Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/VX76WEc2y2FrRC6vZX6CjQUlQG0.roa
File:                     VX76WEc2y2FrRC6vZX6CjQUlQG0.roa (raw, json)
Hash identifier:          ofedL2vyU4RMGZfb6sma7EixWxGJi8bAaVhL+JMuxFU=
Subject key identifier:   55:7E:FA:58:47:36:CB:61:6B:44:2E:AF:65:7E:82:8D:05:25:40:6D
Certificate issuer:       /CN=99f0b2c8d7b3ca13c59c53372f25e202c85aadc5
Certificate serial:       018CC94D576B4933F7FB038F094174F7CE0A
Authority key identifier: 99:F0:B2:C8:D7:B3:CA:13:C5:9C:53:37:2F:25:E2:02:C8:5A:AD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/VX76WEc2y2FrRC6vZX6CjQUlQG0.roa
Signing time:             Tue 02 Jan 2024 08:32:18 +0000
ROA not before:           Tue 02 Jan 2024 08:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209325
IP address blocks:        45.66.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:57:6b:49:33:f7:fb:03:8f:09:41:74:f7:ce:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99f0b2c8d7b3ca13c59c53372f25e202c85aadc5
        Validity
            Not Before: Jan  2 08:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=557efa584736cb616b442eaf657e828d0525406d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a4:53:62:28:f5:12:47:75:eb:66:37:fb:c9:
                    9d:3f:e5:37:6f:c9:85:a6:21:50:cb:eb:d2:dd:dc:
                    05:49:9b:3e:72:eb:4a:33:0a:2c:61:53:59:0e:14:
                    6e:7f:bf:8a:99:a2:23:7a:6b:91:99:0f:46:62:64:
                    26:c7:52:ef:ba:c7:e4:89:1b:f7:d8:5e:29:8f:b9:
                    e1:a1:f2:ce:ae:31:b1:3b:81:90:54:c7:ec:82:1b:
                    ed:0e:fe:d1:8a:bf:6b:14:46:d7:c9:a2:41:6a:67:
                    5e:38:5b:7b:8f:40:a6:4c:65:85:a8:b7:2d:d0:f2:
                    6f:cd:ad:43:72:b9:0b:51:14:92:5e:f0:13:f2:57:
                    5b:a5:43:f9:83:67:94:fa:db:e1:0f:10:28:be:95:
                    8f:28:e3:80:63:cf:c8:87:59:98:b1:85:5d:cb:f7:
                    28:d2:ab:14:a3:fd:45:2a:04:6e:ae:2e:2c:62:01:
                    3a:1a:de:6b:f5:6c:8c:15:1a:23:c5:4e:5f:b8:db:
                    89:f3:3a:37:de:25:35:40:e1:d9:88:fa:07:68:cb:
                    75:a9:1c:a6:08:af:90:63:1a:58:60:48:fc:6f:e6:
                    c1:09:97:86:da:5e:8c:0e:d0:3c:a3:83:82:a8:ac:
                    a6:34:9f:e1:98:09:28:7a:bf:8e:b7:eb:4c:27:f4:
                    e1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:7E:FA:58:47:36:CB:61:6B:44:2E:AF:65:7E:82:8D:05:25:40:6D
            X509v3 Authority Key Identifier:
                keyid:99:F0:B2:C8:D7:B3:CA:13:C5:9C:53:37:2F:25:E2:02:C8:5A:AD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mfCyyNezyhPFnFM3LyXiAsharcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/VX76WEc2y2FrRC6vZX6CjQUlQG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/54ff92-221e-4a16-8aef-194e0c651d73/1/mfCyyNezyhPFnFM3LyXiAsharcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:c3:70:36:c7:09:ac:c4:d6:10:fd:73:7c:19:e1:93:ec:7a:
         d5:43:f9:99:c1:d1:6d:a7:10:86:e1:ef:03:14:fa:9a:be:cd:
         be:8c:8f:5f:80:fd:a1:55:cf:c8:6a:80:a0:6e:0f:a1:d0:e6:
         3f:f8:e1:30:4e:c9:bc:78:95:7d:7b:c2:42:de:8d:16:7a:13:
         ae:9f:78:ac:5d:c2:69:c6:fe:56:3c:11:79:41:f7:97:12:53:
         56:96:bd:a9:ee:0f:9c:24:a1:4b:82:a7:50:40:f9:8a:53:9b:
         64:c0:1d:ba:58:7d:23:cd:c4:c1:0b:55:1b:fa:d3:3b:d2:87:
         26:f3:f4:00:45:19:26:16:ab:ea:33:75:3b:23:bb:e3:ec:0e:
         66:cb:a4:40:ad:10:7d:14:b0:ca:21:24:98:8e:39:8e:24:c1:
         80:67:aa:d9:75:e8:00:54:db:1c:fc:d3:05:59:54:59:00:a5:
         29:5a:e1:cb:6b:8f:de:07:60:09:5c:17:69:ba:ef:c8:e8:ae:
         15:82:08:b9:4c:b9:58:a1:69:99:37:b5:19:db:c3:44:62:60:
         c9:3c:83:ef:25:38:d5:c1:2b:5a:d6:dd:5c:15:9a:11:94:c4:
         90:31:2b:5c:75:9d:bd:f7:07:b7:3a:9a:9b:ba:31:18:88:cc:
         cb:00:e4:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVdrSTP3+wOPCUF0984KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZjBiMmM4ZDdiM2NhMTNjNTljNTMzNzJmMjVlMjAyYzg1
YWFkYzUwHhcNMjQwMTAyMDgzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTdlZmE1ODQ3MzZjYjYxNmI0NDJlYWY2NTdlODI4ZDA1MjU0MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaRTYij1Ekd162Y3+8mdP+U3b8mF
piFQy+vS3dwFSZs+cutKMwosYVNZDhRuf7+KmaIjemuRmQ9GYmQmx1LvusfkiRv3
2F4pj7nhofLOrjGxO4GQVMfsghvtDv7Rir9rFEbXyaJBamdeOFt7j0CmTGWFqLct
0PJvza1DcrkLURSSXvAT8ldbpUP5g2eU+tvhDxAovpWPKOOAY8/Ih1mYsYVdy/co
0qsUo/1FKgRuri4sYgE6Gt5r9WyMFRojxU5fuNuJ8zo33iU1QOHZiPoHaMt1qRym
CK+QYxpYYEj8b+bBCZeG2l6MDtA8o4OCqKymNJ/hmAkoer+Ot+tMJ/ThlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFV++lhHNstha0Qur2V+go0FJUBtMB8GA1UdIwQY
MBaAFJnwssjXs8oTxZxTNy8l4gLIWq3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWZDeXlOZXp5aFBGbkZNM0x5WGlBc2hhcmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81NGZmOTItMjIxZS00YTE2LThhZWYt
MTk0ZTBjNjUxZDczLzEvVlg3NldFYzJ5MkZyUkM2dlpYNkNqUVVsUUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81NGZmOTItMjIxZS00YTE2LThhZWYtMTk0ZTBjNjUxZDcz
LzEvbWZDeXlOZXp5aFBGbkZNM0x5WGlBc2hhcmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLULAMA0G
CSqGSIb3DQEBCwUAA4IBAQBaw3A2xwmsxNYQ/XN8GeGT7HrVQ/mZwdFtpxCG4e8D
FPqavs2+jI9fgP2hVc/IaoCgbg+h0OY/+OEwTsm8eJV9e8JC3o0WehOun3isXcJp
xv5WPBF5QfeXElNWlr2p7g+cJKFLgqdQQPmKU5tkwB26WH0jzcTBC1Ub+tM70ocm
8/QARRkmFqvqM3U7I7vj7A5my6RArRB9FLDKISSYjjmOJMGAZ6rZdegAVNsc/NMF
WVRZAKUpWuHLa4/eB2AJXBdpuu/I6K4Vggi5TLlYoWmZN7UZ28NEYmDJPIPvJTjV
wSta1t1cFZoRlMSQMStcdZ299we3OpqbujEYiMzLAOSx
-----END CERTIFICATE-----