5C:0F:76:0C:93:36:F7:8C:4E:47:40:0E:8A:5C:1D:E8
Certificate issuer:       /CN=13a8bfb3f54754bd329180e593750265ef7e3999
Certificate serial:       018CC6B7A2819C1E17BA57E92E2BC34BF2FD
Authority key identifier: 13:A8:BF:B3:F5:47:54:BD:32:91:80:E5:93:75:02:65:EF:7E:39:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6i_s_VHVL0ykYDlk3UCZe9-OZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/VCDmw1wPdgyTNveMTkdADopcHeg.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61271
IP address blocks:        46.18.109.0/24 maxlen: 24
                          2a11:8d00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/E6i_s_VHVL0ykYDlk3UCZe9-OZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/E6i_s_VHVL0ykYDlk3UCZe9-OZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E6i_s_VHVL0ykYDlk3UCZe9-OZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a2:81:9c:1e:17:ba:57:e9:2e:2b:c3:4b:f2:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13a8bfb3f54754bd329180e593750265ef7e3999
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5420e6c35c0f760c9336f78c4e47400e8a5c1de8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4d:83:d9:d2:0e:a1:c1:e9:63:79:0e:d6:24:
                    a8:af:ca:f0:e3:c3:83:25:f4:66:da:9f:08:78:7f:
                    63:f2:1a:a2:dc:73:40:34:dc:59:d8:b0:46:0a:dc:
                    60:80:46:94:03:e5:51:5a:e3:22:ab:2a:81:80:00:
                    31:70:89:0c:e6:29:cd:87:b9:1f:78:7b:f0:8b:8b:
                    2b:b3:6a:b8:c3:d2:79:16:3b:69:f9:c3:88:5c:33:
                    95:ca:32:9f:0f:65:17:3d:85:c6:87:66:b8:36:fb:
                    0d:91:9b:47:a2:8a:3f:b5:84:08:39:51:c1:2d:22:
                    92:8f:d0:07:36:83:bc:99:97:96:28:90:cd:e3:80:
                    59:7e:6f:9e:4e:b0:a7:41:49:5b:d8:3c:42:e1:01:
                    a7:aa:d9:dd:f5:8b:cf:4e:43:be:4f:e7:6e:df:8f:
                    d2:35:6b:1d:4c:06:78:04:43:74:43:7f:97:6e:a7:
                    0d:97:90:9e:84:26:81:37:59:8c:46:0a:ab:d5:42:
                    a2:52:d5:67:af:4b:93:53:cf:87:dc:af:f9:74:d4:
                    2d:2b:28:3c:00:fb:af:02:2f:80:90:ba:65:42:b3:
                    74:86:8d:5d:5e:d2:f7:4a:dd:ee:97:8f:19:24:96:
                    ee:63:59:a8:94:c0:bf:a2:48:95:b5:4f:25:55:1e:
                    fd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:20:E6:C3:5C:0F:76:0C:93:36:F7:8C:4E:47:40:0E:8A:5C:1D:E8
            X509v3 Authority Key Identifier:
                keyid:13:A8:BF:B3:F5:47:54:BD:32:91:80:E5:93:75:02:65:EF:7E:39:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6i_s_VHVL0ykYDlk3UCZe9-OZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/VCDmw1wPdgyTNveMTkdADopcHeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/E6i_s_VHVL0ykYDlk3UCZe9-OZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.109.0/24
                IPv6:
                  2a11:8d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:0b:8d:16:9c:c8:38:f6:e3:df:3e:8f:fb:e2:7c:46:89:9f:
         4f:af:8e:dc:94:a1:97:8c:d3:a9:7a:82:b4:09:24:b4:9e:9d:
         8a:33:3a:51:1d:4e:3c:80:ac:1e:38:20:50:0f:0c:f2:8f:2a:
         d7:6e:1c:ac:a8:27:89:bb:7f:60:30:ae:41:93:04:a1:7a:fd:
         9f:85:0c:9c:ee:b1:a4:45:94:26:50:86:d4:49:93:7c:94:49:
         7d:68:99:3b:3a:5d:d7:ba:32:8f:cf:7f:a4:04:5a:84:78:02:
         bd:1d:ef:59:6d:4f:67:a4:42:6a:6c:6b:9c:e9:dd:29:1c:b0:
         c0:56:86:22:5b:c1:0b:b2:5a:aa:d8:92:b8:d0:b0:f6:fa:f6:
         bf:6d:1e:b6:cd:ff:00:a6:8d:d7:be:c2:d2:de:5a:7d:ec:10:
         f5:33:0e:7d:e8:4f:72:f2:29:48:5a:73:b7:9f:bb:b6:ad:9e:
         b1:08:84:71:92:72:ba:8d:cd:3c:4d:da:85:40:fd:82:f9:e4:
         1a:40:9f:d8:10:a6:19:a7:3f:fe:81:0c:d1:86:b6:cb:ad:7a:
         f8:84:a5:4a:54:3b:d1:ac:75:e7:07:93:2f:34:e9:36:ea:53:
         20:d8:eb:96:a5:e9:98:1a:0f:c2:ff:74:de:00:01:c9:f2:fb:
         7a:cd:c0:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt6KBnB4XulfpLivDS/L9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYThiZmIzZjU0NzU0YmQzMjkxODBlNTkzNzUwMjY1ZWY3
ZTM5OTkwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDIwZTZjMzVjMGY3NjBjOTMzNmY3OGM0ZTQ3NDAwZThhNWMxZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm02D2dIOocHpY3kO1iSor8rw48OD
JfRm2p8IeH9j8hqi3HNANNxZ2LBGCtxggEaUA+VRWuMiqyqBgAAxcIkM5inNh7kf
eHvwi4srs2q4w9J5Fjtp+cOIXDOVyjKfD2UXPYXGh2a4NvsNkZtHooo/tYQIOVHB
LSKSj9AHNoO8mZeWKJDN44BZfm+eTrCnQUlb2DxC4QGnqtnd9YvPTkO+T+du34/S
NWsdTAZ4BEN0Q3+XbqcNl5CehCaBN1mMRgqr1UKiUtVnr0uTU8+H3K/5dNQtKyg8
APuvAi+AkLplQrN0ho1dXtL3St3ul48ZJJbuY1molMC/okiVtU8lVR79KwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFQg5sNcD3YMkzb3jE5HQA6KXB3oMB8GA1UdIwQY
MBaAFBOov7P1R1S9MpGA5ZN1AmXvfjmZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTZpX3NfVkhWTDB5a1lEbGszVUNaZTktT1prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNzY1ODUtOTVmYy00ODAzLWJhNmUt
NzVjMGQ3OGViMDdkLzEvVkNEbXcxd1BkZ3lUTnZlTVRrZEFEb3BjSGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNzY1ODUtOTVmYy00ODAzLWJhNmUtNzVjMGQ3OGViMDdk
LzEvRTZpX3NfVkhWTDB5a1lEbGszVUNaZTktT1prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALhJtMA0E
AgACMAcDBQMqEY0AMA0GCSqGSIb3DQEBCwUAA4IBAQBvC40WnMg49uPfPo/74nxG
iZ9Pr47clKGXjNOpeoK0CSS0np2KMzpRHU48gKweOCBQDwzyjyrXbhysqCeJu39g
MK5BkwShev2fhQyc7rGkRZQmUIbUSZN8lEl9aJk7Ol3XujKPz3+kBFqEeAK9He9Z
bU9npEJqbGuc6d0pHLDAVoYiW8ELslqq2JK40LD2+va/bR62zf8Apo3XvsLS3lp9
7BD1Mw596E9y8ilIWnO3n7u2rZ6xCIRxknK6jc08TdqFQP2C+eQaQJ/YEKYZpz/+
gQzRhrbLrXr4hKVKVDvRrHXnB5MvNOk26lMg2OuWpemYGg/C/3TeAAHJ8vt6zcAA
-----END CERTIFICATE-----