Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VbnVdlU-R_c-1i4Xme-VJyaoImA.roa
File:                     VbnVdlU-R_c-1i4Xme-VJyaoImA.roa (raw, json)
Hash identifier:          bSFF1z0TJLRRe9EH20xgXbG8x0i2FMzs6xyJoJCupeY=
Subject key identifier:   55:B9:D5:76:55:3E:47:F7:3E:D6:2E:17:99:EF:95:27:26:A8:22:60
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018E1506A7D4A817F781C99559E4A80F0BC4
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VbnVdlU-R_c-1i4Xme-VJyaoImA.roa
Signing time:             Wed 06 Mar 2024 18:29:01 +0000
ROA not before:           Wed 06 Mar 2024 18:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.5.67.0/24 maxlen: 24
                          194.76.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:15:06:a7:d4:a8:17:f7:81:c9:95:59:e4:a8:0f:0b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar  6 18:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55b9d576553e47f73ed62e1799ef952726a82260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:6d:3d:50:55:c2:ff:cc:2b:5b:93:ea:ca:2b:
                    af:34:ca:44:64:70:9f:1e:16:d9:0f:ab:a4:af:bd:
                    82:14:db:e5:4f:5d:cd:d6:73:23:ac:b7:fe:d7:d6:
                    39:46:8e:eb:69:52:34:06:3d:50:6b:8e:5a:db:d4:
                    40:3f:94:ef:e6:0c:3e:a1:ae:5a:2b:99:db:2a:fd:
                    a3:c2:51:76:63:f5:1c:d6:d3:70:1f:7a:49:a8:ae:
                    32:19:e2:d3:b7:a5:5b:16:6c:ee:19:bb:05:59:58:
                    16:84:56:d1:a8:3a:a4:93:74:42:90:81:2a:25:e8:
                    e5:27:2b:d6:b5:c9:d2:38:7c:a7:f1:1a:75:35:05:
                    bf:b0:b8:c7:4d:c8:5d:90:cc:5e:96:4d:ae:46:17:
                    f1:94:59:2f:f7:60:b6:12:a6:6e:96:53:f9:c7:a4:
                    93:a3:4e:70:79:06:1d:ea:bd:23:bb:31:c8:2a:f0:
                    6e:d0:65:5a:f2:a1:43:96:16:50:5f:f7:c9:57:79:
                    42:44:8c:77:75:89:09:18:e7:a3:d6:46:b5:cd:ae:
                    cb:d9:ab:8b:3d:66:a1:85:94:c0:64:d6:31:90:db:
                    3a:df:b6:a9:b1:92:e3:68:35:64:86:6e:24:ea:c4:
                    34:b6:c5:b6:44:a0:fa:af:d4:92:23:54:1e:56:a4:
                    8d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:B9:D5:76:55:3E:47:F7:3E:D6:2E:17:99:EF:95:27:26:A8:22:60
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VbnVdlU-R_c-1i4Xme-VJyaoImA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.67.0/24
                  194.76.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:1b:6f:95:09:de:1b:b1:78:6c:b7:01:69:20:35:50:08:65:
         69:55:16:bd:9e:4b:31:36:58:5f:96:b5:5f:d7:e3:d6:14:0e:
         60:4b:b1:e8:b8:07:29:0d:0c:26:4d:8c:36:74:af:5d:e7:62:
         25:27:2d:93:a3:00:b4:a9:fd:52:8a:d7:e7:8a:83:27:e5:ef:
         ff:16:5d:da:05:0a:0e:03:47:71:38:22:4e:9e:72:58:05:3c:
         93:d5:2d:2b:e9:cf:a0:e7:5e:a9:89:5c:ef:40:e3:93:09:4b:
         a1:c7:2f:20:1a:a5:fe:a9:9d:1c:93:e9:48:68:c4:9a:95:6e:
         b5:12:83:e9:fc:37:0e:b2:36:53:78:6a:d1:a0:01:02:15:e3:
         70:47:f2:d3:7a:15:29:74:3a:e5:30:77:db:8e:b1:52:f8:c9:
         4f:e0:a5:ea:fe:63:d3:a6:ca:61:65:86:f8:20:b4:c9:60:c6:
         45:d4:35:ff:c0:d7:05:50:b9:e3:fd:67:21:a1:22:ff:51:06:
         a5:58:8a:18:95:89:ea:a7:d5:62:68:2e:08:3b:87:03:13:09:
         e0:77:ec:0d:97:68:ec:93:ed:6e:87:b0:fb:95:2c:bd:3b:2f:
         d9:6e:db:fa:69:c8:7c:38:5e:5e:bf:c1:c7:6f:31:73:fb:d7:
         f2:89:a6:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4VBqfUqBf3gcmVWeSoDwvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzA2MTgyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWI5ZDU3NjU1M2U0N2Y3M2VkNjJlMTc5OWVmOTUyNzI2YTgyMjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkm09UFXC/8wrW5PqyiuvNMpEZHCf
HhbZD6ukr72CFNvlT13N1nMjrLf+19Y5Ro7raVI0Bj1Qa45a29RAP5Tv5gw+oa5a
K5nbKv2jwlF2Y/Uc1tNwH3pJqK4yGeLTt6VbFmzuGbsFWVgWhFbRqDqkk3RCkIEq
JejlJyvWtcnSOHyn8Rp1NQW/sLjHTchdkMxelk2uRhfxlFkv92C2EqZullP5x6ST
o05weQYd6r0juzHIKvBu0GVa8qFDlhZQX/fJV3lCRIx3dYkJGOej1ka1za7L2auL
PWahhZTAZNYxkNs637apsZLjaDVkhm4k6sQ0tsW2RKD6r9SSI1QeVqSNJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFW51XZVPkf3PtYuF5nvlScmqCJgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvVmJuVmRsVS1SX2MtMWk0WG1lLVZKeWFvSW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwgVDAwQA
wkysMA0GCSqGSIb3DQEBCwUAA4IBAQB6G2+VCd4bsXhstwFpIDVQCGVpVRa9nksx
NlhflrVf1+PWFA5gS7HouAcpDQwmTYw2dK9d52IlJy2TowC0qf1SitfnioMn5e//
Fl3aBQoOA0dxOCJOnnJYBTyT1S0r6c+g516piVzvQOOTCUuhxy8gGqX+qZ0ck+lI
aMSalW61EoPp/DcOsjZTeGrRoAECFeNwR/LTehUpdDrlMHfbjrFS+MlP4KXq/mPT
psphZYb4ILTJYMZF1DX/wNcFULnj/WchoSL/UQalWIoYlYnqp9ViaC4IO4cDEwng
d+wNl2jsk+1uh7D7lSy9Oy/Zbtv6ach8OF5ev8HHbzFz+9fyiaYC
-----END CERTIFICATE-----