Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/091841-02fe-44db-ba16-a5e13b4fb12b/1/vtks1RpdqgJjRnpqZTuHlojpnC4.roa
File:                     vtks1RpdqgJjRnpqZTuHlojpnC4.roa (raw, json)
Hash identifier:          oX7oOIAU1k9nkdCgElwN7eGh9pUqSpohl3tUy6kjtQA=
Subject key identifier:   BE:D9:2C:D5:1A:5D:AA:02:63:46:7A:6A:65:3B:87:96:88:E9:9C:2E
Certificate issuer:       /CN=468644b92f394caf3667bdb6af3e38699c54f315
Certificate serial:       01944562EE5BF0A6DB44F1F6137591633AB8
Authority key identifier: 46:86:44:B9:2F:39:4C:AF:36:67:BD:B6:AF:3E:38:69:9C:54:F3:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RoZEuS85TK82Z722rz44aZxU8xU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/091841-02fe-44db-ba16-a5e13b4fb12b/1/vtks1RpdqgJjRnpqZTuHlojpnC4.roa
Signing time:             Wed 08 Jan 2025 10:08:18 +0000
ROA not before:           Wed 08 Jan 2025 10:08:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216383
IP address blocks:        146.19.70.0/24 maxlen: 24
                          2a13:c4c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/091841-02fe-44db-ba16-a5e13b4fb12b/1/RoZEuS85TK82Z722rz44aZxU8xU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/091841-02fe-44db-ba16-a5e13b4fb12b/1/RoZEuS85TK82Z722rz44aZxU8xU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RoZEuS85TK82Z722rz44aZxU8xU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:45:62:ee:5b:f0:a6:db:44:f1:f6:13:75:91:63:3a:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468644b92f394caf3667bdb6af3e38699c54f315
        Validity
            Not Before: Jan  8 10:08:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bed92cd51a5daa0263467a6a653b879688e99c2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f0:8f:9e:af:2c:f4:f4:c9:e8:13:90:b6:a0:
                    b2:25:a8:18:4c:89:ca:f9:2b:6b:5b:4f:2a:8c:1b:
                    1b:05:66:91:9c:bb:64:e8:2f:0c:3b:37:60:17:36:
                    af:7c:12:2a:66:76:2b:fe:ef:eb:a5:8e:2a:5f:f5:
                    66:7f:c9:30:09:eb:17:71:a8:e7:91:db:40:fb:76:
                    fb:63:b7:b9:84:58:c9:3b:01:3b:fd:39:69:b0:b5:
                    fd:5a:c2:9b:34:39:2f:17:2e:24:6d:14:46:bd:6f:
                    dc:43:fa:04:a5:7f:d8:40:6f:77:99:05:95:f7:4b:
                    d2:5b:fc:95:9f:66:30:0a:1e:c4:e1:1c:6f:db:ea:
                    86:ac:6d:f8:8f:5c:09:ba:0d:94:0e:64:e4:79:a2:
                    30:06:f3:c8:a1:0b:4f:2e:7d:96:3d:f5:a6:45:57:
                    01:81:8d:8a:1d:cc:ef:76:3b:04:ec:ca:33:b3:4f:
                    be:77:e2:37:90:f7:5b:35:ad:01:1b:59:e9:bc:ad:
                    77:ae:1d:25:a1:c6:ed:34:d3:79:8f:42:18:71:a5:
                    ea:84:3d:81:ec:ec:3a:5f:84:a9:49:df:fd:9c:be:
                    4c:2c:ea:4d:7c:bb:dd:fc:a6:3a:91:5e:a8:7e:68:
                    17:86:e1:a9:fe:06:3e:cd:6b:74:8d:e3:1e:20:68:
                    a1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D9:2C:D5:1A:5D:AA:02:63:46:7A:6A:65:3B:87:96:88:E9:9C:2E
            X509v3 Authority Key Identifier:
                keyid:46:86:44:B9:2F:39:4C:AF:36:67:BD:B6:AF:3E:38:69:9C:54:F3:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RoZEuS85TK82Z722rz44aZxU8xU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/091841-02fe-44db-ba16-a5e13b4fb12b/1/vtks1RpdqgJjRnpqZTuHlojpnC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/091841-02fe-44db-ba16-a5e13b4fb12b/1/RoZEuS85TK82Z722rz44aZxU8xU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.70.0/24
                IPv6:
                  2a13:c4c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:7a:33:3a:29:3d:7d:36:33:fb:f6:eb:7f:23:c0:f8:00:ca:
         7b:aa:3f:33:7e:83:c0:7e:2e:8d:5c:5d:5d:c1:b5:6f:1d:ed:
         5e:b5:48:07:f3:75:8c:4f:46:81:96:e9:0e:2d:30:6e:20:4d:
         25:4f:87:74:42:49:9c:c2:99:2e:66:6b:10:c8:e3:58:58:ac:
         62:2a:9a:23:d8:9f:95:86:6a:30:63:3f:6c:25:c3:00:b7:8f:
         77:fb:28:82:ff:84:7a:7e:a0:a6:07:97:1e:1f:5d:f4:9f:8f:
         7b:15:6f:9f:6c:3b:cd:42:be:08:72:96:22:64:7b:81:78:85:
         27:c8:74:7d:89:f0:4e:cd:c1:d8:5e:63:b4:71:83:ea:fc:97:
         25:bc:32:c9:79:c1:2b:93:c8:eb:6b:b9:74:e7:c7:36:47:b4:
         f8:c7:98:61:a0:4f:b0:99:1f:dc:cc:fd:f7:d8:09:c3:d1:aa:
         5b:15:54:04:d7:e2:1c:91:57:06:df:1c:8f:b9:c3:97:98:b5:
         8c:3d:78:ae:4e:e2:07:8b:21:8d:e2:dd:5f:76:98:b1:00:06:
         5e:00:61:7c:27:1e:a3:c5:ed:86:5d:11:ef:89:03:b0:4f:d6:
         8c:79:a4:e0:2f:a2:51:a2:1c:6e:90:d5:17:8c:4d:10:36:e3:
         fe:f0:21:ab
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRFYu5b8KbbRPH2E3WRYzq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ODY0NGI5MmYzOTRjYWYzNjY3YmRiNmFmM2UzODY5OWM1
NGYzMTUwHhcNMjUwMTA4MTAwODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWQ5MmNkNTFhNWRhYTAyNjM0NjdhNmE2NTNiODc5Njg4ZTk5YzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvCPnq8s9PTJ6BOQtqCyJagYTInK
+StrW08qjBsbBWaRnLtk6C8MOzdgFzavfBIqZnYr/u/rpY4qX/Vmf8kwCesXcajn
kdtA+3b7Y7e5hFjJOwE7/TlpsLX9WsKbNDkvFy4kbRRGvW/cQ/oEpX/YQG93mQWV
90vSW/yVn2YwCh7E4Rxv2+qGrG34j1wJug2UDmTkeaIwBvPIoQtPLn2WPfWmRVcB
gY2KHczvdjsE7Mozs0++d+I3kPdbNa0BG1npvK13rh0locbtNNN5j0IYcaXqhD2B
7Ow6X4SpSd/9nL5MLOpNfLvd/KY6kV6ofmgXhuGp/gY+zWt0jeMeIGihmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL7ZLNUaXaoCY0Z6amU7h5aI6ZwuMB8GA1UdIwQY
MBaAFEaGRLkvOUyvNme9tq8+OGmcVPMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm9aRXVTODVUSzgyWjcyMnJ6NDRhWnhVOHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8wOTE4NDEtMDJmZS00NGRiLWJhMTYt
YTVlMTNiNGZiMTJiLzEvdnRrczFScGRxZ0pqUm5wcVpUdUhsb2pwbkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8wOTE4NDEtMDJmZS00NGRiLWJhMTYtYTVlMTNiNGZiMTJi
LzEvUm9aRXVTODVUSzgyWjcyMnJ6NDRhWnhVOHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAkhNGMA0E
AgACMAcDBQAqE8THMA0GCSqGSIb3DQEBCwUAA4IBAQANejM6KT19NjP79ut/I8D4
AMp7qj8zfoPAfi6NXF1dwbVvHe1etUgH83WMT0aBlukOLTBuIE0lT4d0Qkmcwpku
ZmsQyONYWKxiKpoj2J+VhmowYz9sJcMAt493+yiC/4R6fqCmB5ceH130n497FW+f
bDvNQr4IcpYiZHuBeIUnyHR9ifBOzcHYXmO0cYPq/JclvDLJecErk8jra7l058c2
R7T4x5hhoE+wmR/czP332AnD0apbFVQE1+IckVcG3xyPucOXmLWMPXiuTuIHiyGN
4t1fdpixAAZeAGF8Jx6jxe2GXRHviQOwT9aMeaTgL6JRohxukNUXjE0QNuP+8CGr
-----END CERTIFICATE-----