Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/Iq_MWu25D8VvHPPyULvyCKfhusc.roa
File:                     Iq_MWu25D8VvHPPyULvyCKfhusc.roa (raw, json)
Hash identifier:          Sj4mpIkJwnXcrITUBl1NDHUqt6RKerlqZJHGfAguHIg=
Subject key identifier:   22:AF:CC:5A:ED:B9:0F:C5:6F:1C:F3:F2:50:BB:F2:08:A7:E1:BA:C7
Certificate issuer:       /CN=544194f8249773d3cd6fb654b239de769c42e864
Certificate serial:       018CC8700868349FC830783AAF6A34F4CBC4
Authority key identifier: 54:41:94:F8:24:97:73:D3:CD:6F:B6:54:B2:39:DE:76:9C:42:E8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/Iq_MWu25D8VvHPPyULvyCKfhusc.roa
Signing time:             Tue 02 Jan 2024 04:30:34 +0000
ROA not before:           Tue 02 Jan 2024 04:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207537
IP address blocks:        2001:67c:2bb4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:08:68:34:9f:c8:30:78:3a:af:6a:34:f4:cb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=544194f8249773d3cd6fb654b239de769c42e864
        Validity
            Not Before: Jan  2 04:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22afcc5aedb90fc56f1cf3f250bbf208a7e1bac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:47:9a:22:d5:89:4b:1c:58:79:a6:a8:b9:9f:
                    e2:24:ba:42:97:05:bd:2f:96:4d:a7:c5:bd:88:a3:
                    cd:1c:7c:c1:e6:de:da:49:e4:ce:66:48:35:42:8a:
                    8a:b1:89:29:ac:11:fc:b8:da:27:61:f2:d1:8f:b9:
                    04:90:d0:69:35:dd:02:99:6c:eb:6b:11:e9:82:65:
                    0b:43:dd:80:54:9c:e0:65:72:ad:7a:5b:e3:db:70:
                    3d:85:2e:f9:d3:f2:e7:44:be:d4:c9:c1:7b:b9:34:
                    58:fd:75:04:dd:69:98:ad:f4:d7:41:93:95:56:b5:
                    8e:15:73:02:f5:0a:d9:07:0e:e8:13:dd:60:21:81:
                    62:66:02:8a:68:78:cc:97:01:e4:3a:6b:0f:fa:7c:
                    7c:88:d1:0d:9c:74:ac:79:07:c1:3e:bb:c4:a8:21:
                    c3:d9:83:42:ab:0b:44:d3:43:ab:2b:15:9b:43:79:
                    17:5d:90:f3:f6:64:10:11:62:83:17:27:90:e3:4e:
                    25:54:5d:10:4d:1e:7a:cd:bc:08:f1:61:03:c9:b4:
                    79:f6:7f:05:dd:14:ce:ed:54:d5:4b:82:a2:50:57:
                    c7:4c:d6:1a:2b:a8:ce:a8:fe:ab:23:26:1f:c9:42:
                    f2:7f:f4:fc:56:c5:96:15:49:44:ff:14:c6:7d:72:
                    ac:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AF:CC:5A:ED:B9:0F:C5:6F:1C:F3:F2:50:BB:F2:08:A7:E1:BA:C7
            X509v3 Authority Key Identifier:
                keyid:54:41:94:F8:24:97:73:D3:CD:6F:B6:54:B2:39:DE:76:9C:42:E8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/Iq_MWu25D8VvHPPyULvyCKfhusc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2bb4::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:4a:53:5d:01:8f:d8:7a:f6:72:3a:16:38:9c:76:79:6f:34:
         15:26:1d:cb:d9:8a:72:1a:31:37:b3:0a:61:f2:2d:ae:f9:9e:
         8b:e9:f5:f3:93:45:72:f7:d4:00:be:bd:bf:ae:81:41:0b:02:
         d3:83:7b:9f:d5:f3:16:bd:e0:eb:aa:30:b2:fd:0f:f5:84:5f:
         e2:7c:f6:f2:38:a5:d1:9d:b2:84:32:78:34:69:09:20:bb:07:
         4b:95:61:30:8d:36:bd:18:22:40:ba:c4:b7:23:fd:6d:57:2a:
         80:24:52:e9:d7:32:7c:40:d0:f8:0e:ed:07:d7:74:a3:f2:90:
         c0:c8:02:e5:e8:1c:c3:37:f4:a8:c6:4e:89:16:3d:c0:90:b3:
         29:c8:a5:e6:9e:69:10:85:18:34:aa:80:8e:a0:53:e2:d1:d8:
         f9:d8:b5:ef:a1:e6:78:ab:8b:64:06:a6:8b:b4:a0:8f:eb:7d:
         0d:f5:53:90:66:05:c1:9d:85:73:66:98:44:26:ee:86:9b:33:
         76:4a:99:a5:fd:ab:e5:01:fe:42:9d:ee:ee:29:ca:bd:bb:53:
         e0:e2:e3:dc:4c:15:2d:64:4f:23:d6:2d:58:4e:c5:db:09:86:
         37:81:8a:69:50:01:90:ef:8c:fb:3e:4b:c6:e7:dc:b2:10:0f:
         0d:1e:c7:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIcAhoNJ/IMHg6r2o09MvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDE5NGY4MjQ5NzczZDNjZDZmYjY1NGIyMzlkZTc2OWM0
MmU4NjQwHhcNMjQwMTAyMDQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFmY2M1YWVkYjkwZmM1NmYxY2YzZjI1MGJiZjIwOGE3ZTFiYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0eaItWJSxxYeaaouZ/iJLpClwW9
L5ZNp8W9iKPNHHzB5t7aSeTOZkg1QoqKsYkprBH8uNonYfLRj7kEkNBpNd0CmWzr
axHpgmULQ92AVJzgZXKtelvj23A9hS750/LnRL7UycF7uTRY/XUE3WmYrfTXQZOV
VrWOFXMC9QrZBw7oE91gIYFiZgKKaHjMlwHkOmsP+nx8iNENnHSseQfBPrvEqCHD
2YNCqwtE00OrKxWbQ3kXXZDz9mQQEWKDFyeQ404lVF0QTR56zbwI8WEDybR59n8F
3RTO7VTVS4KiUFfHTNYaK6jOqP6rIyYfyULyf/T8VsWWFUlE/xTGfXKsQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCKvzFrtuQ/Fbxzz8lC78gin4brHMB8GA1UdIwQY
MBaAFFRBlPgkl3PTzW+2VLI53nacQuhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVHVS1DU1hjOVBOYjdaVXNqbmVkcHhDNkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9kZDFlYTYtY2NiZi00ZGYxLTkyZWYt
ZDYxZGYzM2M0MzFiLzEvSXFfTVd1MjVEOFZ2SFBQeVVMdnlDS2ZodXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9kZDFlYTYtY2NiZi00ZGYxLTkyZWYtZDYxZGYzM2M0MzFi
LzEvVkVHVS1DU1hjOVBOYjdaVXNqbmVkcHhDNkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCu0
MA0GCSqGSIb3DQEBCwUAA4IBAQBmSlNdAY/YevZyOhY4nHZ5bzQVJh3L2YpyGjE3
swph8i2u+Z6L6fXzk0Vy99QAvr2/roFBCwLTg3uf1fMWveDrqjCy/Q/1hF/ifPby
OKXRnbKEMng0aQkguwdLlWEwjTa9GCJAusS3I/1tVyqAJFLp1zJ8QND4Du0H13Sj
8pDAyALl6BzDN/Soxk6JFj3AkLMpyKXmnmkQhRg0qoCOoFPi0dj52LXvoeZ4q4tk
BqaLtKCP630N9VOQZgXBnYVzZphEJu6GmzN2Spml/avlAf5Cne7uKcq9u1Pg4uPc
TBUtZE8j1i1YTsXbCYY3gYppUAGQ74z7PkvG59yyEA8NHscZ
-----END CERTIFICATE-----