Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/VicI--UiT4J4AutTMYdO2uMhkGg.roa
File:                     VicI--UiT4J4AutTMYdO2uMhkGg.roa (raw, json)
Hash identifier:          Y40nMU70m0+2jleYg2nqHmXkrHQzj9QhtyBLW6piLPY=
Subject key identifier:   56:27:08:FB:E5:22:4F:82:78:02:EB:53:31:87:4E:DA:E3:21:90:68
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019426D9F2014B45F56B542CE8FB1BFD04BD
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/VicI--UiT4J4AutTMYdO2uMhkGg.roa
Signing time:             Thu 02 Jan 2025 11:50:04 +0000
ROA not before:           Thu 02 Jan 2025 11:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        93.89.216.0/24 maxlen: 24
                          193.109.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f2:01:4b:45:f5:6b:54:2c:e8:fb:1b:fd:04:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  2 11:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=562708fbe5224f827802eb5331874edae3219068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:64:29:e2:f1:95:f4:fa:b0:34:cb:84:58:a4:
                    18:a7:4b:e5:e5:a7:04:03:a5:60:38:bf:0e:8b:18:
                    32:dc:a1:10:1c:5e:25:14:e2:7a:cc:34:ce:9c:54:
                    56:3d:2e:ac:6e:f0:c7:31:ea:d5:ef:a2:5a:01:30:
                    67:0f:e6:db:33:ec:e8:d3:7d:dd:4e:2b:6e:0f:eb:
                    b3:19:a0:0c:dc:be:b5:42:a2:ac:37:39:4e:4f:51:
                    fc:49:fe:0a:1c:aa:ab:27:90:6d:de:da:70:98:7e:
                    e3:e4:04:60:8a:7f:b8:5e:45:6b:ac:1e:f3:12:30:
                    67:31:ee:89:12:73:c0:a4:40:a3:e4:96:84:2c:9f:
                    de:4c:5b:aa:de:50:89:ea:40:74:aa:de:04:71:b1:
                    1a:f6:c3:f5:53:a2:4c:a5:1a:8a:64:ea:14:fe:33:
                    c7:c7:42:cb:19:08:ed:79:0c:a9:fc:71:05:8e:e3:
                    cf:e2:6f:99:c0:18:21:64:b1:73:d8:d1:79:87:53:
                    32:47:3d:4f:db:2d:89:d3:b5:b5:c1:6a:4a:b4:19:
                    a9:09:35:80:9d:83:51:f2:e7:28:2e:14:c6:02:76:
                    65:28:d8:fa:03:c6:65:3d:4d:9d:4c:62:0e:5d:ca:
                    1e:65:c8:60:20:04:d7:bf:5e:d7:b3:77:32:56:e2:
                    ab:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:27:08:FB:E5:22:4F:82:78:02:EB:53:31:87:4E:DA:E3:21:90:68
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/VicI--UiT4J4AutTMYdO2uMhkGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.216.0/24
                  193.109.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:2f:78:fd:bf:d1:1a:7f:6b:cc:58:e5:98:04:21:8d:dc:9f:
         54:c7:ed:41:55:4f:5c:93:d8:c5:70:55:8a:ed:fe:5e:04:53:
         3c:08:bc:41:45:98:22:ab:1a:78:e5:36:24:6e:89:c6:7b:1b:
         26:5e:14:3b:f9:f3:ea:5d:b3:a1:53:0c:36:8a:93:e2:60:f0:
         f7:fc:1e:6e:2c:36:4b:89:89:13:6f:56:d5:91:b7:30:23:af:
         2b:02:92:4b:f8:57:73:e1:b8:e5:67:e9:de:8c:8c:bd:25:b4:
         b1:56:3c:59:94:99:b0:e1:98:49:59:a1:d6:ef:71:04:f8:17:
         3e:62:7f:83:3d:a8:be:3b:07:de:ea:01:b7:84:f1:6d:6a:1e:
         ac:62:15:dd:d1:8d:fc:51:a7:31:1a:31:07:d1:52:b4:2b:03:
         59:90:b7:33:ef:86:4d:47:02:80:e5:cc:c3:53:01:d8:8e:70:
         d5:6a:f7:97:7d:dd:77:3c:ea:ad:7e:f5:54:93:30:aa:58:8e:
         e7:cb:3a:16:99:6a:d2:14:24:ff:70:f8:a7:63:6e:95:b8:3c:
         c5:42:56:ff:1f:cf:f3:54:71:a4:f3:41:f9:90:ca:05:bc:d5:
         fe:0a:47:75:b7:72:f9:6e:4c:db:49:4d:5d:6d:fb:fd:eb:28:
         0e:7a:23:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2fIBS0X1a1Qs6Psb/QS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjUwMTAyMTE1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjI3MDhmYmU1MjI0ZjgyNzgwMmViNTMzMTg3NGVkYWUzMjE5MDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmQp4vGV9PqwNMuEWKQYp0vl5acE
A6VgOL8Oixgy3KEQHF4lFOJ6zDTOnFRWPS6sbvDHMerV76JaATBnD+bbM+zo033d
TituD+uzGaAM3L61QqKsNzlOT1H8Sf4KHKqrJ5Bt3tpwmH7j5ARgin+4XkVrrB7z
EjBnMe6JEnPApECj5JaELJ/eTFuq3lCJ6kB0qt4EcbEa9sP1U6JMpRqKZOoU/jPH
x0LLGQjteQyp/HEFjuPP4m+ZwBghZLFz2NF5h1MyRz1P2y2J07W1wWpKtBmpCTWA
nYNR8ucoLhTGAnZlKNj6A8ZlPU2dTGIOXcoeZchgIATXv17Xs3cyVuKrzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFYnCPvlIk+CeALrUzGHTtrjIZBoMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvVmljSS0tVWlUNEo0QXV0VE1ZZE8ydU1oa0dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXVnYAwQC
wW2gMA0GCSqGSIb3DQEBCwUAA4IBAQA5L3j9v9Eaf2vMWOWYBCGN3J9Ux+1BVU9c
k9jFcFWK7f5eBFM8CLxBRZgiqxp45TYkbonGexsmXhQ7+fPqXbOhUww2ipPiYPD3
/B5uLDZLiYkTb1bVkbcwI68rApJL+Fdz4bjlZ+nejIy9JbSxVjxZlJmw4ZhJWaHW
73EE+Bc+Yn+DPai+Owfe6gG3hPFtah6sYhXd0Y38UacxGjEH0VK0KwNZkLcz74ZN
RwKA5czDUwHYjnDVaveXfd13POqtfvVUkzCqWI7nyzoWmWrSFCT/cPinY26VuDzF
Qlb/H8/zVHGk80H5kMoFvNX+Ckd1t3L5bkzbSU1dbfv96ygOeiMP
-----END CERTIFICATE-----