Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/vGbYlGIt_XXaoe5X6XTVTvIpakw.roa
File:                     vGbYlGIt_XXaoe5X6XTVTvIpakw.roa (raw, json)
Hash identifier:          4RC8iWcfJ/EVAuZJ3bbzKqs9z9k+hjqzNdm9Hn2TIEY=
Subject key identifier:   BC:66:D8:94:62:2D:FD:75:DA:A1:EE:57:E9:74:D5:4E:F2:29:6A:4C
Certificate issuer:       /CN=fbfcd4515b493039216758de738e4f1ae8e3224c
Certificate serial:       018CC56E73A520920B9FB33F3571E737E437
Authority key identifier: FB:FC:D4:51:5B:49:30:39:21:67:58:DE:73:8E:4F:1A:E8:E3:22:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_zUUVtJMDkhZ1jec45PGujjIkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/vGbYlGIt_XXaoe5X6XTVTvIpakw.roa
Signing time:             Mon 01 Jan 2024 14:29:59 +0000
ROA not before:           Mon 01 Jan 2024 14:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16097
IP address blocks:        185.105.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/1-_zUUVtJMDkhZ1jec45PGujjIkw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/1-_zUUVtJMDkhZ1jec45PGujjIkw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-_zUUVtJMDkhZ1jec45PGujjIkw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:73:a5:20:92:0b:9f:b3:3f:35:71:e7:37:e4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbfcd4515b493039216758de738e4f1ae8e3224c
        Validity
            Not Before: Jan  1 14:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc66d894622dfd75daa1ee57e974d54ef2296a4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:28:cd:ca:67:17:ca:9f:36:8b:0f:78:b5:18:
                    a4:98:7f:7c:da:5d:7c:ed:94:f7:3b:82:71:3c:4f:
                    b2:c0:f6:83:d0:ca:96:61:46:7f:7b:17:7f:1b:1b:
                    1e:0f:69:29:82:82:fa:0c:89:db:3c:5d:2f:36:34:
                    c3:78:a9:75:69:fe:89:1d:0b:9d:b5:1c:16:e9:61:
                    7b:cf:10:82:15:ce:8d:ac:2b:82:be:73:7d:0e:21:
                    21:7a:c3:ec:85:18:8e:a4:84:d2:db:1a:a7:ea:6b:
                    80:11:cd:7e:17:9b:1c:fe:0a:09:c8:b9:cb:9a:85:
                    70:58:3b:cc:c0:dd:8b:53:8c:80:d6:77:61:c9:f2:
                    4a:e7:4f:85:b4:2d:de:1a:0e:b9:b1:75:98:03:99:
                    80:a8:37:8c:f3:8f:4e:fb:39:d4:48:f5:62:d4:5b:
                    21:bb:13:d6:1c:a2:89:ce:41:db:4b:b4:a9:49:18:
                    2c:83:a6:36:5e:3b:73:bb:f7:d4:c9:c4:ec:78:65:
                    7f:e5:de:e3:b7:dc:30:99:24:78:a2:33:83:5b:8c:
                    d1:e5:cc:f4:e4:bd:ac:7c:2f:cb:b2:11:99:b8:56:
                    9a:88:c2:8e:d3:d2:17:e8:4b:b3:20:ee:c0:a8:9a:
                    4f:5b:f0:e5:4b:22:02:da:6b:64:9f:c9:8c:a2:94:
                    f1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:66:D8:94:62:2D:FD:75:DA:A1:EE:57:E9:74:D5:4E:F2:29:6A:4C
            X509v3 Authority Key Identifier:
                keyid:FB:FC:D4:51:5B:49:30:39:21:67:58:DE:73:8E:4F:1A:E8:E3:22:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_zUUVtJMDkhZ1jec45PGujjIkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/vGbYlGIt_XXaoe5X6XTVTvIpakw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d6486a-8ff7-426f-8d86-098d04ce51b2/1/1-_zUUVtJMDkhZ1jec45PGujjIkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:d6:87:a5:a3:a9:70:b4:1a:19:c9:0f:c9:28:c2:17:f4:37:
         f7:e7:f7:c5:7f:be:a8:17:06:d2:69:b2:09:bd:f3:c6:7f:94:
         a4:36:3c:19:ed:64:4f:9b:55:9d:55:ae:ff:9b:5e:d8:ea:72:
         bb:b4:47:cb:43:c7:ea:05:49:94:85:0d:63:54:20:2e:89:76:
         6a:3c:15:49:4d:00:9e:c8:c8:27:e5:be:83:03:2c:b5:ef:1f:
         e9:c0:b6:a0:6a:23:55:94:34:27:e9:f9:8f:1f:2c:0e:35:d9:
         82:8b:4c:1d:3a:cb:f5:2d:a9:f4:d8:1d:1c:94:40:20:a3:5a:
         b3:3c:d8:ae:22:9c:64:57:69:27:08:a5:39:9e:55:e8:4d:38:
         19:04:9c:bf:3c:24:59:e3:30:cc:81:fe:55:61:e9:6b:28:c7:
         f2:b7:46:f6:9e:1a:ef:0d:1a:f4:06:69:a4:a5:7c:76:5f:03:
         bc:39:2f:f2:dd:04:cb:f3:a1:eb:87:aa:ea:dc:d1:12:b8:e3:
         e6:bf:85:a2:eb:7e:18:56:2c:29:18:e2:c9:5c:47:28:e2:58:
         be:0c:07:8c:bd:53:5e:47:82:69:b9:62:d3:f7:fd:5c:93:78:
         76:3e:89:71:20:bd:63:43:ee:5c:c7:d6:54:83:00:02:97:d0:
         4b:10:dc:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbnOlIJILn7M/NXHnN+Q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZmNkNDUxNWI0OTMwMzkyMTY3NThkZTczOGU0ZjFhZThl
MzIyNGMwHhcNMjQwMTAxMTQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzY2ZDg5NDYyMmRmZDc1ZGFhMWVlNTdlOTc0ZDU0ZWYyMjk2YTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ijNymcXyp82iw94tRikmH982l18
7ZT3O4JxPE+ywPaD0MqWYUZ/exd/GxseD2kpgoL6DInbPF0vNjTDeKl1af6JHQud
tRwW6WF7zxCCFc6NrCuCvnN9DiEhesPshRiOpITS2xqn6muAEc1+F5sc/goJyLnL
moVwWDvMwN2LU4yA1ndhyfJK50+FtC3eGg65sXWYA5mAqDeM849O+znUSPVi1Fsh
uxPWHKKJzkHbS7SpSRgsg6Y2Xjtzu/fUycTseGV/5d7jt9wwmSR4ojODW4zR5cz0
5L2sfC/LshGZuFaaiMKO09IX6EuzIO7AqJpPW/DlSyIC2mtkn8mMopTx/QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLxm2JRiLf112qHuV+l01U7yKWpMMB8GA1UdIwQY
MBaAFPv81FFbSTA5IWdY3nOOTxro4yJMMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1felVVVnRKTURraFoxamVjNDVQR3Vqaklrdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjgvZDY0ODZhLThmZjctNDI2Zi04ZDg2
LTA5OGQwNGNlNTFiMi8xL3ZHYllsR0l0X1hYYW9lNVg2WFRWVHZJcGFrdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjgvZDY0ODZhLThmZjctNDI2Zi04ZDg2LTA5OGQwNGNlNTFi
Mi8xLzEtX3pVVVZ0Sk1Ea2haMWplYzQ1UEd1ampJa3cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK5aSgw
DQYJKoZIhvcNAQELBQADggEBAIDWh6WjqXC0GhnJD8kowhf0N/fn98V/vqgXBtJp
sgm988Z/lKQ2PBntZE+bVZ1Vrv+bXtjqcru0R8tDx+oFSZSFDWNUIC6Jdmo8FUlN
AJ7IyCflvoMDLLXvH+nAtqBqI1WUNCfp+Y8fLA412YKLTB06y/UtqfTYHRyUQCCj
WrM82K4inGRXaScIpTmeVehNOBkEnL88JFnjMMyB/lVh6Wsox/K3RvaeGu8NGvQG
aaSlfHZfA7w5L/LdBMvzoeuHqurc0RK44+a/haLrfhhWLCkY4slcRyjiWL4MB4y9
U15Hgmm5YtP3/VyTeHY+iXEgvWND7lzH1lSDAAKX0EsQ3KY=
-----END CERTIFICATE-----