Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/60f9ac-053a-4689-b081-3a3a9f0242b8/1/vn2b-Vrc2-IIZWIhWPrNUAjbr7k.roa
File:                     vn2b-Vrc2-IIZWIhWPrNUAjbr7k.roa (raw, json)
Hash identifier:          +g7EprPNptlQFIdHUBR6Zd9Ahi6Czm2ndSmW5Jh7qEk=
Subject key identifier:   BE:7D:9B:F9:5A:DC:DB:E2:08:65:62:21:58:FA:CD:50:08:DB:AF:B9
Certificate issuer:       /CN=529ca5a6e5d67421f3f2cd21138cb70704850955
Certificate serial:       018CC726EDB6AC00E65711388C9496C15578
Authority key identifier: 52:9C:A5:A6:E5:D6:74:21:F3:F2:CD:21:13:8C:B7:07:04:85:09:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UpylpuXWdCHz8s0hE4y3BwSFCVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/60f9ac-053a-4689-b081-3a3a9f0242b8/1/vn2b-Vrc2-IIZWIhWPrNUAjbr7k.roa
Signing time:             Mon 01 Jan 2024 22:31:06 +0000
ROA not before:           Mon 01 Jan 2024 22:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205385
IP address blocks:        185.231.36.0/22 maxlen: 24
                          185.220.48.0/22 maxlen: 24
                          2a0b:eec0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/60f9ac-053a-4689-b081-3a3a9f0242b8/1/UpylpuXWdCHz8s0hE4y3BwSFCVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/60f9ac-053a-4689-b081-3a3a9f0242b8/1/UpylpuXWdCHz8s0hE4y3BwSFCVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UpylpuXWdCHz8s0hE4y3BwSFCVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ed:b6:ac:00:e6:57:11:38:8c:94:96:c1:55:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529ca5a6e5d67421f3f2cd21138cb70704850955
        Validity
            Not Before: Jan  1 22:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be7d9bf95adcdbe20865622158facd5008dbafb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:01:15:02:03:57:77:0f:d9:b1:17:94:51:4a:
                    60:2c:d5:66:bd:6d:a0:dd:e5:9f:06:b8:04:4b:e6:
                    63:32:f7:b5:f8:91:5b:d7:e6:fe:c3:33:f7:22:d8:
                    11:5a:cb:28:18:0f:1d:fb:e9:48:a7:b7:e0:4c:17:
                    28:e3:1c:2a:b4:a6:cd:d8:9c:49:b8:d9:68:27:8b:
                    a5:80:5e:80:2d:2b:f9:2d:0e:7c:7b:4b:a0:10:87:
                    48:62:a5:85:34:14:43:ce:ca:c2:30:fa:f1:95:b8:
                    0d:27:e2:2d:3d:0e:ef:81:41:ee:c7:66:c8:f3:d0:
                    49:15:ee:a3:60:4b:f5:bc:fc:9c:de:98:43:90:1e:
                    55:89:55:b6:00:59:17:90:75:d6:f0:a7:ec:93:14:
                    8a:d7:31:0c:0d:65:56:c2:d8:bd:de:90:88:c4:8b:
                    86:04:53:ac:37:30:71:bc:9a:a8:87:02:09:47:43:
                    07:c4:09:e8:ce:08:d2:a4:1b:24:35:44:55:3f:eb:
                    aa:00:bd:a5:88:10:eb:e7:ee:9a:b7:71:29:d6:39:
                    04:e3:b8:8d:2a:be:4b:2f:be:ea:27:d0:39:08:ca:
                    c8:81:e7:5b:37:a1:88:30:78:14:f6:3c:a2:75:c4:
                    61:e0:15:51:33:86:f5:b8:32:c3:2e:c0:ea:2d:17:
                    97:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:7D:9B:F9:5A:DC:DB:E2:08:65:62:21:58:FA:CD:50:08:DB:AF:B9
            X509v3 Authority Key Identifier:
                keyid:52:9C:A5:A6:E5:D6:74:21:F3:F2:CD:21:13:8C:B7:07:04:85:09:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpylpuXWdCHz8s0hE4y3BwSFCVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/60f9ac-053a-4689-b081-3a3a9f0242b8/1/vn2b-Vrc2-IIZWIhWPrNUAjbr7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/60f9ac-053a-4689-b081-3a3a9f0242b8/1/UpylpuXWdCHz8s0hE4y3BwSFCVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.48.0/22
                  185.231.36.0/22
                IPv6:
                  2a0b:eec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:1f:34:23:9f:07:1f:c9:f0:4d:c6:43:0d:bc:f3:21:32:d4:
         7c:fb:24:06:e9:14:b7:23:41:78:91:b9:e8:32:c7:dc:01:75:
         1d:41:06:f7:c6:a6:ab:b5:28:58:f1:39:6d:c8:2e:6c:8b:a6:
         db:83:b6:10:e6:1a:13:6e:0e:34:75:8e:d6:22:52:99:67:d9:
         5e:04:8b:99:68:09:37:28:ba:c5:06:4e:79:ce:4e:68:6c:54:
         d6:24:cc:55:6c:60:83:b5:98:5e:d2:ff:df:24:f1:e4:6b:53:
         fb:48:37:ef:78:b4:76:0f:f5:ce:ab:10:1a:18:e8:d1:28:e8:
         79:44:22:b6:02:5a:1c:30:7c:19:c6:39:33:5d:bc:1e:2e:6c:
         47:65:41:58:5b:e5:85:fb:75:ec:46:f8:29:52:90:b5:89:c6:
         93:67:45:80:ea:27:0b:af:a0:d4:0c:5a:b6:51:59:40:70:79:
         36:df:b9:e0:5b:ab:0f:3c:cb:82:2c:13:33:52:39:ae:7a:a5:
         c7:94:20:5d:6b:d3:73:a0:e5:33:e3:99:16:31:11:24:0d:76:
         6a:0c:c6:3e:2f:41:34:1f:04:4e:99:03:e5:23:5c:fd:5a:e8:
         3d:c2:e0:a4:63:60:83:72:f8:9f:2e:4e:bf:c9:f2:4c:bb:f2:
         6c:16:c2:35
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHJu22rADmVxE4jJSWwVV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWNhNWE2ZTVkNjc0MjFmM2YyY2QyMTEzOGNiNzA3MDQ4
NTA5NTUwHhcNMjQwMTAxMjIzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdkOWJmOTVhZGNkYmUyMDg2NTYyMjE1OGZhY2Q1MDA4ZGJhZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAEVAgNXdw/ZsReUUUpgLNVmvW2g
3eWfBrgES+ZjMve1+JFb1+b+wzP3ItgRWssoGA8d++lIp7fgTBco4xwqtKbN2JxJ
uNloJ4ulgF6ALSv5LQ58e0ugEIdIYqWFNBRDzsrCMPrxlbgNJ+ItPQ7vgUHux2bI
89BJFe6jYEv1vPyc3phDkB5ViVW2AFkXkHXW8KfskxSK1zEMDWVWwti93pCIxIuG
BFOsNzBxvJqohwIJR0MHxAnozgjSpBskNURVP+uqAL2liBDr5+6at3Ep1jkE47iN
Kr5LL77qJ9A5CMrIgedbN6GIMHgU9jyidcRh4BVRM4b1uDLDLsDqLReX9QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFL59m/la3NviCGViIVj6zVAI26+5MB8GA1UdIwQY
MBaAFFKcpabl1nQh8/LNIROMtwcEhQlVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB5bHB1WFdkQ0h6OHMwaEU0eTNCd1NGQ1ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC82MGY5YWMtMDUzYS00Njg5LWIwODEt
M2EzYTlmMDI0MmI4LzEvdm4yYi1WcmMyLUlJWldJaFdQck5VQWpicjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC82MGY5YWMtMDUzYS00Njg5LWIwODEtM2EzYTlmMDI0MmI4
LzEvVXB5bHB1WFdkQ0h6OHMwaEU0eTNCd1NGQ1ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudwwAwQC
ueckMA0EAgACMAcDBQAqC+7AMA0GCSqGSIb3DQEBCwUAA4IBAQCZHzQjnwcfyfBN
xkMNvPMhMtR8+yQG6RS3I0F4kbnoMsfcAXUdQQb3xqartShY8TltyC5si6bbg7YQ
5hoTbg40dY7WIlKZZ9leBIuZaAk3KLrFBk55zk5obFTWJMxVbGCDtZhe0v/fJPHk
a1P7SDfveLR2D/XOqxAaGOjRKOh5RCK2AlocMHwZxjkzXbweLmxHZUFYW+WF+3Xs
RvgpUpC1icaTZ0WA6icLr6DUDFq2UVlAcHk237ngW6sPPMuCLBMzUjmueqXHlCBd
a9NzoOUz45kWMREkDXZqDMY+L0E0HwROmQPlI1z9Wug9wuCkY2CDcvifLk6/yfJM
u/JsFsI1
-----END CERTIFICATE-----