Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/d45d3f-57ad-4ca1-b8df-7e253e6398e5/1/Vdz0EK8dpP2jHgxiw9NLtYpntkk.roa
File:                     Vdz0EK8dpP2jHgxiw9NLtYpntkk.roa (raw, json)
Hash identifier:          +A0uIvlAXBwSLqy0MMH5eS/gAKgbP4KWp/uo31OLq1w=
Subject key identifier:   55:DC:F4:10:AF:1D:A4:FD:A3:1E:0C:62:C3:D3:4B:B5:8A:67:B6:49
Certificate issuer:       /CN=559a769412d2d963b491ebe31d44111dcafccc94
Certificate serial:       018EDBB33E10EBF486866125839919DE1F8A
Authority key identifier: 55:9A:76:94:12:D2:D9:63:B4:91:EB:E3:1D:44:11:1D:CA:FC:CC:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZp2lBLS2WO0kevjHUQRHcr8zJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/d45d3f-57ad-4ca1-b8df-7e253e6398e5/1/Vdz0EK8dpP2jHgxiw9NLtYpntkk.roa
Signing time:             Sun 14 Apr 2024 08:22:20 +0000
ROA not before:           Sun 14 Apr 2024 08:22:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215333
IP address blocks:        91.90.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/d45d3f-57ad-4ca1-b8df-7e253e6398e5/1/VZp2lBLS2WO0kevjHUQRHcr8zJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/d45d3f-57ad-4ca1-b8df-7e253e6398e5/1/VZp2lBLS2WO0kevjHUQRHcr8zJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZp2lBLS2WO0kevjHUQRHcr8zJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:db:b3:3e:10:eb:f4:86:86:61:25:83:99:19:de:1f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=559a769412d2d963b491ebe31d44111dcafccc94
        Validity
            Not Before: Apr 14 08:22:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55dcf410af1da4fda31e0c62c3d34bb58a67b649
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:65:f7:49:55:78:03:60:4a:b1:9b:3b:8d:5a:
                    8d:e6:a8:79:c5:c7:2d:93:c6:49:4c:db:e3:30:41:
                    a7:59:56:07:3e:e7:2f:25:c8:e9:7e:0f:d5:8c:de:
                    9f:f6:0a:c7:51:f9:66:c9:6f:25:be:9f:40:6a:e9:
                    60:58:83:b5:88:a5:57:75:f8:d5:30:f5:b7:60:44:
                    92:9d:9c:40:aa:ce:bb:23:11:fe:ac:fd:47:9c:4d:
                    dd:f4:46:b0:c4:0b:9a:cd:28:8e:be:fb:03:93:9e:
                    0b:61:6a:3e:82:c9:84:e3:54:1d:ae:b7:4a:6f:d6:
                    01:b4:9b:51:0b:38:12:70:b6:50:4b:31:cf:a5:94:
                    80:0e:e5:0b:90:1d:6b:d1:24:64:94:c1:69:0d:1d:
                    af:af:b8:d4:eb:d8:34:4c:d8:46:ba:6b:98:45:66:
                    54:45:4a:5e:34:ef:73:67:3a:2f:23:20:9f:a3:aa:
                    12:66:6b:f6:64:69:79:b6:c6:80:b3:3a:2e:e1:52:
                    d7:fa:ac:27:b6:24:4c:30:64:8d:0d:71:f4:a7:4d:
                    2d:62:97:5c:58:ed:11:e7:1c:79:2e:b0:1a:97:cc:
                    43:11:46:b7:d0:26:fd:04:2b:98:f3:df:0a:62:72:
                    44:03:ba:6e:12:3e:b7:65:d6:53:87:0b:6c:8f:92:
                    14:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DC:F4:10:AF:1D:A4:FD:A3:1E:0C:62:C3:D3:4B:B5:8A:67:B6:49
            X509v3 Authority Key Identifier:
                keyid:55:9A:76:94:12:D2:D9:63:B4:91:EB:E3:1D:44:11:1D:CA:FC:CC:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZp2lBLS2WO0kevjHUQRHcr8zJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d45d3f-57ad-4ca1-b8df-7e253e6398e5/1/Vdz0EK8dpP2jHgxiw9NLtYpntkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d45d3f-57ad-4ca1-b8df-7e253e6398e5/1/VZp2lBLS2WO0kevjHUQRHcr8zJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:15:46:ca:86:43:3a:bc:f9:e9:ec:c7:64:64:2f:2d:1a:6d:
         c5:ec:8a:0b:9f:b7:ce:ff:6e:f9:25:7b:76:79:c7:eb:b2:69:
         05:57:47:a7:d3:39:04:9a:1b:b2:2a:ef:c2:d9:6f:79:6f:69:
         f3:0e:38:84:18:0e:c3:90:89:78:33:72:9d:f8:0e:b1:50:70:
         0a:06:1d:8c:27:e3:32:6b:ad:03:57:e4:21:ce:5a:35:d7:47:
         a2:53:e6:9f:44:e9:54:e9:2a:78:16:d6:83:4d:94:16:9b:66:
         cf:86:6f:92:27:5e:e3:81:44:9b:2b:9b:69:ca:10:eb:4e:74:
         25:60:01:6d:10:17:7a:03:b3:04:87:20:fd:12:21:68:89:e8:
         ee:ad:a2:c3:92:29:b8:b9:93:41:55:6c:0f:b0:78:87:a9:d5:
         fa:c9:03:f7:bd:b1:56:e0:75:3d:6d:9b:31:08:29:cf:06:29:
         0c:73:94:e1:6f:9c:d0:4f:72:86:e9:66:21:11:35:e3:5b:60:
         83:50:d7:94:06:0c:30:73:f4:20:19:26:c6:c2:26:49:16:49:
         ed:c7:17:42:13:61:8d:5a:56:99:91:ba:55:07:65:87:eb:76:
         cb:27:6d:fa:67:dc:f8:04:03:2c:30:1c:58:9e:1e:94:37:48:
         de:ea:b7:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7bsz4Q6/SGhmElg5kZ3h+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OWE3Njk0MTJkMmQ5NjNiNDkxZWJlMzFkNDQxMTFkY2Fm
Y2NjOTQwHhcNMjQwNDE0MDgyMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRjZjQxMGFmMWRhNGZkYTMxZTBjNjJjM2QzNGJiNThhNjdiNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2X3SVV4A2BKsZs7jVqN5qh5xcct
k8ZJTNvjMEGnWVYHPucvJcjpfg/VjN6f9grHUflmyW8lvp9AaulgWIO1iKVXdfjV
MPW3YESSnZxAqs67IxH+rP1HnE3d9EawxAuazSiOvvsDk54LYWo+gsmE41QdrrdK
b9YBtJtRCzgScLZQSzHPpZSADuULkB1r0SRklMFpDR2vr7jU69g0TNhGumuYRWZU
RUpeNO9zZzovIyCfo6oSZmv2ZGl5tsaAszou4VLX+qwntiRMMGSNDXH0p00tYpdc
WO0R5xx5LrAal8xDEUa30Cb9BCuY898KYnJEA7puEj63ZdZThwtsj5IUnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXc9BCvHaT9ox4MYsPTS7WKZ7ZJMB8GA1UdIwQY
MBaAFFWadpQS0tljtJHr4x1EER3K/MyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlpwMmxCTFMyV08wa2V2akhVUVJIY3I4ekpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kNDVkM2YtNTdhZC00Y2ExLWI4ZGYt
N2UyNTNlNjM5OGU1LzEvVmR6MEVLOGRwUDJqSGd4aXc5Tkx0WXBudGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kNDVkM2YtNTdhZC00Y2ExLWI4ZGYtN2UyNTNlNjM5OGU1
LzEvVlpwMmxCTFMyV08wa2V2akhVUVJIY3I4ekpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1qjMA0G
CSqGSIb3DQEBCwUAA4IBAQA5FUbKhkM6vPnp7MdkZC8tGm3F7IoLn7fO/275JXt2
ecfrsmkFV0en0zkEmhuyKu/C2W95b2nzDjiEGA7DkIl4M3Kd+A6xUHAKBh2MJ+My
a60DV+Qhzlo110eiU+afROlU6Sp4FtaDTZQWm2bPhm+SJ17jgUSbK5tpyhDrTnQl
YAFtEBd6A7MEhyD9EiFoiejuraLDkim4uZNBVWwPsHiHqdX6yQP3vbFW4HU9bZsx
CCnPBikMc5Thb5zQT3KG6WYhETXjW2CDUNeUBgwwc/QgGSbGwiZJFkntxxdCE2GN
WlaZkbpVB2WH63bLJ236Z9z4BAMsMBxYnh6UN0je6rfw
-----END CERTIFICATE-----