Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/VndU9HMIiO24bwi6CWRWBioC5Rc.roa
File:                     VndU9HMIiO24bwi6CWRWBioC5Rc.roa (raw, json)
Hash identifier:          550oajbHf1tWTYf4Lg+/raJY7u40PjQ4aQA5qOpH2sY=
Subject key identifier:   56:77:54:F4:73:08:88:ED:B8:6F:08:BA:09:64:56:06:2A:02:E5:17
Certificate issuer:       /CN=613d23f2121327d917d708d8fe153382455959a8
Certificate serial:       018CC94D705BC3B1F7E925163E30CF6508FA
Authority key identifier: 61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/VndU9HMIiO24bwi6CWRWBioC5Rc.roa
Signing time:             Tue 02 Jan 2024 08:32:24 +0000
ROA not before:           Tue 02 Jan 2024 08:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.209.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:70:5b:c3:b1:f7:e9:25:16:3e:30:cf:65:08:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=613d23f2121327d917d708d8fe153382455959a8
        Validity
            Not Before: Jan  2 08:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=567754f4730888edb86f08ba096456062a02e517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:26:f7:7f:4d:cd:ea:29:8d:a0:e8:f4:78:0e:
                    c9:70:0c:e1:dc:b7:a6:b2:80:0c:b0:ed:1e:ff:2c:
                    77:68:dc:32:c9:0f:11:35:e8:9d:cf:9b:23:74:a5:
                    21:93:07:b5:45:4c:0f:5a:30:84:5c:19:77:73:ed:
                    b0:96:e0:36:81:ea:16:67:39:55:c4:63:25:3c:6c:
                    79:26:e9:c3:a1:be:3d:11:0a:31:c9:2b:bb:c4:2d:
                    89:1e:69:15:87:08:98:63:54:8b:49:7b:80:75:0e:
                    21:28:e6:8e:e9:d8:fc:8c:bc:cc:5c:d2:5b:8b:3c:
                    0d:a2:4d:2a:6c:0a:a3:ac:13:23:e0:7f:25:e5:92:
                    c5:f5:f2:b7:f0:91:9c:f6:6e:8e:91:65:bf:0a:6b:
                    cf:2a:d3:00:83:72:93:5a:9c:8b:fb:c6:30:c9:12:
                    1a:3c:ec:c9:52:64:32:6d:c9:55:44:3b:38:ba:bd:
                    93:a5:45:a1:3f:17:5b:c9:48:f8:30:17:1c:b0:c1:
                    5d:82:2a:c5:d7:9d:51:97:7c:97:4f:20:d9:b0:c0:
                    6d:3b:d8:1d:bd:27:46:7c:57:d1:23:20:1b:a1:1c:
                    44:6c:7c:e2:4a:2b:60:aa:66:ab:5f:37:e7:f9:07:
                    47:d7:1b:da:c5:1f:c5:2a:e4:d4:de:2d:26:d9:83:
                    b7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:77:54:F4:73:08:88:ED:B8:6F:08:BA:09:64:56:06:2A:02:E5:17
            X509v3 Authority Key Identifier:
                keyid:61:3D:23:F2:12:13:27:D9:17:D7:08:D8:FE:15:33:82:45:59:59:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YT0j8hITJ9kX1wjY_hUzgkVZWag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/VndU9HMIiO24bwi6CWRWBioC5Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fce6be-0896-4487-aa34-7a605ba40c1e/1/YT0j8hITJ9kX1wjY_hUzgkVZWag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:f1:1c:e2:3a:91:c9:1d:84:b7:c0:20:83:b4:6b:24:d7:fa:
         20:f4:f5:4c:3e:57:c1:c0:0e:21:a5:a6:c9:e6:c2:f8:bd:3c:
         c5:24:2b:a9:12:7e:db:7d:03:02:97:fc:3f:89:51:f5:5e:73:
         06:b6:4f:2c:ed:1b:1c:4a:8a:34:7e:08:81:28:95:11:ce:bb:
         a6:89:2b:1f:d4:9d:13:86:06:62:4e:38:d9:22:2d:d2:68:12:
         a5:60:57:d2:01:3b:be:8b:b4:82:5e:5e:5f:88:09:86:19:c3:
         f1:c3:c1:aa:b1:6b:7d:10:6e:34:ba:45:57:5f:9c:30:d8:a4:
         5b:52:bf:09:2a:ae:84:fa:f0:6d:e3:a8:b3:a2:ae:54:17:a3:
         b4:69:a2:c0:2a:98:3a:5d:3d:d4:55:b6:1a:85:97:1f:ab:17:
         cc:bc:9c:8a:f6:96:55:6a:e3:cd:e7:ae:23:6e:ee:89:4e:3e:
         e8:6d:fe:a6:36:99:ca:38:66:13:56:65:d8:69:2b:a6:e5:30:
         25:9c:27:e3:9f:9a:6d:ff:56:ed:f9:b5:9b:f3:8f:8c:73:46:
         ef:1b:ae:9c:50:83:13:84:27:9c:16:ef:04:8a:20:7e:ab:7f:
         8d:5d:44:f4:d9:5f:53:40:48:78:28:81:d5:ae:55:be:67:df:
         fa:d2:5a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXBbw7H36SUWPjDPZQj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxM2QyM2YyMTIxMzI3ZDkxN2Q3MDhkOGZlMTUzMzgyNDU1
OTU5YTgwHhcNMjQwMTAyMDgzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Njc3NTRmNDczMDg4OGVkYjg2ZjA4YmEwOTY0NTYwNjJhMDJlNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSb3f03N6imNoOj0eA7JcAzh3Lem
soAMsO0e/yx3aNwyyQ8RNeidz5sjdKUhkwe1RUwPWjCEXBl3c+2wluA2geoWZzlV
xGMlPGx5JunDob49EQoxySu7xC2JHmkVhwiYY1SLSXuAdQ4hKOaO6dj8jLzMXNJb
izwNok0qbAqjrBMj4H8l5ZLF9fK38JGc9m6OkWW/CmvPKtMAg3KTWpyL+8YwyRIa
POzJUmQybclVRDs4ur2TpUWhPxdbyUj4MBccsMFdgirF151Rl3yXTyDZsMBtO9gd
vSdGfFfRIyAboRxEbHziSitgqmarXzfn+QdH1xvaxR/FKuTU3i0m2YO3MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZ3VPRzCIjtuG8IuglkVgYqAuUXMB8GA1UdIwQY
MBaAFGE9I/ISEyfZF9cI2P4VM4JFWVmoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQt
N2E2MDViYTQwYzFlLzEvVm5kVTlITUlpTzI0YndpNkNXUldCaW9DNVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mY2U2YmUtMDg5Ni00NDg3LWFhMzQtN2E2MDViYTQwYzFl
LzEvWVQwajhoSVRKOWtYMXdqWV9oVXpna1ZaV2FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudHSMA0G
CSqGSIb3DQEBCwUAA4IBAQAX8RziOpHJHYS3wCCDtGsk1/og9PVMPlfBwA4hpabJ
5sL4vTzFJCupEn7bfQMCl/w/iVH1XnMGtk8s7RscSoo0fgiBKJURzrumiSsf1J0T
hgZiTjjZIi3SaBKlYFfSATu+i7SCXl5fiAmGGcPxw8GqsWt9EG40ukVXX5ww2KRb
Ur8JKq6E+vBt46izoq5UF6O0aaLAKpg6XT3UVbYahZcfqxfMvJyK9pZVauPN564j
bu6JTj7obf6mNpnKOGYTVmXYaSum5TAlnCfjn5pt/1bt+bWb84+Mc0bvG66cUIMT
hCecFu8EiiB+q3+NXUT02V9TQEh4KIHVrlW+Z9/60lqQ
-----END CERTIFICATE-----