Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/VLcwt_MG46zoJLPWAIrECkhpTJI.roa
File:                     VLcwt_MG46zoJLPWAIrECkhpTJI.roa (raw, json)
Hash identifier:          B4OmaIllIyPP+sKqGyw33Kq24TBDlmw2gAgW6milLdQ=
Subject key identifier:   54:B7:30:B7:F3:06:E3:AC:E8:24:B3:D6:00:8A:C4:0A:48:69:4C:92
Certificate issuer:       /CN=f83faec93d403f3713823fa39c7d27c62e921471
Certificate serial:       018CC5DC736B773B8712FD5C8E21F119B2BF
Authority key identifier: F8:3F:AE:C9:3D:40:3F:37:13:82:3F:A3:9C:7D:27:C6:2E:92:14:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/VLcwt_MG46zoJLPWAIrECkhpTJI.roa
Signing time:             Mon 01 Jan 2024 16:30:08 +0000
ROA not before:           Mon 01 Jan 2024 16:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206468
IP address blocks:        185.174.171.0/24 maxlen: 24
                          2a0b:a907::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:73:6b:77:3b:87:12:fd:5c:8e:21:f1:19:b2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f83faec93d403f3713823fa39c7d27c62e921471
        Validity
            Not Before: Jan  1 16:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54b730b7f306e3ace824b3d6008ac40a48694c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ee:78:14:42:c2:b7:4f:f8:02:f2:0f:0b:2c:
                    cd:2c:44:ee:29:48:ce:f8:80:f4:4d:7e:66:fe:38:
                    1b:be:e7:bf:cd:bd:2c:b6:02:1c:c9:ce:63:5f:b3:
                    52:af:1f:f3:9b:75:b9:02:90:ed:21:a3:09:dc:f5:
                    c5:19:da:4a:24:b2:08:3c:ae:cf:57:81:e9:e2:cc:
                    4b:b8:d0:d7:46:cd:49:d8:a3:99:fe:54:76:63:30:
                    50:23:c0:48:ef:55:65:60:df:fa:f3:42:52:52:42:
                    ab:37:c7:19:70:a0:3a:b3:f8:47:d1:0e:df:b4:2f:
                    7d:9b:0a:35:59:9f:b9:aa:b2:18:e1:76:30:c9:aa:
                    1e:ee:e4:b9:d3:f2:1a:05:b0:e1:07:8a:78:cb:50:
                    43:68:99:b8:3a:bc:1b:8c:b6:77:f2:00:f9:15:84:
                    b3:57:f2:e0:b6:5c:bd:59:a4:aa:90:bc:08:06:2b:
                    61:de:89:45:cd:f0:41:23:b3:86:43:49:2c:57:76:
                    8c:0e:7d:17:47:8b:c3:b2:41:3c:0c:48:dd:03:7f:
                    fd:e7:7f:25:fa:3f:42:e4:93:24:b2:ce:ed:48:67:
                    b5:88:9d:15:d0:59:fc:81:6b:0d:eb:37:c5:2b:fd:
                    a7:9c:e1:93:11:7f:a5:5d:bc:81:8e:81:b9:a9:bc:
                    3e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:B7:30:B7:F3:06:E3:AC:E8:24:B3:D6:00:8A:C4:0A:48:69:4C:92
            X509v3 Authority Key Identifier:
                keyid:F8:3F:AE:C9:3D:40:3F:37:13:82:3F:A3:9C:7D:27:C6:2E:92:14:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/VLcwt_MG46zoJLPWAIrECkhpTJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.171.0/24
                IPv6:
                  2a0b:a907::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:d3:96:fc:dd:56:28:f9:2a:e7:6e:ef:1a:0c:99:12:e5:28:
         94:e8:1c:eb:a1:ad:2a:5f:7c:e2:27:db:ca:b3:9e:ff:2f:75:
         36:71:25:99:1b:cf:33:97:3f:0c:19:33:6d:0a:27:8a:b5:b8:
         b6:a1:b6:a7:96:4d:78:dc:21:5c:99:6b:88:2b:dc:2f:0c:51:
         d8:b9:b1:6a:ec:db:98:fc:43:1e:8c:e2:69:83:07:8e:69:40:
         44:95:06:8b:74:9d:0d:a6:33:57:e1:90:0f:fa:e2:7c:63:af:
         fc:d3:5a:78:aa:98:11:9a:13:cd:87:7e:01:de:64:a2:3e:b0:
         8d:be:c8:62:db:ba:07:38:ec:28:06:1a:30:d3:e8:9b:0c:c1:
         57:3c:cd:20:7a:1e:0d:57:a5:71:ce:ee:18:af:66:60:3e:47:
         52:f3:dd:6d:78:56:fe:b0:4b:cb:69:73:4b:23:10:27:57:91:
         6a:12:9d:8d:72:22:11:72:f6:cf:3d:29:c6:01:52:c1:27:4e:
         72:21:dc:88:54:85:78:dc:0c:0d:6f:4b:cd:03:06:75:46:0b:
         cb:8a:96:d6:62:dd:e0:a3:66:c2:83:e9:2a:78:ea:53:41:f2:
         b3:5d:24:6e:d4:e3:21:f1:e3:de:8b:44:c7:86:a5:38:cd:8d:
         5a:3f:c8:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3HNrdzuHEv1cjiHxGbK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4M2ZhZWM5M2Q0MDNmMzcxMzgyM2ZhMzljN2QyN2M2MmU5
MjE0NzEwHhcNMjQwMTAxMTYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGI3MzBiN2YzMDZlM2FjZTgyNGIzZDYwMDhhYzQwYTQ4Njk0YzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO54FELCt0/4AvIPCyzNLETuKUjO
+ID0TX5m/jgbvue/zb0stgIcyc5jX7NSrx/zm3W5ApDtIaMJ3PXFGdpKJLIIPK7P
V4Hp4sxLuNDXRs1J2KOZ/lR2YzBQI8BI71VlYN/680JSUkKrN8cZcKA6s/hH0Q7f
tC99mwo1WZ+5qrIY4XYwyaoe7uS50/IaBbDhB4p4y1BDaJm4OrwbjLZ38gD5FYSz
V/Lgtly9WaSqkLwIBith3olFzfBBI7OGQ0ksV3aMDn0XR4vDskE8DEjdA3/9538l
+j9C5JMkss7tSGe1iJ0V0Fn8gWsN6zfFK/2nnOGTEX+lXbyBjoG5qbw+dwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFS3MLfzBuOs6CSz1gCKxApIaUySMB8GA1UdIwQY
MBaAFPg/rsk9QD83E4I/o5x9J8YukhRxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ELXV5VDFBUHpjVGdqLWpuSDBueGk2U0ZIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvOTcwY2YwLTkyOTgtNGZmMC1iYWY1
LTIxMGFlMDU2OWE0NS8xL1ZMY3d0X01HNDZ6b0pMUFdBSXJFQ2tocFRKSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjkvOTcwY2YwLTkyOTgtNGZmMC1iYWY1LTIxMGFlMDU2OWE0
NS8xLzEtRC11eVQxQVB6Y1Rnai1qbkgwbnhpNlNGSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5rqsw
DQQCAAIwBwMFACoLqQcwDQYJKoZIhvcNAQELBQADggEBADPTlvzdVij5Kudu7xoM
mRLlKJToHOuhrSpffOIn28qznv8vdTZxJZkbzzOXPwwZM20KJ4q1uLahtqeWTXjc
IVyZa4gr3C8MUdi5sWrs25j8Qx6M4mmDB45pQESVBot0nQ2mM1fhkA/64nxjr/zT
WniqmBGaE82HfgHeZKI+sI2+yGLbugc47CgGGjDT6JsMwVc8zSB6Hg1XpXHO7hiv
ZmA+R1Lz3W14Vv6wS8tpc0sjECdXkWoSnY1yIhFy9s89KcYBUsEnTnIh3IhUhXjc
DA1vS80DBnVGC8uKltZi3eCjZsKD6Sp46lNB8rNdJG7U4yHx496LRMeGpTjNjVo/
yLk=
-----END CERTIFICATE-----