Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VGTLL_-6_eSsSwftkGmu7W3rP4A.roa
File:                     VGTLL_-6_eSsSwftkGmu7W3rP4A.roa (raw, json)
Hash identifier:          mdV6RmwBi8ijmd/G5FRNCg5Yy9cVAYtVReB9FdJUcaA=
Subject key identifier:   54:64:CB:2F:FF:BA:FD:E4:AC:4B:07:ED:90:69:AE:ED:6D:EB:3F:80
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DABCF3C758547F957FE898A5299DD9
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VGTLL_-6_eSsSwftkGmu7W3rP4A.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3352
IP address blocks:        194.187.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 00:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bc:f3:c7:58:54:7f:95:7f:e8:98:a5:29:9d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5464cb2fffbafde4ac4b07ed9069aeed6deb3f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e4:ff:cb:a2:21:a5:fe:65:7c:09:c0:3e:f4:
                    17:52:9e:71:d3:63:69:97:ec:e4:a9:dd:e9:63:91:
                    b2:80:14:81:45:db:fc:bf:73:4f:d1:9c:5e:7a:a7:
                    f1:8a:2d:e4:ab:38:c6:a2:a8:79:91:6a:67:8a:a8:
                    04:8a:01:3a:35:7a:d3:c9:e3:c0:c9:72:f5:80:e8:
                    e6:31:4a:ee:22:73:f9:0f:d7:ca:86:ba:11:68:30:
                    11:02:d8:63:09:8f:11:a8:41:aa:f1:99:39:9a:7a:
                    99:9e:75:97:78:54:df:43:5a:a6:1d:18:9f:c5:66:
                    b0:7c:9b:6f:76:61:8e:72:67:3c:27:19:fb:3d:56:
                    f9:9e:ea:59:f8:62:da:12:b3:67:4a:ff:bd:51:67:
                    0b:78:b8:d4:3d:ae:bf:f3:9f:ad:62:ec:17:ca:9d:
                    d2:4a:41:e6:39:fb:f4:80:0f:bb:32:cd:ef:4f:a5:
                    e1:21:3c:af:93:36:5d:24:57:65:f1:03:37:6e:b9:
                    52:4b:b8:2c:55:be:e3:7f:4d:d0:0b:cd:0a:93:0f:
                    8d:ac:57:d3:20:99:0d:f7:c6:1b:ab:32:e7:9f:c7:
                    67:df:70:db:e0:d8:8d:17:ac:dd:cf:27:30:c6:b9:
                    6d:b2:c5:76:56:60:10:5f:a6:73:e4:93:dd:e6:c8:
                    a6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:64:CB:2F:FF:BA:FD:E4:AC:4B:07:ED:90:69:AE:ED:6D:EB:3F:80
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VGTLL_-6_eSsSwftkGmu7W3rP4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:16:f6:df:7e:85:3d:35:11:14:21:20:1a:b6:f6:ef:a3:c9:
         45:83:06:0c:7a:03:de:59:53:24:ec:05:51:a5:39:84:8e:e5:
         78:f8:6f:1e:19:a4:9e:d5:71:ef:3b:a8:89:e1:19:72:48:e4:
         5d:ff:3c:0e:59:93:aa:a6:45:41:82:5e:35:a5:b3:53:71:4a:
         6b:30:f4:2d:86:e6:1f:55:89:02:ff:62:b0:86:44:22:be:b5:
         21:4c:61:17:94:c9:39:66:05:a4:7e:ff:2b:c1:2a:9d:35:79:
         da:ac:cd:ff:34:6a:66:01:8f:6d:ee:86:cd:b5:2b:78:7a:85:
         f2:dd:3d:72:2e:9b:c2:75:d8:1c:eb:ff:4b:70:1d:c8:12:d4:
         15:e4:17:e4:e4:c5:ad:37:ad:59:ec:f1:c7:b1:0a:19:38:95:
         aa:f9:5d:cb:2c:c0:41:83:3b:75:16:ce:d1:0f:68:a1:0d:c6:
         f6:e3:c6:83:54:5e:b0:42:4a:ea:90:81:f5:c8:c5:e7:3b:fb:
         98:db:30:62:03:fe:e5:df:a6:bc:76:1f:66:3c:d8:da:d8:50:
         ae:7c:87:92:af:17:27:57:e4:3f:aa:31:d3:af:aa:19:53:02:
         cb:3b:51:67:59:6b:f0:95:e5:bc:22:0d:bf:89:55:b1:b4:57:
         2f:0d:8a:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rzzx1hUf5V/6JilKZ3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDY0Y2IyZmZmYmFmZGU0YWM0YjA3ZWQ5MDY5YWVlZDZkZWIzZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseT/y6Ihpf5lfAnAPvQXUp5x02Np
l+zkqd3pY5GygBSBRdv8v3NP0Zxeeqfxii3kqzjGoqh5kWpniqgEigE6NXrTyePA
yXL1gOjmMUruInP5D9fKhroRaDARAthjCY8RqEGq8Zk5mnqZnnWXeFTfQ1qmHRif
xWawfJtvdmGOcmc8Jxn7PVb5nupZ+GLaErNnSv+9UWcLeLjUPa6/85+tYuwXyp3S
SkHmOfv0gA+7Ms3vT6XhITyvkzZdJFdl8QM3brlSS7gsVb7jf03QC80Kkw+NrFfT
IJkN98YbqzLnn8dn33Db4NiNF6zdzycwxrltssV2VmAQX6Zz5JPd5simIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRkyy//uv3krEsH7ZBpru1t6z+AMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvVkdUTExfLTZfZVNzU3dmdGtHbXU3VzNyUDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwru8MA0G
CSqGSIb3DQEBCwUAA4IBAQBYFvbffoU9NREUISAatvbvo8lFgwYMegPeWVMk7AVR
pTmEjuV4+G8eGaSe1XHvO6iJ4RlySORd/zwOWZOqpkVBgl41pbNTcUprMPQthuYf
VYkC/2KwhkQivrUhTGEXlMk5ZgWkfv8rwSqdNXnarM3/NGpmAY9t7obNtSt4eoXy
3T1yLpvCddgc6/9LcB3IEtQV5Bfk5MWtN61Z7PHHsQoZOJWq+V3LLMBBgzt1Fs7R
D2ihDcb248aDVF6wQkrqkIH1yMXnO/uY2zBiA/7l36a8dh9mPNja2FCufIeSrxcn
V+Q/qjHTr6oZUwLLO1FnWWvwleW8Ig2/iVWxtFcvDYrH
-----END CERTIFICATE-----