Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/vewgHkmjIleJA0Grt4UW-DpORdU.roa
File:                     vewgHkmjIleJA0Grt4UW-DpORdU.roa (raw, json)
Hash identifier:          cpsmMoRvTDO+rP2QrFIkbfSw5BJ/3QfwV2AUUgzRAhk=
Subject key identifier:   BD:EC:20:1E:49:A3:22:57:89:03:41:AB:B7:85:16:F8:3A:4E:45:D5
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B695BE9FFDD537E65A2FEF2F8F89E
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/vewgHkmjIleJA0Grt4UW-DpORdU.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213326
IP address blocks:        2a0e:46c4:2c00::/44 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:5b:e9:ff:dd:53:7e:65:a2:fe:f2:f8:f8:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdec201e49a32257890341abb78516f83a4e45d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:19:06:39:32:ec:61:b4:32:6f:3e:58:f0:73:
                    af:82:f0:16:94:e4:97:ee:84:c1:32:9c:92:7b:dd:
                    6f:16:ab:15:dc:41:3c:2f:89:9a:26:06:1d:9b:ff:
                    c4:32:67:04:ee:0a:bc:81:f4:fa:b3:2d:4d:9c:19:
                    b7:37:97:5a:d1:ef:c5:97:a1:ea:45:3c:19:33:49:
                    d2:01:a7:84:72:88:2e:c7:f6:b1:57:f8:6c:30:72:
                    8e:6f:35:8f:c9:b9:bd:6d:9d:41:31:fe:7f:7d:51:
                    58:06:1a:0e:62:bc:c6:ee:c8:d1:a2:49:c5:c1:5f:
                    42:0d:0a:af:e8:f2:81:a2:8a:44:84:85:77:03:7e:
                    eb:f3:8e:29:89:35:da:d5:4a:6b:b5:50:b8:ab:c4:
                    67:b2:d8:40:91:f1:08:9a:b8:c7:8c:84:74:af:6c:
                    24:42:2c:df:2b:f1:8e:6e:0c:27:53:ac:7f:3b:4a:
                    e1:66:2a:f8:8a:88:0d:60:4a:4b:9b:93:36:4c:3e:
                    a1:84:36:10:37:f1:d3:1a:38:94:6b:b7:3a:7c:be:
                    31:3b:6b:48:69:e4:d5:eb:b9:bf:13:b8:64:22:2a:
                    d3:f4:3a:58:b4:47:a3:3f:86:63:f6:14:37:ee:18:
                    70:2e:44:61:a4:d7:94:b9:f0:67:18:76:c5:d0:78:
                    a8:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EC:20:1E:49:A3:22:57:89:03:41:AB:B7:85:16:F8:3A:4E:45:D5
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/vewgHkmjIleJA0Grt4UW-DpORdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         2c:03:ae:d4:83:ef:39:06:b4:7f:ec:ed:7b:9f:60:da:be:21:
         4d:5c:b4:54:ba:6d:e3:39:af:41:a4:e7:cc:fd:f4:15:a5:37:
         ef:ba:df:74:a2:5f:38:80:a2:d1:0d:1d:e9:a0:a4:a4:3f:db:
         55:4f:44:cf:ad:fb:af:05:77:ba:2a:2f:66:1c:61:f0:fc:89:
         db:86:96:1a:32:cc:36:fa:e8:22:25:ac:a1:6d:de:8a:d0:49:
         6f:0f:93:d9:58:dc:c2:07:9d:ee:65:d7:8f:68:e8:8e:61:83:
         23:e9:75:e5:ab:d8:c7:0e:8e:4b:9d:2b:c3:0d:d4:82:e8:7d:
         2b:06:05:3a:c1:74:eb:55:c0:0c:c5:f5:d8:d6:7d:28:b7:3d:
         38:f8:ca:bf:8d:70:d0:04:4d:ec:a5:3b:50:ea:2c:ab:cf:e8:
         c9:f0:ce:bf:39:e6:7a:69:b5:6f:88:5d:da:7b:88:cc:f2:cf:
         e6:64:be:11:c8:c9:2b:ac:b7:d3:8a:a8:f1:42:c1:b1:12:ff:
         b1:b3:79:71:30:ab:2c:27:06:fa:c8:69:2d:a8:48:19:a7:bb:
         72:3d:d8:86:1b:d9:3f:5c:de:12:3a:b8:2f:8e:7e:35:66:10:
         a1:1b:b3:31:7d:7e:c4:bf:92:8b:90:56:77:d6:b5:56:ac:4f:
         bf:9d:f1:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS2lb6f/dU35lov7y+PieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGVjMjAxZTQ5YTMyMjU3ODkwMzQxYWJiNzg1MTZmODNhNGU0NWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxkGOTLsYbQybz5Y8HOvgvAWlOSX
7oTBMpySe91vFqsV3EE8L4maJgYdm//EMmcE7gq8gfT6sy1NnBm3N5da0e/Fl6Hq
RTwZM0nSAaeEcogux/axV/hsMHKObzWPybm9bZ1BMf5/fVFYBhoOYrzG7sjRoknF
wV9CDQqv6PKBoopEhIV3A37r844piTXa1UprtVC4q8RnsthAkfEImrjHjIR0r2wk
QizfK/GObgwnU6x/O0rhZir4iogNYEpLm5M2TD6hhDYQN/HTGjiUa7c6fL4xO2tI
aeTV67m/E7hkIirT9DpYtEejP4Zj9hQ37hhwLkRhpNeUufBnGHbF0HioewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL3sIB5JoyJXiQNBq7eFFvg6TkXVMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvdmV3Z0hrbWpJbGVKQTBHcnQ0VVctRHBPUmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg5GxCwA
MA0GCSqGSIb3DQEBCwUAA4IBAQAsA67Ug+85BrR/7O17n2DaviFNXLRUum3jOa9B
pOfM/fQVpTfvut90ol84gKLRDR3poKSkP9tVT0TPrfuvBXe6Ki9mHGHw/InbhpYa
Msw2+ugiJayhbd6K0ElvD5PZWNzCB53uZdePaOiOYYMj6XXlq9jHDo5LnSvDDdSC
6H0rBgU6wXTrVcAMxfXY1n0otz04+Mq/jXDQBE3spTtQ6iyrz+jJ8M6/OeZ6abVv
iF3ae4jM8s/mZL4RyMkrrLfTiqjxQsGxEv+xs3lxMKssJwb6yGktqEgZp7tyPdiG
G9k/XN4SOrgvjn41ZhChG7MxfX7Ev5KLkFZ31rVWrE+/nfHu
-----END CERTIFICATE-----