Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/db9866-dbf6-4294-94b9-407fef69cfb8/1/Vyik9yO_Ztfe-vZv_ebuJaC0KTU.roa
File:                     Vyik9yO_Ztfe-vZv_ebuJaC0KTU.roa (raw, json)
Hash identifier:          c7qROSs7osAwaqMA55Sklh3tzmKYuee+SA6aTcGSDTE=
Subject key identifier:   57:28:A4:F7:23:BF:66:D7:DE:FA:F6:6F:FD:E6:EE:25:A0:B4:29:35
Certificate issuer:       /CN=a8707679223c883fed7f7c79ff2f293bff8730b5
Certificate serial:       018CC56DDC2B9175226C1ACDECACE52EF3E3
Authority key identifier: A8:70:76:79:22:3C:88:3F:ED:7F:7C:79:FF:2F:29:3B:FF:87:30:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHB2eSI8iD_tf3x5_y8pO_-HMLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/db9866-dbf6-4294-94b9-407fef69cfb8/1/Vyik9yO_Ztfe-vZv_ebuJaC0KTU.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51752
IP address blocks:        185.15.220.0/22 maxlen: 22
                          91.220.88.0/24 maxlen: 24
                          2a03:c9c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/db9866-dbf6-4294-94b9-407fef69cfb8/1/qHB2eSI8iD_tf3x5_y8pO_-HMLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/db9866-dbf6-4294-94b9-407fef69cfb8/1/qHB2eSI8iD_tf3x5_y8pO_-HMLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHB2eSI8iD_tf3x5_y8pO_-HMLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:dc:2b:91:75:22:6c:1a:cd:ec:ac:e5:2e:f3:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8707679223c883fed7f7c79ff2f293bff8730b5
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5728a4f723bf66d7defaf66ffde6ee25a0b42935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ac:5f:24:45:d4:31:0c:2b:84:36:ee:65:cf:
                    4c:4c:3f:61:af:2a:d0:21:1b:b5:77:59:62:c9:01:
                    5b:52:61:ac:18:09:13:5b:bf:2c:11:ca:86:4f:aa:
                    2e:f2:1f:36:00:d5:5d:a5:de:d4:be:d0:93:d3:c9:
                    08:ef:d7:14:57:c8:01:47:2d:fd:2e:44:7f:dc:5f:
                    cd:56:dc:cb:cd:67:1f:49:11:7e:c9:d9:65:ce:f2:
                    06:31:70:d7:e1:5c:55:4d:58:cc:bb:58:2e:a1:b1:
                    e2:8a:c5:7a:62:18:32:32:a6:d9:f4:1e:94:c0:92:
                    bb:9b:d4:0a:b1:94:7f:a9:0d:d3:76:8e:7a:e8:5d:
                    e8:f9:9d:26:37:f1:45:23:76:5b:c3:df:90:c8:01:
                    3e:a2:3a:01:ff:64:86:ee:7a:a5:be:fd:c4:74:4a:
                    3e:5b:5f:03:d6:04:71:a5:39:a1:0f:4c:08:f9:1f:
                    87:ce:c6:ab:9a:1e:39:25:c7:ac:77:33:dc:00:a9:
                    fb:0a:d6:f6:10:5f:8e:53:31:45:21:47:8e:62:ae:
                    a8:86:af:f6:a7:db:dd:60:6f:ea:2b:44:e9:b0:eb:
                    a7:92:a5:07:6c:73:24:73:5b:5e:88:32:ef:fb:c1:
                    f0:a1:6a:ed:e2:ed:46:45:96:5f:e6:0a:93:0c:e0:
                    30:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:28:A4:F7:23:BF:66:D7:DE:FA:F6:6F:FD:E6:EE:25:A0:B4:29:35
            X509v3 Authority Key Identifier:
                keyid:A8:70:76:79:22:3C:88:3F:ED:7F:7C:79:FF:2F:29:3B:FF:87:30:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHB2eSI8iD_tf3x5_y8pO_-HMLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db9866-dbf6-4294-94b9-407fef69cfb8/1/Vyik9yO_Ztfe-vZv_ebuJaC0KTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db9866-dbf6-4294-94b9-407fef69cfb8/1/qHB2eSI8iD_tf3x5_y8pO_-HMLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.88.0/24
                  185.15.220.0/22
                IPv6:
                  2a03:c9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:a4:c7:a1:78:25:79:27:0b:e2:d9:1c:70:d1:2d:cb:78:bd:
         04:cb:b6:49:b7:84:08:bb:48:25:75:6c:14:40:fc:0e:a9:80:
         79:1b:da:e4:ba:13:71:c7:17:5f:b1:6b:01:cd:9a:73:9d:7e:
         d0:7d:76:1d:5b:4d:a7:4c:49:74:6e:de:d3:65:bf:f1:2d:51:
         0a:ae:f3:b5:f7:6b:62:f9:16:40:36:27:92:c8:56:8c:d9:51:
         bc:51:69:88:3c:01:83:ea:0e:9a:fa:23:79:67:06:1c:a1:9a:
         2d:8b:12:f6:7c:57:d2:b6:c2:3d:4d:d6:eb:b6:06:28:cf:30:
         fd:35:c9:67:fe:20:e6:b1:f6:34:52:99:1b:af:0a:9f:3f:12:
         a9:2f:40:b8:e0:eb:74:b4:ec:a1:3d:f4:33:09:49:68:43:84:
         85:e2:ba:86:87:4a:99:0f:f3:49:9d:ca:d7:9d:91:5c:5c:05:
         d9:c5:e9:64:58:66:e6:8f:68:d8:3f:03:15:a0:46:49:bd:d6:
         8b:8a:21:d4:9c:5c:84:76:2c:b6:b1:e2:27:da:dc:0e:f5:e7:
         ac:b0:03:34:cf:1b:26:fd:5c:2d:e9:cd:9b:8f:64:2a:b3:3a:
         c4:2e:3f:e4:db:81:da:c8:d5:4a:86:17:5a:17:eb:82:c5:0b:
         09:2f:26:1e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbdwrkXUibBrN7KzlLvPjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA3Njc5MjIzYzg4M2ZlZDdmN2M3OWZmMmYyOTNiZmY4
NzMwYjUwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzI4YTRmNzIzYmY2NmQ3ZGVmYWY2NmZmZGU2ZWUyNWEwYjQyOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqxfJEXUMQwrhDbuZc9MTD9hryrQ
IRu1d1liyQFbUmGsGAkTW78sEcqGT6ou8h82ANVdpd7UvtCT08kI79cUV8gBRy39
LkR/3F/NVtzLzWcfSRF+ydllzvIGMXDX4VxVTVjMu1guobHiisV6YhgyMqbZ9B6U
wJK7m9QKsZR/qQ3Tdo566F3o+Z0mN/FFI3Zbw9+QyAE+ojoB/2SG7nqlvv3EdEo+
W18D1gRxpTmhD0wI+R+Hzsarmh45JcesdzPcAKn7Ctb2EF+OUzFFIUeOYq6ohq/2
p9vdYG/qK0TpsOunkqUHbHMkc1teiDLv+8HwoWrt4u1GRZZf5gqTDOAwxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFcopPcjv2bX3vr2b/3m7iWgtCk1MB8GA1UdIwQY
MBaAFKhwdnkiPIg/7X98ef8vKTv/hzC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhCMmVTSThpRF90ZjN4NV95OHBPXy1ITUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kYjk4NjYtZGJmNi00Mjk0LTk0Yjkt
NDA3ZmVmNjljZmI4LzEvVnlpazl5T19adGZlLXZadl9lYnVKYUMwS1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kYjk4NjYtZGJmNi00Mjk0LTk0YjktNDA3ZmVmNjljZmI4
LzEvcUhCMmVTSThpRF90ZjN4NV95OHBPXy1ITUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9xYAwQC
uQ/cMA0EAgACMAcDBQAqA8nAMA0GCSqGSIb3DQEBCwUAA4IBAQCApMeheCV5Jwvi
2Rxw0S3LeL0Ey7ZJt4QIu0gldWwUQPwOqYB5G9rkuhNxxxdfsWsBzZpznX7QfXYd
W02nTEl0bt7TZb/xLVEKrvO192ti+RZANieSyFaM2VG8UWmIPAGD6g6a+iN5ZwYc
oZotixL2fFfStsI9TdbrtgYozzD9Ncln/iDmsfY0UpkbrwqfPxKpL0C44Ot0tOyh
PfQzCUloQ4SF4rqGh0qZD/NJncrXnZFcXAXZxelkWGbmj2jYPwMVoEZJvdaLiiHU
nFyEdiy2seIn2twO9eessAM0zxsm/Vwt6c2bj2QqszrELj/k24HayNVKhhdaF+uC
xQsJLyYe
-----END CERTIFICATE-----