Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/VMwY_NpCWEnE7CG5u4wc2vo9-DI.roa
File:                     VMwY_NpCWEnE7CG5u4wc2vo9-DI.roa (raw, json)
Hash identifier:          RhGxLmJ5bvzAKvbRwhTJx0t36GrYi/Y9JYK5p1SGuQ4=
Subject key identifier:   54:CC:18:FC:DA:42:58:49:C4:EC:21:B9:BB:8C:1C:DA:FA:3D:F8:32
Certificate issuer:       /CN=69a4d6916b93159aa80984a9b3774683bb550ebd
Certificate serial:       018CC8DF2AB954D33D166F02D2623B688250
Authority key identifier: 69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/VMwY_NpCWEnE7CG5u4wc2vo9-DI.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216235
IP address blocks:        46.183.166.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2a:b9:54:d3:3d:16:6f:02:d2:62:3b:68:82:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a4d6916b93159aa80984a9b3774683bb550ebd
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54cc18fcda425849c4ec21b9bb8c1cdafa3df832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:46:73:7b:16:d7:ed:de:ee:75:ea:3d:b1:ba:
                    4e:21:1d:5e:4f:55:8c:10:0c:50:ea:88:c9:b4:03:
                    05:a1:37:7c:7f:e9:1f:06:a6:5d:3d:86:ae:bf:54:
                    cd:73:f9:3c:44:62:ea:b4:fe:53:7e:69:4a:d2:b7:
                    48:5f:c6:e0:7b:22:fe:cb:b8:17:3b:01:34:ff:77:
                    97:84:2f:c6:60:36:a6:42:ff:4f:34:5a:07:09:c4:
                    31:44:8a:34:f0:90:4c:ae:54:a0:33:62:f4:91:a5:
                    1f:8b:11:22:2d:aa:d1:6f:ce:d0:0b:e0:79:33:fa:
                    d8:6d:7e:d9:85:1b:6f:b3:60:7e:4a:1b:45:5e:8d:
                    61:41:56:7d:01:0e:ee:5f:a3:05:b9:ab:96:25:cd:
                    ac:a3:36:ec:4d:50:75:61:00:9a:8f:84:2a:e9:52:
                    61:df:a8:c4:7c:70:f3:cc:b9:b5:68:52:a0:73:c6:
                    52:34:b0:35:5f:05:a0:a5:3d:45:12:f4:af:30:d7:
                    62:a4:42:2a:ab:f0:ce:60:d8:52:7a:84:2f:40:82:
                    09:6b:60:e8:8c:0d:81:a6:c4:c1:55:e6:b8:7f:f8:
                    e7:78:3b:ab:74:d7:6e:dc:46:b3:f6:1c:1c:42:3e:
                    ad:6f:42:6e:b4:fb:57:92:4d:b9:a8:44:e3:61:44:
                    0b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CC:18:FC:DA:42:58:49:C4:EC:21:B9:BB:8C:1C:DA:FA:3D:F8:32
            X509v3 Authority Key Identifier:
                keyid:69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/VMwY_NpCWEnE7CG5u4wc2vo9-DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:d8:de:d2:f4:0c:a9:f0:6d:00:bc:8f:0e:52:40:10:76:b8:
         d2:4f:65:2c:c3:74:ee:4b:26:1e:bf:ee:f5:47:37:63:0d:b9:
         95:a4:06:c3:91:f2:88:7e:d1:14:d2:f8:d0:01:c3:6f:4b:c5:
         2e:f6:d3:95:35:f3:12:25:03:24:c6:94:8b:31:21:01:dc:61:
         dd:b5:cf:e1:08:9d:e4:76:b7:a3:1e:1b:e8:a4:5f:76:b3:f0:
         33:2e:3e:a7:da:9a:e1:62:5d:bd:bf:fc:b2:39:56:9b:37:5b:
         58:ef:2c:1e:c6:3a:3f:e2:77:ba:b8:4c:30:a8:42:54:88:94:
         9c:22:02:99:98:04:49:bd:9b:1f:ed:db:0e:d8:8e:5d:36:a7:
         64:23:56:a9:ac:ba:45:8b:9c:cc:7a:3f:5d:ed:bb:12:8b:2a:
         96:86:8f:34:63:c8:a4:cf:43:5a:45:16:78:10:bb:e2:d2:80:
         42:07:ae:15:97:30:17:8a:ac:17:c4:16:98:0d:c0:1d:9d:49:
         64:c0:8e:aa:c4:9c:47:03:c7:2c:4a:47:d5:92:37:ae:7d:b0:
         84:eb:ae:03:4b:a3:2b:3d:25:9f:69:22:1b:83:2f:db:bb:8b:
         f5:31:c4:5f:7c:37:0e:28:20:bf:b1:75:1c:80:0e:dd:63:70:
         b0:3e:41:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yq5VNM9Fm8C0mI7aIJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTRkNjkxNmI5MzE1OWFhODA5ODRhOWIzNzc0NjgzYmI1
NTBlYmQwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGNjMThmY2RhNDI1ODQ5YzRlYzIxYjliYjhjMWNkYWZhM2RmODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUZzexbX7d7udeo9sbpOIR1eT1WM
EAxQ6ojJtAMFoTd8f+kfBqZdPYauv1TNc/k8RGLqtP5TfmlK0rdIX8bgeyL+y7gX
OwE0/3eXhC/GYDamQv9PNFoHCcQxRIo08JBMrlSgM2L0kaUfixEiLarRb87QC+B5
M/rYbX7ZhRtvs2B+ShtFXo1hQVZ9AQ7uX6MFuauWJc2sozbsTVB1YQCaj4Qq6VJh
36jEfHDzzLm1aFKgc8ZSNLA1XwWgpT1FEvSvMNdipEIqq/DOYNhSeoQvQIIJa2Do
jA2BpsTBVea4f/jneDurdNdu3Eaz9hwcQj6tb0JutPtXkk25qETjYUQLawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTMGPzaQlhJxOwhubuMHNr6PfgyMB8GA1UdIwQY
MBaAFGmk1pFrkxWaqAmEqbN3RoO7VQ69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUt
MzE5NzExMDA5N2M5LzEvVk13WV9OcENXRW5FN0NHNXU0d2Mydm85LURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUtMzE5NzExMDA5N2M5
LzEvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLremMA0G
CSqGSIb3DQEBCwUAA4IBAQAH2N7S9Ayp8G0AvI8OUkAQdrjST2Usw3TuSyYev+71
RzdjDbmVpAbDkfKIftEU0vjQAcNvS8Uu9tOVNfMSJQMkxpSLMSEB3GHdtc/hCJ3k
drejHhvopF92s/AzLj6n2prhYl29v/yyOVabN1tY7ywexjo/4ne6uEwwqEJUiJSc
IgKZmARJvZsf7dsO2I5dNqdkI1aprLpFi5zMej9d7bsSiyqWho80Y8ikz0NaRRZ4
ELvi0oBCB64VlzAXiqwXxBaYDcAdnUlkwI6qxJxHA8csSkfVkjeufbCE664DS6Mr
PSWfaSIbgy/bu4v1McRffDcOKCC/sXUcgA7dY3CwPkEh
-----END CERTIFICATE-----