Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/f1be77-e878-46e8-a875-d09fee09ccb1/1/VMLmv6_KQOMYqpT9GJsdJ_JRNnk.roa
File:                     VMLmv6_KQOMYqpT9GJsdJ_JRNnk.roa (raw, json)
Hash identifier:          v1uGCoEjm/ouB+1ArHuT5FJOKFxID208UwFTeKOmFrU=
Subject key identifier:   54:C2:E6:BF:AF:CA:40:E3:18:AA:94:FD:18:9B:1D:27:F2:51:36:79
Certificate issuer:       /CN=75878492a067cb5a3edf9695a6fd2589f3273aa7
Certificate serial:       018D407E528FAEFE34C4A6796C5F4378E078
Authority key identifier: 75:87:84:92:A0:67:CB:5A:3E:DF:96:95:A6:FD:25:89:F3:27:3A:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dYeEkqBny1o-35aVpv0lifMnOqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/f1be77-e878-46e8-a875-d09fee09ccb1/1/VMLmv6_KQOMYqpT9GJsdJ_JRNnk.roa
Signing time:             Thu 25 Jan 2024 12:00:36 +0000
ROA not before:           Thu 25 Jan 2024 12:00:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        185.43.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/f1be77-e878-46e8-a875-d09fee09ccb1/1/dYeEkqBny1o-35aVpv0lifMnOqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/f1be77-e878-46e8-a875-d09fee09ccb1/1/dYeEkqBny1o-35aVpv0lifMnOqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dYeEkqBny1o-35aVpv0lifMnOqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:7e:52:8f:ae:fe:34:c4:a6:79:6c:5f:43:78:e0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75878492a067cb5a3edf9695a6fd2589f3273aa7
        Validity
            Not Before: Jan 25 12:00:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54c2e6bfafca40e318aa94fd189b1d27f2513679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6e:09:6c:fa:7d:a5:6d:5f:bd:23:1e:c0:54:
                    3d:8d:f0:5d:55:de:20:bf:00:d1:8f:79:88:09:8b:
                    a9:b9:7c:db:35:56:85:a5:20:31:b0:5a:a2:b7:f6:
                    6e:b7:ed:ff:d2:d8:ea:ce:fd:b9:40:4d:48:00:c6:
                    9f:26:3f:6d:fc:5d:46:16:7e:e0:67:78:df:e8:a2:
                    b3:fe:9c:ca:ec:64:e4:3f:ea:25:70:53:06:eb:df:
                    d6:c1:ba:07:3e:0c:b8:a5:b2:e0:7b:20:c7:b2:f9:
                    3f:d2:73:aa:38:fd:a6:f0:57:37:d1:67:67:81:94:
                    d1:86:8e:19:67:05:4d:51:8c:64:01:52:2c:c8:d5:
                    f1:9b:38:5c:17:24:2a:8b:4a:a8:16:17:cb:1d:fd:
                    cc:4d:9f:75:03:7e:97:a4:a8:16:ec:83:04:1c:89:
                    8c:92:46:a2:f8:8e:c9:c3:f6:64:90:a4:3f:7e:7f:
                    d1:db:5a:ce:01:a1:9a:f2:0e:41:c8:88:c0:47:4c:
                    35:7b:16:91:5e:e1:23:37:79:e7:9e:c1:b2:6c:af:
                    93:4c:98:c9:bd:37:42:1f:d7:73:da:49:d1:9f:b5:
                    42:e6:a2:93:ef:05:21:b8:0a:2b:ff:83:f0:43:1c:
                    8b:87:ce:68:e9:5d:13:cd:59:3c:d3:c4:0d:30:de:
                    1d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:C2:E6:BF:AF:CA:40:E3:18:AA:94:FD:18:9B:1D:27:F2:51:36:79
            X509v3 Authority Key Identifier:
                keyid:75:87:84:92:A0:67:CB:5A:3E:DF:96:95:A6:FD:25:89:F3:27:3A:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dYeEkqBny1o-35aVpv0lifMnOqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/f1be77-e878-46e8-a875-d09fee09ccb1/1/VMLmv6_KQOMYqpT9GJsdJ_JRNnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/f1be77-e878-46e8-a875-d09fee09ccb1/1/dYeEkqBny1o-35aVpv0lifMnOqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cc:6f:bc:fa:cf:23:22:06:f2:43:d0:cd:21:d0:22:6e:ac:38:
         96:2b:f4:46:ef:03:cc:53:da:03:33:b4:a7:f9:8e:e9:a7:94:
         3d:21:5d:c9:d7:18:b5:0b:fa:b2:3e:16:9e:2b:4c:46:1d:ec:
         4e:09:19:80:ac:58:4b:15:4b:42:d1:77:eb:2b:01:e4:32:50:
         01:06:8a:bc:77:a4:41:59:8f:98:6a:33:a8:49:53:bf:b1:30:
         25:13:39:64:48:ed:cd:bb:d7:fa:03:4c:c2:e0:8c:7a:7c:3e:
         f9:13:3e:ae:2a:c9:de:6b:89:8a:9e:d8:a5:11:ca:43:95:bd:
         4e:77:fb:ec:56:7c:05:9b:14:2a:99:2c:be:26:9d:21:95:33:
         af:dd:f0:b3:51:dc:9c:c6:46:4c:1c:a9:5f:af:20:a1:0a:5b:
         77:31:fb:ce:dd:fc:55:0c:62:ab:ff:89:6b:18:95:34:d7:ea:
         d9:c9:f1:7c:47:74:29:14:75:41:aa:79:f0:9b:6d:3b:38:60:
         9c:40:35:a4:05:10:d7:ac:4e:8e:b9:c3:be:1c:4e:a1:a7:59:
         b1:4d:07:1d:1d:e1:00:b3:63:e9:a1:17:df:48:3b:5e:45:31:
         5b:2a:d1:2f:4b:4a:8c:f9:6e:78:d6:11:90:b0:03:b0:6e:ca:
         60:0d:4a:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1AflKPrv40xKZ5bF9DeOB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ODc4NDkyYTA2N2NiNWEzZWRmOTY5NWE2ZmQyNTg5ZjMy
NzNhYTcwHhcNMjQwMTI1MTIwMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGMyZTZiZmFmY2E0MGUzMThhYTk0ZmQxODliMWQyN2YyNTEzNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjm4JbPp9pW1fvSMewFQ9jfBdVd4g
vwDRj3mICYupuXzbNVaFpSAxsFqit/Zut+3/0tjqzv25QE1IAMafJj9t/F1GFn7g
Z3jf6KKz/pzK7GTkP+olcFMG69/WwboHPgy4pbLgeyDHsvk/0nOqOP2m8Fc30Wdn
gZTRho4ZZwVNUYxkAVIsyNXxmzhcFyQqi0qoFhfLHf3MTZ91A36XpKgW7IMEHImM
kkai+I7Jw/ZkkKQ/fn/R21rOAaGa8g5ByIjAR0w1exaRXuEjN3nnnsGybK+TTJjJ
vTdCH9dz2knRn7VC5qKT7wUhuAor/4PwQxyLh85o6V0TzVk808QNMN4dJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFTC5r+vykDjGKqU/RibHSfyUTZ5MB8GA1UdIwQY
MBaAFHWHhJKgZ8taPt+Wlab9JYnzJzqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFllRWtxQm55MW8tMzVhVnB2MGxpZk1uT3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9mMWJlNzctZTg3OC00NmU4LWE4NzUt
ZDA5ZmVlMDljY2IxLzEvVk1MbXY2X0tRT01ZcXBUOUdKc2RKX0pSTm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9mMWJlNzctZTg3OC00NmU4LWE4NzUtZDA5ZmVlMDljY2Ix
LzEvZFllRWtxQm55MW8tMzVhVnB2MGxpZk1uT3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSvsMA0G
CSqGSIb3DQEBCwUAA4IBAQDMb7z6zyMiBvJD0M0h0CJurDiWK/RG7wPMU9oDM7Sn
+Y7pp5Q9IV3J1xi1C/qyPhaeK0xGHexOCRmArFhLFUtC0XfrKwHkMlABBoq8d6RB
WY+YajOoSVO/sTAlEzlkSO3Nu9f6A0zC4Ix6fD75Ez6uKsnea4mKntilEcpDlb1O
d/vsVnwFmxQqmSy+Jp0hlTOv3fCzUdycxkZMHKlfryChClt3MfvO3fxVDGKr/4lr
GJU01+rZyfF8R3QpFHVBqnnwm207OGCcQDWkBRDXrE6OucO+HE6hp1mxTQcdHeEA
s2PpoRffSDteRTFbKtEvS0qM+W541hGQsAOwbspgDUqr
-----END CERTIFICATE-----