Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/vEwrEoVUXi7xxY0E085vGBKl2Qo.roa
File:                     vEwrEoVUXi7xxY0E085vGBKl2Qo.roa (raw, json)
Hash identifier:          47Ub9lFiQjWly7SB90E64K47jXvtuA2mlivmFg1NWrI=
Subject key identifier:   BC:4C:2B:12:85:54:5E:2E:F1:C5:8D:04:D3:CE:6F:18:12:A5:D9:0A
Certificate issuer:       /CN=195a12a0e73482d993260598a25c8f5a5c49d201
Certificate serial:       018CC348D4B544D0596DCD30A660131C1EEC
Authority key identifier: 19:5A:12:A0:E7:34:82:D9:93:26:05:98:A2:5C:8F:5A:5C:49:D2:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GVoSoOc0gtmTJgWYolyPWlxJ0gE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/vEwrEoVUXi7xxY0E085vGBKl2Qo.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41107
IP address blocks:        2a03:bc40::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/GVoSoOc0gtmTJgWYolyPWlxJ0gE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/GVoSoOc0gtmTJgWYolyPWlxJ0gE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GVoSoOc0gtmTJgWYolyPWlxJ0gE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d4:b5:44:d0:59:6d:cd:30:a6:60:13:1c:1e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=195a12a0e73482d993260598a25c8f5a5c49d201
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc4c2b1285545e2ef1c58d04d3ce6f1812a5d90a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4f:04:32:4e:3b:f0:29:f0:26:6b:d1:47:5d:
                    47:af:71:9c:09:de:02:28:dd:89:2e:88:27:93:1c:
                    4b:f1:62:e2:d8:4f:fe:2c:c1:84:0a:23:26:bb:b6:
                    4c:46:aa:a5:bf:b2:d2:94:a4:02:17:18:f1:e3:bc:
                    c0:70:2e:4f:ce:89:ba:aa:d3:93:63:56:18:d6:53:
                    95:27:57:1a:ad:11:4e:ed:97:f1:53:9c:f2:7f:aa:
                    6b:6b:36:bd:62:cf:53:53:3f:f0:0c:74:0b:1a:13:
                    5e:dc:4f:a2:cf:71:57:2a:3f:80:b0:16:f8:5d:c8:
                    0a:b6:4d:9d:1a:dc:8e:1b:6c:d8:47:5a:48:57:10:
                    2d:67:e9:f0:7b:81:1b:29:6f:bb:fd:0a:7e:04:b4:
                    d8:d2:7d:c2:67:06:86:26:c3:77:ff:f5:21:19:59:
                    27:f0:d2:eb:eb:a8:bf:2b:cc:23:d6:c8:a8:8a:f3:
                    02:cd:c4:43:b6:cc:3f:8e:6a:49:c7:f8:41:fe:97:
                    de:02:ea:2a:b4:a6:d1:c6:27:6b:24:65:70:0c:91:
                    94:a1:e1:ac:65:1e:6b:92:a5:48:f9:3d:29:22:f9:
                    a2:0a:3f:e9:e6:65:e6:3a:91:b4:19:9d:08:66:8d:
                    01:ac:e2:ff:11:fc:13:5b:60:74:59:dd:d7:a1:62:
                    86:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:4C:2B:12:85:54:5E:2E:F1:C5:8D:04:D3:CE:6F:18:12:A5:D9:0A
            X509v3 Authority Key Identifier:
                keyid:19:5A:12:A0:E7:34:82:D9:93:26:05:98:A2:5C:8F:5A:5C:49:D2:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GVoSoOc0gtmTJgWYolyPWlxJ0gE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/vEwrEoVUXi7xxY0E085vGBKl2Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/0c14f4-9a47-4a5a-a37d-f3555ddf280a/1/GVoSoOc0gtmTJgWYolyPWlxJ0gE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:bc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:01:9e:a2:61:40:43:86:b5:e0:9a:21:84:39:24:cc:56:d5:
         7d:0a:6c:cb:53:50:a8:6f:8b:8f:c9:24:95:ad:9d:81:77:f3:
         13:ee:2f:76:e3:f3:b1:10:48:b3:26:92:31:5d:cd:17:1a:27:
         48:a6:29:3f:56:bb:74:4e:b1:56:73:4f:6a:a9:59:7d:04:30:
         70:29:5f:43:2a:2f:92:16:27:ac:9f:a0:66:c6:77:f2:fc:8e:
         0d:69:57:42:2e:60:3d:5a:a3:65:c6:91:25:56:14:d0:0c:f6:
         a8:a2:fb:6f:69:7b:52:75:c6:d3:59:42:75:f4:69:0e:90:45:
         cb:b5:c7:47:cb:d9:d8:35:e2:c4:5c:a2:42:b8:73:17:be:a6:
         23:59:ff:92:a6:5e:46:fb:ca:fa:5e:49:76:f5:66:e2:19:b1:
         89:eb:57:37:23:6e:c4:4c:00:b2:80:55:24:53:bb:62:53:d0:
         dd:4b:4c:aa:54:99:20:1b:2c:c4:5f:73:82:79:51:10:d0:4a:
         6d:ae:70:0f:9e:f2:98:01:58:e9:d5:d8:c5:47:67:fe:44:66:
         4f:7b:bb:1f:18:ad:5c:d8:be:72:78:35:54:d8:c3:50:91:57:
         70:13:2f:f6:45:64:be:1d:b2:15:91:f4:09:05:c5:21:93:4a:
         b8:6a:f8:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSNS1RNBZbc0wpmATHB7sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NWExMmEwZTczNDgyZDk5MzI2MDU5OGEyNWM4ZjVhNWM0
OWQyMDEwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzRjMmIxMjg1NTQ1ZTJlZjFjNThkMDRkM2NlNmYxODEyYTVkOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk8EMk478CnwJmvRR11Hr3GcCd4C
KN2JLognkxxL8WLi2E/+LMGECiMmu7ZMRqqlv7LSlKQCFxjx47zAcC5Pzom6qtOT
Y1YY1lOVJ1carRFO7ZfxU5zyf6praza9Ys9TUz/wDHQLGhNe3E+iz3FXKj+AsBb4
XcgKtk2dGtyOG2zYR1pIVxAtZ+nwe4EbKW+7/Qp+BLTY0n3CZwaGJsN3//UhGVkn
8NLr66i/K8wj1sioivMCzcRDtsw/jmpJx/hB/pfeAuoqtKbRxidrJGVwDJGUoeGs
ZR5rkqVI+T0pIvmiCj/p5mXmOpG0GZ0IZo0BrOL/EfwTW2B0Wd3XoWKGOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLxMKxKFVF4u8cWNBNPObxgSpdkKMB8GA1UdIwQY
MBaAFBlaEqDnNILZkyYFmKJcj1pcSdIBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1ZvU29PYzBndG1USmdXWW9seVBXbHhKMGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8wYzE0ZjQtOWE0Ny00YTVhLWEzN2Qt
ZjM1NTVkZGYyODBhLzEvdkV3ckVvVlVYaTd4eFkwRTA4NXZHQktsMlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8wYzE0ZjQtOWE0Ny00YTVhLWEzN2QtZjM1NTVkZGYyODBh
LzEvR1ZvU29PYzBndG1USmdXWW9seVBXbHhKMGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgO8QDAN
BgkqhkiG9w0BAQsFAAOCAQEAewGeomFAQ4a14JohhDkkzFbVfQpsy1NQqG+Lj8kk
la2dgXfzE+4vduPzsRBIsyaSMV3NFxonSKYpP1a7dE6xVnNPaqlZfQQwcClfQyov
khYnrJ+gZsZ38vyODWlXQi5gPVqjZcaRJVYU0Az2qKL7b2l7UnXG01lCdfRpDpBF
y7XHR8vZ2DXixFyiQrhzF76mI1n/kqZeRvvK+l5JdvVm4hmxietXNyNuxEwAsoBV
JFO7YlPQ3UtMqlSZIBssxF9zgnlRENBKba5wD57ymAFY6dXYxUdn/kRmT3u7Hxit
XNi+cng1VNjDUJFXcBMv9kVkvh2yFZH0CQXFIZNKuGr4Lw==
-----END CERTIFICATE-----