Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/0a60ce-bb37-4337-bf50-5eca36e19f5d/1/VHE-OUvayuM6t5yjqPjGVk-__I4.roa
File:                     VHE-OUvayuM6t5yjqPjGVk-__I4.roa (raw, json)
Hash identifier:          reqJplyvV/1tsBHaUKXQwBNeYkweBnRRRi2UUAYh6Ts=
Subject key identifier:   54:71:3E:39:4B:DA:CA:E3:3A:B7:9C:A3:A8:F8:C6:56:4F:BF:FC:8E
Certificate issuer:       /CN=b02a9af2fc5fe93c43148aacb13c51be904c8e4c
Certificate serial:       019022BA041636231CCA3AC52F0B3776B9E8
Authority key identifier: B0:2A:9A:F2:FC:5F:E9:3C:43:14:8A:AC:B1:3C:51:BE:90:4C:8E:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCqa8vxf6TxDFIqssTxRvpBMjkw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/0a60ce-bb37-4337-bf50-5eca36e19f5d/1/VHE-OUvayuM6t5yjqPjGVk-__I4.roa
Signing time:             Sun 16 Jun 2024 20:25:34 +0000
ROA not before:           Sun 16 Jun 2024 20:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51395
IP address blocks:        2001:67c:500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/0a60ce-bb37-4337-bf50-5eca36e19f5d/1/sCqa8vxf6TxDFIqssTxRvpBMjkw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/0a60ce-bb37-4337-bf50-5eca36e19f5d/1/sCqa8vxf6TxDFIqssTxRvpBMjkw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCqa8vxf6TxDFIqssTxRvpBMjkw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 20:41:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:22:ba:04:16:36:23:1c:ca:3a:c5:2f:0b:37:76:b9:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02a9af2fc5fe93c43148aacb13c51be904c8e4c
        Validity
            Not Before: Jun 16 20:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54713e394bdacae33ab79ca3a8f8c6564fbffc8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:24:ce:ff:88:77:ef:0f:48:51:a2:eb:a3:4c:
                    0b:6d:b8:86:c2:62:9c:61:80:ea:e1:6c:10:de:31:
                    04:7f:03:65:1d:38:de:58:72:5d:aa:74:2c:59:0b:
                    40:52:4b:57:32:b1:01:94:4e:2a:06:6d:ac:f0:28:
                    3f:3f:aa:8e:e1:54:25:0d:26:a6:a7:70:ea:76:76:
                    4a:99:35:23:7e:76:ad:b3:2b:cd:68:ce:2b:df:44:
                    05:0b:53:e8:20:88:25:7b:71:55:08:b0:e0:bf:b0:
                    fd:64:f1:0a:3d:43:8f:a2:7b:2f:cd:4b:cc:74:20:
                    97:1b:18:29:d9:85:78:30:c9:89:5d:2a:b0:bb:35:
                    dc:0d:30:9f:3a:7a:e5:80:d2:6a:c5:fe:73:3c:20:
                    f0:39:a7:b8:29:d8:a9:d5:ec:ef:79:e4:f5:3c:c1:
                    20:c7:3d:9b:81:5c:44:62:a5:90:2b:5f:54:fc:b6:
                    f8:4e:55:28:49:c3:5e:c0:9e:88:3f:30:f4:3a:36:
                    e8:15:4c:46:54:dc:22:3b:41:2b:aa:41:a6:d8:16:
                    2a:66:2a:e3:3b:98:c7:4b:21:27:2a:04:09:d1:f6:
                    76:71:c7:81:81:d3:2b:10:39:14:8d:22:a0:90:c2:
                    43:e9:92:f4:78:d8:1c:e2:05:ee:4b:9f:0f:1f:c1:
                    bc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:71:3E:39:4B:DA:CA:E3:3A:B7:9C:A3:A8:F8:C6:56:4F:BF:FC:8E
            X509v3 Authority Key Identifier:
                keyid:B0:2A:9A:F2:FC:5F:E9:3C:43:14:8A:AC:B1:3C:51:BE:90:4C:8E:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCqa8vxf6TxDFIqssTxRvpBMjkw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/0a60ce-bb37-4337-bf50-5eca36e19f5d/1/VHE-OUvayuM6t5yjqPjGVk-__I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/0a60ce-bb37-4337-bf50-5eca36e19f5d/1/sCqa8vxf6TxDFIqssTxRvpBMjkw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:500::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:4e:6f:9b:b0:8f:6a:72:9e:98:8e:b5:6a:51:86:4c:32:e2:
         cb:f7:e5:9c:ef:31:af:b2:42:37:9c:a9:62:52:8d:b3:ab:56:
         69:c5:d1:d7:55:99:be:cf:60:3b:20:10:fc:fb:43:5e:4e:28:
         e1:fb:7d:39:31:84:98:c5:97:ed:47:2c:4e:e6:77:83:39:39:
         51:d3:41:56:58:18:ae:79:2b:bf:db:96:98:82:fc:d3:a7:ac:
         a9:cb:b1:c4:01:5c:ea:08:24:74:77:9a:3a:be:8b:20:fd:69:
         ed:95:a7:d5:1a:eb:82:84:7c:df:b8:12:af:c7:8d:6d:3c:8a:
         bc:e0:69:66:75:30:a6:fc:f6:3c:42:11:29:bf:38:aa:4a:b2:
         48:f5:1b:7c:e1:4f:62:33:3f:50:b5:80:0d:16:00:f8:4e:25:
         0b:21:25:96:59:0a:9b:a1:6f:54:3a:f3:4f:12:67:e5:ed:5f:
         16:85:0b:24:cf:92:86:d5:ce:13:3a:a0:21:a1:06:14:9a:54:
         5a:5e:ab:03:db:b1:8d:39:01:4f:5b:fd:ef:d1:b2:0c:aa:fb:
         7a:37:f3:8f:b2:8e:a6:52:42:44:c4:95:c5:b0:2e:4f:c1:3f:
         ea:17:ca:94:bf:97:31:fd:bb:a1:56:34:86:3f:c9:fb:3b:a2:
         67:f3:b5:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAiugQWNiMcyjrFLws3drnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmE5YWYyZmM1ZmU5M2M0MzE0OGFhY2IxM2M1MWJlOTA0
YzhlNGMwHhcNMjQwNjE2MjAyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDcxM2UzOTRiZGFjYWUzM2FiNzljYTNhOGY4YzY1NjRmYmZmYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyTO/4h37w9IUaLro0wLbbiGwmKc
YYDq4WwQ3jEEfwNlHTjeWHJdqnQsWQtAUktXMrEBlE4qBm2s8Cg/P6qO4VQlDSam
p3DqdnZKmTUjfnatsyvNaM4r30QFC1PoIIgle3FVCLDgv7D9ZPEKPUOPonsvzUvM
dCCXGxgp2YV4MMmJXSqwuzXcDTCfOnrlgNJqxf5zPCDwOae4Kdip1ezveeT1PMEg
xz2bgVxEYqWQK19U/Lb4TlUoScNewJ6IPzD0OjboFUxGVNwiO0ErqkGm2BYqZirj
O5jHSyEnKgQJ0fZ2cceBgdMrEDkUjSKgkMJD6ZL0eNgc4gXuS58PH8G8fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFRxPjlL2srjOreco6j4xlZPv/yOMB8GA1UdIwQY
MBaAFLAqmvL8X+k8QxSKrLE8Ub6QTI5MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NxYTh2eGY2VHhERklxc3NUeFJ2cEJNamt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8wYTYwY2UtYmIzNy00MzM3LWJmNTAt
NWVjYTM2ZTE5ZjVkLzEvVkhFLU9VdmF5dU02dDV5anFQakdWay1fX0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8wYTYwY2UtYmIzNy00MzM3LWJmNTAtNWVjYTM2ZTE5ZjVk
LzEvc0NxYTh2eGY2VHhERklxc3NUeFJ2cEJNamt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAUA
MA0GCSqGSIb3DQEBCwUAA4IBAQCNTm+bsI9qcp6YjrVqUYZMMuLL9+Wc7zGvskI3
nKliUo2zq1ZpxdHXVZm+z2A7IBD8+0NeTijh+305MYSYxZftRyxO5neDOTlR00FW
WBiueSu/25aYgvzTp6ypy7HEAVzqCCR0d5o6vosg/WntlafVGuuChHzfuBKvx41t
PIq84GlmdTCm/PY8QhEpvziqSrJI9Rt84U9iMz9QtYANFgD4TiULISWWWQqboW9U
OvNPEmfl7V8WhQskz5KG1c4TOqAhoQYUmlRaXqsD27GNOQFPW/3v0bIMqvt6N/OP
so6mUkJExJXFsC5PwT/qF8qUv5cx/buhVjSGP8n7O6Jn87X7
-----END CERTIFICATE-----