Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/veH7GmEgAoaDKG1BlOosMAZJsNM.roa
File:                     veH7GmEgAoaDKG1BlOosMAZJsNM.roa (raw, json)
Hash identifier:          GVwI3Op4vSDGzI1fDb9BLXkPxL50JFnR6avRvF27fZA=
Subject key identifier:   BD:E1:FB:1A:61:20:02:86:83:28:6D:41:94:EA:2C:30:06:49:B0:D3
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       018CCA2ADEA8D305AFCE604DFAB57832F17C
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/veH7GmEgAoaDKG1BlOosMAZJsNM.roa
Signing time:             Tue 02 Jan 2024 12:34:16 +0000
ROA not before:           Tue 02 Jan 2024 12:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212972
IP address blocks:        2a0e:e704:43::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:de:a8:d3:05:af:ce:60:4d:fa:b5:78:32:f1:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  2 12:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bde1fb1a6120028683286d4194ea2c300649b0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0c:90:57:a9:b1:49:e0:f9:0e:e4:62:74:72:
                    1b:e5:1d:b9:5c:31:29:9b:6f:65:95:8f:35:87:ce:
                    84:5c:71:4f:6d:44:35:0e:51:b4:87:97:d2:5b:f9:
                    fe:0d:af:1c:30:f6:d8:82:a7:ea:8e:32:93:50:77:
                    dd:06:24:fb:be:4b:ae:be:09:07:52:b6:c3:83:38:
                    59:c2:3f:f4:7c:31:c0:b3:ec:a3:9d:22:1d:dc:1c:
                    9e:a3:80:c0:9c:0c:35:49:8a:60:b2:e6:e8:df:59:
                    2b:91:bf:1a:b4:c4:ba:f9:8d:3a:7a:9d:8b:29:54:
                    46:a6:67:5e:3a:42:10:46:53:42:05:b7:3c:1b:61:
                    19:fe:52:d9:73:2a:59:9d:d9:21:9a:45:78:ef:93:
                    97:42:20:27:9a:fe:ae:92:13:99:30:34:66:45:42:
                    9e:7f:5a:9d:f0:0d:1b:08:a9:34:c0:72:c2:ee:db:
                    12:97:3d:11:39:23:cb:28:4a:de:d0:43:c9:65:04:
                    08:74:c9:31:45:62:8e:65:e3:8f:b5:82:4d:25:a8:
                    41:ed:49:9d:72:a9:48:f6:fa:81:46:c2:35:01:74:
                    24:80:3d:d9:81:22:91:10:ed:65:d6:4d:35:ed:08:
                    bd:1c:f2:23:ff:2c:37:5d:06:d1:42:8c:4f:94:90:
                    21:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E1:FB:1A:61:20:02:86:83:28:6D:41:94:EA:2C:30:06:49:B0:D3
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/veH7GmEgAoaDKG1BlOosMAZJsNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:43::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:f8:7d:01:ea:1b:6a:25:9d:1d:6e:44:1a:d3:e2:03:0d:54:
         00:0c:92:21:5b:90:0f:e2:f1:1c:c2:2c:4f:a5:af:29:f1:ff:
         f0:3f:b1:3e:b7:6c:3b:a9:7a:0e:eb:e3:91:24:30:7f:ee:80:
         61:e1:7b:fb:df:b4:12:a6:73:a0:ad:1e:9a:56:3d:46:bb:52:
         3e:63:96:e8:1d:dd:26:42:11:92:52:5b:4e:f3:71:a0:95:56:
         bb:87:35:ec:59:3f:c2:0b:ec:f5:17:df:a8:31:67:db:5a:0e:
         36:77:1d:ee:6f:4f:7a:49:e6:d6:67:e9:0e:4a:ca:d8:e7:ed:
         f4:8b:65:f3:99:42:73:b2:69:19:ce:91:38:21:6f:99:34:81:
         c8:dd:c7:70:76:17:af:d6:76:39:32:07:86:04:52:ff:ea:2d:
         8e:31:a3:36:a7:f7:93:a0:b3:26:fb:d5:f1:a1:dc:d8:75:ab:
         c7:7a:b0:15:5d:e9:05:61:32:5a:1a:79:42:3a:f4:f6:76:ac:
         f4:5b:3c:23:68:b7:78:68:9c:6d:71:71:d6:05:cd:1e:1e:1c:
         65:7c:99:f5:d5:b6:47:cd:36:96:81:4e:62:f3:d5:2a:cf:df:
         f4:82:40:b1:aa:be:b0:c1:d1:7d:c9:f3:07:7f:2b:9b:ed:ad:
         39:6f:9e:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKt6o0wWvzmBN+rV4MvF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjQwMTAyMTIzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGUxZmIxYTYxMjAwMjg2ODMyODZkNDE5NGVhMmMzMDA2NDliMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwyQV6mxSeD5DuRidHIb5R25XDEp
m29llY81h86EXHFPbUQ1DlG0h5fSW/n+Da8cMPbYgqfqjjKTUHfdBiT7vkuuvgkH
UrbDgzhZwj/0fDHAs+yjnSId3Byeo4DAnAw1SYpgsubo31krkb8atMS6+Y06ep2L
KVRGpmdeOkIQRlNCBbc8G2EZ/lLZcypZndkhmkV475OXQiAnmv6ukhOZMDRmRUKe
f1qd8A0bCKk0wHLC7tsSlz0ROSPLKEre0EPJZQQIdMkxRWKOZeOPtYJNJahB7Umd
cqlI9vqBRsI1AXQkgD3ZgSKREO1l1k017Qi9HPIj/yw3XQbRQoxPlJAh2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL3h+xphIAKGgyhtQZTqLDAGSbDTMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvdmVIN0dtRWdBb2FES0cxQmxPb3NNQVpKc05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABD
MA0GCSqGSIb3DQEBCwUAA4IBAQAV+H0B6htqJZ0dbkQa0+IDDVQADJIhW5AP4vEc
wixPpa8p8f/wP7E+t2w7qXoO6+ORJDB/7oBh4Xv737QSpnOgrR6aVj1Gu1I+Y5bo
Hd0mQhGSUltO83GglVa7hzXsWT/CC+z1F9+oMWfbWg42dx3ub096SebWZ+kOSsrY
5+30i2XzmUJzsmkZzpE4IW+ZNIHI3cdwdhev1nY5MgeGBFL/6i2OMaM2p/eToLMm
+9XxodzYdavHerAVXekFYTJaGnlCOvT2dqz0WzwjaLd4aJxtcXHWBc0eHhxlfJn1
1bZHzTaWgU5i89Uqz9/0gkCxqr6wwdF9yfMHfyub7a05b560
-----END CERTIFICATE-----