Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/5e1d42-3575-4ec1-bc7c-d64368208131/1/FoVdP2zXQO7JmuUnUjOTZep-vgw.roa
File:                     FoVdP2zXQO7JmuUnUjOTZep-vgw.roa (raw, json)
Hash identifier:          ZOk3u6PTcx4pIna4BmuFtp/Z7fekpAtw0hyzoJOXo8c=
Subject key identifier:   16:85:5D:3F:6C:D7:40:EE:C9:9A:E5:27:52:33:93:65:EA:7E:BE:0C
Certificate issuer:       /CN=05f59aedc28296e291724f7937de788e27216408
Certificate serial:       018CC42534FC3DF236F5C455C85177958B13
Authority key identifier: 05:F5:9A:ED:C2:82:96:E2:91:72:4F:79:37:DE:78:8E:27:21:64:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfWa7cKCluKRck95N954jichZAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/5e1d42-3575-4ec1-bc7c-d64368208131/1/FoVdP2zXQO7JmuUnUjOTZep-vgw.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198638
IP address blocks:        185.22.20.0/22 maxlen: 22
                          2a00:5ae0:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/5e1d42-3575-4ec1-bc7c-d64368208131/1/BfWa7cKCluKRck95N954jichZAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/5e1d42-3575-4ec1-bc7c-d64368208131/1/BfWa7cKCluKRck95N954jichZAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfWa7cKCluKRck95N954jichZAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:34:fc:3d:f2:36:f5:c4:55:c8:51:77:95:8b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f59aedc28296e291724f7937de788e27216408
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16855d3f6cd740eec99ae52752339365ea7ebe0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:19:d1:3d:0d:48:64:11:8f:d1:74:50:44:be:
                    84:35:53:13:30:0b:0b:72:fc:8c:c0:eb:af:ca:f5:
                    a5:35:c4:5f:5b:58:46:b2:96:8a:73:3e:07:4d:c2:
                    bd:a8:28:f1:e1:93:f0:e1:4a:6a:7e:88:f8:14:a4:
                    6e:6d:0a:18:d1:25:f6:3a:aa:18:4f:e1:e1:ce:95:
                    02:28:87:b1:da:6a:8c:43:2a:78:a6:4f:5f:9c:4a:
                    87:7e:5c:c3:4f:9d:a9:92:a4:54:b4:e8:77:44:6e:
                    fa:09:25:d5:19:84:a4:1a:b1:a0:49:33:c2:be:d5:
                    33:15:34:f6:b3:a7:e6:88:af:b0:c5:1e:fb:af:0a:
                    8c:f1:15:ca:f4:22:95:fe:a3:7f:ef:0e:f5:2a:31:
                    e5:53:e6:39:33:8a:4f:08:74:31:af:01:3a:46:38:
                    2d:be:73:58:e0:99:d3:fb:bd:e6:b1:61:0f:7c:c4:
                    2b:14:3c:3f:3b:ea:c5:bb:49:3d:f5:20:5c:c5:38:
                    a5:28:c5:d4:a2:ff:e1:ab:72:82:2e:a1:88:1a:63:
                    1a:d0:26:81:c6:2d:f6:25:5c:ce:86:3e:ec:f4:9e:
                    61:9e:90:a8:9b:4c:48:a5:1e:93:ce:30:03:2a:82:
                    c1:c8:8f:1e:55:cc:17:a4:1e:ca:18:c5:20:26:03:
                    32:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:85:5D:3F:6C:D7:40:EE:C9:9A:E5:27:52:33:93:65:EA:7E:BE:0C
            X509v3 Authority Key Identifier:
                keyid:05:F5:9A:ED:C2:82:96:E2:91:72:4F:79:37:DE:78:8E:27:21:64:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfWa7cKCluKRck95N954jichZAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/5e1d42-3575-4ec1-bc7c-d64368208131/1/FoVdP2zXQO7JmuUnUjOTZep-vgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/5e1d42-3575-4ec1-bc7c-d64368208131/1/BfWa7cKCluKRck95N954jichZAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.20.0/22
                IPv6:
                  2a00:5ae0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:6f:34:ae:44:11:25:e7:22:9f:76:60:da:c0:39:37:34:94:
         fd:72:8c:ef:14:1d:85:e8:de:86:68:ca:3a:c0:cb:db:fb:5c:
         b0:8f:dc:ea:7b:9b:6e:52:81:da:90:26:48:5b:e6:96:f5:16:
         95:6d:9e:4f:6c:78:f0:bc:05:35:0e:f4:4e:94:2f:31:09:21:
         af:af:d7:e7:fa:9e:70:e4:82:96:69:e7:b9:67:95:0f:28:82:
         9a:a3:56:5e:1e:6e:fb:73:93:a2:21:fb:b1:d5:54:9b:40:98:
         89:84:9f:48:a8:d3:e8:7e:75:ff:39:a7:f5:c2:a9:59:f6:97:
         9d:22:69:70:60:1a:62:91:4e:96:67:0b:70:28:ec:f9:27:1e:
         93:84:40:67:ef:41:64:9b:89:5e:b6:a7:90:8f:e6:68:a1:2c:
         39:ab:d5:65:a5:04:9c:39:f5:35:57:37:f6:0f:73:4c:57:6d:
         c6:3d:b5:50:33:c6:ab:92:d6:18:62:da:42:2e:6b:2d:61:8b:
         29:d3:21:b0:9c:ad:0e:3d:6b:8e:bc:98:5f:78:fd:55:af:6b:
         0a:54:f7:95:2c:5b:47:73:36:91:d4:94:ce:53:bc:6e:63:0b:
         6f:5c:0c:fd:8e:70:93:5a:f8:fd:dc:55:d0:f7:38:3c:41:d7:
         34:77:86:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJTT8PfI29cRVyFF3lYsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjU5YWVkYzI4Mjk2ZTI5MTcyNGY3OTM3ZGU3ODhlMjcy
MTY0MDgwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg1NWQzZjZjZDc0MGVlYzk5YWU1Mjc1MjMzOTM2NWVhN2ViZTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxnRPQ1IZBGP0XRQRL6ENVMTMAsL
cvyMwOuvyvWlNcRfW1hGspaKcz4HTcK9qCjx4ZPw4Upqfoj4FKRubQoY0SX2OqoY
T+HhzpUCKIex2mqMQyp4pk9fnEqHflzDT52pkqRUtOh3RG76CSXVGYSkGrGgSTPC
vtUzFTT2s6fmiK+wxR77rwqM8RXK9CKV/qN/7w71KjHlU+Y5M4pPCHQxrwE6Rjgt
vnNY4JnT+73msWEPfMQrFDw/O+rFu0k99SBcxTilKMXUov/hq3KCLqGIGmMa0CaB
xi32JVzOhj7s9J5hnpCom0xIpR6TzjADKoLByI8eVcwXpB7KGMUgJgMyAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBaFXT9s10DuyZrlJ1Izk2Xqfr4MMB8GA1UdIwQY
MBaAFAX1mu3CgpbikXJPeTfeeI4nIWQIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZXYTdjS0NsdUtSY2s5NU45NTRqaWNoWkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi81ZTFkNDItMzU3NS00ZWMxLWJjN2Mt
ZDY0MzY4MjA4MTMxLzEvRm9WZFAyelhRTzdKbXVVblVqT1RaZXAtdmd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi81ZTFkNDItMzU3NS00ZWMxLWJjN2MtZDY0MzY4MjA4MTMx
LzEvQmZXYTdjS0NsdUtSY2s5NU45NTRqaWNoWkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuRYUMA8E
AgACMAkDBwAqAFrgAQAwDQYJKoZIhvcNAQELBQADggEBAHdvNK5EESXnIp92YNrA
OTc0lP1yjO8UHYXo3oZoyjrAy9v7XLCP3Op7m25SgdqQJkhb5pb1FpVtnk9sePC8
BTUO9E6ULzEJIa+v1+f6nnDkgpZp57lnlQ8ogpqjVl4ebvtzk6Ih+7HVVJtAmImE
n0io0+h+df85p/XCqVn2l50iaXBgGmKRTpZnC3Ao7PknHpOEQGfvQWSbiV62p5CP
5mihLDmr1WWlBJw59TVXN/YPc0xXbcY9tVAzxquS1hhi2kIuay1hiynTIbCcrQ49
a468mF94/VWvawpU95UsW0dzNpHUlM5TvG5jC29cDP2OcJNa+P3cVdD3ODxB1zR3
hrM=
-----END CERTIFICATE-----