Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/JTVqVM-V-atDftb3ESyPVUzNymA.roa
File:                     JTVqVM-V-atDftb3ESyPVUzNymA.roa (raw, json)
Hash identifier:          JoS1h8puEmE9y7RxEGme3JPdlJGcTuYCJsogUKslH2I=
Subject key identifier:   25:35:6A:54:CF:95:F9:AB:43:7E:D6:F7:11:2C:8F:55:4C:CD:CA:60
Certificate issuer:       /CN=49ea50a1c62082762afda007d6fc8b4bdb05749f
Certificate serial:       018FEFCAF8C66EAABC1297C13E40EA586184
Authority key identifier: 49:EA:50:A1:C6:20:82:76:2A:FD:A0:07:D6:FC:8B:4B:DB:05:74:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SepQocYggnYq_aAH1vyLS9sFdJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/JTVqVM-V-atDftb3ESyPVUzNymA.roa
Signing time:             Thu 06 Jun 2024 23:03:27 +0000
ROA not before:           Thu 06 Jun 2024 23:03:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205415
IP address blocks:        2a14:5ac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/SepQocYggnYq_aAH1vyLS9sFdJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/SepQocYggnYq_aAH1vyLS9sFdJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SepQocYggnYq_aAH1vyLS9sFdJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 17:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ef:ca:f8:c6:6e:aa:bc:12:97:c1:3e:40:ea:58:61:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ea50a1c62082762afda007d6fc8b4bdb05749f
        Validity
            Not Before: Jun  6 23:03:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25356a54cf95f9ab437ed6f7112c8f554ccdca60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:92:22:6c:86:a1:16:1b:54:9a:89:2e:3b:e7:
                    ae:a9:6a:7f:b6:14:58:84:15:d9:74:00:c9:8f:38:
                    a8:9b:38:ec:e5:d1:31:76:3f:06:54:9a:bb:4b:3d:
                    bc:76:53:06:67:5f:c4:4b:b6:42:68:7e:92:10:e7:
                    dc:20:67:de:c0:e4:c1:50:ca:9a:47:c1:26:02:9a:
                    cc:8a:60:92:b6:0a:ff:17:31:5a:07:94:12:5b:15:
                    fa:40:2b:73:dc:10:cf:67:1f:bb:42:ed:34:d7:6a:
                    87:9a:bd:75:30:cf:1d:10:55:d4:6d:06:63:58:4e:
                    8b:bb:e0:b6:3e:da:a3:ce:b3:2c:8c:1d:33:04:0e:
                    17:10:ec:1e:2f:08:6b:7f:2c:83:78:97:23:07:b1:
                    73:34:d9:5d:1c:e0:99:60:ec:33:70:22:91:2b:94:
                    b9:22:ba:b9:a4:f4:cf:0b:66:14:86:1b:2e:f8:db:
                    03:74:f3:b2:3c:5b:d0:11:4d:98:1f:a9:56:3b:11:
                    5e:95:b3:33:61:e3:b3:4a:a9:e9:38:02:cb:c7:c5:
                    c6:f4:59:e8:7b:70:d9:02:8f:2f:72:84:39:35:23:
                    6e:01:31:35:a4:11:44:a6:09:96:94:a8:89:79:fd:
                    8d:aa:e2:b5:e9:ef:ba:41:ee:04:ca:0d:84:01:02:
                    93:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:35:6A:54:CF:95:F9:AB:43:7E:D6:F7:11:2C:8F:55:4C:CD:CA:60
            X509v3 Authority Key Identifier:
                keyid:49:EA:50:A1:C6:20:82:76:2A:FD:A0:07:D6:FC:8B:4B:DB:05:74:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SepQocYggnYq_aAH1vyLS9sFdJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/JTVqVM-V-atDftb3ESyPVUzNymA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/48a9eb-18db-4f92-9580-272dab5afa66/1/SepQocYggnYq_aAH1vyLS9sFdJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:f7:80:dd:b5:b3:ac:1b:a5:ef:54:b9:e7:83:25:87:37:b3:
         ea:38:38:63:b6:a1:10:ae:14:94:a3:05:6d:cf:13:6d:05:eb:
         6f:e7:7f:a0:e6:09:13:82:53:aa:83:19:07:5c:74:ed:0d:04:
         1a:ff:2a:3e:f3:e9:7f:3b:93:96:67:b8:9b:c8:b8:a9:d7:88:
         e9:79:b1:d6:24:05:84:4f:c7:6f:61:b3:4a:b5:d1:68:32:31:
         e1:7b:7f:5a:4a:12:3f:9b:15:ef:be:8f:60:94:18:eb:53:56:
         6d:9d:d1:d5:a0:f1:0d:4c:0b:f1:d1:25:bb:d5:cb:b0:3d:e4:
         52:3e:06:59:a5:3c:15:3e:16:7a:74:a9:cf:c9:3f:3e:55:56:
         64:33:50:ab:4e:c0:9b:c6:22:3f:48:64:89:8d:8a:4f:66:93:
         16:8a:0f:b5:f4:ad:e6:23:93:6a:f3:e8:f9:5c:a4:e4:fc:bb:
         6d:c0:b7:5e:0f:d9:7f:05:b5:40:aa:ed:25:cd:6b:32:71:cb:
         09:44:73:43:b1:b4:11:f0:a6:21:7b:dd:82:e3:ca:cc:59:6c:
         6d:88:98:d4:56:b4:f0:ff:3c:a0:db:25:56:30:ad:df:75:03:
         43:6a:f1:11:e4:10:b4:4c:30:ba:9a:ea:85:6d:f5:fc:3d:47:
         06:66:ff:a2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/vyvjGbqq8EpfBPkDqWGGEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZWE1MGExYzYyMDgyNzYyYWZkYTAwN2Q2ZmM4YjRiZGIw
NTc0OWYwHhcNMjQwNjA2MjMwMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTM1NmE1NGNmOTVmOWFiNDM3ZWQ2ZjcxMTJjOGY1NTRjY2RjYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JIibIahFhtUmokuO+euqWp/thRY
hBXZdADJjziomzjs5dExdj8GVJq7Sz28dlMGZ1/ES7ZCaH6SEOfcIGfewOTBUMqa
R8EmAprMimCStgr/FzFaB5QSWxX6QCtz3BDPZx+7Qu0012qHmr11MM8dEFXUbQZj
WE6Lu+C2PtqjzrMsjB0zBA4XEOweLwhrfyyDeJcjB7FzNNldHOCZYOwzcCKRK5S5
Irq5pPTPC2YUhhsu+NsDdPOyPFvQEU2YH6lWOxFelbMzYeOzSqnpOALLx8XG9Fno
e3DZAo8vcoQ5NSNuATE1pBFEpgmWlKiJef2NquK16e+6Qe4Eyg2EAQKTNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCU1alTPlfmrQ37W9xEsj1VMzcpgMB8GA1UdIwQY
MBaAFEnqUKHGIIJ2Kv2gB9b8i0vbBXSfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VwUW9jWWdnbllxX2FBSDF2eUxTOXNGZEo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi80OGE5ZWItMThkYi00ZjkyLTk1ODAt
MjcyZGFiNWFmYTY2LzEvSlRWcVZNLVYtYXREZnRiM0VTeVBWVXpOeW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi80OGE5ZWItMThkYi00ZjkyLTk1ODAtMjcyZGFiNWFmYTY2
LzEvU2VwUW9jWWdnbllxX2FBSDF2eUxTOXNGZEo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRawDAN
BgkqhkiG9w0BAQsFAAOCAQEAb/eA3bWzrBul71S554Mlhzez6jg4Y7ahEK4UlKMF
bc8TbQXrb+d/oOYJE4JTqoMZB1x07Q0EGv8qPvPpfzuTlme4m8i4qdeI6Xmx1iQF
hE/Hb2GzSrXRaDIx4Xt/WkoSP5sV776PYJQY61NWbZ3R1aDxDUwL8dElu9XLsD3k
Uj4GWaU8FT4WenSpz8k/PlVWZDNQq07Am8YiP0hkiY2KT2aTFooPtfSt5iOTavPo
+Vyk5Py7bcC3Xg/ZfwW1QKrtJc1rMnHLCURzQ7G0EfCmIXvdguPKzFlsbYiY1Fa0
8P88oNslVjCt33UDQ2rxEeQQtEwwuprqhW31/D1HBmb/og==
-----END CERTIFICATE-----