Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/VUzVtihiesrIqKKBThROx3tHl1E.roa
File:                     VUzVtihiesrIqKKBThROx3tHl1E.roa (raw, json)
Hash identifier:          BsIh6IZJoL+mDKYVywciMO7nDSe4hm6ioefY+FMRQmw=
Subject key identifier:   55:4C:D5:B6:28:62:7A:CA:C8:A8:A2:81:4E:14:4E:C7:7B:47:97:51
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCE20B077056177B1047587C6B0C3A
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/VUzVtihiesrIqKKBThROx3tHl1E.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56981
IP address blocks:        2a02:2698:7800::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e2:0b:07:70:56:17:7b:10:47:58:7c:6b:0c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=554cd5b628627acac8a8a2814e144ec77b479751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:df:01:d1:fc:54:87:1b:19:6f:35:da:f5:1a:
                    b6:98:c0:24:c9:49:df:da:7c:10:fd:78:54:67:09:
                    da:3c:d1:5a:c8:fc:1a:c0:98:ce:56:03:ca:ba:4e:
                    c4:15:c0:57:eb:34:de:47:48:fe:d8:18:e1:00:88:
                    5a:df:c3:52:de:0f:0a:4d:2e:bc:b3:a5:4d:da:b0:
                    25:f2:ab:45:39:df:96:93:22:b0:f7:4b:b7:71:31:
                    06:fa:8f:cd:bd:75:94:e8:7e:81:12:94:2f:f2:1f:
                    b6:ce:61:79:5b:26:64:04:96:c9:c6:2d:ba:13:22:
                    4c:d0:36:bb:3f:29:45:fd:69:36:20:e6:56:76:1f:
                    e6:0c:06:ab:8d:c8:7a:e2:ad:e5:42:5c:c5:ec:48:
                    3f:a2:2d:22:3c:7e:b5:0e:96:48:d3:17:c7:b7:29:
                    8b:3a:ca:27:3f:f8:04:92:1a:ce:4d:c3:80:fa:81:
                    c5:77:8a:cf:40:d9:d0:5c:70:6d:ff:27:3e:21:a7:
                    cb:97:ac:42:da:57:ef:32:88:91:6f:17:db:80:5e:
                    8e:ab:07:c4:f1:1b:25:12:2a:e1:26:0e:54:90:65:
                    81:ef:3e:4b:2c:0c:c3:f0:5b:c5:24:5a:14:f9:eb:
                    bb:26:36:30:08:dd:01:23:fc:4a:a1:6d:46:30:cf:
                    a2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:4C:D5:B6:28:62:7A:CA:C8:A8:A2:81:4E:14:4E:C7:7B:47:97:51
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/VUzVtihiesrIqKKBThROx3tHl1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:7800::/38

    Signature Algorithm: sha256WithRSAEncryption
         30:a8:d0:f0:f1:84:68:fb:94:8c:5a:bc:c6:68:40:25:7c:38:
         5e:ee:73:bf:a9:b5:85:1c:e2:87:a4:de:b0:6f:26:98:4a:71:
         f3:24:d8:53:2c:10:39:f8:6b:2b:18:33:11:b0:f0:28:d0:fa:
         8b:4c:ed:86:bb:4a:91:aa:15:7f:7f:80:e8:d4:f6:ad:ec:40:
         4a:97:82:d3:5a:67:79:39:4d:0a:98:0d:03:04:21:09:62:99:
         1c:8d:15:1b:96:4e:4c:09:63:a2:f6:19:c6:72:45:18:29:f3:
         35:e4:e1:bb:c7:b1:1e:cb:b3:88:f8:7f:05:df:48:2d:83:1e:
         58:3e:f9:ab:1d:d9:4a:93:41:17:1a:6d:55:a8:95:5a:33:3c:
         48:87:fc:49:48:b3:3a:f6:ec:94:f8:27:bf:a7:d0:d8:4b:c3:
         02:93:1d:4b:37:fe:46:21:16:72:d4:48:0c:81:39:f6:10:4d:
         b4:a6:3a:19:0d:5f:c4:60:cc:bb:84:20:18:c3:75:b4:3a:be:
         b5:93:5a:66:8d:ee:3b:4e:b3:a7:d6:6f:76:d2:f2:57:42:10:
         35:2a:b7:74:ac:03:c7:ee:3e:55:22:5d:a1:62:d8:c9:04:49:
         ed:02:64:e4:38:22:f1:88:9a:d3:db:b3:ab:dc:0c:63:2a:e3:
         89:b7:fe:bf
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvOILB3BWF3sQR1h8aww6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTRjZDViNjI4NjI3YWNhYzhhOGEyODE0ZTE0NGVjNzdiNDc5NzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA598B0fxUhxsZbzXa9Rq2mMAkyUnf
2nwQ/XhUZwnaPNFayPwawJjOVgPKuk7EFcBX6zTeR0j+2BjhAIha38NS3g8KTS68
s6VN2rAl8qtFOd+WkyKw90u3cTEG+o/NvXWU6H6BEpQv8h+2zmF5WyZkBJbJxi26
EyJM0Da7PylF/Wk2IOZWdh/mDAarjch64q3lQlzF7Eg/oi0iPH61DpZI0xfHtymL
OsonP/gEkhrOTcOA+oHFd4rPQNnQXHBt/yc+IafLl6xC2lfvMoiRbxfbgF6OqwfE
8RslEirhJg5UkGWB7z5LLAzD8FvFJFoU+eu7JjYwCN0BI/xKoW1GMM+i1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFVM1bYoYnrKyKiigU4UTsd7R5dRMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvVlV6VnRpaGllc3JJcUtLQlRoUk94M3RIbDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmHgw
DQYJKoZIhvcNAQELBQADggEBADCo0PDxhGj7lIxavMZoQCV8OF7uc7+ptYUc4oek
3rBvJphKcfMk2FMsEDn4aysYMxGw8CjQ+otM7Ya7SpGqFX9/gOjU9q3sQEqXgtNa
Z3k5TQqYDQMEIQlimRyNFRuWTkwJY6L2GcZyRRgp8zXk4bvHsR7Ls4j4fwXfSC2D
Hlg++asd2UqTQRcabVWolVozPEiH/ElIszr27JT4J7+n0NhLwwKTHUs3/kYhFnLU
SAyBOfYQTbSmOhkNX8RgzLuEIBjDdbQ6vrWTWmaN7jtOs6fWb3bS8ldCEDUqt3Ss
A8fuPlUiXaFi2MkESe0CZOQ4IvGImtPbs6vcDGMq44m3/r8=
-----END CERTIFICATE-----