Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e8db6c-81ae-4ce2-af30-47b630953c50/1/vds1NAP9UWs5trAaSpv_skorRfs.roa
File:                     vds1NAP9UWs5trAaSpv_skorRfs.roa (raw, json)
Hash identifier:          9oSMbD0fMvda+TUIirWRSF3DTRWOEPhDtAOCs1PEYU8=
Subject key identifier:   BD:DB:35:34:03:FD:51:6B:39:B6:B0:1A:4A:9B:FF:B2:4A:2B:45:FB
Certificate issuer:       /CN=169767585dcef73e1fa9f64da6c7f276ed87a71f
Certificate serial:       018CC4938BF7BFA8A476A81330BAD2304109
Authority key identifier: 16:97:67:58:5D:CE:F7:3E:1F:A9:F6:4D:A6:C7:F2:76:ED:87:A7:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpdnWF3O9z4fqfZNpsfydu2Hpx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e8db6c-81ae-4ce2-af30-47b630953c50/1/vds1NAP9UWs5trAaSpv_skorRfs.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49381
IP address blocks:        91.229.196.0/22 maxlen: 22
                          193.169.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e8db6c-81ae-4ce2-af30-47b630953c50/1/FpdnWF3O9z4fqfZNpsfydu2Hpx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e8db6c-81ae-4ce2-af30-47b630953c50/1/FpdnWF3O9z4fqfZNpsfydu2Hpx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpdnWF3O9z4fqfZNpsfydu2Hpx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8b:f7:bf:a8:a4:76:a8:13:30:ba:d2:30:41:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=169767585dcef73e1fa9f64da6c7f276ed87a71f
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bddb353403fd516b39b6b01a4a9bffb24a2b45fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4e:c2:19:4b:4c:76:05:d1:50:88:13:f1:94:
                    ca:63:f1:09:a1:f4:7f:d4:50:48:71:e0:57:cd:48:
                    7f:7b:b8:fb:a8:fe:46:38:00:cf:86:5c:e1:53:6f:
                    5a:99:20:f3:db:3a:7e:fc:35:60:50:5b:e8:c0:a0:
                    50:d8:84:fd:a0:a6:d3:53:fa:51:75:dd:5a:fe:54:
                    f0:12:43:f3:13:1f:d6:8c:db:dc:fc:be:a6:d9:fc:
                    52:90:62:9b:ba:36:52:04:f8:f4:58:46:d5:28:dc:
                    7b:ef:f6:00:4f:bf:2a:13:20:7f:84:66:d8:1c:35:
                    1f:23:84:d5:a6:65:69:05:54:8e:74:18:13:4c:98:
                    6d:93:1f:9d:49:88:23:d6:5d:a0:59:4b:5b:ea:2f:
                    1d:fd:0d:75:a1:33:69:5e:50:19:f9:f3:83:6b:27:
                    36:b2:b0:ea:06:a3:59:ff:f2:b3:78:04:0a:ba:85:
                    13:49:1e:17:00:d7:af:06:ea:29:e2:63:c5:9c:a3:
                    f3:ef:0d:07:96:49:b5:46:30:2d:b3:aa:87:ca:b0:
                    53:95:5a:34:ad:a3:14:41:30:87:83:3e:b5:b8:7b:
                    2c:33:b5:60:b3:81:3c:31:36:73:8b:4b:80:06:55:
                    b9:40:22:24:e2:5d:ec:17:fe:7e:49:26:18:1a:fa:
                    05:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:DB:35:34:03:FD:51:6B:39:B6:B0:1A:4A:9B:FF:B2:4A:2B:45:FB
            X509v3 Authority Key Identifier:
                keyid:16:97:67:58:5D:CE:F7:3E:1F:A9:F6:4D:A6:C7:F2:76:ED:87:A7:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpdnWF3O9z4fqfZNpsfydu2Hpx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e8db6c-81ae-4ce2-af30-47b630953c50/1/vds1NAP9UWs5trAaSpv_skorRfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e8db6c-81ae-4ce2-af30-47b630953c50/1/FpdnWF3O9z4fqfZNpsfydu2Hpx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.196.0/22
                  193.169.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:3d:e5:60:db:d3:27:e8:93:94:48:75:86:68:14:7e:4e:eb:
         61:e7:77:5c:6c:16:30:f7:f3:4f:ae:bf:8b:e5:81:1c:79:fe:
         cf:09:bb:04:04:af:53:6d:33:bf:2b:ec:a6:24:a0:c1:10:ee:
         d0:34:5d:5f:65:d0:de:4f:14:22:c0:9b:fe:63:0d:a6:4f:1b:
         b6:56:0d:f2:a4:37:33:2c:b9:f1:61:05:b9:c2:67:9b:6f:44:
         e0:8f:17:28:6e:f3:f5:1e:55:e2:11:ef:db:a4:7e:67:c4:ea:
         47:9d:b6:f4:ef:b1:76:a1:54:44:48:ed:97:fd:10:6c:d2:0f:
         99:57:85:cd:bc:78:5e:e9:cf:af:f2:a3:12:98:e7:05:11:61:
         49:b0:d8:d2:15:03:a0:39:3c:ff:15:41:c3:7d:bd:77:fb:6d:
         cd:7c:b6:2b:32:db:50:43:81:27:ef:89:f7:77:2c:22:2e:0a:
         50:61:6a:84:ac:1e:47:91:8e:70:a1:f6:b2:94:21:5e:62:2a:
         a7:df:30:f4:78:76:2f:37:50:dd:35:ed:5c:d5:47:51:e2:99:
         d1:fa:8b:2b:ae:c3:fc:5b:15:10:c4:db:56:b5:4b:dc:05:be:
         3a:52:38:0a:47:f1:fb:4b:f0:f5:59:51:d2:e4:44:23:d9:bc:
         fa:87:2b:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk4v3v6ikdqgTMLrSMEEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTc2NzU4NWRjZWY3M2UxZmE5ZjY0ZGE2YzdmMjc2ZWQ4
N2E3MWYwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGRiMzUzNDAzZmQ1MTZiMzliNmIwMWE0YTliZmZiMjRhMmI0NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlU7CGUtMdgXRUIgT8ZTKY/EJofR/
1FBIceBXzUh/e7j7qP5GOADPhlzhU29amSDz2zp+/DVgUFvowKBQ2IT9oKbTU/pR
dd1a/lTwEkPzEx/WjNvc/L6m2fxSkGKbujZSBPj0WEbVKNx77/YAT78qEyB/hGbY
HDUfI4TVpmVpBVSOdBgTTJhtkx+dSYgj1l2gWUtb6i8d/Q11oTNpXlAZ+fODayc2
srDqBqNZ//KzeAQKuoUTSR4XANevBuop4mPFnKPz7w0Hlkm1RjAts6qHyrBTlVo0
raMUQTCHgz61uHssM7Vgs4E8MTZzi0uABlW5QCIk4l3sF/5+SSYYGvoFlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL3bNTQD/VFrObawGkqb/7JKK0X7MB8GA1UdIwQY
MBaAFBaXZ1hdzvc+H6n2TabH8nbth6cfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBkbldGM085ejRmcWZaTnBzZnlkdTJIcHg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lOGRiNmMtODFhZS00Y2UyLWFmMzAt
NDdiNjMwOTUzYzUwLzEvdmRzMU5BUDlVV3M1dHJBYVNwdl9za29yUmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lOGRiNmMtODFhZS00Y2UyLWFmMzAtNDdiNjMwOTUzYzUw
LzEvRnBkbldGM085ejRmcWZaTnBzZnlkdTJIcHg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+XEAwQB
waksMA0GCSqGSIb3DQEBCwUAA4IBAQCTPeVg29Mn6JOUSHWGaBR+Tuth53dcbBYw
9/NPrr+L5YEcef7PCbsEBK9TbTO/K+ymJKDBEO7QNF1fZdDeTxQiwJv+Yw2mTxu2
Vg3ypDczLLnxYQW5wmebb0TgjxcobvP1HlXiEe/bpH5nxOpHnbb077F2oVRESO2X
/RBs0g+ZV4XNvHhe6c+v8qMSmOcFEWFJsNjSFQOgOTz/FUHDfb13+23NfLYrMttQ
Q4En74n3dywiLgpQYWqErB5HkY5wofaylCFeYiqn3zD0eHYvN1DdNe1c1UdR4pnR
+osrrsP8WxUQxNtWtUvcBb46UjgKR/H7S/D1WVHS5EQj2bz6hyt6
-----END CERTIFICATE-----