Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/VCSScXqIlLkdI9-hf_k4nz7KmUA.roa
File:                     VCSScXqIlLkdI9-hf_k4nz7KmUA.roa (raw, json)
Hash identifier:          2nP2mabtvrl28WVjjk00IbPlRIIfXUwcDZl3mN4c8RU=
Subject key identifier:   54:24:92:71:7A:88:94:B9:1D:23:DF:A1:7F:F9:38:9F:3E:CA:99:40
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255A0ABB652F772C3406042D6D2708
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/VCSScXqIlLkdI9-hf_k4nz7KmUA.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34641
IP address blocks:        2a0b:b86:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:0a:bb:65:2f:77:2c:34:06:04:2d:6d:27:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=542492717a8894b91d23dfa17ff9389f3eca9940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:79:d4:e5:15:92:48:6b:e7:40:2b:4b:b9:82:
                    1d:53:e3:32:d9:68:21:73:67:fe:44:39:3f:22:fc:
                    47:57:88:d5:3b:e0:5b:ad:50:50:f9:fa:60:cf:77:
                    cc:c7:98:e9:e0:af:23:c7:ff:e8:ae:46:d3:34:ed:
                    e6:0d:c2:2e:24:9b:14:d4:71:0c:fb:82:59:cc:f0:
                    de:9d:c1:32:5c:b9:62:77:66:c4:0f:24:8e:46:e0:
                    5b:45:36:6b:c4:5d:c2:3c:63:51:02:eb:4c:38:00:
                    61:c0:45:f9:98:09:82:09:5d:90:bb:46:db:1a:dd:
                    ae:25:26:af:0d:9d:26:e2:1e:c4:7c:13:89:9c:ee:
                    ae:1b:a8:50:ea:02:3b:15:ee:a1:f2:a7:40:d2:cf:
                    9e:f0:07:04:90:12:e7:bf:e3:f8:8a:a5:75:28:bd:
                    51:83:05:aa:9c:80:3b:c6:bb:a7:0f:0f:da:f0:45:
                    bf:8a:2e:29:fb:73:39:02:90:ec:f2:2e:cb:31:b9:
                    7c:63:3c:27:fd:81:d7:e7:77:b7:be:70:fe:12:b0:
                    f5:9c:2f:a3:5c:38:93:95:8e:fc:eb:6e:50:f1:83:
                    8d:99:bf:c9:63:de:14:d5:5c:fe:88:dc:83:5d:84:
                    ba:31:d4:39:70:58:1f:92:8d:6d:76:71:a6:b4:ef:
                    e8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:24:92:71:7A:88:94:B9:1D:23:DF:A1:7F:F9:38:9F:3E:CA:99:40
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/VCSScXqIlLkdI9-hf_k4nz7KmUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:40:4e:10:82:f9:e3:18:c5:2e:5f:74:a8:01:b4:da:ef:0e:
         28:0c:3d:ad:1b:8f:b7:1d:96:ac:9c:e0:63:21:1d:b2:6c:81:
         e6:e2:bf:18:2e:1a:0b:df:2f:cc:35:9c:3b:a7:84:fd:55:5e:
         2c:3d:98:ac:2f:7f:f2:25:77:d2:a6:e7:06:7e:79:54:f6:ab:
         11:aa:d0:9c:d6:6b:7e:48:f4:88:a3:ae:c9:50:c8:ee:85:6b:
         5b:a3:4c:0f:3b:97:7f:28:59:cb:fd:fd:ba:61:dd:b7:33:56:
         42:47:bb:4e:33:f4:e6:32:25:55:e8:7a:f0:24:98:1e:f0:d7:
         23:dd:ca:85:f2:04:06:ab:09:5b:8b:88:5c:e1:75:61:fb:0d:
         d8:ca:9f:c5:8a:b1:2a:b7:40:d7:c7:de:39:2c:27:cf:99:d9:
         ad:80:31:1d:da:42:b2:1a:22:71:e7:b3:46:b6:a6:1f:ff:af:
         b5:de:a4:6b:85:17:c0:49:1c:4c:f5:1a:a7:3d:a6:f7:39:f0:
         5b:c3:f9:fc:30:f2:c4:f4:b2:94:b2:e0:74:a9:6d:ea:ca:41:
         e1:d9:e9:35:bf:22:21:73:11:73:19:8f:93:9b:6a:70:54:82:
         6a:27:ba:24:43:b5:0d:2b:04:12:a3:af:de:86:37:af:75:75:
         4d:05:60:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJVoKu2Uvdyw0BgQtbScIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDI0OTI3MTdhODg5NGI5MWQyM2RmYTE3ZmY5Mzg5ZjNlY2E5OTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnnU5RWSSGvnQCtLuYIdU+My2Wgh
c2f+RDk/IvxHV4jVO+BbrVBQ+fpgz3fMx5jp4K8jx//orkbTNO3mDcIuJJsU1HEM
+4JZzPDencEyXLlid2bEDySORuBbRTZrxF3CPGNRAutMOABhwEX5mAmCCV2Qu0bb
Gt2uJSavDZ0m4h7EfBOJnO6uG6hQ6gI7Fe6h8qdA0s+e8AcEkBLnv+P4iqV1KL1R
gwWqnIA7xrunDw/a8EW/ii4p+3M5ApDs8i7LMbl8Yzwn/YHX53e3vnD+ErD1nC+j
XDiTlY78625Q8YONmb/JY94U1Vz+iNyDXYS6MdQ5cFgfko1tdnGmtO/ouQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFQkknF6iJS5HSPfoX/5OJ8+yplAMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvVkNTU2NYcUlsTGtkSTktaGZfazRuejdLbVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgsLhgEw
DQYJKoZIhvcNAQELBQADggEBAHdAThCC+eMYxS5fdKgBtNrvDigMPa0bj7cdlqyc
4GMhHbJsgebivxguGgvfL8w1nDunhP1VXiw9mKwvf/Ild9Km5wZ+eVT2qxGq0JzW
a35I9IijrslQyO6Fa1ujTA87l38oWcv9/bph3bczVkJHu04z9OYyJVXoevAkmB7w
1yPdyoXyBAarCVuLiFzhdWH7DdjKn8WKsSq3QNfH3jksJ8+Z2a2AMR3aQrIaInHn
s0a2ph//r7XepGuFF8BJHEz1Gqc9pvc58FvD+fww8sT0spSy4HSpberKQeHZ6TW/
IiFzEXMZj5ObanBUgmonuiRDtQ0rBBKjr96GN691dU0FYJM=
-----END CERTIFICATE-----