Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/06ca5d-d0c4-4215-8968-b6d4c4fc0c21/1/VhvK3_8ch6TIJa3XQ7Ju1Pctjo4.roa
File:                     VhvK3_8ch6TIJa3XQ7Ju1Pctjo4.roa (raw, json)
Hash identifier:          /1gTtq3l1ph7QCImobAtTXidZpoWzvdNzdNSPKVQY+Q=
Subject key identifier:   56:1B:CA:DF:FF:1C:87:A4:C8:25:AD:D7:43:B2:6E:D4:F7:2D:8E:8E
Certificate issuer:       /CN=90cbaa6b36e6cd6874c78ed45a4f8dd7173031d9
Certificate serial:       018CC49238761F84016FA3796C744564653B
Authority key identifier: 90:CB:AA:6B:36:E6:CD:68:74:C7:8E:D4:5A:4F:8D:D7:17:30:31:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kMuqazbmzWh0x47UWk-N1xcwMdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/06ca5d-d0c4-4215-8968-b6d4c4fc0c21/1/VhvK3_8ch6TIJa3XQ7Ju1Pctjo4.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204922
IP address blocks:        185.235.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/06ca5d-d0c4-4215-8968-b6d4c4fc0c21/1/kMuqazbmzWh0x47UWk-N1xcwMdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/06ca5d-d0c4-4215-8968-b6d4c4fc0c21/1/kMuqazbmzWh0x47UWk-N1xcwMdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kMuqazbmzWh0x47UWk-N1xcwMdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:38:76:1f:84:01:6f:a3:79:6c:74:45:64:65:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90cbaa6b36e6cd6874c78ed45a4f8dd7173031d9
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=561bcadfff1c87a4c825add743b26ed4f72d8e8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:21:9c:6d:16:17:15:c3:70:e5:b0:cd:59:71:
                    23:58:77:f3:7c:10:0d:ba:5b:86:43:94:66:c2:e9:
                    92:40:ff:cd:e7:dd:ba:71:cb:13:09:e3:4b:38:fa:
                    d6:cf:46:69:f3:94:8d:3f:91:3a:00:c7:c3:0a:0b:
                    10:44:ec:aa:f1:74:52:30:f1:f9:3b:5e:ff:9d:2a:
                    4e:f3:6c:16:e8:e9:e3:a1:7c:14:28:49:69:99:03:
                    88:75:e1:e7:19:47:1b:e9:a3:f6:f1:65:1d:e9:bf:
                    6f:1b:33:7e:5f:f1:3e:f7:b7:7c:59:54:04:40:f3:
                    8a:bf:39:05:7e:e2:52:4b:8c:1f:c4:d2:75:f2:13:
                    85:7f:23:b8:aa:ae:1b:aa:81:79:93:56:b7:e1:f8:
                    fc:e5:f2:43:85:d2:77:13:bc:4a:b5:16:35:33:0a:
                    98:35:03:3f:d6:1a:69:4a:c9:08:8d:a6:fe:19:09:
                    7d:1f:29:c3:db:24:7c:29:f8:8f:4c:6e:6f:5a:c3:
                    47:59:ad:73:32:48:e2:fb:72:e0:6c:12:2c:a0:a8:
                    54:dd:74:2a:a4:c8:b7:af:64:94:0f:dc:50:0a:8a:
                    d0:63:d7:4d:f9:75:75:82:10:ef:8f:96:dd:9a:62:
                    ca:38:e3:5b:ef:00:75:71:66:b7:1e:44:6f:5a:52:
                    70:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:1B:CA:DF:FF:1C:87:A4:C8:25:AD:D7:43:B2:6E:D4:F7:2D:8E:8E
            X509v3 Authority Key Identifier:
                keyid:90:CB:AA:6B:36:E6:CD:68:74:C7:8E:D4:5A:4F:8D:D7:17:30:31:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kMuqazbmzWh0x47UWk-N1xcwMdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/06ca5d-d0c4-4215-8968-b6d4c4fc0c21/1/VhvK3_8ch6TIJa3XQ7Ju1Pctjo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/06ca5d-d0c4-4215-8968-b6d4c4fc0c21/1/kMuqazbmzWh0x47UWk-N1xcwMdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:bb:a0:c4:77:fb:8a:52:38:27:a2:d9:a2:82:a6:7f:cf:77:
         74:af:12:ad:50:a1:88:42:96:c4:82:18:57:75:49:17:ce:fe:
         6c:79:db:a0:1a:82:25:ba:2e:2c:50:0d:28:c7:2b:85:32:09:
         54:0b:1b:f9:f9:f8:c2:4d:03:53:18:5c:e6:01:81:95:dd:c6:
         8b:2f:ca:9d:3b:35:c8:54:6f:af:cf:ba:df:30:d6:cf:5e:3d:
         a6:62:69:c3:95:55:5e:25:43:17:32:57:b5:3b:32:b9:47:ed:
         c9:e9:35:4d:46:12:81:6c:98:3c:af:5e:9d:7a:4b:c0:53:c8:
         02:e5:7a:65:3a:3f:63:ea:ab:df:52:26:1d:e1:68:27:30:51:
         d7:95:3d:2d:90:72:53:2b:fb:14:79:9f:f0:63:51:83:80:27:
         5a:5a:15:f1:a0:70:ce:ee:1a:16:34:28:42:b3:a4:73:96:9d:
         fb:2b:18:17:99:4e:43:f2:50:02:d7:ac:97:c8:e6:ce:af:dd:
         1a:29:2f:da:34:6e:40:f5:e4:d7:d2:01:71:aa:1a:13:11:be:
         27:98:05:b9:06:8c:91:9f:45:34:45:6a:56:90:f2:fa:da:5e:
         1c:24:c2:76:76:cc:7a:f6:82:5f:73:78:ef:e8:e5:ae:f2:c1:
         46:8c:d2:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjh2H4QBb6N5bHRFZGU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwY2JhYTZiMzZlNmNkNjg3NGM3OGVkNDVhNGY4ZGQ3MTcz
MDMxZDkwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjFiY2FkZmZmMWM4N2E0YzgyNWFkZDc0M2IyNmVkNGY3MmQ4ZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiGcbRYXFcNw5bDNWXEjWHfzfBAN
uluGQ5RmwumSQP/N5926ccsTCeNLOPrWz0Zp85SNP5E6AMfDCgsQROyq8XRSMPH5
O17/nSpO82wW6OnjoXwUKElpmQOIdeHnGUcb6aP28WUd6b9vGzN+X/E+97d8WVQE
QPOKvzkFfuJSS4wfxNJ18hOFfyO4qq4bqoF5k1a34fj85fJDhdJ3E7xKtRY1MwqY
NQM/1hppSskIjab+GQl9HynD2yR8KfiPTG5vWsNHWa1zMkji+3LgbBIsoKhU3XQq
pMi3r2SUD9xQCorQY9dN+XV1ghDvj5bdmmLKOONb7wB1cWa3HkRvWlJwSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFYbyt//HIekyCWt10OybtT3LY6OMB8GA1UdIwQY
MBaAFJDLqms25s1odMeO1FpPjdcXMDHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva011cWF6Ym16V2gweDQ3VVdrLU4xeGN3TWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wNmNhNWQtZDBjNC00MjE1LTg5Njgt
YjZkNGM0ZmMwYzIxLzEvVmh2SzNfOGNoNlRJSmEzWFE3SnUxUGN0am80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wNmNhNWQtZDBjNC00MjE1LTg5NjgtYjZkNGM0ZmMwYzIx
LzEva011cWF6Ym16V2gweDQ3VVdrLU4xeGN3TWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuevQMA0G
CSqGSIb3DQEBCwUAA4IBAQCSu6DEd/uKUjgnotmigqZ/z3d0rxKtUKGIQpbEghhX
dUkXzv5sedugGoIlui4sUA0oxyuFMglUCxv5+fjCTQNTGFzmAYGV3caLL8qdOzXI
VG+vz7rfMNbPXj2mYmnDlVVeJUMXMle1OzK5R+3J6TVNRhKBbJg8r16dekvAU8gC
5XplOj9j6qvfUiYd4WgnMFHXlT0tkHJTK/sUeZ/wY1GDgCdaWhXxoHDO7hoWNChC
s6Rzlp37KxgXmU5D8lAC16yXyObOr90aKS/aNG5A9eTX0gFxqhoTEb4nmAW5BoyR
n0U0RWpWkPL62l4cJMJ2dsx69oJfc3jv6OWu8sFGjNL4
-----END CERTIFICATE-----