Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Vc4P_iam-mO07CVNV3I-lvhhWWs.roa
File:                     Vc4P_iam-mO07CVNV3I-lvhhWWs.roa (raw, json)
Hash identifier:          WA9kBU+hnXRFk4iDfY5KRzuaZWdsbeJI3Ym8HaeR6Cc=
Subject key identifier:   55:CE:0F:FE:26:A6:FA:63:B4:EC:25:4D:57:72:3E:96:F8:61:59:6B
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD384F9F60A0734CEA8683036EED5
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Vc4P_iam-mO07CVNV3I-lvhhWWs.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206487
IP address blocks:        194.49.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d3:84:f9:f6:0a:07:34:ce:a8:68:30:36:ee:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55ce0ffe26a6fa63b4ec254d57723e96f861596b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1e:49:fd:03:60:8b:d4:c7:91:66:7c:8c:e8:
                    07:b9:22:2b:a2:b7:45:71:0d:56:0d:35:38:ed:56:
                    87:8e:ea:cf:8a:2a:a1:59:50:83:0e:de:c0:48:15:
                    2d:aa:b7:26:d5:9c:31:e8:ce:6c:59:39:ce:71:e9:
                    fa:45:aa:03:ab:69:93:85:d4:1b:ec:84:32:10:41:
                    34:40:dd:c1:b8:8a:fb:82:a2:1e:17:a6:58:e3:ff:
                    66:a2:26:2f:4e:6e:34:64:b1:45:1b:23:2a:22:8d:
                    be:26:a3:15:a4:7d:69:e6:cf:26:a3:a2:b8:22:20:
                    ac:ff:90:42:b7:f9:c5:a8:cb:c7:2f:db:89:45:49:
                    05:74:22:09:da:6c:ed:98:02:81:bf:dc:00:7a:99:
                    ae:30:fc:96:2f:98:61:8f:f8:fe:07:da:e7:3e:e9:
                    4e:40:f4:6d:a1:58:48:ad:87:ab:a8:8d:2b:d1:fc:
                    58:7d:f1:f5:1c:cd:39:d2:fc:40:7b:c1:87:2c:1a:
                    61:af:e6:85:d7:18:98:8e:7c:6d:a5:f2:0d:fa:49:
                    7d:28:77:0a:0b:e3:f1:8e:6a:2f:61:5c:56:75:29:
                    53:7e:1e:0c:63:8d:18:47:4a:fa:15:c8:e1:f4:d3:
                    36:fa:29:c8:8b:e7:08:e9:4f:03:e1:c5:4c:fe:2a:
                    a6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:CE:0F:FE:26:A6:FA:63:B4:EC:25:4D:57:72:3E:96:F8:61:59:6B
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Vc4P_iam-mO07CVNV3I-lvhhWWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:ea:ca:12:11:a4:64:15:4d:ca:cd:d2:55:04:9c:43:a0:77:
         24:03:b5:ac:9b:e9:ba:18:75:2b:d6:d0:30:67:76:6d:56:27:
         16:ea:28:fa:0f:6f:0e:50:c5:75:99:ee:34:17:46:4e:cf:5b:
         26:94:6c:f8:c8:11:60:94:81:53:41:ea:8f:60:74:c0:9f:bd:
         a7:d4:83:0d:0c:1c:b4:c3:08:85:48:bc:3a:de:47:d9:95:fd:
         bf:43:35:12:1b:ff:0a:80:ef:af:16:fc:ff:93:78:74:0b:7b:
         6c:c9:2c:49:32:63:c9:d3:e7:43:69:42:96:65:e4:77:80:24:
         9b:c3:61:1e:af:12:fd:b7:56:53:f7:19:42:b1:26:f1:71:04:
         a5:64:c1:4f:00:c8:0a:4c:98:3f:d0:02:35:ff:84:cd:0b:93:
         7a:2b:7c:4d:aa:55:fd:34:28:45:b6:b4:30:2c:41:79:ca:2e:
         82:58:66:6b:b6:d2:05:c5:76:29:78:6a:35:cb:49:3e:4c:ed:
         b2:6e:43:e4:3f:f4:ef:6c:7d:f0:0d:c5:35:5c:0f:eb:73:64:
         cd:7b:e7:de:99:92:80:ae:0b:83:cf:33:2b:85:4e:55:5c:f5:
         c1:3f:c5:2b:6f:f0:63:ca:86:7f:47:e4:75:02:b9:ca:6e:b5:
         f7:2e:89:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tOE+fYKBzTOqGgwNu7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWNlMGZmZTI2YTZmYTYzYjRlYzI1NGQ1NzcyM2U5NmY4NjE1OTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB5J/QNgi9THkWZ8jOgHuSIrordF
cQ1WDTU47VaHjurPiiqhWVCDDt7ASBUtqrcm1Zwx6M5sWTnOcen6RaoDq2mThdQb
7IQyEEE0QN3BuIr7gqIeF6ZY4/9moiYvTm40ZLFFGyMqIo2+JqMVpH1p5s8mo6K4
IiCs/5BCt/nFqMvHL9uJRUkFdCIJ2mztmAKBv9wAepmuMPyWL5hhj/j+B9rnPulO
QPRtoVhIrYerqI0r0fxYffH1HM050vxAe8GHLBphr+aF1xiYjnxtpfIN+kl9KHcK
C+PxjmovYVxWdSlTfh4MY40YR0r6Fcjh9NM2+inIi+cI6U8D4cVM/iqmPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXOD/4mpvpjtOwlTVdyPpb4YVlrMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvVmM0UF9pYW0tbU8wN0NWTlYzSS1sdmhoV1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjEAMA0G
CSqGSIb3DQEBCwUAA4IBAQAp6soSEaRkFU3KzdJVBJxDoHckA7Wsm+m6GHUr1tAw
Z3ZtVicW6ij6D28OUMV1me40F0ZOz1smlGz4yBFglIFTQeqPYHTAn72n1IMNDBy0
wwiFSLw63kfZlf2/QzUSG/8KgO+vFvz/k3h0C3tsySxJMmPJ0+dDaUKWZeR3gCSb
w2EerxL9t1ZT9xlCsSbxcQSlZMFPAMgKTJg/0AI1/4TNC5N6K3xNqlX9NChFtrQw
LEF5yi6CWGZrttIFxXYpeGo1y0k+TO2ybkPkP/TvbH3wDcU1XA/rc2TNe+femZKA
rguDzzMrhU5VXPXBP8Urb/BjyoZ/R+R1ArnKbrX3Lokh
-----END CERTIFICATE-----