Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/VAP_XARTBebepcQIP1K0TGz-2UA.roa
File:                     VAP_XARTBebepcQIP1K0TGz-2UA.roa (raw, json)
Hash identifier:          d2N2VtKROb4t+AmpXk4vrQwpmrKHG7lKpxvEvMsVYWo=
Subject key identifier:   54:03:FF:5C:04:53:05:E6:DE:A5:C4:08:3F:52:B4:4C:6C:FE:D9:40
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295DABD5EB46AB905D96AF5C30D517
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/VAP_XARTBebepcQIP1K0TGz-2UA.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204446
IP address blocks:        2a0e:8f02:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5d:ab:d5:eb:46:ab:90:5d:96:af:5c:30:d5:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5403ff5c045305e6dea5c4083f52b44c6cfed940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9a:a0:6a:17:a6:59:ec:fc:ef:43:61:ff:58:
                    a5:b6:35:5d:46:38:2e:84:37:3f:64:47:94:a7:24:
                    0e:19:56:f7:34:2d:3d:91:fb:2e:6c:af:36:5e:6e:
                    b0:cf:ce:34:09:37:3c:a6:00:c3:4f:29:e3:5c:6e:
                    00:f8:5d:09:1b:ff:ad:bb:8e:36:ad:de:65:98:28:
                    72:11:a9:b1:97:b1:fc:a0:32:b1:32:2a:a8:25:cf:
                    19:c5:ba:38:38:9e:bb:32:60:4b:01:a2:5d:31:be:
                    b5:d0:e2:ec:6c:8e:9f:b1:ab:35:92:83:e8:a7:46:
                    98:bd:66:a8:77:72:5c:60:27:30:69:d0:fe:f1:c8:
                    f3:3a:56:c8:8b:68:1e:4b:87:26:6e:0c:b2:89:fc:
                    c1:22:26:a0:aa:73:7a:6b:77:ce:4a:28:ce:6e:d4:
                    03:a4:81:93:e5:a9:b4:44:3f:da:af:be:18:f6:67:
                    a9:b8:16:ed:aa:71:cc:1e:02:60:da:21:ec:8e:5b:
                    6b:09:89:24:57:3a:c8:ce:cf:23:80:61:ea:5b:57:
                    df:6d:43:7d:ce:62:80:20:6e:24:8f:0e:1a:36:47:
                    6c:5b:ad:00:11:d0:18:03:6e:54:1f:81:2f:74:8d:
                    f1:70:62:f5:9d:f7:e2:81:e9:a9:d8:3d:41:c2:21:
                    ba:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:03:FF:5C:04:53:05:E6:DE:A5:C4:08:3F:52:B4:4C:6C:FE:D9:40
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/VAP_XARTBebepcQIP1K0TGz-2UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:05:69:bb:73:85:a8:24:76:08:a9:27:38:cd:5a:24:2c:55:
         52:21:30:db:d5:a1:c1:2e:27:ff:57:d1:b2:26:3c:33:9f:e6:
         2f:d4:7e:88:46:65:4d:c9:84:7b:68:6e:05:8b:00:d9:5b:f1:
         ce:bf:43:79:53:8a:3b:40:8b:b7:ca:58:4d:1c:c5:49:bf:f1:
         93:30:4c:17:7b:07:9c:56:3f:4a:d2:a9:9a:3a:9a:23:ff:46:
         83:3b:d2:47:6e:ca:84:29:8f:1d:95:11:18:1d:da:f0:66:04:
         57:d7:fa:9c:67:a4:8a:9f:85:69:79:66:e9:7d:52:74:e3:c2:
         86:83:2d:b3:9c:85:e1:c1:44:65:b6:aa:61:82:76:a9:3f:2a:
         b5:a7:b6:db:7e:ac:77:05:b7:c1:33:74:ab:87:da:30:4b:e0:
         e4:e6:06:de:2f:19:84:cf:b3:8a:c7:3b:6b:6e:93:20:e5:d2:
         8e:38:56:55:a5:08:c2:f4:1d:c3:1e:aa:8d:79:41:c2:b5:59:
         d5:b6:b9:c9:90:7a:67:38:72:a1:a5:f0:d6:aa:b7:b2:3d:f7:
         d2:d7:ba:a5:0b:e5:e8:5c:42:ab:19:7a:25:f2:32:ce:62:62:
         ca:23:8b:25:1a:1e:80:d8:cd:fd:47:6c:a8:e2:5f:fa:c7:21:
         52:6d:5a:ed
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKV2r1etGq5Bdlq9cMNUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDAzZmY1YzA0NTMwNWU2ZGVhNWM0MDgzZjUyYjQ0YzZjZmVkOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZqgahemWez870Nh/1iltjVdRjgu
hDc/ZEeUpyQOGVb3NC09kfsubK82Xm6wz840CTc8pgDDTynjXG4A+F0JG/+tu442
rd5lmChyEamxl7H8oDKxMiqoJc8Zxbo4OJ67MmBLAaJdMb610OLsbI6fsas1koPo
p0aYvWaod3JcYCcwadD+8cjzOlbIi2geS4cmbgyyifzBIiagqnN6a3fOSijObtQD
pIGT5am0RD/ar74Y9mepuBbtqnHMHgJg2iHsjltrCYkkVzrIzs8jgGHqW1ffbUN9
zmKAIG4kjw4aNkdsW60AEdAYA25UH4EvdI3xcGL1nffigemp2D1BwiG62wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFQD/1wEUwXm3qXECD9StExs/tlAMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVkFQX1hBUlRCZWJlcGNRSVAxSzBUR3otMlVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg6PAhAw
DQYJKoZIhvcNAQELBQADggEBACQFabtzhagkdgipJzjNWiQsVVIhMNvVocEuJ/9X
0bImPDOf5i/UfohGZU3JhHtobgWLANlb8c6/Q3lTijtAi7fKWE0cxUm/8ZMwTBd7
B5xWP0rSqZo6miP/RoM70kduyoQpjx2VERgd2vBmBFfX+pxnpIqfhWl5Zul9UnTj
woaDLbOcheHBRGW2qmGCdqk/KrWnttt+rHcFt8EzdKuH2jBL4OTmBt4vGYTPs4rH
O2tukyDl0o44VlWlCML0HcMeqo15QcK1WdW2ucmQemc4cqGl8Naqt7I999LXuqUL
5ehcQqsZeiXyMs5iYsojiyUaHoDYzf1HbKjiX/rHIVJtWu0=
-----END CERTIFICATE-----