Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/VVeQWeSDBWQzL3U0Pc0_yvKHzTk.roa
File:                     VVeQWeSDBWQzL3U0Pc0_yvKHzTk.roa (raw, json)
Hash identifier:          8Y5aRw1MYEEZvvPT7gswWRqRjZPZjCYgvxsW8jFSAaA=
Subject key identifier:   55:57:90:59:E4:83:05:64:33:2F:75:34:3D:CD:3F:CA:F2:87:CD:39
Certificate issuer:       /CN=8110149fd12130b3cdcf35862b0dcdb98a9471c9
Certificate serial:       018EA9EAB10A7BF19F9AEF844FC302B4C5C3
Authority key identifier: 81:10:14:9F:D1:21:30:B3:CD:CF:35:86:2B:0D:CD:B9:8A:94:71:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gRAUn9EhMLPNzzWGKw3NuYqUcck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/VVeQWeSDBWQzL3U0Pc0_yvKHzTk.roa
Signing time:             Thu 04 Apr 2024 16:21:54 +0000
ROA not before:           Thu 04 Apr 2024 16:21:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        217.73.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/gRAUn9EhMLPNzzWGKw3NuYqUcck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/gRAUn9EhMLPNzzWGKw3NuYqUcck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gRAUn9EhMLPNzzWGKw3NuYqUcck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a9:ea:b1:0a:7b:f1:9f:9a:ef:84:4f:c3:02:b4:c5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8110149fd12130b3cdcf35862b0dcdb98a9471c9
        Validity
            Not Before: Apr  4 16:21:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55579059e4830564332f75343dcd3fcaf287cd39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:63:c8:61:a8:86:37:c0:77:89:bb:78:c4:09:
                    f1:7e:ea:db:27:bd:44:ef:0f:90:44:47:92:b5:dc:
                    cd:bd:0e:7d:24:44:14:a8:1d:db:c2:bc:1b:7e:d5:
                    01:7f:2a:b9:d1:74:c9:6b:b8:6f:9d:dc:97:b0:ba:
                    d9:25:93:44:7d:d4:2b:3c:cc:6c:c0:dd:0a:61:96:
                    f1:b3:de:0c:bc:cf:ec:2e:5a:e0:25:de:c6:44:55:
                    aa:42:c6:e3:3c:58:8f:94:6b:ce:29:fc:d5:71:c0:
                    4d:80:00:05:dd:09:2e:4e:71:c7:59:ae:e0:da:1b:
                    9d:2e:c8:48:0e:5c:34:a5:4c:46:b3:3e:73:b6:8a:
                    a3:ca:a9:c3:a3:95:91:68:45:8d:72:bb:a6:2e:9a:
                    58:4d:f5:7d:66:13:df:e5:55:67:89:c0:b0:b1:10:
                    6b:00:22:38:44:4b:58:c4:35:c0:83:56:22:8b:3e:
                    f2:90:d0:94:38:4d:3a:87:d4:f8:09:d1:c6:76:5e:
                    69:9c:fd:c4:9b:03:8f:03:b3:f4:74:04:e3:68:8d:
                    c9:f0:b4:32:46:46:d4:13:6f:d8:65:3f:a8:96:63:
                    5e:0b:ae:79:9d:87:17:81:da:5f:f4:54:3f:50:4d:
                    6e:90:36:e3:8b:51:e7:8f:1d:52:e9:5a:70:74:9d:
                    88:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:57:90:59:E4:83:05:64:33:2F:75:34:3D:CD:3F:CA:F2:87:CD:39
            X509v3 Authority Key Identifier:
                keyid:81:10:14:9F:D1:21:30:B3:CD:CF:35:86:2B:0D:CD:B9:8A:94:71:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gRAUn9EhMLPNzzWGKw3NuYqUcck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/VVeQWeSDBWQzL3U0Pc0_yvKHzTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/48db10-3ba8-4e80-b3dc-ab31eacbffca/1/gRAUn9EhMLPNzzWGKw3NuYqUcck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.73.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:fc:23:d9:fb:a4:02:aa:5a:b8:64:9a:a7:93:8a:ef:1c:4d:
         e6:44:d9:cf:92:34:1b:86:c5:22:db:9e:87:53:40:35:b6:c1:
         f7:12:82:c2:56:df:d0:47:b6:0a:be:df:fd:09:9a:9e:5e:80:
         2e:d1:b5:ca:1d:b5:65:62:8d:2c:a4:aa:24:94:70:d0:1c:d6:
         cf:21:0e:fa:34:6b:0c:73:79:2f:88:e6:57:47:ca:1f:1a:63:
         dd:24:9c:9b:89:b2:26:25:8a:34:4e:43:dc:d7:58:49:61:71:
         9b:76:65:b2:3c:a9:b0:7c:be:5b:4c:74:34:97:0f:c2:0e:c5:
         0d:94:91:81:c1:23:90:ac:00:00:e3:e1:39:42:a5:a3:46:b1:
         89:ab:cb:39:17:b1:d3:56:ac:bb:0d:41:d2:fd:d2:1a:60:71:
         67:c1:cb:9a:aa:24:66:a8:07:95:39:26:0b:8b:94:87:b7:06:
         ba:f4:67:5e:1e:88:86:b5:86:50:5f:f9:3e:77:f1:3b:0f:3c:
         c8:42:72:3f:e1:5b:07:ac:86:f9:d0:8b:44:a9:d3:f9:94:6c:
         bc:34:50:66:b6:30:07:0f:a2:73:8f:6a:c7:d0:36:cb:7d:a6:
         9c:4b:24:12:06:26:21:a0:b7:29:e9:43:39:7d:0f:ba:dd:8e:
         6c:44:9d:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6p6rEKe/Gfmu+ET8MCtMXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMTAxNDlmZDEyMTMwYjNjZGNmMzU4NjJiMGRjZGI5OGE5
NDcxYzkwHhcNMjQwNDA0MTYyMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTU3OTA1OWU0ODMwNTY0MzMyZjc1MzQzZGNkM2ZjYWYyODdjZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGPIYaiGN8B3ibt4xAnxfurbJ71E
7w+QREeStdzNvQ59JEQUqB3bwrwbftUBfyq50XTJa7hvndyXsLrZJZNEfdQrPMxs
wN0KYZbxs94MvM/sLlrgJd7GRFWqQsbjPFiPlGvOKfzVccBNgAAF3QkuTnHHWa7g
2hudLshIDlw0pUxGsz5ztoqjyqnDo5WRaEWNcrumLppYTfV9ZhPf5VVnicCwsRBr
ACI4REtYxDXAg1Yiiz7ykNCUOE06h9T4CdHGdl5pnP3EmwOPA7P0dATjaI3J8LQy
RkbUE2/YZT+olmNeC655nYcXgdpf9FQ/UE1ukDbji1Hnjx1S6VpwdJ2IbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVXkFnkgwVkMy91ND3NP8ryh805MB8GA1UdIwQY
MBaAFIEQFJ/RITCzzc81hisNzbmKlHHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1JBVW45RWhNTFBOenpXR0t3M051WXFVY2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80OGRiMTAtM2JhOC00ZTgwLWIzZGMt
YWIzMWVhY2JmZmNhLzEvVlZlUVdlU0RCV1F6TDNVMFBjMF95dktIelRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80OGRiMTAtM2JhOC00ZTgwLWIzZGMtYWIzMWVhY2JmZmNh
LzEvZ1JBVW45RWhNTFBOenpXR0t3M051WXFVY2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2UlPMA0G
CSqGSIb3DQEBCwUAA4IBAQAf/CPZ+6QCqlq4ZJqnk4rvHE3mRNnPkjQbhsUi256H
U0A1tsH3EoLCVt/QR7YKvt/9CZqeXoAu0bXKHbVlYo0spKoklHDQHNbPIQ76NGsM
c3kviOZXR8ofGmPdJJybibImJYo0TkPc11hJYXGbdmWyPKmwfL5bTHQ0lw/CDsUN
lJGBwSOQrAAA4+E5QqWjRrGJq8s5F7HTVqy7DUHS/dIaYHFnwcuaqiRmqAeVOSYL
i5SHtwa69GdeHoiGtYZQX/k+d/E7DzzIQnI/4VsHrIb50ItEqdP5lGy8NFBmtjAH
D6Jzj2rH0DbLfaacSyQSBiYhoLcp6UM5fQ+63Y5sRJ1I
-----END CERTIFICATE-----