Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/VntJQz0JEIP7O0_CULKybiNM_kY.roa
File:                     VntJQz0JEIP7O0_CULKybiNM_kY.roa (raw, json)
Hash identifier:          WIne9dIJ2wUrmizjmJSF2mRuI04wm1dV3TfZ6GFXgjU=
Subject key identifier:   56:7B:49:43:3D:09:10:83:FB:3B:4F:C2:50:B2:B2:6E:23:4C:FE:46
Certificate issuer:       /CN=9bd6c860342cc799c28074f699768a8ecbdaa52e
Certificate serial:       018CC56EC335C46924EAE28EF18F4E82DE5D
Authority key identifier: 9B:D6:C8:60:34:2C:C7:99:C2:80:74:F6:99:76:8A:8E:CB:DA:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9bIYDQsx5nCgHT2mXaKjsvapS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/VntJQz0JEIP7O0_CULKybiNM_kY.roa
Signing time:             Mon 01 Jan 2024 14:30:19 +0000
ROA not before:           Mon 01 Jan 2024 14:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56642
IP address blocks:        92.118.152.0/23 maxlen: 23
                          92.118.154.0/23 maxlen: 23
                          185.155.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/m9bIYDQsx5nCgHT2mXaKjsvapS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/m9bIYDQsx5nCgHT2mXaKjsvapS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9bIYDQsx5nCgHT2mXaKjsvapS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c3:35:c4:69:24:ea:e2:8e:f1:8f:4e:82:de:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd6c860342cc799c28074f699768a8ecbdaa52e
        Validity
            Not Before: Jan  1 14:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=567b49433d091083fb3b4fc250b2b26e234cfe46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1a:a8:bb:cc:37:ca:b0:c7:1f:19:e5:c1:47:
                    b1:7b:88:75:25:7b:bd:03:44:25:bd:15:a5:9f:0a:
                    2c:de:f3:ee:34:72:f9:9f:44:c7:3e:88:68:dc:c4:
                    2d:d4:b8:39:29:e9:a0:56:74:3a:60:cd:c6:3d:c4:
                    48:fc:bd:cc:72:5a:3a:f3:1e:5a:5c:f5:1f:af:d8:
                    f3:bc:f0:44:7e:98:b6:b2:18:0d:bc:cf:2a:0c:5e:
                    79:38:4d:ea:bf:ed:25:ca:92:90:fc:2a:18:a0:f2:
                    ad:61:a5:e5:74:42:f7:c9:db:14:a1:5d:19:c6:2f:
                    d0:d4:57:d0:a9:6f:eb:72:ce:c5:92:86:96:5d:dc:
                    64:ae:ac:ad:f2:55:47:82:19:c1:d5:84:19:7b:b9:
                    24:59:fe:7d:e3:35:c4:91:07:7e:1f:4d:af:52:0b:
                    96:5b:29:90:98:39:6f:33:0e:45:3b:f8:51:b5:54:
                    d3:86:8c:23:4f:07:1d:1b:0f:06:e8:a7:1d:61:ce:
                    e2:5a:76:d6:32:a2:70:4b:86:5b:41:1c:c6:8d:37:
                    40:14:06:24:70:ec:63:59:a7:62:95:8a:0a:bc:53:
                    f2:b0:d0:4e:8f:e4:3a:86:c7:7c:eb:27:b8:6b:39:
                    0a:cb:e8:20:59:ad:99:89:80:d1:ff:99:9e:a2:8a:
                    5a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7B:49:43:3D:09:10:83:FB:3B:4F:C2:50:B2:B2:6E:23:4C:FE:46
            X509v3 Authority Key Identifier:
                keyid:9B:D6:C8:60:34:2C:C7:99:C2:80:74:F6:99:76:8A:8E:CB:DA:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9bIYDQsx5nCgHT2mXaKjsvapS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/VntJQz0JEIP7O0_CULKybiNM_kY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/m9bIYDQsx5nCgHT2mXaKjsvapS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.152.0/22
                  185.155.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:ce:f9:5c:23:ce:7a:53:1d:4b:c7:35:04:ca:d4:0c:c2:b7:
         94:c0:ea:96:74:15:4c:48:65:fc:26:fe:fe:ce:68:58:e1:6a:
         da:3a:e9:21:c4:64:c7:03:86:e4:14:67:ea:bd:9d:0a:14:bb:
         16:3f:13:b0:07:7b:db:ee:34:53:45:64:c0:a9:84:83:33:5a:
         68:6f:05:05:8f:ac:e1:6f:b8:27:c7:ad:58:9a:a0:cd:2c:3f:
         f8:a9:e2:3d:14:2e:bc:72:f1:23:40:46:75:b3:b3:a1:cb:a7:
         75:1e:57:18:2b:62:5b:00:e2:0a:a5:07:8a:8f:65:25:76:e2:
         21:53:4a:8e:de:84:50:53:14:45:93:5a:da:8c:cf:7a:d1:e3:
         2d:3b:50:12:24:af:82:66:bd:bb:36:2c:1f:25:a8:a8:fe:c9:
         77:83:79:7f:d0:20:2d:49:7f:d1:b9:27:83:6a:11:72:6c:42:
         13:fa:02:fc:4c:3d:bd:ab:91:3e:bd:3b:72:14:e1:2b:3a:a9:
         31:f4:86:be:5d:77:88:69:3b:ab:ce:1e:45:8d:40:c6:33:be:
         a3:11:02:43:13:21:69:7c:36:d8:cc:2a:26:1b:96:8e:40:a1:
         d5:4a:5c:37:c5:d7:0a:c8:20:2a:4d:c5:df:64:c7:ec:a0:34:
         f4:af:e0:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbsM1xGkk6uKO8Y9Ogt5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZDZjODYwMzQyY2M3OTljMjgwNzRmNjk5NzY4YThlY2Jk
YWE1MmUwHhcNMjQwMTAxMTQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjdiNDk0MzNkMDkxMDgzZmIzYjRmYzI1MGIyYjI2ZTIzNGNmZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhqou8w3yrDHHxnlwUexe4h1JXu9
A0QlvRWlnwos3vPuNHL5n0THPoho3MQt1Lg5KemgVnQ6YM3GPcRI/L3Mclo68x5a
XPUfr9jzvPBEfpi2shgNvM8qDF55OE3qv+0lypKQ/CoYoPKtYaXldEL3ydsUoV0Z
xi/Q1FfQqW/rcs7FkoaWXdxkrqyt8lVHghnB1YQZe7kkWf594zXEkQd+H02vUguW
WymQmDlvMw5FO/hRtVTThowjTwcdGw8G6KcdYc7iWnbWMqJwS4ZbQRzGjTdAFAYk
cOxjWadilYoKvFPysNBOj+Q6hsd86ye4azkKy+ggWa2ZiYDR/5meoopavwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFZ7SUM9CRCD+ztPwlCysm4jTP5GMB8GA1UdIwQY
MBaAFJvWyGA0LMeZwoB09pl2io7L2qUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTliSVlEUXN4NW5DZ0hUMm1YYUtqc3ZhcFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hZmE2OWQtZTE0My00YmY3LWI3NDMt
NDJlM2VmNGY4YjkxLzEvVm50SlF6MEpFSVA3TzBfQ1VMS3liaU5NX2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hZmE2OWQtZTE0My00YmY3LWI3NDMtNDJlM2VmNGY4Yjkx
LzEvbTliSVlEUXN4NW5DZ0hUMm1YYUtqc3ZhcFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXHaYAwQC
uZv4MA0GCSqGSIb3DQEBCwUAA4IBAQCozvlcI856Ux1LxzUEytQMwreUwOqWdBVM
SGX8Jv7+zmhY4WraOukhxGTHA4bkFGfqvZ0KFLsWPxOwB3vb7jRTRWTAqYSDM1po
bwUFj6zhb7gnx61YmqDNLD/4qeI9FC68cvEjQEZ1s7Ohy6d1HlcYK2JbAOIKpQeK
j2UlduIhU0qO3oRQUxRFk1rajM960eMtO1ASJK+CZr27NiwfJaio/sl3g3l/0CAt
SX/RuSeDahFybEIT+gL8TD29q5E+vTtyFOErOqkx9Ia+XXeIaTurzh5FjUDGM76j
EQJDEyFpfDbYzComG5aOQKHVSlw3xdcKyCAqTcXfZMfsoDT0r+Bw
-----END CERTIFICATE-----