Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/vv9K_YYYAn9YDj5HRyfXIXI8gv4.roa
File:                     vv9K_YYYAn9YDj5HRyfXIXI8gv4.roa (raw, json)
Hash identifier:          k+PJ2FicWcLKKJpMn5+vbadH3hMuSJVDkQ8BxcynSow=
Subject key identifier:   BE:FF:4A:FD:86:18:02:7F:58:0E:3E:47:47:27:D7:21:72:3C:82:FE
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       018CCA2BCC6F91BF1DCD39206F6FB8EDACA0
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/vv9K_YYYAn9YDj5HRyfXIXI8gv4.roa
Signing time:             Tue 02 Jan 2024 12:35:17 +0000
ROA not before:           Tue 02 Jan 2024 12:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.166.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:cc:6f:91:bf:1d:cd:39:20:6f:6f:b8:ed:ac:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  2 12:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beff4afd8618027f580e3e474727d721723c82fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:be:d3:f2:b2:2a:ae:a6:ef:8f:ab:13:30:6f:
                    0f:f6:6f:32:aa:c9:f7:65:3b:4a:55:a6:21:ea:d3:
                    81:ad:e5:22:a2:04:f5:ef:1f:80:87:cc:45:d7:8b:
                    52:60:28:6d:e5:f0:a2:84:c0:03:f8:bc:87:59:36:
                    48:06:be:1c:9c:52:bb:b0:71:b6:c8:2d:f0:5b:ca:
                    6d:79:96:b4:37:9b:f6:b6:7c:9c:0b:28:0f:09:ab:
                    1c:28:0a:b4:e3:84:d2:ad:24:1b:4b:14:90:7d:9d:
                    fc:8a:21:2d:ed:ab:68:1e:23:eb:1f:4a:e9:41:92:
                    fb:24:11:8f:3f:05:15:4d:2a:a1:d1:78:f4:c7:0a:
                    29:84:16:72:99:98:06:5e:9b:10:c1:65:c6:4c:1f:
                    00:ad:c7:1e:42:4d:37:b1:37:3a:e3:a5:a8:8b:0f:
                    b7:7c:b7:3c:2c:da:34:b1:19:6d:a7:ea:3e:38:ce:
                    85:36:cd:5e:2b:82:1c:55:96:f5:8d:69:e9:0d:ad:
                    7e:43:80:e4:53:fc:ad:d7:91:47:e7:40:a3:1c:cd:
                    4a:5c:f4:f3:eb:25:73:e5:6b:c4:fd:17:d4:9d:97:
                    5e:37:9e:c5:b9:d6:8c:29:56:f3:dc:bd:4f:68:2d:
                    a3:58:c3:74:83:77:61:56:c2:7e:d5:04:5d:d5:67:
                    1c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:FF:4A:FD:86:18:02:7F:58:0E:3E:47:47:27:D7:21:72:3C:82:FE
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/vv9K_YYYAn9YDj5HRyfXIXI8gv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0a:56:2a:90:62:66:94:33:3f:41:19:d6:fb:d0:a1:90:b5:d2:
         73:1a:f1:af:3e:a6:e2:9f:cf:5b:f6:6c:a4:25:9c:29:b5:a1:
         64:c7:3c:20:e4:d2:d8:e4:b6:c1:63:93:e3:be:9f:9e:08:dc:
         8f:2a:2a:2e:ec:00:35:8e:6d:dc:ec:d0:87:38:ac:dc:8c:25:
         9b:30:10:d0:4c:d3:2d:e6:1e:be:55:47:31:45:e7:e2:a9:50:
         63:92:80:7b:cf:1d:19:59:c7:e9:54:ba:b9:00:6e:9d:cf:e8:
         2b:aa:f6:73:ab:c7:05:21:a7:bf:ad:03:33:5f:62:5a:05:24:
         32:35:fd:b2:a1:66:bc:27:2b:60:b3:bf:3d:9c:61:2f:9f:bf:
         c2:b3:18:34:1b:01:cf:19:de:ac:39:14:2c:1b:3f:07:dd:6d:
         a1:49:b1:9e:e3:12:7c:02:6b:4c:3a:f2:cc:39:af:82:e4:89:
         79:ae:49:9b:fc:32:cd:47:be:53:51:ac:fb:17:c1:62:17:f1:
         6c:50:58:13:70:98:90:32:a6:5f:57:19:ac:b4:41:3f:77:5c:
         d5:0b:fe:61:53:6a:48:7d:cf:b3:9f:db:ba:54:6f:c8:34:1e:
         1a:7d:fe:da:e6:65:69:c2:15:73:06:8c:01:d3:ea:09:42:4d:
         bb:ac:26:36
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKK8xvkb8dzTkgb2+47aygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWZmNGFmZDg2MTgwMjdmNTgwZTNlNDc0NzI3ZDcyMTcyM2M4MmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb7T8rIqrqbvj6sTMG8P9m8yqsn3
ZTtKVaYh6tOBreUiogT17x+Ah8xF14tSYCht5fCihMAD+LyHWTZIBr4cnFK7sHG2
yC3wW8pteZa0N5v2tnycCygPCascKAq044TSrSQbSxSQfZ38iiEt7atoHiPrH0rp
QZL7JBGPPwUVTSqh0Xj0xwophBZymZgGXpsQwWXGTB8ArcceQk03sTc646Woiw+3
fLc8LNo0sRltp+o+OM6FNs1eK4IcVZb1jWnpDa1+Q4DkU/yt15FH50CjHM1KXPTz
6yVz5WvE/RfUnZdeN57FudaMKVbz3L1PaC2jWMN0g3dhVsJ+1QRd1WccvwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL7/Sv2GGAJ/WA4+R0cn1yFyPIL+MB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL3Z2OUtfWVlZQW45WURqNUhSeWZYSVhJOGd2NC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPApjgw
DQYJKoZIhvcNAQELBQADggEBAApWKpBiZpQzP0EZ1vvQoZC10nMa8a8+puKfz1v2
bKQlnCm1oWTHPCDk0tjktsFjk+O+n54I3I8qKi7sADWObdzs0Ic4rNyMJZswENBM
0y3mHr5VRzFF5+KpUGOSgHvPHRlZx+lUurkAbp3P6Cuq9nOrxwUhp7+tAzNfYloF
JDI1/bKhZrwnK2Czvz2cYS+fv8KzGDQbAc8Z3qw5FCwbPwfdbaFJsZ7jEnwCa0w6
8sw5r4LkiXmuSZv8Ms1HvlNRrPsXwWIX8WxQWBNwmJAypl9XGay0QT93XNUL/mFT
akh9z7Of27pUb8g0Hhp9/trmZWnCFXMGjAHT6glCTbusJjY=
-----END CERTIFICATE-----