Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/Vd-eFipTUvLOALBRAAOJ26QoTTk.roa
File:                     Vd-eFipTUvLOALBRAAOJ26QoTTk.roa (raw, json)
Hash identifier:          XbE/rePIDpGaEwt/aYSv8okh7wq+otPo2aJZ2uYvDxI=
Subject key identifier:   55:DF:9E:16:2A:53:52:F2:CE:00:B0:51:00:03:89:DB:A4:28:4D:39
Certificate issuer:       /CN=b6ae61814f7150c9b8117f498cab94db72a8339c
Certificate serial:       018CC5014FE0B2E21231D5B86F37AD9BE1D4
Authority key identifier: B6:AE:61:81:4F:71:50:C9:B8:11:7F:49:8C:AB:94:DB:72:A8:33:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tq5hgU9xUMm4EX9JjKuU23KoM5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/Vd-eFipTUvLOALBRAAOJ26QoTTk.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209961
IP address blocks:        185.214.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/tq5hgU9xUMm4EX9JjKuU23KoM5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/tq5hgU9xUMm4EX9JjKuU23KoM5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tq5hgU9xUMm4EX9JjKuU23KoM5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4f:e0:b2:e2:12:31:d5:b8:6f:37:ad:9b:e1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ae61814f7150c9b8117f498cab94db72a8339c
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55df9e162a5352f2ce00b051000389dba4284d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e4:68:81:70:c5:f5:65:f9:66:4e:27:4e:7b:
                    e8:07:7f:57:dd:ee:5b:ad:77:55:f1:d6:3d:24:87:
                    d0:fe:cc:46:e4:46:4f:ba:b3:6f:1e:6d:63:7a:b2:
                    9a:f6:a8:a2:e2:bc:34:36:12:01:de:b1:33:8f:95:
                    fd:f7:69:fb:7d:e3:4c:39:aa:ed:8a:60:5c:dd:aa:
                    c6:93:d1:e3:cc:97:bb:07:6f:8e:46:18:82:11:90:
                    07:27:db:45:fe:70:df:af:32:c1:70:ee:32:7f:a2:
                    e5:a3:e3:b7:5e:02:a4:dd:43:1f:19:5b:03:28:99:
                    ff:90:a8:da:36:43:2e:b3:5e:b3:e0:47:35:5d:07:
                    25:e5:b0:57:b8:8e:5d:8e:5d:6c:ac:f5:42:3d:8d:
                    2e:ba:10:36:c9:e7:bf:b0:21:32:a9:28:46:7f:85:
                    24:a2:36:96:57:bd:41:94:c0:75:3b:5f:af:02:89:
                    06:33:3f:0f:6f:22:36:b2:d0:d2:f6:77:05:f5:cb:
                    a7:e4:a6:1f:9d:41:cb:5f:ac:6b:38:a1:80:85:74:
                    14:a1:f4:9a:5f:9c:5f:ca:17:63:18:08:b2:f6:96:
                    bd:47:44:a1:10:71:15:ac:c4:79:d3:30:1b:b4:87:
                    5f:d8:34:69:18:b9:35:74:10:10:f2:95:b0:c5:98:
                    21:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DF:9E:16:2A:53:52:F2:CE:00:B0:51:00:03:89:DB:A4:28:4D:39
            X509v3 Authority Key Identifier:
                keyid:B6:AE:61:81:4F:71:50:C9:B8:11:7F:49:8C:AB:94:DB:72:A8:33:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tq5hgU9xUMm4EX9JjKuU23KoM5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/Vd-eFipTUvLOALBRAAOJ26QoTTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9de8b0-6cc5-458b-b23e-16e10d72b567/1/tq5hgU9xUMm4EX9JjKuU23KoM5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:68:67:49:ab:01:79:0b:86:74:9d:07:29:44:6a:c9:58:04:
         c9:89:a7:62:af:7a:bb:0d:60:a9:d0:78:a9:a1:5e:b2:cd:2d:
         cf:d5:02:de:4c:c6:47:0a:ba:aa:09:30:16:59:4c:ee:4a:eb:
         e4:48:a2:a5:1d:3d:bf:61:b8:ce:71:95:db:f6:a2:f9:2d:ee:
         b9:06:a9:b1:06:b4:23:17:19:02:a5:7b:e0:79:a3:94:d1:83:
         62:c1:c8:d6:64:c3:7f:5a:36:b3:d3:52:45:c0:b5:18:db:9a:
         24:fc:85:e9:eb:05:8d:3d:79:c6:18:fa:7d:81:73:c4:23:99:
         22:f9:f0:26:7f:ca:f5:47:f1:8d:96:0e:48:9b:95:b6:97:3f:
         f2:36:22:e4:39:44:7b:55:e5:8a:0c:1e:fe:02:ad:ef:0b:80:
         b8:9d:88:92:f0:8e:68:fe:8a:15:6e:19:60:51:00:3e:a3:7b:
         b6:ea:f0:db:47:13:5b:67:ab:2d:88:38:48:c8:25:60:bf:72:
         51:47:0e:85:de:22:7c:d5:58:67:e2:b1:03:af:15:9f:57:39:
         76:aa:86:42:91:f0:8b:f0:cf:ce:f8:27:0b:4e:e9:ae:0f:2e:
         88:75:7b:63:eb:74:40:70:b8:c9:3f:d6:94:08:60:4d:76:55:
         64:a8:88:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAU/gsuISMdW4bzetm+HUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YWU2MTgxNGY3MTUwYzliODExN2Y0OThjYWI5NGRiNzJh
ODMzOWMwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRmOWUxNjJhNTM1MmYyY2UwMGIwNTEwMDAzODlkYmE0Mjg0ZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlORogXDF9WX5Zk4nTnvoB39X3e5b
rXdV8dY9JIfQ/sxG5EZPurNvHm1jerKa9qii4rw0NhIB3rEzj5X992n7feNMOart
imBc3arGk9HjzJe7B2+ORhiCEZAHJ9tF/nDfrzLBcO4yf6Llo+O3XgKk3UMfGVsD
KJn/kKjaNkMus16z4Ec1XQcl5bBXuI5djl1srPVCPY0uuhA2yee/sCEyqShGf4Uk
ojaWV71BlMB1O1+vAokGMz8PbyI2stDS9ncF9cun5KYfnUHLX6xrOKGAhXQUofSa
X5xfyhdjGAiy9pa9R0ShEHEVrMR50zAbtIdf2DRpGLk1dBAQ8pWwxZgh+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXfnhYqU1LyzgCwUQADidukKE05MB8GA1UdIwQY
MBaAFLauYYFPcVDJuBF/SYyrlNtyqDOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHE1aGdVOXhVTW00RVg5SmpLdVUyM0tvTTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZGU4YjAtNmNjNS00NThiLWIyM2Ut
MTZlMTBkNzJiNTY3LzEvVmQtZUZpcFRVdkxPQUxCUkFBT0oyNlFvVFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZGU4YjAtNmNjNS00NThiLWIyM2UtMTZlMTBkNzJiNTY3
LzEvdHE1aGdVOXhVTW00RVg5SmpLdVUyM0tvTTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudamMA0G
CSqGSIb3DQEBCwUAA4IBAQByaGdJqwF5C4Z0nQcpRGrJWATJiadir3q7DWCp0Hip
oV6yzS3P1QLeTMZHCrqqCTAWWUzuSuvkSKKlHT2/YbjOcZXb9qL5Le65BqmxBrQj
FxkCpXvgeaOU0YNiwcjWZMN/Wjaz01JFwLUY25ok/IXp6wWNPXnGGPp9gXPEI5ki
+fAmf8r1R/GNlg5Im5W2lz/yNiLkOUR7VeWKDB7+Aq3vC4C4nYiS8I5o/ooVbhlg
UQA+o3u26vDbRxNbZ6stiDhIyCVgv3JRRw6F3iJ81Vhn4rEDrxWfVzl2qoZCkfCL
8M/O+CcLTumuDy6IdXtj63RAcLjJP9aUCGBNdlVkqIhQ
-----END CERTIFICATE-----