Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/VrW7vN1_JOG5zrE6Rwu3D9QA10Q.roa
File:                     VrW7vN1_JOG5zrE6Rwu3D9QA10Q.roa (raw, json)
Hash identifier:          RMmsPR5Dj5DlLiTn/lBy4/txwbzsQxkOhcSUbyPZDtY=
Subject key identifier:   56:B5:BB:BC:DD:7F:24:E1:B9:CE:B1:3A:47:0B:B7:0F:D4:00:D7:44
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       018CC8DEB91199C61368BE55320112E1E721
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/VrW7vN1_JOG5zrE6Rwu3D9QA10Q.roa
Signing time:             Tue 02 Jan 2024 06:31:28 +0000
ROA not before:           Tue 02 Jan 2024 06:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48031
IP address blocks:        194.15.114.0/24 maxlen: 24
                          91.213.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b9:11:99:c6:13:68:be:55:32:01:12:e1:e7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Jan  2 06:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56b5bbbcdd7f24e1b9ceb13a470bb70fd400d744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:37:7d:9e:2a:62:04:06:22:bc:cd:37:be:18:
                    62:61:ee:11:91:8d:2f:eb:49:56:61:1d:07:dc:41:
                    cd:6a:34:b1:02:0f:bb:7e:5e:71:3b:64:19:0e:46:
                    29:e9:c7:15:59:19:fb:76:e0:77:b5:46:d1:e1:77:
                    a7:8a:f9:0f:01:b3:ba:bd:a7:89:8b:54:cc:e4:4b:
                    b2:8d:78:b8:e4:4d:e3:bc:fb:4d:52:5a:f4:31:06:
                    71:f5:b3:df:1e:96:6c:ed:23:e9:01:79:f3:c4:9b:
                    26:72:6a:76:6c:dc:2f:9e:7e:de:70:aa:f2:5d:0e:
                    fc:f1:53:2f:c0:32:cd:56:0c:ff:76:81:55:8e:e1:
                    99:b0:9a:33:7c:28:97:30:68:dc:cd:a3:05:f5:8a:
                    17:7e:c4:c4:3e:96:f1:d4:f9:8b:5f:27:71:58:af:
                    96:72:31:ad:ba:07:88:27:b4:2c:c0:0d:3c:f0:04:
                    8e:87:2e:9e:a6:bc:f2:be:94:cf:f3:2c:b5:2b:03:
                    6d:f2:82:5b:60:c3:07:2f:0c:15:c8:13:3f:38:60:
                    fb:9b:4a:9e:5c:5f:db:c7:ea:05:85:83:cd:e4:09:
                    9d:c8:ed:4c:e8:f1:24:33:0b:f2:df:70:e6:8d:e8:
                    cc:40:37:1b:9b:d8:13:e3:2e:9a:4b:6d:21:60:c7:
                    24:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B5:BB:BC:DD:7F:24:E1:B9:CE:B1:3A:47:0B:B7:0F:D4:00:D7:44
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/VrW7vN1_JOG5zrE6Rwu3D9QA10Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.8.0/24
                  194.15.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:8a:d9:02:c3:48:43:e6:0e:e6:35:b2:79:e1:64:80:66:86:
         72:bb:1c:4a:da:4e:bd:4d:80:f8:06:89:bd:c9:21:b8:46:aa:
         3f:b3:08:a6:de:e0:68:20:42:d5:72:bd:18:4b:92:a7:00:da:
         a0:0b:25:5e:89:92:a8:60:8b:96:70:b7:3b:1d:d3:70:10:6d:
         27:43:31:84:26:89:50:52:76:46:99:07:e9:a1:52:f0:54:08:
         9b:e0:b3:4f:4d:06:15:07:ee:d8:6d:08:d6:7c:bd:38:e7:d1:
         cf:f5:ef:88:97:94:d1:e5:08:80:dd:60:3c:a1:a8:74:e1:69:
         b8:71:49:b7:cf:df:9e:f7:2e:b7:f2:5e:23:00:02:28:5a:1f:
         5d:6d:d4:b1:33:01:3f:d9:7c:63:f2:a5:b9:65:e1:fb:f9:26:
         ed:db:30:fc:e1:87:73:00:39:69:41:f2:44:22:39:1f:08:7f:
         e0:36:b6:f3:a7:b2:0e:36:da:ce:a4:64:d5:b0:50:fa:39:d3:
         f5:c4:fb:eb:72:f4:59:dd:de:df:5f:1c:31:51:0b:0d:5c:22:
         86:92:5a:17:e7:c6:75:b0:b8:0c:dd:5f:86:ab:68:f4:d0:70:
         95:aa:f8:d8:93:ea:10:c7:b9:f3:99:04:d8:b7:e1:fe:3a:6b:
         cb:83:f4:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3rkRmcYTaL5VMgES4echMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGM5YzU1ZTE1OTdlODg1NjRkYWY1NjdlNWE0NjY1OTc4
YzdiODUwHhcNMjQwMTAyMDYzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmI1YmJiY2RkN2YyNGUxYjljZWIxM2E0NzBiYjcwZmQ0MDBkNzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjd9nipiBAYivM03vhhiYe4RkY0v
60lWYR0H3EHNajSxAg+7fl5xO2QZDkYp6ccVWRn7duB3tUbR4XenivkPAbO6vaeJ
i1TM5EuyjXi45E3jvPtNUlr0MQZx9bPfHpZs7SPpAXnzxJsmcmp2bNwvnn7ecKry
XQ788VMvwDLNVgz/doFVjuGZsJozfCiXMGjczaMF9YoXfsTEPpbx1PmLXydxWK+W
cjGtugeIJ7QswA088ASOhy6eprzyvpTP8yy1KwNt8oJbYMMHLwwVyBM/OGD7m0qe
XF/bx+oFhYPN5AmdyO1M6PEkMwvy33DmjejMQDcbm9gT4y6aS20hYMckXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFa1u7zdfyThuc6xOkcLtw/UANdEMB8GA1UdIwQY
MBaAFIXcnFXhWX6IVk2vVn5aRmWXjHuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0Mjkt
ODZlYTE5ZDI5MTYzLzEvVnJXN3ZOMV9KT0c1enJFNlJ3dTNEOVFBMTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0MjktODZlYTE5ZDI5MTYz
LzEvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9UIAwQA
wg9yMA0GCSqGSIb3DQEBCwUAA4IBAQAFitkCw0hD5g7mNbJ54WSAZoZyuxxK2k69
TYD4Bom9ySG4Rqo/swim3uBoIELVcr0YS5KnANqgCyVeiZKoYIuWcLc7HdNwEG0n
QzGEJolQUnZGmQfpoVLwVAib4LNPTQYVB+7YbQjWfL0459HP9e+Il5TR5QiA3WA8
oah04Wm4cUm3z9+e9y638l4jAAIoWh9dbdSxMwE/2Xxj8qW5ZeH7+Sbt2zD84Ydz
ADlpQfJEIjkfCH/gNrbzp7IONtrOpGTVsFD6OdP1xPvrcvRZ3d7fXxwxUQsNXCKG
kloX58Z1sLgM3V+Gq2j00HCVqvjYk+oQx7nzmQTYt+H+OmvLg/Sl
-----END CERTIFICATE-----