Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/9eb346-7b07-4108-9fb0-d7270905e923/1/ve_3KWddJE6k8nkIEUTlcgZgLcQ.roa
File:                     ve_3KWddJE6k8nkIEUTlcgZgLcQ.roa (raw, json)
Hash identifier:          zpMQEjxwRrn410jALjz4Jub/x663L8d9Ywwr6xfsMiY=
Subject key identifier:   BD:EF:F7:29:67:5D:24:4E:A4:F2:79:08:11:44:E5:72:06:60:2D:C4
Certificate issuer:       /CN=03ea508a85bc73a9aaa203a8a7baf9c162e6f36c
Certificate serial:       018CC72773A961388E49FF75333328529258
Authority key identifier: 03:EA:50:8A:85:BC:73:A9:AA:A2:03:A8:A7:BA:F9:C1:62:E6:F3:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A-pQioW8c6mqogOop7r5wWLm82w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/9eb346-7b07-4108-9fb0-d7270905e923/1/ve_3KWddJE6k8nkIEUTlcgZgLcQ.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        185.55.100.0/22 maxlen: 22
                          185.55.100.0/23 maxlen: 23
                          185.55.102.0/23 maxlen: 23
                          2a01:8e20::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/9eb346-7b07-4108-9fb0-d7270905e923/1/A-pQioW8c6mqogOop7r5wWLm82w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/9eb346-7b07-4108-9fb0-d7270905e923/1/A-pQioW8c6mqogOop7r5wWLm82w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A-pQioW8c6mqogOop7r5wWLm82w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:73:a9:61:38:8e:49:ff:75:33:33:28:52:92:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03ea508a85bc73a9aaa203a8a7baf9c162e6f36c
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdeff729675d244ea4f279081144e57206602dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c8:28:1e:d8:aa:1d:97:31:b5:35:0a:b9:5f:
                    26:d1:2c:8a:c1:a5:8b:bd:2c:b6:90:b5:71:7f:9a:
                    b6:3e:0b:9a:82:69:98:df:c9:22:36:e4:ab:fb:39:
                    3e:f8:b3:d5:d7:74:a8:1f:d2:f2:80:fb:21:b3:90:
                    96:d0:3d:ec:dc:e5:2a:be:2a:53:5b:b1:38:7d:6a:
                    0e:3a:ba:5e:63:2a:19:79:47:7e:5b:e0:1b:a6:d9:
                    0b:5f:1c:78:93:0b:74:50:e5:98:18:bb:c5:e8:ed:
                    26:58:6d:f8:de:0f:d5:59:cd:5f:d1:59:78:68:66:
                    98:6f:e7:82:8c:d2:66:dc:64:a5:ec:be:64:24:2e:
                    02:e1:5e:17:9f:8c:f7:9c:66:f6:c3:88:91:56:9e:
                    0b:c1:97:72:e9:2f:0c:f4:e3:08:d3:8c:c0:91:16:
                    4b:9b:68:3b:36:1d:de:58:be:93:66:82:90:48:56:
                    8e:59:0a:10:c6:91:da:13:3d:4f:b4:d0:4d:cc:91:
                    8d:cb:36:03:42:3e:df:0d:3d:31:29:85:af:a0:63:
                    10:c1:4c:27:0f:ac:b6:e2:96:9d:be:49:00:8e:6b:
                    39:19:aa:68:7c:c2:30:a6:a9:c6:09:05:30:cd:28:
                    8f:ab:ab:c3:37:2f:ac:f8:c0:63:85:e7:a3:8f:e7:
                    9e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:EF:F7:29:67:5D:24:4E:A4:F2:79:08:11:44:E5:72:06:60:2D:C4
            X509v3 Authority Key Identifier:
                keyid:03:EA:50:8A:85:BC:73:A9:AA:A2:03:A8:A7:BA:F9:C1:62:E6:F3:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A-pQioW8c6mqogOop7r5wWLm82w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9eb346-7b07-4108-9fb0-d7270905e923/1/ve_3KWddJE6k8nkIEUTlcgZgLcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/9eb346-7b07-4108-9fb0-d7270905e923/1/A-pQioW8c6mqogOop7r5wWLm82w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.100.0/22
                IPv6:
                  2a01:8e20::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:fc:bc:79:d7:e3:d3:72:84:2a:e8:ac:52:e6:bc:d3:e1:c4:
         f7:62:84:36:7e:7f:63:25:59:a9:b1:93:c5:37:7d:d1:6f:a9:
         e2:07:d6:a8:a7:f6:06:f8:8a:c1:b4:67:9e:25:f3:67:05:ff:
         52:0d:bc:f3:a7:e5:17:ff:66:c7:8d:de:f5:39:84:b1:fc:8f:
         f2:67:fc:97:c8:b8:bb:08:af:18:e7:eb:77:69:45:33:b0:b8:
         2b:fd:89:b7:ac:91:00:db:22:fa:18:24:b9:91:6d:b5:8a:fb:
         ad:7d:c2:9b:ad:94:d3:35:2b:45:53:ac:b8:5e:b3:f3:9f:fd:
         d9:e8:a1:14:32:94:75:34:7d:5d:0d:bc:cb:b9:27:4a:97:9e:
         2d:be:84:31:a2:c8:9b:57:04:81:30:b1:ca:a3:9b:19:de:b4:
         10:bc:6b:eb:15:04:e2:21:f7:5a:c2:83:f5:34:af:e8:cc:2e:
         8f:7d:58:19:cd:94:c0:c7:2b:d8:6a:6e:be:dc:9c:eb:ec:17:
         b8:57:d3:8d:24:54:d1:f1:78:aa:d6:58:8a:f6:33:fa:08:d3:
         d7:23:02:96:e3:ac:1c:01:59:e5:b9:d3:11:8b:82:14:df:7e:
         d0:80:86:ec:e6:36:45:f3:6d:f4:fa:a7:76:4f:4b:b9:c5:b0:
         f2:df:4c:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJ3OpYTiOSf91MzMoUpJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZWE1MDhhODViYzczYTlhYWEyMDNhOGE3YmFmOWMxNjJl
NmYzNmMwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGVmZjcyOTY3NWQyNDRlYTRmMjc5MDgxMTQ0ZTU3MjA2NjAyZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8goHtiqHZcxtTUKuV8m0SyKwaWL
vSy2kLVxf5q2PguagmmY38kiNuSr+zk++LPV13SoH9LygPshs5CW0D3s3OUqvipT
W7E4fWoOOrpeYyoZeUd+W+AbptkLXxx4kwt0UOWYGLvF6O0mWG343g/VWc1f0Vl4
aGaYb+eCjNJm3GSl7L5kJC4C4V4Xn4z3nGb2w4iRVp4LwZdy6S8M9OMI04zAkRZL
m2g7Nh3eWL6TZoKQSFaOWQoQxpHaEz1PtNBNzJGNyzYDQj7fDT0xKYWvoGMQwUwn
D6y24padvkkAjms5GapofMIwpqnGCQUwzSiPq6vDNy+s+MBjheejj+eemQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL3v9ylnXSROpPJ5CBFE5XIGYC3EMB8GA1UdIwQY
MBaAFAPqUIqFvHOpqqIDqKe6+cFi5vNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQS1wUWlvVzhjNm1xb2dPb3A3cjV3V0xtODJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85ZWIzNDYtN2IwNy00MTA4LTlmYjAt
ZDcyNzA5MDVlOTIzLzEvdmVfM0tXZGRKRTZrOG5rSUVVVGxjZ1pnTGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85ZWIzNDYtN2IwNy00MTA4LTlmYjAtZDcyNzA5MDVlOTIz
LzEvQS1wUWlvVzhjNm1xb2dPb3A3cjV3V0xtODJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTdkMA0E
AgACMAcDBQAqAY4gMA0GCSqGSIb3DQEBCwUAA4IBAQAZ/Lx51+PTcoQq6KxS5rzT
4cT3YoQ2fn9jJVmpsZPFN33Rb6niB9aop/YG+IrBtGeeJfNnBf9SDbzzp+UX/2bH
jd71OYSx/I/yZ/yXyLi7CK8Y5+t3aUUzsLgr/Ym3rJEA2yL6GCS5kW21ivutfcKb
rZTTNStFU6y4XrPzn/3Z6KEUMpR1NH1dDbzLuSdKl54tvoQxosibVwSBMLHKo5sZ
3rQQvGvrFQTiIfdawoP1NK/ozC6PfVgZzZTAxyvYam6+3Jzr7Be4V9ONJFTR8Xiq
1liK9jP6CNPXIwKW46wcAVnludMRi4IU337QgIbs5jZF8230+qd2T0u5xbDy30wl
-----END CERTIFICATE-----