Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/vSqStmLGNAJTogWbuua3TsunNXM.roa
File:                     vSqStmLGNAJTogWbuua3TsunNXM.roa (raw, json)
Hash identifier:          qu+AT1SuROcnw3G9X2TZCCnrcOyGYofqMOomT56rwQo=
Subject key identifier:   BD:2A:92:B6:62:C6:34:02:53:A2:05:9B:BA:E6:B7:4E:CB:A7:35:73
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018E4BFEFBB1F4DE66745C8A77C660582CA1
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/vSqStmLGNAJTogWbuua3TsunNXM.roa
Signing time:             Sun 17 Mar 2024 10:39:45 +0000
ROA not before:           Sun 17 Mar 2024 10:39:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400909
IP address blocks:        82.206.12.0/23 maxlen: 23
                          82.206.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 20:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4b:fe:fb:b1:f4:de:66:74:5c:8a:77:c6:60:58:2c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Mar 17 10:39:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd2a92b662c6340253a2059bbae6b74ecba73573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2b:e5:fb:e9:93:a4:9d:5b:59:9f:80:e8:01:
                    4c:61:df:16:b2:6a:e7:1f:68:91:5e:bc:36:a3:c9:
                    6b:98:c7:ff:b2:ac:60:dd:01:e5:87:d0:d6:0c:55:
                    5c:7e:ec:64:a5:09:46:c1:d1:e2:1c:70:8c:2a:e3:
                    19:12:4a:4e:53:64:19:f5:a4:81:3d:7c:59:78:b5:
                    0c:6d:23:5e:86:d2:e6:e9:02:03:df:e6:99:32:81:
                    71:10:4c:b0:3f:c0:13:a0:73:b6:80:e5:6b:d4:92:
                    40:a4:90:7d:71:19:31:61:0a:73:d8:45:8e:fe:21:
                    35:c2:0b:63:e6:43:2c:03:51:5b:83:11:e7:f6:63:
                    da:e4:b8:5e:6a:e7:49:79:16:12:2f:15:98:38:5d:
                    f5:11:df:45:bd:39:6c:e4:22:74:bc:24:26:5b:83:
                    38:1a:86:2c:1b:2e:df:14:0b:3d:ab:84:8e:44:4c:
                    e2:4a:eb:e1:02:a9:55:28:de:f5:02:f4:51:9b:0a:
                    33:fe:67:88:7d:df:92:69:21:5f:30:79:1f:d5:a3:
                    12:6e:db:a5:47:8d:9b:96:b5:70:d4:7f:e8:0b:d6:
                    64:0c:5d:c5:b2:32:6e:99:93:11:80:c9:e0:95:3f:
                    76:0d:2d:da:68:36:24:74:d5:63:b2:c8:b8:9f:fc:
                    86:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:2A:92:B6:62:C6:34:02:53:A2:05:9B:BA:E6:B7:4E:CB:A7:35:73
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/vSqStmLGNAJTogWbuua3TsunNXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:8b:2e:08:58:3e:84:00:a1:ea:b1:a8:cd:f4:7e:76:0e:90:
         b7:bf:0c:ae:a0:77:20:74:49:f0:f2:d5:9a:bb:36:12:e9:6e:
         7a:48:83:91:79:a3:78:32:74:39:1f:8b:8a:60:1a:6c:19:76:
         b7:79:1b:68:9c:6b:6d:64:0e:02:c2:32:5c:81:ac:4b:44:91:
         29:73:04:67:b7:14:c4:cb:d9:dd:67:9d:f9:d3:07:d8:af:ba:
         a1:22:3e:a9:64:39:1c:8c:13:75:cc:bb:d0:6e:ee:aa:7e:15:
         5c:e0:9e:94:4c:e3:1c:68:0d:be:9f:dd:9a:be:d8:98:e8:77:
         48:d2:cf:3d:70:41:d1:64:57:09:32:2b:d4:95:6f:d3:6e:55:
         e0:e0:53:51:7a:58:d4:53:71:38:a2:12:b6:73:ce:97:0a:0f:
         78:2b:86:ec:25:b8:31:cb:bf:3d:40:2a:76:66:8e:f1:5f:7e:
         4f:d8:bc:24:17:3a:8e:81:a5:36:45:d7:9d:64:e3:8b:d7:84:
         d3:15:84:f8:d4:d4:47:c0:46:c8:4f:33:a2:7f:32:a8:23:c5:
         e0:50:cf:8f:12:33:a9:d9:a5:62:aa:4a:9c:f8:58:a9:6e:4e:
         ce:0b:bb:08:81:d9:10:00:f4:8e:95:af:9b:05:92:82:cb:47:
         49:b2:5b:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5L/vux9N5mdFyKd8ZgWCyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMzE3MTAzOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDJhOTJiNjYyYzYzNDAyNTNhMjA1OWJiYWU2Yjc0ZWNiYTczNTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCvl++mTpJ1bWZ+A6AFMYd8Wsmrn
H2iRXrw2o8lrmMf/sqxg3QHlh9DWDFVcfuxkpQlGwdHiHHCMKuMZEkpOU2QZ9aSB
PXxZeLUMbSNehtLm6QID3+aZMoFxEEywP8AToHO2gOVr1JJApJB9cRkxYQpz2EWO
/iE1wgtj5kMsA1FbgxHn9mPa5LheaudJeRYSLxWYOF31Ed9FvTls5CJ0vCQmW4M4
GoYsGy7fFAs9q4SOREziSuvhAqlVKN71AvRRmwoz/meIfd+SaSFfMHkf1aMSbtul
R42blrVw1H/oC9ZkDF3FsjJumZMRgMnglT92DS3aaDYkdNVjssi4n/yGjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0qkrZixjQCU6IFm7rmt07LpzVzMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvdlNxU3RtTEdOQUpUb2dXYnV1YTNUc3VuTlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUs4MMA0G
CSqGSIb3DQEBCwUAA4IBAQCeiy4IWD6EAKHqsajN9H52DpC3vwyuoHcgdEnw8tWa
uzYS6W56SIOReaN4MnQ5H4uKYBpsGXa3eRtonGttZA4CwjJcgaxLRJEpcwRntxTE
y9ndZ5350wfYr7qhIj6pZDkcjBN1zLvQbu6qfhVc4J6UTOMcaA2+n92avtiY6HdI
0s89cEHRZFcJMivUlW/TblXg4FNReljUU3E4ohK2c86XCg94K4bsJbgxy789QCp2
Zo7xX35P2LwkFzqOgaU2RdedZOOL14TTFYT41NRHwEbITzOifzKoI8XgUM+PEjOp
2aViqkqc+Fipbk7OC7sIgdkQAPSOla+bBZKCy0dJslub
-----END CERTIFICATE-----