Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/eVNME-rLzHpKa_qxyuFvpUBpOqQ.roa
File:                     eVNME-rLzHpKa_qxyuFvpUBpOqQ.roa (raw, json)
Hash identifier:          6q5Rvao+/9whENJg9YFXMF2joQfoe5yQ78JUKcjjyS0=
Subject key identifier:   79:53:4C:13:EA:CB:CC:7A:4A:6B:FA:B1:CA:E1:6F:A5:40:69:3A:A4
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B49760FF19AB8DDEE2F89D7FE0BA9
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/eVNME-rLzHpKa_qxyuFvpUBpOqQ.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        2a02:1140:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:49:76:0f:f1:9a:b8:dd:ee:2f:89:d7:fe:0b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79534c13eacbcc7a4a6bfab1cae16fa540693aa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e5:96:78:89:ee:ba:23:f9:19:eb:47:52:4e:
                    9a:88:1b:84:ef:78:50:22:f1:40:50:1d:90:ee:cd:
                    2e:83:d6:a5:a8:7b:a7:41:5c:a2:a3:0d:74:73:d1:
                    7e:b8:c1:13:52:a4:7b:16:e1:f3:86:7e:33:de:b4:
                    cd:f7:b4:06:21:b3:ff:ca:92:db:2f:43:cd:46:62:
                    d5:22:e1:1a:b3:cb:0a:aa:ac:4d:c7:01:36:cb:63:
                    e8:64:2a:77:0f:20:ce:ec:82:a8:d1:a0:16:69:2a:
                    a8:44:f5:22:22:e1:53:09:f2:73:22:73:3b:13:3d:
                    15:90:96:e4:70:41:9c:bc:21:a1:6c:61:5a:b1:3e:
                    77:fc:33:02:46:a3:e7:c7:00:8a:30:ab:c8:54:c4:
                    1b:3c:b8:3c:de:fb:c3:41:d8:fd:4d:68:33:86:25:
                    db:15:5e:67:fd:02:c8:94:84:80:4a:ac:a4:58:05:
                    81:da:2a:2c:87:8e:6b:ab:3d:46:d7:fb:b3:87:45:
                    1b:73:a3:90:71:01:33:b1:53:8c:82:6f:12:f4:3e:
                    61:66:34:56:59:5d:7f:b8:0e:da:48:a1:22:72:b5:
                    7c:d2:b6:08:05:ea:b0:eb:b9:6d:c5:12:4c:7c:e3:
                    7a:da:f0:ac:67:a6:a2:ec:bb:90:27:1e:71:b3:89:
                    df:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:53:4C:13:EA:CB:CC:7A:4A:6B:FA:B1:CA:E1:6F:A5:40:69:3A:A4
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/eVNME-rLzHpKa_qxyuFvpUBpOqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1140:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         d9:4e:46:11:56:8e:53:0e:05:a2:50:d9:cf:9f:3c:93:28:2f:
         18:84:bc:4d:5f:0f:4d:e3:1d:2e:77:ab:96:c7:b6:d9:03:a6:
         2a:a3:b5:c8:dc:5d:ca:ed:3c:af:f0:37:3d:c6:8d:d4:67:45:
         4c:ac:50:30:e7:54:d9:88:04:aa:27:42:19:b0:97:53:1c:e3:
         01:15:22:b8:f2:00:a9:41:de:38:4d:ff:0a:3e:32:7d:84:7d:
         87:d3:e8:9c:d1:f2:c6:de:25:77:37:00:ee:aa:7b:b7:ce:a1:
         4e:d8:c6:f2:75:92:31:96:7e:e6:15:69:da:8d:6e:ed:73:9f:
         87:64:0e:58:04:ac:b5:52:27:93:77:11:54:03:16:8f:88:02:
         fa:21:b9:2b:0a:28:78:02:66:c5:a5:52:95:e4:76:44:9e:f4:
         2c:ef:af:dc:ae:a0:9a:76:d4:38:39:07:6f:97:52:42:4a:0f:
         de:17:e9:1e:4c:6b:aa:d6:7b:95:97:b1:df:90:c2:c0:e2:50:
         19:18:f1:e3:c5:34:0e:fe:63:11:78:b3:c1:7c:1e:f0:1b:80:
         21:24:79:67:df:f1:fc:c8:f2:b0:f2:9d:52:58:52:1c:56:a5:
         99:82:d4:29:f4:50:b0:d7:da:c1:24:1c:47:e5:29:7f:b2:f3:
         52:e6:28:a0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS0l2D/GauN3uL4nX/gupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTUzNGMxM2VhY2JjYzdhNGE2YmZhYjFjYWUxNmZhNTQwNjkzYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+WWeInuuiP5GetHUk6aiBuE73hQ
IvFAUB2Q7s0ug9alqHunQVyiow10c9F+uMETUqR7FuHzhn4z3rTN97QGIbP/ypLb
L0PNRmLVIuEas8sKqqxNxwE2y2PoZCp3DyDO7IKo0aAWaSqoRPUiIuFTCfJzInM7
Ez0VkJbkcEGcvCGhbGFasT53/DMCRqPnxwCKMKvIVMQbPLg83vvDQdj9TWgzhiXb
FV5n/QLIlISASqykWAWB2iosh45rqz1G1/uzh0Ubc6OQcQEzsVOMgm8S9D5hZjRW
WV1/uA7aSKEicrV80rYIBeqw67ltxRJMfON62vCsZ6ai7LuQJx5xs4nfCQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHlTTBPqy8x6Smv6scrhb6VAaTqkMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvZVZOTUUtckx6SHBLYV9xeHl1RnZwVUJwT3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIRQAIw
DQYJKoZIhvcNAQELBQADggEBANlORhFWjlMOBaJQ2c+fPJMoLxiEvE1fD03jHS53
q5bHttkDpiqjtcjcXcrtPK/wNz3GjdRnRUysUDDnVNmIBKonQhmwl1Mc4wEVIrjy
AKlB3jhN/wo+Mn2EfYfT6JzR8sbeJXc3AO6qe7fOoU7YxvJ1kjGWfuYVadqNbu1z
n4dkDlgErLVSJ5N3EVQDFo+IAvohuSsKKHgCZsWlUpXkdkSe9Czvr9yuoJp21Dg5
B2+XUkJKD94X6R5Ma6rWe5WXsd+QwsDiUBkY8ePFNA7+YxF4s8F8HvAbgCEkeWff
8fzI8rDynVJYUhxWpZmC1Cn0ULDX2sEkHEflKX+y81LmKKA=
-----END CERTIFICATE-----