Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/VeKC6pKrzOdNAMHzi6N5KgqGHFc.roa
File:                     VeKC6pKrzOdNAMHzi6N5KgqGHFc.roa (raw, json)
Hash identifier:          ilCt7CJetrrQsb3NNHDWl7najJbd432UHkpFHIgP1Q4=
Subject key identifier:   55:E2:82:EA:92:AB:CC:E7:4D:00:C1:F3:8B:A3:79:2A:0A:86:1C:57
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948F752F3E34A1C3570283547C37F9
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/VeKC6pKrzOdNAMHzi6N5KgqGHFc.roa
Signing time:             Tue 02 Jan 2024 00:30:51 +0000
ROA not before:           Tue 02 Jan 2024 00:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210743
IP address blocks:        2a10:6380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8f:75:2f:3e:34:a1:c3:57:02:83:54:7c:37:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55e282ea92abcce74d00c1f38ba3792a0a861c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:00:cb:01:e8:fa:6a:69:1d:33:09:90:e1:58:
                    c5:9a:c3:f3:16:50:82:3f:ab:2f:7a:4f:01:df:88:
                    68:d0:58:4f:e2:9f:05:57:65:12:88:c3:f1:17:79:
                    0f:13:62:31:b7:6e:1e:6f:f1:20:c0:a2:19:88:92:
                    4c:f4:3d:b4:34:10:43:8c:de:5d:99:19:40:92:1e:
                    a7:ab:b1:1c:f9:e3:9d:13:05:7d:3e:48:e1:7a:69:
                    32:04:85:e6:5d:87:56:63:0c:29:39:9a:43:13:38:
                    cd:4b:5e:6a:2e:d4:59:7a:15:c8:95:8f:e3:56:7a:
                    e1:ad:d2:f2:84:58:7e:f1:e4:e7:f0:fd:db:fe:6e:
                    4c:45:a3:84:ca:de:77:4f:29:ab:7a:5e:2b:cd:90:
                    65:ea:ef:02:8f:4c:08:9a:41:ca:a6:cb:dd:40:aa:
                    3f:c3:a7:ab:c6:85:47:4a:9e:14:dc:ba:fc:cd:f4:
                    a2:98:ce:24:bb:42:4a:6b:d0:ee:9a:f5:fc:21:66:
                    c8:8c:d9:63:11:94:28:30:e7:cf:ee:62:bd:dd:36:
                    0a:b5:38:02:2b:d5:bb:55:64:e4:c3:93:9c:ea:0f:
                    3c:fb:ff:13:9e:ed:00:7e:47:71:e4:cb:8c:cc:d0:
                    cd:24:f6:30:d3:9b:11:8e:c2:66:ac:6b:96:cf:c3:
                    4e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:E2:82:EA:92:AB:CC:E7:4D:00:C1:F3:8B:A3:79:2A:0A:86:1C:57
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/VeKC6pKrzOdNAMHzi6N5KgqGHFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:36:6a:97:98:90:83:57:46:15:5c:ee:8e:16:5c:20:d8:35:
         29:a4:7b:d9:1a:ba:55:47:5f:e4:26:05:3b:48:2a:74:62:2b:
         f4:43:26:71:be:3c:3f:1d:ca:d3:32:8b:20:d1:21:57:ff:6b:
         90:3f:11:b1:4e:0f:3e:ac:fc:fd:d9:0a:20:50:e5:61:9a:4d:
         e9:36:7b:3c:cf:86:cb:ab:4e:31:27:f9:43:81:68:16:5e:f3:
         5a:8e:85:61:ce:63:42:66:c3:9b:2d:26:2d:1e:33:2b:84:6b:
         22:ca:ff:82:60:6f:da:67:a5:33:1f:97:b7:32:f3:df:a0:09:
         64:39:90:2b:f0:86:d4:d2:ea:cc:08:ac:3f:c4:2c:d2:3a:0c:
         8f:e1:8a:9e:73:47:0d:8b:3b:eb:94:ec:70:f3:b7:ed:c8:54:
         6e:3b:35:53:71:e6:a7:a8:65:3b:41:23:0d:21:51:8d:52:7c:
         c9:5d:bf:86:67:2b:37:5f:55:d9:7c:db:60:a2:be:dd:25:2d:
         9d:40:1c:80:99:e2:b8:b9:9c:cc:f4:21:d8:2b:d4:26:bc:e0:
         90:15:7f:0d:a6:c4:06:21:13:cc:89:4b:7d:9d:bf:2f:e0:91:
         c2:99:9f:9f:00:2e:d4:48:4a:f6:b2:c5:ab:b4:57:b8:61:d8:
         1c:e3:6e:75
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlI91Lz40ocNXAoNUfDf5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWUyODJlYTkyYWJjY2U3NGQwMGMxZjM4YmEzNzkyYTBhODYxYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkADLAej6amkdMwmQ4VjFmsPzFlCC
P6svek8B34ho0FhP4p8FV2USiMPxF3kPE2Ixt24eb/EgwKIZiJJM9D20NBBDjN5d
mRlAkh6nq7Ec+eOdEwV9PkjhemkyBIXmXYdWYwwpOZpDEzjNS15qLtRZehXIlY/j
VnrhrdLyhFh+8eTn8P3b/m5MRaOEyt53Tymrel4rzZBl6u8Cj0wImkHKpsvdQKo/
w6erxoVHSp4U3Lr8zfSimM4ku0JKa9DumvX8IWbIjNljEZQoMOfP7mK93TYKtTgC
K9W7VWTkw5Oc6g88+/8Tnu0Afkdx5MuMzNDNJPYw05sRjsJmrGuWz8NO3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFXiguqSq8znTQDB84ujeSoKhhxXMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvVmVLQzZwS3J6T2ROQU1Iemk2TjVLZ3FHSEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBjgDAN
BgkqhkiG9w0BAQsFAAOCAQEASTZql5iQg1dGFVzujhZcINg1KaR72Rq6VUdf5CYF
O0gqdGIr9EMmcb48Px3K0zKLINEhV/9rkD8RsU4PPqz8/dkKIFDlYZpN6TZ7PM+G
y6tOMSf5Q4FoFl7zWo6FYc5jQmbDmy0mLR4zK4RrIsr/gmBv2melMx+XtzLz36AJ
ZDmQK/CG1NLqzAisP8Qs0joMj+GKnnNHDYs765TscPO37chUbjs1U3Hmp6hlO0Ej
DSFRjVJ8yV2/hmcrN19V2XzbYKK+3SUtnUAcgJniuLmczPQh2CvUJrzgkBV/DabE
BiETzIlLfZ2/L+CRwpmfnwAu1EhK9rLFq7RXuGHYHONudQ==
-----END CERTIFICATE-----