Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/nehY5u1WSId5EG2uWu7zhlJLP_w.roa
File:                     nehY5u1WSId5EG2uWu7zhlJLP_w.roa (raw, json)
Hash identifier:          fdiHKCLqXOxheAO9NierOZz6t03euUV38D/8KsGJMcc=
Subject key identifier:   9D:E8:58:E6:ED:56:48:87:79:10:6D:AE:5A:EE:F3:86:52:4B:3F:FC
Certificate issuer:       /CN=dbecec96a0371a3ae62d7aa6dd7d9e43ac55d025
Certificate serial:       018F43925D0375C1F4B388B61F32BC9FBE07
Authority key identifier: DB:EC:EC:96:A0:37:1A:3A:E6:2D:7A:A6:DD:7D:9E:43:AC:55:D0:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-zslqA3GjrmLXqm3X2eQ6xV0CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/nehY5u1WSId5EG2uWu7zhlJLP_w.roa
Signing time:             Sat 04 May 2024 12:26:56 +0000
ROA not before:           Sat 04 May 2024 12:26:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215273
IP address blocks:        2a14:2640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/2-zslqA3GjrmLXqm3X2eQ6xV0CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/2-zslqA3GjrmLXqm3X2eQ6xV0CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-zslqA3GjrmLXqm3X2eQ6xV0CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:43:92:5d:03:75:c1:f4:b3:88:b6:1f:32:bc:9f:be:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbecec96a0371a3ae62d7aa6dd7d9e43ac55d025
        Validity
            Not Before: May  4 12:26:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9de858e6ed56488779106dae5aeef386524b3ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ad:8b:33:bc:45:98:2a:00:6c:00:50:dc:20:
                    9a:ef:05:cb:9a:57:81:75:04:f4:23:3e:3d:a5:35:
                    aa:8c:92:df:e2:f8:92:59:40:f7:ff:14:28:cc:bd:
                    bd:08:97:a7:3f:40:24:96:dc:08:9e:09:7c:aa:1f:
                    ad:bc:47:82:33:ab:62:fb:a8:d3:03:55:bd:ea:71:
                    bf:06:8c:1f:ca:25:eb:6c:15:bc:a3:56:46:16:3f:
                    40:b0:95:f4:7a:8c:71:c2:f7:9c:52:2c:2f:ba:08:
                    9f:88:d8:37:5b:5a:8c:84:c1:78:40:ef:7f:ba:47:
                    0a:76:f1:55:ba:6f:78:93:29:e2:43:f2:75:3b:16:
                    a2:76:fb:9d:c6:1d:68:b7:08:61:c5:c5:9b:b6:e3:
                    a1:77:73:b3:58:aa:a1:a7:77:12:c1:3a:a7:84:31:
                    c0:21:2a:17:95:9e:c0:01:38:b6:83:f4:44:bf:ec:
                    b4:f4:64:12:f8:8c:ed:8b:25:aa:29:a4:45:44:c9:
                    58:5e:1d:f0:ec:9f:99:6c:25:eb:fb:75:40:fc:41:
                    54:c5:61:6b:a0:90:ba:cd:9d:1f:56:07:a0:d7:28:
                    c4:35:05:b8:0f:2b:78:70:90:bb:a1:ab:46:71:d6:
                    c7:b4:78:ea:c5:73:4f:cc:b9:25:dd:fd:f1:0b:9e:
                    cd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:E8:58:E6:ED:56:48:87:79:10:6D:AE:5A:EE:F3:86:52:4B:3F:FC
            X509v3 Authority Key Identifier:
                keyid:DB:EC:EC:96:A0:37:1A:3A:E6:2D:7A:A6:DD:7D:9E:43:AC:55:D0:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-zslqA3GjrmLXqm3X2eQ6xV0CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/nehY5u1WSId5EG2uWu7zhlJLP_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/134f0c-d911-4887-96b7-a8766520fea2/1/2-zslqA3GjrmLXqm3X2eQ6xV0CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2640::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:b4:9f:ed:fb:4c:51:a6:3e:16:67:ec:31:99:26:dd:81:46:
         99:6d:1a:13:16:4d:84:e5:87:29:72:f5:92:dc:22:73:8e:cf:
         48:a4:fa:cd:fe:71:2c:55:37:55:d7:9c:24:df:81:bb:a8:15:
         6c:22:db:20:18:c8:db:13:41:2f:09:34:5a:60:5f:fa:ca:53:
         08:b7:36:e7:6a:49:f8:b5:08:80:07:33:ef:0e:db:66:f6:c2:
         d6:b8:03:ac:bf:d9:13:71:5c:4a:49:aa:7b:f5:0c:7d:79:e2:
         01:48:ba:4c:5c:1f:14:db:e3:b5:b9:8b:01:c3:81:ab:e6:d9:
         8d:0c:89:d8:c1:32:7e:c9:fc:06:23:55:11:7e:3e:46:fe:15:
         3a:35:5a:c1:4d:9e:49:29:98:20:c2:50:e7:e6:e9:f3:9d:61:
         6c:5e:e2:2a:e3:e4:59:05:62:f5:54:78:36:4b:a9:b7:81:0b:
         60:67:7c:41:c2:b2:0e:8a:94:12:80:08:d4:7d:4b:ac:c7:4c:
         8d:92:da:7b:d5:bf:93:28:ea:2d:f8:17:b9:86:ca:b8:65:ee:
         5f:06:bf:e1:fb:9a:68:f4:f8:9e:6c:04:87:7e:02:63:c9:38:
         54:3d:61:ec:c9:2d:93:cb:07:16:42:26:73:c5:a3:cd:20:bf:
         82:70:43:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9Dkl0DdcH0s4i2HzK8n74HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZWNlYzk2YTAzNzFhM2FlNjJkN2FhNmRkN2Q5ZTQzYWM1
NWQwMjUwHhcNMjQwNTA0MTIyNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGU4NThlNmVkNTY0ODg3NzkxMDZkYWU1YWVlZjM4NjUyNGIzZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua2LM7xFmCoAbABQ3CCa7wXLmleB
dQT0Iz49pTWqjJLf4viSWUD3/xQozL29CJenP0AkltwIngl8qh+tvEeCM6ti+6jT
A1W96nG/BowfyiXrbBW8o1ZGFj9AsJX0eoxxwvecUiwvugifiNg3W1qMhMF4QO9/
ukcKdvFVum94kyniQ/J1Oxaidvudxh1otwhhxcWbtuOhd3OzWKqhp3cSwTqnhDHA
ISoXlZ7AATi2g/REv+y09GQS+IztiyWqKaRFRMlYXh3w7J+ZbCXr+3VA/EFUxWFr
oJC6zZ0fVgeg1yjENQW4Dyt4cJC7oatGcdbHtHjqxXNPzLkl3f3xC57NkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ3oWObtVkiHeRBtrlru84ZSSz/8MB8GA1UdIwQY
MBaAFNvs7JagNxo65i16pt19nkOsVdAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi16c2xxQTNHanJtTFhxbTNYMmVRNnhWMENVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xMzRmMGMtZDkxMS00ODg3LTk2Yjct
YTg3NjY1MjBmZWEyLzEvbmVoWTV1MVdTSWQ1RUcydVd1N3pobEpMUF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xMzRmMGMtZDkxMS00ODg3LTk2YjctYTg3NjY1MjBmZWEy
LzEvMi16c2xxQTNHanJtTFhxbTNYMmVRNnhWMENVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQmQDAN
BgkqhkiG9w0BAQsFAAOCAQEAEbSf7ftMUaY+FmfsMZkm3YFGmW0aExZNhOWHKXL1
ktwic47PSKT6zf5xLFU3VdecJN+Bu6gVbCLbIBjI2xNBLwk0WmBf+spTCLc252pJ
+LUIgAcz7w7bZvbC1rgDrL/ZE3FcSkmqe/UMfXniAUi6TFwfFNvjtbmLAcOBq+bZ
jQyJ2MEyfsn8BiNVEX4+Rv4VOjVawU2eSSmYIMJQ5+bp851hbF7iKuPkWQVi9VR4
Nkupt4ELYGd8QcKyDoqUEoAI1H1LrMdMjZLae9W/kyjqLfgXuYbKuGXuXwa/4fua
aPT4nmwEh34CY8k4VD1h7Mktk8sHFkImc8WjzSC/gnBDbQ==
-----END CERTIFICATE-----