Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/vCcFbyxAVLfi9sJsRIn7_1kkNW8.roa
File:                     vCcFbyxAVLfi9sJsRIn7_1kkNW8.roa (raw, json)
Hash identifier:          7NRO6K/ikj4Ho4trqZj205RqfJ7yBvxwfdrBocOBVws=
Subject key identifier:   BC:27:05:6F:2C:40:54:B7:E2:F6:C2:6C:44:89:FB:FF:59:24:35:6F
Certificate issuer:       /CN=1366b960a6f1f04439f09186f9ecf531a9ce2648
Certificate serial:       018CC80146B11D26E4CBF25D26774D076520
Authority key identifier: 13:66:B9:60:A6:F1:F0:44:39:F0:91:86:F9:EC:F5:31:A9:CE:26:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/vCcFbyxAVLfi9sJsRIn7_1kkNW8.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        193.109.168.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:46:b1:1d:26:e4:cb:f2:5d:26:77:4d:07:65:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1366b960a6f1f04439f09186f9ecf531a9ce2648
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc27056f2c4054b7e2f6c26c4489fbff5924356f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:1a:25:5c:b2:e0:e4:03:32:e6:9f:44:42:0c:
                    87:4f:ba:52:1b:6e:63:6c:4a:ed:49:77:ba:8f:a4:
                    5a:b5:d6:44:a0:4b:c8:98:7a:54:56:cd:26:2a:f8:
                    07:59:8e:e9:f0:1f:43:06:f4:21:a6:42:f8:a9:34:
                    7f:81:eb:a4:fa:b4:46:ad:b1:0b:60:95:ed:2d:34:
                    4f:4d:d1:52:71:ec:ac:90:e1:9a:b4:ff:5f:29:ea:
                    79:ed:1a:f9:2b:d8:cf:14:66:a4:35:4e:02:6a:4d:
                    f2:5f:a6:d3:75:8c:47:17:38:0b:3d:1f:6d:6e:79:
                    15:81:bc:ed:a6:7e:3a:37:5b:30:a0:b7:cc:a0:3e:
                    f8:23:6b:03:23:b6:14:a7:0d:08:93:e6:3f:b8:21:
                    67:8b:37:d0:8e:b9:1e:28:51:51:0a:e1:4e:f3:62:
                    1e:8a:32:40:a5:fe:aa:99:3c:84:d5:d0:40:06:ef:
                    11:eb:72:09:26:e8:4e:43:7e:67:08:a3:ea:40:ff:
                    86:0d:2a:1a:11:16:2c:9f:5f:93:00:57:61:2c:45:
                    7e:59:73:40:85:88:a3:29:8e:b9:fd:5f:52:b4:f6:
                    f2:5b:20:86:08:32:50:b0:d6:c9:a2:96:3a:f3:5e:
                    69:af:e5:04:a1:c8:0d:0f:7f:56:29:b0:3f:07:a0:
                    09:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:27:05:6F:2C:40:54:B7:E2:F6:C2:6C:44:89:FB:FF:59:24:35:6F
            X509v3 Authority Key Identifier:
                keyid:13:66:B9:60:A6:F1:F0:44:39:F0:91:86:F9:EC:F5:31:A9:CE:26:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/vCcFbyxAVLfi9sJsRIn7_1kkNW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:a6:e5:ed:bb:b4:e9:3f:2c:57:b2:6c:21:3f:13:8f:10:da:
         cd:db:af:7a:54:2c:19:b9:92:f8:89:19:10:0c:7c:65:11:9c:
         ac:1c:67:1a:da:b3:cf:90:61:56:f1:85:49:55:dc:4c:0b:96:
         4f:b0:6b:2f:cb:c7:69:3f:4d:97:db:9a:59:59:b7:9b:79:15:
         4d:5d:b0:9c:5d:3e:38:46:dc:b2:7c:99:ff:32:2e:94:bc:c3:
         3f:e2:ca:a8:e6:10:37:fa:42:3e:77:8e:bd:35:ab:25:38:d4:
         88:80:67:2f:98:24:c2:4d:97:11:d8:6a:20:01:6a:f5:2c:09:
         98:4b:f4:2c:a3:72:a7:c4:d6:8f:51:a6:65:e3:7c:5e:09:74:
         80:59:7e:a6:e2:d5:fc:36:12:64:77:4c:8d:23:31:0e:2e:5f:
         37:15:1d:e2:35:9f:65:87:3d:c6:aa:5b:18:a0:ef:5f:0f:17:
         2e:b3:18:fc:86:47:cd:fd:84:c7:89:85:06:59:06:e2:ec:12:
         b4:c0:49:f2:0d:fd:f5:7d:ce:66:b6:3b:6c:7d:ae:7c:3d:64:
         0f:73:e9:84:80:f9:6c:97:c9:9b:82:67:c1:f7:f9:47:a0:f7:
         dd:ee:bd:42:fe:ae:a6:1f:ff:8c:f7:83:bf:12:6a:f4:01:0f:
         f5:1b:fb:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUaxHSbky/JdJndNB2UgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNjZiOTYwYTZmMWYwNDQzOWYwOTE4NmY5ZWNmNTMxYTlj
ZTI2NDgwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzI3MDU2ZjJjNDA1NGI3ZTJmNmMyNmM0NDg5ZmJmZjU5MjQzNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRolXLLg5AMy5p9EQgyHT7pSG25j
bErtSXe6j6RatdZEoEvImHpUVs0mKvgHWY7p8B9DBvQhpkL4qTR/geuk+rRGrbEL
YJXtLTRPTdFSceyskOGatP9fKep57Rr5K9jPFGakNU4Cak3yX6bTdYxHFzgLPR9t
bnkVgbztpn46N1swoLfMoD74I2sDI7YUpw0Ik+Y/uCFnizfQjrkeKFFRCuFO82Ie
ijJApf6qmTyE1dBABu8R63IJJuhOQ35nCKPqQP+GDSoaERYsn1+TAFdhLEV+WXNA
hYijKY65/V9StPbyWyCGCDJQsNbJopY6815pr+UEocgND39WKbA/B6AJNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwnBW8sQFS34vbCbESJ+/9ZJDVvMB8GA1UdIwQY
MBaAFBNmuWCm8fBEOfCRhvns9TGpziZIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTJhNVlLYng4RVE1OEpHRy1lejFNYW5PSmtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80NDAyYjAtMmVjYS00ODM2LWJmMjIt
YTk2NzE1OWY4ODdkLzEvdkNjRmJ5eEFWTGZpOXNKc1JJbjdfMWtrTlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80NDAyYjAtMmVjYS00ODM2LWJmMjItYTk2NzE1OWY4ODdk
LzEvRTJhNVlLYng4RVE1OEpHRy1lejFNYW5PSmtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW2oMA0G
CSqGSIb3DQEBCwUAA4IBAQBPpuXtu7TpPyxXsmwhPxOPENrN2696VCwZuZL4iRkQ
DHxlEZysHGca2rPPkGFW8YVJVdxMC5ZPsGsvy8dpP02X25pZWbebeRVNXbCcXT44
RtyyfJn/Mi6UvMM/4sqo5hA3+kI+d469NaslONSIgGcvmCTCTZcR2GogAWr1LAmY
S/Qso3KnxNaPUaZl43xeCXSAWX6m4tX8NhJkd0yNIzEOLl83FR3iNZ9lhz3GqlsY
oO9fDxcusxj8hkfN/YTHiYUGWQbi7BK0wEnyDf31fc5mtjtsfa58PWQPc+mEgPls
l8mbgmfB9/lHoPfd7r1C/q6mH/+M94O/Emr0AQ/1G/ul
-----END CERTIFICATE-----