Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/a54eb1-33de-401f-935a-f349284509b7/1/VJl2KeErYofZaDB8ySDAebxcxf8.roa
File:                     VJl2KeErYofZaDB8ySDAebxcxf8.roa (raw, json)
Hash identifier:          9q3xwgTqUEMi/3MZWD4NFAZnnIdymt67Rrl3QZz+9IQ=
Subject key identifier:   54:99:76:29:E1:2B:62:87:D9:68:30:7C:C9:20:C0:79:BC:5C:C5:FF
Certificate issuer:       /CN=9296d84e64d55ec812476fb806f0fe75a08bfb2b
Certificate serial:       018CCA9A1F331BA29DFB5D89CA9DA4EDF947
Authority key identifier: 92:96:D8:4E:64:D5:5E:C8:12:47:6F:B8:06:F0:FE:75:A0:8B:FB:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpbYTmTVXsgSR2-4BvD-daCL-ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/a54eb1-33de-401f-935a-f349284509b7/1/VJl2KeErYofZaDB8ySDAebxcxf8.roa
Signing time:             Tue 02 Jan 2024 14:35:47 +0000
ROA not before:           Tue 02 Jan 2024 14:35:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64444
IP address blocks:        185.164.164.0/22 maxlen: 22
                          2a0a:a400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/a54eb1-33de-401f-935a-f349284509b7/1/kpbYTmTVXsgSR2-4BvD-daCL-ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/a54eb1-33de-401f-935a-f349284509b7/1/kpbYTmTVXsgSR2-4BvD-daCL-ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kpbYTmTVXsgSR2-4BvD-daCL-ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:1f:33:1b:a2:9d:fb:5d:89:ca:9d:a4:ed:f9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9296d84e64d55ec812476fb806f0fe75a08bfb2b
        Validity
            Not Before: Jan  2 14:35:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54997629e12b6287d968307cc920c079bc5cc5ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d5:11:b1:80:d4:46:a9:21:99:0b:90:b1:d5:
                    c5:68:e3:c6:44:ae:23:1e:cf:a1:82:6a:2f:62:bd:
                    a2:5b:94:0e:73:55:36:82:5c:83:14:bf:4a:34:ce:
                    dc:72:fc:ef:e9:61:1b:83:08:46:2e:d9:48:4d:06:
                    39:fa:a9:cb:e7:fe:d9:3d:78:dd:0c:93:f7:4f:bd:
                    de:ee:27:20:d6:62:bf:8e:1e:a8:e0:e6:57:be:d7:
                    26:9f:7e:ad:65:6f:99:a8:98:ec:a6:c8:2c:5c:a6:
                    71:74:22:dc:b2:09:98:5c:55:f4:46:18:db:83:ed:
                    5d:7d:34:17:76:08:0e:fa:2e:7f:16:76:10:60:de:
                    e1:17:7e:40:60:e6:7a:a0:54:77:32:d8:17:81:00:
                    40:33:40:e9:2c:be:ad:d1:32:ed:69:35:fe:8b:55:
                    05:87:93:01:0d:11:65:5b:a7:bd:ef:bd:6e:df:af:
                    6f:0b:ef:b0:7c:eb:0d:42:5e:a5:df:8e:ba:e8:85:
                    7c:4b:52:5f:18:02:b7:f0:28:8d:ee:c4:b9:37:be:
                    17:70:1a:95:83:16:b9:31:d3:87:32:87:72:6f:c3:
                    c5:1b:8e:a9:f7:5f:8d:0d:a3:0f:b1:a6:e2:63:ba:
                    43:6d:a2:5d:a8:0a:f1:06:14:2c:5c:4b:40:e0:a8:
                    e4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:99:76:29:E1:2B:62:87:D9:68:30:7C:C9:20:C0:79:BC:5C:C5:FF
            X509v3 Authority Key Identifier:
                keyid:92:96:D8:4E:64:D5:5E:C8:12:47:6F:B8:06:F0:FE:75:A0:8B:FB:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpbYTmTVXsgSR2-4BvD-daCL-ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a54eb1-33de-401f-935a-f349284509b7/1/VJl2KeErYofZaDB8ySDAebxcxf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a54eb1-33de-401f-935a-f349284509b7/1/kpbYTmTVXsgSR2-4BvD-daCL-ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.164.0/22
                IPv6:
                  2a0a:a400::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:85:d8:2f:be:e0:93:56:25:52:dc:e6:2f:82:55:dc:d3:e0:
         0a:96:e8:c2:af:9b:c2:27:88:c0:7a:8e:40:b6:0e:a7:25:ee:
         65:3f:a2:09:27:8f:b6:19:80:3f:19:49:31:e3:59:67:4d:63:
         c4:4e:aa:8d:01:ab:9c:f7:9c:3b:42:6c:d4:8a:0f:8b:9c:e8:
         10:d6:bf:fa:a2:0c:a8:fd:a3:0f:e5:02:ed:7a:88:5b:b3:c8:
         e9:3f:9d:1d:b2:44:df:af:85:69:32:97:de:bb:2c:f3:70:f0:
         d0:4e:51:da:b6:01:5d:73:35:40:d2:cd:85:09:26:8b:12:9b:
         dc:9b:f4:3f:bc:bf:53:98:5e:bd:b7:02:60:35:8c:d5:06:c0:
         b0:cd:de:a7:5b:42:43:a9:35:32:60:1b:8a:2e:59:ad:26:9f:
         c7:e5:f2:87:75:21:04:b6:c0:8a:a9:4e:8f:01:a2:6b:e4:4c:
         6c:d5:85:67:af:fe:e4:a1:00:eb:ec:d3:a9:f5:27:09:5c:f8:
         7a:01:fb:17:9a:f3:8a:de:67:1c:66:0c:2d:22:99:3c:5f:55:
         f4:da:f4:16:69:2a:97:ea:ec:f4:56:cb:04:ab:1a:7d:50:2f:
         06:ff:c9:da:1a:8e:ec:72:21:ac:94:43:51:a9:d2:5b:7b:79:
         75:d8:72:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmh8zG6Kd+12Jyp2k7flHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTZkODRlNjRkNTVlYzgxMjQ3NmZiODA2ZjBmZTc1YTA4
YmZiMmIwHhcNMjQwMTAyMTQzNTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDk5NzYyOWUxMmI2Mjg3ZDk2ODMwN2NjOTIwYzA3OWJjNWNjNWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNURsYDURqkhmQuQsdXFaOPGRK4j
Hs+hgmovYr2iW5QOc1U2glyDFL9KNM7ccvzv6WEbgwhGLtlITQY5+qnL5/7ZPXjd
DJP3T73e7icg1mK/jh6o4OZXvtcmn36tZW+ZqJjspsgsXKZxdCLcsgmYXFX0Rhjb
g+1dfTQXdggO+i5/FnYQYN7hF35AYOZ6oFR3MtgXgQBAM0DpLL6t0TLtaTX+i1UF
h5MBDRFlW6e9771u369vC++wfOsNQl6l34666IV8S1JfGAK38CiN7sS5N74XcBqV
gxa5MdOHModyb8PFG46p91+NDaMPsabiY7pDbaJdqArxBhQsXEtA4KjkIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFSZdinhK2KH2WgwfMkgwHm8XMX/MB8GA1UdIwQY
MBaAFJKW2E5k1V7IEkdvuAbw/nWgi/srMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BiWVRtVFZYc2dTUjItNEJ2RC1kYUNMLXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9hNTRlYjEtMzNkZS00MDFmLTkzNWEt
ZjM0OTI4NDUwOWI3LzEvVkpsMktlRXJZb2ZaYURCOHlTREFlYnhjeGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9hNTRlYjEtMzNkZS00MDFmLTkzNWEtZjM0OTI4NDUwOWI3
LzEva3BiWVRtVFZYc2dTUjItNEJ2RC1kYUNMLXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaSkMA0E
AgACMAcDBQMqCqQAMA0GCSqGSIb3DQEBCwUAA4IBAQB8hdgvvuCTViVS3OYvglXc
0+AKlujCr5vCJ4jAeo5Atg6nJe5lP6IJJ4+2GYA/GUkx41lnTWPETqqNAauc95w7
QmzUig+LnOgQ1r/6ogyo/aMP5QLteohbs8jpP50dskTfr4VpMpfeuyzzcPDQTlHa
tgFdczVA0s2FCSaLEpvcm/Q/vL9TmF69twJgNYzVBsCwzd6nW0JDqTUyYBuKLlmt
Jp/H5fKHdSEEtsCKqU6PAaJr5Exs1YVnr/7koQDr7NOp9ScJXPh6AfsXmvOK3mcc
ZgwtIpk8X1X02vQWaSqX6uz0VssEqxp9UC8G/8naGo7sciGslENRqdJbe3l12HKy
-----END CERTIFICATE-----