Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/VS0vQXyTV30uKtTHz_uaATpRmNI.roa
File:                     VS0vQXyTV30uKtTHz_uaATpRmNI.roa (raw, json)
Hash identifier:          bd6zfzzABUQlbCGm2yH6xBJFNFWYvrN9JXn/fjw4bhU=
Subject key identifier:   55:2D:2F:41:7C:93:57:7D:2E:2A:D4:C7:CF:FB:9A:01:3A:51:98:D2
Certificate issuer:       /CN=731535a2eaebc68c1657aafcf5a788c8751d9b62
Certificate serial:       01942521408CD86EBEE7712E69F336A06912
Authority key identifier: 73:15:35:A2:EA:EB:C6:8C:16:57:AA:FC:F5:A7:88:C8:75:1D:9B:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/VS0vQXyTV30uKtTHz_uaATpRmNI.roa
Signing time:             Thu 02 Jan 2025 03:48:43 +0000
ROA not before:           Thu 02 Jan 2025 03:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        91.218.37.0/24 maxlen: 24
                          2a02:ef80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:40:8c:d8:6e:be:e7:71:2e:69:f3:36:a0:69:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=731535a2eaebc68c1657aafcf5a788c8751d9b62
        Validity
            Not Before: Jan  2 03:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=552d2f417c93577d2e2ad4c7cffb9a013a5198d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9d:67:60:78:a7:bf:c1:c9:61:ec:36:74:ce:
                    35:5f:1a:a1:84:5d:c8:3e:f6:e1:89:73:2c:33:ba:
                    ff:bd:05:1c:64:c9:60:d8:3d:8b:ae:ad:ad:6b:17:
                    c0:2e:69:14:dc:54:92:57:ba:93:4e:f5:c1:a9:e4:
                    9f:32:e7:47:92:3f:c7:58:92:3d:69:79:6c:56:61:
                    e8:c3:53:ce:7f:54:0b:21:b0:32:a7:e3:cd:8d:8f:
                    9d:f1:83:5d:5b:ac:81:f9:15:d4:dd:4a:0f:6e:90:
                    c5:07:c9:9c:7d:73:51:5d:1a:27:d0:e3:be:88:60:
                    c1:be:29:05:41:5a:b1:0b:e5:f4:b7:73:90:f4:f1:
                    21:7b:51:d1:9a:58:b0:4c:72:66:e9:67:9e:40:31:
                    bb:05:18:cb:9c:36:cf:3a:3a:fe:cc:24:dc:39:47:
                    5a:2a:ed:c2:fa:26:b8:d1:67:db:0a:9e:cd:b3:0e:
                    de:63:b8:38:5e:e9:19:05:20:a7:6f:6f:77:64:97:
                    80:51:76:78:80:c8:a1:e6:43:b5:07:73:47:ec:6c:
                    b9:79:8c:32:55:26:4b:22:49:89:b9:f0:0a:c0:91:
                    78:1e:66:45:fe:d8:38:ce:47:a5:0f:46:03:63:ec:
                    84:2f:70:b4:24:3c:20:47:63:d7:bc:70:98:0d:61:
                    c7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2D:2F:41:7C:93:57:7D:2E:2A:D4:C7:CF:FB:9A:01:3A:51:98:D2
            X509v3 Authority Key Identifier:
                keyid:73:15:35:A2:EA:EB:C6:8C:16:57:AA:FC:F5:A7:88:C8:75:1D:9B:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/VS0vQXyTV30uKtTHz_uaATpRmNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.37.0/24
                IPv6:
                  2a02:ef80::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:78:ce:30:73:ce:de:0b:55:5b:6a:f4:3a:9d:9e:98:eb:cc:
         cd:f7:98:4c:90:6f:c4:7b:c6:f6:45:9a:cc:34:cb:2b:39:51:
         9c:60:6c:28:ba:1f:ca:42:82:7e:d9:ef:c4:88:8f:1c:e4:35:
         69:51:86:80:07:c0:79:0b:d1:ca:5a:e8:81:39:44:7c:88:3c:
         1b:70:eb:64:f0:86:41:e0:59:66:ba:f6:8f:4b:5d:4c:39:be:
         4a:af:ae:d5:fd:40:ce:c1:93:46:fa:af:c2:2b:32:0c:16:2b:
         d4:18:45:34:76:f9:b5:26:78:d1:32:65:ba:79:40:cb:6c:92:
         2c:d2:a7:3c:7f:e2:da:32:f4:ad:ea:84:cb:8f:05:ea:20:6f:
         b9:63:94:a7:e1:e6:58:c6:8b:cd:66:ab:a5:94:6e:a4:12:6e:
         33:db:eb:12:a2:6e:1b:4b:6b:e0:d8:aa:0f:ba:d1:03:7f:90:
         29:99:c1:f7:75:a0:45:9f:fd:50:2d:30:1d:b4:a5:28:27:10:
         06:80:3b:cb:15:a5:80:73:29:73:a1:af:04:fb:39:ea:d2:15:
         41:e0:c3:ae:cf:d6:f7:a2:ce:80:11:c3:7f:2c:b7:06:9e:74:
         13:dd:aa:0e:ba:8c:e3:c3:c1:39:6f:eb:be:ac:5b:c9:b3:9e:
         82:c5:55:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIUCM2G6+53EuafM2oGkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTUzNWEyZWFlYmM2OGMxNjU3YWFmY2Y1YTc4OGM4NzUx
ZDliNjIwHhcNMjUwMTAyMDM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJkMmY0MTdjOTM1NzdkMmUyYWQ0YzdjZmZiOWEwMTNhNTE5OGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAip1nYHinv8HJYew2dM41XxqhhF3I
PvbhiXMsM7r/vQUcZMlg2D2Lrq2taxfALmkU3FSSV7qTTvXBqeSfMudHkj/HWJI9
aXlsVmHow1POf1QLIbAyp+PNjY+d8YNdW6yB+RXU3UoPbpDFB8mcfXNRXRon0OO+
iGDBvikFQVqxC+X0t3OQ9PEhe1HRmliwTHJm6WeeQDG7BRjLnDbPOjr+zCTcOUda
Ku3C+ia40WfbCp7Nsw7eY7g4XukZBSCnb293ZJeAUXZ4gMih5kO1B3NH7Gy5eYwy
VSZLIkmJufAKwJF4HmZF/tg4zkelD0YDY+yEL3C0JDwgR2PXvHCYDWHHnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFUtL0F8k1d9LirUx8/7mgE6UZjSMB8GA1UdIwQY
MBaAFHMVNaLq68aMFleq/PWniMh1HZtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hVMW91cnJ4b3dXVjZyODlhZUl5SFVkbTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85NjIwY2UtNDNmMC00MmJjLWFmNTkt
NDM1YmRhNWJkMDQ4LzEvVlMwdlFYeVRWMzB1S3RUSHpfdWFBVHBSbU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85NjIwY2UtNDNmMC00MmJjLWFmNTktNDM1YmRhNWJkMDQ4
LzEvY3hVMW91cnJ4b3dXVjZyODlhZUl5SFVkbTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9olMA8E
AgACMAkDBwAqAu+AAAAwDQYJKoZIhvcNAQELBQADggEBAFl4zjBzzt4LVVtq9Dqd
npjrzM33mEyQb8R7xvZFmsw0yys5UZxgbCi6H8pCgn7Z78SIjxzkNWlRhoAHwHkL
0cpa6IE5RHyIPBtw62TwhkHgWWa69o9LXUw5vkqvrtX9QM7Bk0b6r8IrMgwWK9QY
RTR2+bUmeNEyZbp5QMtskizSpzx/4toy9K3qhMuPBeogb7ljlKfh5ljGi81mq6WU
bqQSbjPb6xKibhtLa+DYqg+60QN/kCmZwfd1oEWf/VAtMB20pSgnEAaAO8sVpYBz
KXOhrwT7OerSFUHgw67P1veizoARw38stwaedBPdqg66jOPDwTlv676sW8mznoLF
VTg=
-----END CERTIFICATE-----