Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/feb15e-de7c-40a7-86d4-969d2539d0ca/1/vAFQF-F8lni1r_6CH29HW5rnwVs.roa
File:                     vAFQF-F8lni1r_6CH29HW5rnwVs.roa (raw, json)
Hash identifier:          eT8pLKjYFSMt+CHPqTyYN+Ue2bQzsVG814zd0gP2bzA=
Subject key identifier:   BC:01:50:17:E1:7C:96:78:B5:AF:FE:82:1F:6F:47:5B:9A:E7:C1:5B
Certificate issuer:       /CN=20aedc8b2a1bbd6d37055ec00e8e60f4588e1305
Certificate serial:       018CC5DCA606E464F5BDF7C3922C87603D1F
Authority key identifier: 20:AE:DC:8B:2A:1B:BD:6D:37:05:5E:C0:0E:8E:60:F4:58:8E:13:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IK7ciyobvW03BV7ADo5g9FiOEwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/feb15e-de7c-40a7-86d4-969d2539d0ca/1/vAFQF-F8lni1r_6CH29HW5rnwVs.roa
Signing time:             Mon 01 Jan 2024 16:30:21 +0000
ROA not before:           Mon 01 Jan 2024 16:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61365
IP address blocks:        185.184.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/feb15e-de7c-40a7-86d4-969d2539d0ca/1/IK7ciyobvW03BV7ADo5g9FiOEwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/feb15e-de7c-40a7-86d4-969d2539d0ca/1/IK7ciyobvW03BV7ADo5g9FiOEwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IK7ciyobvW03BV7ADo5g9FiOEwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a6:06:e4:64:f5:bd:f7:c3:92:2c:87:60:3d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20aedc8b2a1bbd6d37055ec00e8e60f4588e1305
        Validity
            Not Before: Jan  1 16:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc015017e17c9678b5affe821f6f475b9ae7c15b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8b:61:d8:d6:53:2d:bf:01:6c:e9:44:5e:6b:
                    4b:00:7d:91:85:a1:07:c8:c3:f0:ad:ee:ab:bb:a1:
                    4d:cd:37:b3:48:de:d4:4c:e7:48:d4:e2:15:87:db:
                    fe:8d:90:17:0e:43:87:a9:8d:c2:f1:ad:0d:21:26:
                    a9:02:49:79:b9:b3:16:2c:77:06:8f:f7:7b:10:21:
                    b7:bb:06:af:79:ee:8d:c6:99:9e:02:95:1d:72:82:
                    9a:ab:90:af:3b:89:27:87:f5:b1:6e:33:e5:ce:8d:
                    2a:31:77:9e:6c:a4:66:50:bf:75:e6:af:b3:d6:6d:
                    9f:43:dd:d9:98:14:95:0c:ec:c3:fc:fb:c8:a3:ed:
                    5b:49:b0:7e:85:8b:2a:f9:5e:77:0f:4b:09:bb:b8:
                    b9:e3:89:f5:6b:a8:c7:e1:4a:76:c7:34:ee:00:82:
                    37:e2:ba:8d:4b:34:71:7d:f7:50:1f:ca:83:05:17:
                    b9:74:75:74:2d:30:0a:b4:eb:38:35:33:0d:53:96:
                    e3:6a:86:ec:f3:51:67:18:92:f6:18:7c:7c:bb:8c:
                    aa:2a:b1:7c:1a:65:de:a3:df:57:f7:71:18:76:58:
                    75:12:de:c6:31:e4:69:75:99:4f:d2:7d:37:36:b0:
                    82:59:49:a3:11:c0:42:2f:83:48:23:b0:fa:0c:d5:
                    5b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:01:50:17:E1:7C:96:78:B5:AF:FE:82:1F:6F:47:5B:9A:E7:C1:5B
            X509v3 Authority Key Identifier:
                keyid:20:AE:DC:8B:2A:1B:BD:6D:37:05:5E:C0:0E:8E:60:F4:58:8E:13:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IK7ciyobvW03BV7ADo5g9FiOEwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/feb15e-de7c-40a7-86d4-969d2539d0ca/1/vAFQF-F8lni1r_6CH29HW5rnwVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/feb15e-de7c-40a7-86d4-969d2539d0ca/1/IK7ciyobvW03BV7ADo5g9FiOEwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:e4:05:f8:9f:06:be:16:a5:ec:3f:4d:0c:8d:b3:c1:0d:a2:
         71:0e:64:3c:57:ab:23:5e:31:ac:4f:3d:bc:1b:63:58:2f:a4:
         3a:92:08:39:24:53:b8:f9:30:b7:c8:2d:86:3e:34:6f:9f:cb:
         47:57:b4:da:89:e0:ef:ca:b3:2b:7a:89:5d:ae:b1:48:84:53:
         e3:18:e5:92:d3:5d:c9:d6:ae:00:0a:73:cf:2f:fa:26:a1:65:
         39:c0:a7:11:5c:12:9b:c6:0b:d0:a8:77:71:55:97:fc:d6:aa:
         38:54:fc:28:25:0f:5a:f0:1e:7d:50:fe:44:6b:75:ad:70:30:
         52:02:5f:2f:14:05:c9:59:cf:62:f5:df:c0:68:62:0c:6b:15:
         34:f1:ea:8d:2b:08:27:f7:dc:55:34:d6:cd:4f:1a:03:19:49:
         68:b7:fe:b4:4f:75:10:11:13:34:a3:7c:78:d7:57:a6:b6:b8:
         5f:77:34:25:f4:d6:85:e0:11:42:31:bb:e9:0b:d1:1f:04:dc:
         bf:7e:78:d5:dc:27:3d:d1:5b:60:a1:11:e9:1c:7b:3e:c1:be:
         0a:8e:3d:c8:e4:f4:8e:d6:5f:a4:4b:87:92:fd:70:5a:8d:09:
         de:5c:88:57:30:23:48:8e:61:c0:aa:76:7a:53:35:fe:b7:39:
         e4:e6:e0:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KYG5GT1vffDkiyHYD0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYWVkYzhiMmExYmJkNmQzNzA1NWVjMDBlOGU2MGY0NTg4
ZTEzMDUwHhcNMjQwMTAxMTYzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAxNTAxN2UxN2M5Njc4YjVhZmZlODIxZjZmNDc1YjlhZTdjMTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIth2NZTLb8BbOlEXmtLAH2RhaEH
yMPwre6ru6FNzTezSN7UTOdI1OIVh9v+jZAXDkOHqY3C8a0NISapAkl5ubMWLHcG
j/d7ECG3uwavee6NxpmeApUdcoKaq5CvO4knh/WxbjPlzo0qMXeebKRmUL915q+z
1m2fQ93ZmBSVDOzD/PvIo+1bSbB+hYsq+V53D0sJu7i544n1a6jH4Up2xzTuAII3
4rqNSzRxffdQH8qDBRe5dHV0LTAKtOs4NTMNU5bjaobs81FnGJL2GHx8u4yqKrF8
GmXeo99X93EYdlh1Et7GMeRpdZlP0n03NrCCWUmjEcBCL4NII7D6DNVboQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwBUBfhfJZ4ta/+gh9vR1ua58FbMB8GA1UdIwQY
MBaAFCCu3IsqG71tNwVewA6OYPRYjhMFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUs3Y2l5b2J2VzAzQlY3QURvNWc5RmlPRXdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mZWIxNWUtZGU3Yy00MGE3LTg2ZDQt
OTY5ZDI1MzlkMGNhLzEvdkFGUUYtRjhsbmkxcl82Q0gyOUhXNXJud1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mZWIxNWUtZGU3Yy00MGE3LTg2ZDQtOTY5ZDI1MzlkMGNh
LzEvSUs3Y2l5b2J2VzAzQlY3QURvNWc5RmlPRXdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubgQMA0G
CSqGSIb3DQEBCwUAA4IBAQBM5AX4nwa+FqXsP00MjbPBDaJxDmQ8V6sjXjGsTz28
G2NYL6Q6kgg5JFO4+TC3yC2GPjRvn8tHV7TaieDvyrMreoldrrFIhFPjGOWS013J
1q4ACnPPL/omoWU5wKcRXBKbxgvQqHdxVZf81qo4VPwoJQ9a8B59UP5Ea3WtcDBS
Al8vFAXJWc9i9d/AaGIMaxU08eqNKwgn99xVNNbNTxoDGUlot/60T3UQERM0o3x4
11emtrhfdzQl9NaF4BFCMbvpC9EfBNy/fnjV3Cc90VtgoRHpHHs+wb4Kjj3I5PSO
1l+kS4eS/XBajQneXIhXMCNIjmHAqnZ6UzX+tznk5uDg
-----END CERTIFICATE-----