Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/aUxnTf9P8U-XBlJcUANSsvlD02Y.roa
File:                     aUxnTf9P8U-XBlJcUANSsvlD02Y.roa (raw, json)
Hash identifier:          yEdSXm8GRXbDR6pYQs6C0Tz4Bd7yPE3rOIb+Hm05IWc=
Subject key identifier:   69:4C:67:4D:FF:4F:F1:4F:97:06:52:5C:50:03:52:B2:F9:43:D3:66
Certificate issuer:       /CN=94447eb3197aa31e7e6849f16af55ab25301fa82
Certificate serial:       01901157A3114446ED1E0E1752CA37DF442E
Authority key identifier: 94:44:7E:B3:19:7A:A3:1E:7E:68:49:F1:6A:F5:5A:B2:53:01:FA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/aUxnTf9P8U-XBlJcUANSsvlD02Y.roa
Signing time:             Thu 13 Jun 2024 11:24:34 +0000
ROA not before:           Thu 13 Jun 2024 11:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215311
IP address blocks:        2a14:4200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:57:a3:11:44:46:ed:1e:0e:17:52:ca:37:df:44:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94447eb3197aa31e7e6849f16af55ab25301fa82
        Validity
            Not Before: Jun 13 11:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=694c674dff4ff14f9706525c500352b2f943d366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:88:c2:c6:7b:f7:f1:33:be:61:d7:07:2f:
                    19:fd:ba:64:d2:2d:1c:c3:01:9f:d9:d3:36:40:4b:
                    ad:8f:7d:c0:86:b0:2b:cf:e3:db:2c:6a:ef:5b:fc:
                    b3:52:a0:ff:c8:12:c9:f6:3b:e9:7f:bd:8a:c7:17:
                    0c:5f:81:98:85:fa:7b:d6:ca:bd:f9:65:8b:22:c5:
                    e1:5a:61:47:3f:f2:c2:a5:0b:0f:21:d0:7e:38:f5:
                    11:84:42:9f:95:94:e5:85:84:5e:eb:2e:dc:7d:82:
                    c2:87:2d:58:66:74:96:0c:79:56:b1:cf:b8:93:8a:
                    59:c1:c4:df:b9:80:29:1f:01:7e:fe:77:99:d9:51:
                    02:6b:d5:98:18:40:46:fb:00:f5:6f:53:38:25:cf:
                    f1:76:10:3a:af:0c:81:15:26:65:4e:cb:c9:97:35:
                    44:5e:09:eb:b8:9d:b7:d2:90:e9:c9:f1:b8:d5:ca:
                    5c:24:a2:09:2b:fa:df:c9:d2:f1:34:97:8c:8f:ce:
                    04:49:6c:96:12:a6:02:bf:87:72:11:01:2f:18:2f:
                    a7:fc:8b:d6:43:77:aa:0d:f8:c4:9f:59:fc:ba:2f:
                    73:12:0a:0b:3c:d6:d3:5b:63:5b:f0:8e:57:ef:ee:
                    2a:71:da:6a:68:e6:fa:f6:86:ee:ff:5b:38:3b:7e:
                    bd:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4C:67:4D:FF:4F:F1:4F:97:06:52:5C:50:03:52:B2:F9:43:D3:66
            X509v3 Authority Key Identifier:
                keyid:94:44:7E:B3:19:7A:A3:1E:7E:68:49:F1:6A:F5:5A:B2:53:01:FA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lER-sxl6ox5-aEnxavVaslMB-oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/aUxnTf9P8U-XBlJcUANSsvlD02Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8d0b05-263f-403a-abf4-238bde0e1ef7/1/lER-sxl6ox5-aEnxavVaslMB-oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4200::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:97:58:59:57:5c:69:f3:45:5e:9f:3d:c1:31:1f:51:c3:70:
         15:79:51:e8:66:df:12:67:d5:80:08:58:af:af:d6:51:49:10:
         02:8f:a9:1a:5f:c9:63:de:cc:98:b7:79:34:2b:43:8e:d4:ba:
         7f:77:50:5f:93:f8:98:2b:db:cd:72:47:4c:53:98:ea:93:f6:
         07:cb:57:39:63:8e:8c:7f:c8:82:47:5e:35:b1:9e:8f:be:57:
         24:24:1a:e5:cb:af:0d:bd:dc:9e:8e:5b:da:4b:ec:8f:45:c9:
         0f:b5:ce:f3:91:85:b1:bc:2d:66:dd:3f:40:85:b8:47:05:92:
         38:83:9e:4c:ca:46:f2:47:cc:7a:f4:9d:05:ad:16:3f:0d:48:
         09:a7:07:f6:a6:d6:a9:52:fe:2d:b2:8c:d8:0f:47:75:47:bd:
         83:90:73:c0:80:90:0c:cf:0e:10:51:34:8f:95:8e:f9:b3:fe:
         f3:f3:d0:d5:4b:bb:c9:2e:0c:91:f8:d9:6a:a2:f8:9f:de:b0:
         99:0e:9e:ed:38:3c:c8:5e:16:22:57:50:ce:ed:b0:c8:60:fd:
         91:d1:56:45:0c:7b:28:9f:dc:7e:08:3f:3c:a3:0c:0e:0b:b3:
         ab:67:b4:90:f0:38:70:bc:f4:28:23:8a:be:30:2a:5f:cc:f4:
         d1:47:97:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZARV6MRREbtHg4XUso330QuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NDQ3ZWIzMTk3YWEzMWU3ZTY4NDlmMTZhZjU1YWIyNTMw
MWZhODIwHhcNMjQwNjEzMTEyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRjNjc0ZGZmNGZmMTRmOTcwNjUyNWM1MDAzNTJiMmY5NDNkMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdGIwsZ79/EzvmHXBy8Z/bpk0i0c
wwGf2dM2QEutj33AhrArz+PbLGrvW/yzUqD/yBLJ9jvpf72KxxcMX4GYhfp71sq9
+WWLIsXhWmFHP/LCpQsPIdB+OPURhEKflZTlhYRe6y7cfYLChy1YZnSWDHlWsc+4
k4pZwcTfuYApHwF+/neZ2VECa9WYGEBG+wD1b1M4Jc/xdhA6rwyBFSZlTsvJlzVE
XgnruJ230pDpyfG41cpcJKIJK/rfydLxNJeMj84ESWyWEqYCv4dyEQEvGC+n/IvW
Q3eqDfjEn1n8ui9zEgoLPNbTW2Nb8I5X7+4qcdpqaOb69obu/1s4O369wQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGlMZ03/T/FPlwZSXFADUrL5Q9NmMB8GA1UdIwQY
MBaAFJREfrMZeqMefmhJ8Wr1WrJTAfqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEVSLXN4bDZveDUtYUVueGF2VmFzbE1CLW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84ZDBiMDUtMjYzZi00MDNhLWFiZjQt
MjM4YmRlMGUxZWY3LzEvYVV4blRmOVA4VS1YQmxKY1VBTlNzdmxEMDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84ZDBiMDUtMjYzZi00MDNhLWFiZjQtMjM4YmRlMGUxZWY3
LzEvbEVSLXN4bDZveDUtYUVueGF2VmFzbE1CLW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRCADAN
BgkqhkiG9w0BAQsFAAOCAQEALZdYWVdcafNFXp89wTEfUcNwFXlR6GbfEmfVgAhY
r6/WUUkQAo+pGl/JY97MmLd5NCtDjtS6f3dQX5P4mCvbzXJHTFOY6pP2B8tXOWOO
jH/IgkdeNbGej75XJCQa5cuvDb3cno5b2kvsj0XJD7XO85GFsbwtZt0/QIW4RwWS
OIOeTMpG8kfMevSdBa0WPw1ICacH9qbWqVL+LbKM2A9HdUe9g5BzwICQDM8OEFE0
j5WO+bP+8/PQ1Uu7yS4MkfjZaqL4n96wmQ6e7Tg8yF4WIldQzu2wyGD9kdFWRQx7
KJ/cfgg/PKMMDguzq2e0kPA4cLz0KCOKvjAqX8z00UeXag==
-----END CERTIFICATE-----