Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/VzkacFc_Ux9761-MRYGZRET8GcA.roa
File:                     VzkacFc_Ux9761-MRYGZRET8GcA.roa (raw, json)
Hash identifier:          bm+2/kioi+Y/5gpY4FLTWb1wog2KljMTpuqN97ezlM4=
Subject key identifier:   57:39:1A:70:57:3F:53:1F:7B:EB:5F:8C:45:81:99:44:44:FC:19:C0
Certificate issuer:       /CN=227e9581a69acf8119320e1379857a513bd238db
Certificate serial:       018CC801960A77EA9541789DA0ECA6FC7CE8
Authority key identifier: 22:7E:95:81:A6:9A:CF:81:19:32:0E:13:79:85:7A:51:3B:D2:38:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/In6Vgaaaz4EZMg4TeYV6UTvSONs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/VzkacFc_Ux9761-MRYGZRET8GcA.roa
Signing time:             Tue 02 Jan 2024 02:29:56 +0000
ROA not before:           Tue 02 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199324
IP address blocks:        185.187.40.0/22 maxlen: 24
                          185.21.24.0/22 maxlen: 24
                          2a00:54e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/In6Vgaaaz4EZMg4TeYV6UTvSONs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/In6Vgaaaz4EZMg4TeYV6UTvSONs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/In6Vgaaaz4EZMg4TeYV6UTvSONs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:96:0a:77:ea:95:41:78:9d:a0:ec:a6:fc:7c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=227e9581a69acf8119320e1379857a513bd238db
        Validity
            Not Before: Jan  2 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57391a70573f531f7beb5f8c4581994444fc19c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:02:7c:f2:57:8c:80:0d:16:b5:8f:b2:cd:eb:
                    1f:be:03:ef:10:f6:6c:16:88:80:da:cf:ae:cb:67:
                    bd:d1:9a:39:5c:c9:17:ce:51:65:20:e4:b6:c0:37:
                    97:af:09:b9:8d:bc:c6:90:42:64:1f:df:8e:0a:96:
                    5c:8f:e7:ea:14:0c:39:ce:00:ea:2e:47:84:c9:1a:
                    f1:66:12:fd:86:bf:fb:7e:05:79:f6:87:ac:fb:e4:
                    a6:56:32:0b:28:5e:fe:1f:e3:d9:ee:7e:d8:36:93:
                    83:01:6a:99:c7:4f:de:f4:23:5f:90:cc:fa:a2:d7:
                    13:22:90:d0:35:59:9e:b4:72:7c:05:e9:25:e7:20:
                    9f:c5:ed:12:b5:23:3b:bc:24:1f:83:2e:f1:ad:ff:
                    01:00:ba:65:08:f1:0f:ea:37:ab:fe:1e:f0:0f:84:
                    f5:e8:67:1f:e6:5a:cc:65:20:60:39:96:61:1c:93:
                    f9:0d:9f:8e:6f:21:ca:57:da:c9:84:da:e5:cd:55:
                    24:ea:61:33:73:f6:b4:b3:02:46:78:19:2f:f0:3c:
                    d3:03:a9:2f:fd:ef:3b:f8:4c:b8:12:25:5b:51:2c:
                    95:f3:40:4b:d5:16:5b:8a:28:17:a8:bf:77:d2:2e:
                    70:13:7b:62:34:3d:f2:d8:b1:d0:bf:2f:1a:6e:56:
                    5f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:39:1A:70:57:3F:53:1F:7B:EB:5F:8C:45:81:99:44:44:FC:19:C0
            X509v3 Authority Key Identifier:
                keyid:22:7E:95:81:A6:9A:CF:81:19:32:0E:13:79:85:7A:51:3B:D2:38:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/In6Vgaaaz4EZMg4TeYV6UTvSONs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/VzkacFc_Ux9761-MRYGZRET8GcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/2b83a1-748d-4f55-8b3b-d9df45dbbadf/1/In6Vgaaaz4EZMg4TeYV6UTvSONs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.24.0/22
                  185.187.40.0/22
                IPv6:
                  2a00:54e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:dd:bf:f9:b3:ee:12:d3:f0:08:d7:68:84:d9:bf:07:5d:d5:
         d0:f2:1a:97:28:8a:4f:b2:24:13:7c:7a:ff:d4:47:d5:e7:68:
         55:9f:51:48:5e:c4:9a:d8:f8:ba:8d:cb:ed:44:90:10:80:4d:
         9e:73:f9:e6:23:a6:f6:12:35:e5:db:b5:ca:ed:8a:7c:d5:6c:
         ea:02:f1:dd:da:d6:4e:dc:e4:3c:61:2f:6d:20:69:d6:7d:9f:
         e8:7c:84:ae:22:65:d7:53:36:c8:82:cc:c1:6a:78:65:ce:2c:
         b3:e7:60:58:27:d8:b1:42:bb:78:67:02:86:25:b9:b1:f5:61:
         ff:f3:29:d8:91:6d:d7:aa:c9:70:91:04:2f:af:21:d8:42:08:
         a9:3e:9c:4c:a7:b7:45:f3:cd:e9:77:85:90:aa:b8:c2:50:87:
         0d:f1:c9:34:ba:6b:e7:b7:c1:96:43:dc:1c:66:52:eb:a1:ef:
         bf:39:a9:05:3f:3b:3b:28:8c:c2:81:ea:fc:fd:28:70:04:c1:
         ca:f7:91:b1:6e:07:00:4f:90:ea:93:82:9f:09:08:59:88:7f:
         ac:78:bd:ce:ad:7c:8a:c7:3a:56:32:85:fe:f8:0f:02:1c:18:
         b7:0d:49:7e:ba:91:9d:1c:ec:85:bc:34:a3:e7:dd:88:4d:55:
         82:32:9a:e1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAZYKd+qVQXidoOym/HzoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyN2U5NTgxYTY5YWNmODExOTMyMGUxMzc5ODU3YTUxM2Jk
MjM4ZGIwHhcNMjQwMTAyMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzM5MWE3MDU3M2Y1MzFmN2JlYjVmOGM0NTgxOTk0NDQ0ZmMxOWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwJ88leMgA0WtY+yzesfvgPvEPZs
FoiA2s+uy2e90Zo5XMkXzlFlIOS2wDeXrwm5jbzGkEJkH9+OCpZcj+fqFAw5zgDq
LkeEyRrxZhL9hr/7fgV59oes++SmVjILKF7+H+PZ7n7YNpODAWqZx0/e9CNfkMz6
otcTIpDQNVmetHJ8Bekl5yCfxe0StSM7vCQfgy7xrf8BALplCPEP6jer/h7wD4T1
6Gcf5lrMZSBgOZZhHJP5DZ+ObyHKV9rJhNrlzVUk6mEzc/a0swJGeBkv8DzTA6kv
/e87+Ey4EiVbUSyV80BL1RZbiigXqL930i5wE3tiND3y2LHQvy8ablZfQwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFc5GnBXP1Mfe+tfjEWBmURE/BnAMB8GA1UdIwQY
MBaAFCJ+lYGmms+BGTIOE3mFelE70jjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW42VmdhYWF6NEVaTWc0VGVZVjZVVHZTT05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yYjgzYTEtNzQ4ZC00ZjU1LThiM2It
ZDlkZjQ1ZGJiYWRmLzEvVnprYWNGY19VeDk3NjEtTVJZR1pSRVQ4R2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yYjgzYTEtNzQ4ZC00ZjU1LThiM2ItZDlkZjQ1ZGJiYWRm
LzEvSW42VmdhYWF6NEVaTWc0VGVZVjZVVHZTT05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRUYAwQC
ubsoMA0EAgACMAcDBQAqAFTgMA0GCSqGSIb3DQEBCwUAA4IBAQCd3b/5s+4S0/AI
12iE2b8HXdXQ8hqXKIpPsiQTfHr/1EfV52hVn1FIXsSa2Pi6jcvtRJAQgE2ec/nm
I6b2EjXl27XK7Yp81WzqAvHd2tZO3OQ8YS9tIGnWfZ/ofISuImXXUzbIgszBanhl
ziyz52BYJ9ixQrt4ZwKGJbmx9WH/8ynYkW3XqslwkQQvryHYQgipPpxMp7dF883p
d4WQqrjCUIcN8ck0umvnt8GWQ9wcZlLroe+/OakFPzs7KIzCger8/ShwBMHK95Gx
bgcAT5Dqk4KfCQhZiH+seL3OrXyKxzpWMoX++A8CHBi3DUl+upGdHOyFvDSj592I
TVWCMprh
-----END CERTIFICATE-----