Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/vkQ-JEX73CNx_GldUdY4WfpL-To.roa
File:                     vkQ-JEX73CNx_GldUdY4WfpL-To.roa (raw, json)
Hash identifier:          fmfYwuT/PkJ2J8IhB4xZK20PquMTnGgZbzhcD9NNkaA=
Subject key identifier:   BE:44:3E:24:45:FB:DC:23:71:FC:69:5D:51:D6:38:59:FA:4B:F9:3A
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       01903932472095D405A21C2A75BE9C313373
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/vkQ-JEX73CNx_GldUdY4WfpL-To.roa
Signing time:             Fri 21 Jun 2024 05:08:34 +0000
ROA not before:           Fri 21 Jun 2024 05:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211076
IP address blocks:        62.89.204.0/24 maxlen: 24
                          185.196.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:39:32:47:20:95:d4:05:a2:1c:2a:75:be:9c:31:33:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jun 21 05:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be443e2445fbdc2371fc695d51d63859fa4bf93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:42:bf:0d:73:ca:68:1d:95:29:fb:de:94:98:
                    dd:6d:09:0b:66:4d:74:5d:d9:bc:b4:0d:19:0e:75:
                    7a:6f:6f:f9:9b:90:93:fe:40:79:5c:01:bd:97:b0:
                    7f:b9:fe:aa:cb:d8:7f:fb:a9:ac:78:95:f0:12:fe:
                    54:49:f1:ed:9a:7c:bd:c4:a9:65:48:54:5c:1e:24:
                    97:cc:d2:3e:03:37:40:2a:3d:86:ec:f2:09:86:76:
                    48:fe:27:3a:13:2d:84:ad:0c:08:d4:20:b1:d7:a0:
                    a4:53:ba:83:08:89:a5:b9:03:b0:82:fe:77:23:d4:
                    57:89:df:b4:46:89:a3:83:86:2e:24:ee:83:8b:3d:
                    55:8f:cb:d6:e2:38:9e:72:43:c7:03:13:0e:d5:0a:
                    84:36:4b:e9:11:e3:8c:64:e9:97:7f:d9:a6:68:ad:
                    90:a1:b8:de:35:3a:4a:01:76:41:78:6c:72:46:eb:
                    be:f8:81:f6:0a:86:9d:ec:74:01:a0:10:0b:a7:62:
                    02:c4:07:1d:af:bd:74:a6:d7:ed:1c:0d:2d:7a:1a:
                    58:1b:df:a0:63:3e:08:19:ca:fd:9b:b1:ef:04:1b:
                    0b:2c:4a:a7:78:9e:d1:9f:8a:af:30:9d:94:7f:f5:
                    98:b5:44:bc:28:f8:5a:a7:80:ad:b4:f4:24:89:1f:
                    27:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:44:3E:24:45:FB:DC:23:71:FC:69:5D:51:D6:38:59:FA:4B:F9:3A
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/vkQ-JEX73CNx_GldUdY4WfpL-To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.89.204.0/24
                  185.196.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:c9:21:85:14:84:f4:0a:a5:0d:62:09:42:d6:cb:2e:23:56:
         ca:b0:b0:ee:c1:8e:95:50:56:b5:58:ef:bf:46:5c:5c:3c:98:
         92:01:f4:ab:9c:41:bc:ae:f4:9a:1d:2d:63:94:4b:40:eb:d1:
         a3:5a:a4:0b:ac:81:83:e4:9c:5b:99:4a:2b:72:51:c9:6c:24:
         7d:79:fb:2f:8a:59:d0:3c:26:78:dc:81:63:1b:9b:9f:40:54:
         01:13:ac:34:9e:7a:2d:1c:c2:37:d8:24:74:cb:82:47:31:13:
         3d:00:64:68:1e:1e:45:72:12:fb:a5:6d:f4:a5:58:95:dd:57:
         2f:fb:27:31:5c:3a:4a:d4:74:9d:db:7b:d0:d1:97:f0:e7:e9:
         44:a8:b2:35:46:29:f8:b2:14:cd:07:ec:5f:e5:23:14:eb:93:
         13:44:56:11:3e:c1:d8:aa:4f:14:a3:30:44:fa:36:82:0d:4d:
         25:7c:7f:35:fc:3e:14:b1:7c:d4:73:47:e4:17:c4:5d:19:ac:
         dd:fa:36:bd:11:55:5e:c7:c4:78:35:d8:0b:39:19:06:9d:65:
         bd:83:7a:d8:77:ff:0e:ab:5c:7a:52:43:57:91:52:9b:2c:c9:
         64:98:da:4c:5f:9e:66:1d:0c:54:74:c6:33:05:ad:66:60:95:
         f9:76:55:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZA5MkcgldQFohwqdb6cMTNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwNjIxMDUwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ0M2UyNDQ1ZmJkYzIzNzFmYzY5NWQ1MWQ2Mzg1OWZhNGJmOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEK/DXPKaB2VKfvelJjdbQkLZk10
Xdm8tA0ZDnV6b2/5m5CT/kB5XAG9l7B/uf6qy9h/+6mseJXwEv5USfHtmny9xKll
SFRcHiSXzNI+AzdAKj2G7PIJhnZI/ic6Ey2ErQwI1CCx16CkU7qDCImluQOwgv53
I9RXid+0Romjg4YuJO6Diz1Vj8vW4jieckPHAxMO1QqENkvpEeOMZOmXf9mmaK2Q
objeNTpKAXZBeGxyRuu++IH2Coad7HQBoBALp2ICxAcdr710ptftHA0tehpYG9+g
Yz4IGcr9m7HvBBsLLEqneJ7Rn4qvMJ2Uf/WYtUS8KPhap4CttPQkiR8njwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL5EPiRF+9wjcfxpXVHWOFn6S/k6MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvdmtRLUpFWDczQ054X0dsZFVkWTRXZnBMLVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPlnMAwQA
ucT1MA0GCSqGSIb3DQEBCwUAA4IBAQCpySGFFIT0CqUNYglC1ssuI1bKsLDuwY6V
UFa1WO+/RlxcPJiSAfSrnEG8rvSaHS1jlEtA69GjWqQLrIGD5JxbmUorclHJbCR9
efsvilnQPCZ43IFjG5ufQFQBE6w0nnotHMI32CR0y4JHMRM9AGRoHh5FchL7pW30
pViV3Vcv+ycxXDpK1HSd23vQ0Zfw5+lEqLI1Rin4shTNB+xf5SMU65MTRFYRPsHY
qk8UozBE+jaCDU0lfH81/D4UsXzUc0fkF8RdGazd+ja9EVVex8R4NdgLORkGnWW9
g3rYd/8Oq1x6UkNXkVKbLMlkmNpMX55mHQxUdMYzBa1mYJX5dlXA
-----END CERTIFICATE-----