Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/vFcXueAG-JHe5n5wAz0T1pwDbRw.roa
File:                     vFcXueAG-JHe5n5wAz0T1pwDbRw.roa (raw, json)
Hash identifier:          +8XDBgbhDYa3iVCcMido6F/Q4DV3glMZ4s07HprrR80=
Subject key identifier:   BC:57:17:B9:E0:06:F8:91:DE:E6:7E:70:03:3D:13:D6:9C:03:6D:1C
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       0190E8C86208151F95CC15E95F8BBC8CBA3C
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/vFcXueAG-JHe5n5wAz0T1pwDbRw.roa
Signing time:             Thu 25 Jul 2024 07:26:04 +0000
ROA not before:           Thu 25 Jul 2024 07:26:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        91.197.32.0/23 maxlen: 24
                          91.197.34.0/23 maxlen: 24
                          193.108.80.0/22 maxlen: 24
                          193.108.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Aug 2024 04:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e8:c8:62:08:15:1f:95:cc:15:e9:5f:8b:bc:8c:ba:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: Jul 25 07:26:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc5717b9e006f891dee67e70033d13d69c036d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:70:b7:a3:d4:8e:4a:84:aa:7a:77:e1:72:93:
                    59:c3:53:c2:84:93:a5:28:8c:01:b1:c5:72:fc:4f:
                    38:fc:31:bb:50:a1:a3:41:b4:bb:b0:21:81:0d:5d:
                    21:f7:4d:5f:9a:ec:46:a3:74:e3:b4:d3:43:f1:c6:
                    cf:50:cc:51:af:b2:3b:74:fc:a4:1e:59:9b:50:3f:
                    e7:ab:ef:44:56:08:d0:08:fd:57:fa:5d:0a:f5:db:
                    11:e8:32:25:3c:fc:c5:6b:4b:c8:b2:2d:c2:38:cb:
                    39:9e:49:12:42:39:27:0e:42:82:aa:d7:a2:59:e7:
                    9b:d3:a3:02:1d:c3:d9:4e:b6:43:c5:e2:23:46:d3:
                    61:19:d4:ea:1c:d3:aa:9b:eb:4a:78:41:a3:25:d2:
                    91:99:c9:4d:8b:f7:5d:21:03:e1:c9:ee:2a:b0:b7:
                    12:2e:d9:bd:6a:a8:30:74:c5:08:74:f5:b2:f6:ab:
                    bc:bc:cc:68:fa:41:9b:a1:be:f4:66:93:20:0b:f0:
                    36:34:02:43:54:96:fa:9b:98:fd:26:ce:8d:88:45:
                    ca:90:91:d6:0e:59:79:61:2b:24:58:83:18:1f:1a:
                    92:a8:23:7d:fa:dd:70:92:4c:cb:92:b1:76:c2:66:
                    f1:c0:36:05:0a:3d:ec:99:bc:2b:ab:cc:17:ca:ac:
                    fa:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:57:17:B9:E0:06:F8:91:DE:E6:7E:70:03:3D:13:D6:9C:03:6D:1C
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/vFcXueAG-JHe5n5wAz0T1pwDbRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.32.0/22
                  193.108.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         13:8a:5d:1b:d5:79:7d:bb:73:8b:cc:e2:69:3d:d4:ec:eb:bb:
         3d:ed:ae:0c:0d:e9:59:d7:dd:1e:2b:eb:86:94:e1:f7:c0:9a:
         12:da:bb:f1:b3:96:35:a0:a7:1c:27:7b:5b:95:16:eb:92:8f:
         44:98:d6:83:13:a3:11:77:35:a4:51:42:10:69:50:40:05:a8:
         74:a7:43:01:09:16:3c:be:1d:cb:ba:ea:70:a3:12:5b:54:08:
         31:16:84:d4:d2:3a:8d:7c:34:ab:83:6f:f9:be:71:57:8f:c8:
         8e:da:98:52:b7:49:d8:37:13:cf:f5:17:57:61:3a:b2:8f:0e:
         8e:f4:bc:c1:0c:55:d8:3d:bf:f3:e5:8d:b0:a5:0f:e6:74:d7:
         6c:73:13:06:eb:c3:50:61:e1:c5:13:c8:9e:63:2a:9a:1a:a2:
         1b:14:73:0e:d9:a7:6e:ed:9c:36:fc:d0:f9:3e:ed:26:be:d4:
         ff:ef:9e:9b:e1:72:69:e9:4a:f0:50:55:bb:cd:bd:e3:38:d9:
         b9:51:c4:36:ab:df:3e:f9:5b:6b:24:c4:c6:7e:31:a7:fd:6c:
         a5:5f:11:0f:dc:ea:60:bb:31:5f:8b:47:76:ac:fb:c1:36:50:
         09:a9:d3:ce:e2:de:9a:ba:62:3e:44:07:7e:5d:35:5a:86:2e:
         30:ba:7b:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZDoyGIIFR+VzBXpX4u8jLo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjQwNzI1MDcyNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzU3MTdiOWUwMDZmODkxZGVlNjdlNzAwMzNkMTNkNjljMDM2ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nC3o9SOSoSqenfhcpNZw1PChJOl
KIwBscVy/E84/DG7UKGjQbS7sCGBDV0h901fmuxGo3TjtNND8cbPUMxRr7I7dPyk
HlmbUD/nq+9EVgjQCP1X+l0K9dsR6DIlPPzFa0vIsi3COMs5nkkSQjknDkKCqtei
Weeb06MCHcPZTrZDxeIjRtNhGdTqHNOqm+tKeEGjJdKRmclNi/ddIQPhye4qsLcS
Ltm9aqgwdMUIdPWy9qu8vMxo+kGbob70ZpMgC/A2NAJDVJb6m5j9Js6NiEXKkJHW
Dll5YSskWIMYHxqSqCN9+t1wkkzLkrF2wmbxwDYFCj3smbwrq8wXyqz6SQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLxXF7ngBviR3uZ+cAM9E9acA20cMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEvdkZjWHVlQUctSkhlNW41d0F6MFQxcHdEYlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8UgAwQD
wWxQMA0GCSqGSIb3DQEBCwUAA4IBAQATil0b1Xl9u3OLzOJpPdTs67s97a4MDelZ
190eK+uGlOH3wJoS2rvxs5Y1oKccJ3tblRbrko9EmNaDE6MRdzWkUUIQaVBABah0
p0MBCRY8vh3LuupwoxJbVAgxFoTU0jqNfDSrg2/5vnFXj8iO2phSt0nYNxPP9RdX
YTqyjw6O9LzBDFXYPb/z5Y2wpQ/mdNdscxMG68NQYeHFE8ieYyqaGqIbFHMO2adu
7Zw2/ND5Pu0mvtT/756b4XJp6UrwUFW7zb3jONm5UcQ2q98++VtrJMTGfjGn/Wyl
XxEP3OpguzFfi0d2rPvBNlAJqdPO4t6aumI+RAd+XTVahi4wunu7
-----END CERTIFICATE-----