Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/VsRlCZUYG6wFt1MtJqJ-7hSM0c8.roa
File:                     VsRlCZUYG6wFt1MtJqJ-7hSM0c8.roa (raw, json)
Hash identifier:          KfoQ9ESZALvZOuUVMt38yz8qlfcv/Eae5enitFD53Gw=
Subject key identifier:   56:C4:65:09:95:18:1B:AC:05:B7:53:2D:26:A2:7E:EE:14:8C:D1:CF
Certificate issuer:       /CN=1627573c68929ab2a4590e92a51abc40ea9e5817
Certificate serial:       018F76E4A0CA52B76D670386BB4AABC420B0
Authority key identifier: 16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/VsRlCZUYG6wFt1MtJqJ-7hSM0c8.roa
Signing time:             Tue 14 May 2024 11:37:25 +0000
ROA not before:           Tue 14 May 2024 11:37:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201895
IP address blocks:        185.60.160.0/24 maxlen: 24
                          185.60.161.0/24 maxlen: 24
                          185.60.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e4:a0:ca:52:b7:6d:67:03:86:bb:4a:ab:c4:20:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1627573c68929ab2a4590e92a51abc40ea9e5817
        Validity
            Not Before: May 14 11:37:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56c4650995181bac05b7532d26a27eee148cd1cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9a:cd:b9:b2:a7:67:19:73:4d:9e:c3:6b:f3:
                    52:4b:0e:74:d5:e0:bd:8a:9b:22:7a:7d:a6:7f:c7:
                    ca:95:2f:f8:ea:2d:80:eb:04:3f:c7:b4:34:6b:d5:
                    e1:27:d1:78:eb:fa:6a:5d:2a:21:8d:ba:5c:94:ff:
                    d5:ee:1d:41:48:e3:16:d3:5b:8f:8a:ea:b7:04:ce:
                    41:cb:51:58:78:b1:dc:be:18:bf:77:fa:54:9e:b6:
                    49:f0:a7:77:1a:8c:7d:67:6d:c9:6a:49:97:5b:f8:
                    e1:aa:c7:52:f8:8f:05:1d:98:41:9d:1b:de:2c:ee:
                    62:9c:6f:af:39:1e:16:ff:6f:66:15:5b:65:e8:be:
                    65:c4:bf:a7:09:23:5e:67:e5:1d:c3:8d:9d:a8:a2:
                    a1:5e:5c:b6:f1:fc:7b:56:1b:42:74:a7:19:b4:50:
                    af:43:bc:d3:76:42:0a:24:36:7a:63:8f:b3:b5:8d:
                    e6:e3:2f:6d:72:73:59:36:bc:22:73:c3:db:09:a0:
                    9d:97:d3:79:d3:d6:56:a0:c9:9a:53:f3:31:9e:d8:
                    25:e8:ae:9c:d3:5a:3d:e7:33:67:d3:86:29:42:f7:
                    09:5a:97:d7:0f:38:09:a3:d3:e2:fd:ed:06:69:17:
                    7d:fc:f8:6c:9b:27:fb:7d:c0:85:e4:54:2f:da:b8:
                    5b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:C4:65:09:95:18:1B:AC:05:B7:53:2D:26:A2:7E:EE:14:8C:D1:CF
            X509v3 Authority Key Identifier:
                keyid:16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/VsRlCZUYG6wFt1MtJqJ-7hSM0c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.160.0/23
                  185.60.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:2b:b1:b3:2f:18:76:5c:0e:06:64:bc:cd:66:b7:c6:83:59:
         9d:30:d3:fb:29:d7:fb:67:8c:78:e8:50:a2:3f:ae:a6:3f:ca:
         fc:48:0a:8c:d1:12:f0:04:97:a5:35:13:e2:70:14:06:ee:9f:
         30:f8:ad:0e:ae:1d:57:cc:80:d1:95:5a:e0:d6:83:a0:08:d1:
         81:e1:d1:c6:50:f5:77:ef:18:47:68:3f:44:e2:94:94:e7:7c:
         e4:98:fd:3e:a1:3e:ac:f7:c9:54:eb:ff:13:69:ea:1d:05:06:
         0a:8c:2c:c8:61:1f:1b:32:6a:20:21:e3:ef:19:ee:9c:e2:3c:
         78:c5:f4:9b:63:b5:a8:12:0f:1a:52:ed:2b:20:14:9e:3f:99:
         10:31:0c:ee:7d:d8:03:75:af:44:15:da:81:03:82:00:9d:1d:
         f3:f3:bc:93:19:cf:33:b5:41:2d:af:00:e7:09:02:79:fc:c7:
         17:08:46:89:2d:f7:48:9f:51:71:b9:cf:35:bf:53:1d:7a:e1:
         95:9d:cb:32:be:ce:c2:e3:b6:af:1c:bf:a5:49:3d:52:0c:92:
         63:e9:42:72:ac:23:5e:e3:8b:74:90:b4:00:90:c6:24:d1:5c:
         77:72:57:ad:df:db:65:ee:74:7f:38:d2:fb:94:2a:1f:ad:34:
         79:fb:55:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY925KDKUrdtZwOGu0qrxCCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Mjc1NzNjNjg5MjlhYjJhNDU5MGU5MmE1MWFiYzQwZWE5
ZTU4MTcwHhcNMjQwNTE0MTEzNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmM0NjUwOTk1MTgxYmFjMDViNzUzMmQyNmEyN2VlZTE0OGNkMWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5rNubKnZxlzTZ7Da/NSSw501eC9
ipsien2mf8fKlS/46i2A6wQ/x7Q0a9XhJ9F46/pqXSohjbpclP/V7h1BSOMW01uP
iuq3BM5By1FYeLHcvhi/d/pUnrZJ8Kd3Gox9Z23JakmXW/jhqsdS+I8FHZhBnRve
LO5inG+vOR4W/29mFVtl6L5lxL+nCSNeZ+Udw42dqKKhXly28fx7VhtCdKcZtFCv
Q7zTdkIKJDZ6Y4+ztY3m4y9tcnNZNrwic8PbCaCdl9N509ZWoMmaU/Mxntgl6K6c
01o95zNn04YpQvcJWpfXDzgJo9Pi/e0GaRd9/Phsmyf7fcCF5FQv2rhbTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFbEZQmVGBusBbdTLSaifu4UjNHPMB8GA1UdIwQY
MBaAFBYnVzxokpqypFkOkqUavEDqnlgXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2Ut
ZTZmOWRiNzQxMzlkLzEvVnNSbENaVVlHNndGdDFNdEpxSi03aFNNMGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2UtZTZmOWRiNzQxMzlk
LzEvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuTygAwQA
uTyjMA0GCSqGSIb3DQEBCwUAA4IBAQANK7GzLxh2XA4GZLzNZrfGg1mdMNP7Kdf7
Z4x46FCiP66mP8r8SAqM0RLwBJelNRPicBQG7p8w+K0Orh1XzIDRlVrg1oOgCNGB
4dHGUPV37xhHaD9E4pSU53zkmP0+oT6s98lU6/8TaeodBQYKjCzIYR8bMmogIePv
Ge6c4jx4xfSbY7WoEg8aUu0rIBSeP5kQMQzufdgDda9EFdqBA4IAnR3z87yTGc8z
tUEtrwDnCQJ5/McXCEaJLfdIn1Fxuc81v1MdeuGVncsyvs7C47avHL+lST1SDJJj
6UJyrCNe44t0kLQAkMYk0Vx3clet39tl7nR/ONL7lCofrTR5+1XF
-----END CERTIFICATE-----