Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/VSkOhfiwsQjKyYNLwmHQD99iifQ.roa
File:                     VSkOhfiwsQjKyYNLwmHQD99iifQ.roa (raw, json)
Hash identifier:          dlL2DiTBNR5LOJj3gMNn+vfpZNknkBIld3mWRUpwkBc=
Subject key identifier:   55:29:0E:85:F8:B0:B1:08:CA:C9:83:4B:C2:61:D0:0F:DF:62:89:F4
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FC6F0A18BC2E2EF0837D76F4D4344
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/VSkOhfiwsQjKyYNLwmHQD99iifQ.roa
Signing time:             Tue 02 Jan 2024 04:30:17 +0000
ROA not before:           Tue 02 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210878
IP address blocks:        109.207.140.0/23 maxlen: 23
                          64.43.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c6:f0:a1:8b:c2:e2:ef:08:37:d7:6f:4d:43:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55290e85f8b0b108cac9834bc261d00fdf6289f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:93:b2:32:7e:f9:96:05:91:a9:5a:32:24:c9:
                    50:32:0a:3f:ba:47:50:25:1f:0f:08:ba:2b:8a:f6:
                    91:0c:20:d1:b9:5f:9b:c5:65:b3:57:f3:32:fe:b5:
                    ad:ae:4f:3a:ae:e2:e4:ca:b2:54:66:1c:24:0f:4e:
                    b6:a8:e9:22:b0:50:01:30:af:6f:65:cc:c2:05:fd:
                    1e:05:ce:0a:d0:d9:7f:07:33:0b:cf:bb:eb:82:16:
                    01:85:47:74:bb:5e:e8:50:ef:48:46:bb:d4:4f:54:
                    b5:df:12:ce:b1:c9:d4:3c:c3:a4:4c:42:db:85:c6:
                    ec:db:61:79:34:3a:a1:f5:c6:60:43:6c:61:53:b4:
                    b5:61:28:72:3b:7d:02:b7:db:10:de:6d:65:01:1f:
                    be:4f:d7:0c:e2:bd:b6:4c:6b:c1:d3:2f:57:1d:d1:
                    91:19:2b:ba:06:45:3b:e3:d0:e2:f6:ab:2c:68:26:
                    19:53:30:c1:ab:6c:0d:0b:9c:eb:8d:66:77:ac:59:
                    5e:48:99:0f:72:cc:ff:46:f3:2a:1d:38:61:d3:78:
                    f0:f5:eb:04:f8:0e:c5:fb:dd:a7:f1:48:54:07:9a:
                    3c:7f:b4:43:5e:54:e8:f0:71:39:3b:96:86:08:3b:
                    87:a4:86:50:fe:2c:71:6b:0c:2f:f4:55:08:73:ef:
                    ee:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:29:0E:85:F8:B0:B1:08:CA:C9:83:4B:C2:61:D0:0F:DF:62:89:F4
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/VSkOhfiwsQjKyYNLwmHQD99iifQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.43.92.0/22
                  109.207.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:20:cb:79:bb:67:24:3d:9c:6c:7f:ca:2a:f0:60:3a:43:26:
         8d:95:a5:32:27:2b:00:c2:96:c4:5c:50:f2:9c:f0:91:6f:ec:
         bd:02:11:17:95:08:54:4c:e3:a0:7b:14:44:4e:26:80:c7:60:
         a5:ca:46:22:17:92:de:19:ce:ef:04:aa:9a:cb:2f:98:bb:a8:
         f4:20:55:80:1d:74:55:21:8f:e2:13:fd:ea:89:bb:9f:25:e1:
         89:bd:e5:99:be:ba:63:56:0c:98:c6:49:42:9c:be:60:75:f2:
         92:10:5d:9f:66:3c:59:c0:68:ba:91:4c:dd:8f:a7:6f:36:25:
         eb:c8:20:54:8c:7a:a8:b8:67:03:e1:dd:40:be:3c:c9:f7:97:
         97:38:a0:cb:a7:ae:7b:30:83:4a:1b:d9:8b:01:bd:95:be:d5:
         5f:8c:67:d3:7c:75:18:69:8f:de:b3:a6:e2:62:fe:a8:90:6a:
         65:71:f5:63:07:e1:8a:6a:76:13:cb:07:7e:70:90:dc:48:4e:
         73:18:84:9c:d0:92:72:ee:0b:fb:c5:d0:d0:5f:fa:2a:14:2f:
         03:be:c4:26:81:be:d4:7f:ef:e9:46:26:98:2a:be:36:87:de:
         1f:1d:e0:6e:c1:62:ab:65:ce:77:0f:20:a7:08:68:91:c1:06:
         b0:10:31:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb8bwoYvC4u8IN9dvTUNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTI5MGU4NWY4YjBiMTA4Y2FjOTgzNGJjMjYxZDAwZmRmNjI4OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJOyMn75lgWRqVoyJMlQMgo/ukdQ
JR8PCLorivaRDCDRuV+bxWWzV/My/rWtrk86ruLkyrJUZhwkD062qOkisFABMK9v
ZczCBf0eBc4K0Nl/BzMLz7vrghYBhUd0u17oUO9IRrvUT1S13xLOscnUPMOkTELb
hcbs22F5NDqh9cZgQ2xhU7S1YShyO30Ct9sQ3m1lAR++T9cM4r22TGvB0y9XHdGR
GSu6BkU749Di9qssaCYZUzDBq2wNC5zrjWZ3rFleSJkPcsz/RvMqHThh03jw9esE
+A7F+92n8UhUB5o8f7RDXlTo8HE5O5aGCDuHpIZQ/ixxawwv9FUIc+/ulQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFUpDoX4sLEIysmDS8Jh0A/fYon0MB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvVlNrT2hmaXdzUWpLeVlOTHdtSFFEOTlpaWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCQCtcAwQB
bc+MMA0GCSqGSIb3DQEBCwUAA4IBAQChIMt5u2ckPZxsf8oq8GA6QyaNlaUyJysA
wpbEXFDynPCRb+y9AhEXlQhUTOOgexRETiaAx2ClykYiF5LeGc7vBKqayy+Yu6j0
IFWAHXRVIY/iE/3qibufJeGJveWZvrpjVgyYxklCnL5gdfKSEF2fZjxZwGi6kUzd
j6dvNiXryCBUjHqouGcD4d1AvjzJ95eXOKDLp657MINKG9mLAb2VvtVfjGfTfHUY
aY/es6biYv6okGplcfVjB+GKanYTywd+cJDcSE5zGISc0JJy7gv7xdDQX/oqFC8D
vsQmgb7Uf+/pRiaYKr42h94fHeBuwWKrZc53DyCnCGiRwQawEDFg
-----END CERTIFICATE-----