Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/mHdbhQxgyf7CV9jCGJvliFVilXc.roa
File:                     mHdbhQxgyf7CV9jCGJvliFVilXc.roa (raw, json)
Hash identifier:          4CdqTf57TkDxaRHOcnXl2aFyjkgmNRswPmW9ZMUYxw8=
Subject key identifier:   98:77:5B:85:0C:60:C9:FE:C2:57:D8:C2:18:9B:E5:88:55:62:95:77
Certificate issuer:       /CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
Certificate serial:       0194244482E3373517DA571299454575607B
Authority key identifier: B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/mHdbhQxgyf7CV9jCGJvliFVilXc.roa
Signing time:             Wed 01 Jan 2025 23:47:36 +0000
ROA not before:           Wed 01 Jan 2025 23:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:1cc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:82:e3:37:35:17:da:57:12:99:45:45:75:60:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
        Validity
            Not Before: Jan  1 23:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98775b850c60c9fec257d8c2189be58855629577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:99:be:51:73:60:1a:a6:87:3e:f1:78:11:67:
                    59:46:6d:81:ba:00:10:a6:e8:2e:8b:ae:26:e0:cc:
                    5e:41:1b:75:9b:22:e2:cf:45:f3:60:e6:98:1a:77:
                    3b:22:0f:f1:0e:67:27:56:fb:f5:56:db:04:0e:a3:
                    ab:99:5a:9f:29:fd:7c:18:ec:fd:15:02:fd:73:55:
                    56:f4:44:a6:48:8b:1c:7d:c6:6b:a4:48:a8:12:f9:
                    45:d6:28:54:a4:c9:da:31:ed:78:f7:7f:67:e3:91:
                    c9:4d:4b:3d:18:48:73:76:13:9a:cb:27:d4:a7:ed:
                    f1:24:69:d2:28:28:db:00:0f:22:f9:f5:1b:e0:c3:
                    6a:22:50:18:c2:fc:54:5d:19:0e:66:33:38:6f:26:
                    45:f8:16:ba:15:06:26:79:70:9c:1e:dd:b4:da:95:
                    f5:cf:69:0f:13:51:cc:b4:56:6d:e0:69:b3:32:5f:
                    e1:38:e8:cb:d4:e6:58:1e:69:cd:0b:18:c7:7c:c8:
                    d4:0f:e9:70:a7:6b:16:79:b8:02:00:6a:51:1b:1d:
                    40:71:cc:12:c8:3c:14:d0:0d:ab:ac:e5:91:4a:f4:
                    12:43:a0:d4:6f:90:65:39:fd:15:d2:44:20:3c:13:
                    96:c6:0a:db:e0:46:f3:31:09:fb:4b:07:a5:07:66:
                    64:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:77:5B:85:0C:60:C9:FE:C2:57:D8:C2:18:9B:E5:88:55:62:95:77
            X509v3 Authority Key Identifier:
                keyid:B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/mHdbhQxgyf7CV9jCGJvliFVilXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:f3:95:29:07:5e:6a:5f:f9:33:1b:88:7f:80:04:ca:d3:6b:
         6f:ad:c7:28:cd:52:01:62:cb:d2:d9:b5:eb:d8:1c:c6:4d:2a:
         af:03:d9:1a:7b:d2:15:f1:bf:d2:89:4b:a3:f5:08:9f:70:46:
         ba:a5:36:db:40:58:d0:60:3e:1b:20:10:9c:4b:35:e8:72:7d:
         2a:54:37:83:15:45:ca:3d:8f:df:81:5c:d1:18:d6:7f:4f:ae:
         06:8b:8d:2f:04:b1:51:f9:48:05:da:f6:44:2b:64:19:8a:b0:
         e6:f8:3d:7e:2d:30:96:5e:64:ca:96:bc:bc:0a:56:17:d6:f3:
         a5:df:6f:26:67:45:26:1e:3e:89:b0:f9:2e:79:d7:3e:4b:02:
         44:36:39:0a:18:60:8a:18:6f:83:36:19:c8:7c:b3:ad:dc:79:
         da:db:df:3d:27:c1:18:d0:81:eb:db:bd:eb:21:9e:f0:20:a0:
         5c:9e:a8:d3:1e:83:2d:06:c5:61:b0:4b:1c:2c:ac:64:81:13:
         5b:13:29:56:1b:80:a6:bd:39:c7:79:57:c0:4f:eb:28:b8:fc:
         92:f3:d0:47:6d:c2:9a:b2:fa:de:06:b6:8e:79:76:2a:7f:75:
         ad:13:b7:07:6c:a0:36:68:ee:cc:c3:8d:48:aa:f9:e2:a9:f0:
         4a:c5:5e:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRILjNzUX2lcSmUVFdWB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWM0Y2U2NjNlMWVjMjQ1ZTc0N2NkODQ2ZjFhNjlkZGI4
MzRiM2IwHhcNMjUwMTAxMjM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODc3NWI4NTBjNjBjOWZlYzI1N2Q4YzIxODliZTU4ODU1NjI5NTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJm+UXNgGqaHPvF4EWdZRm2BugAQ
pugui64m4MxeQRt1myLiz0XzYOaYGnc7Ig/xDmcnVvv1VtsEDqOrmVqfKf18GOz9
FQL9c1VW9ESmSIscfcZrpEioEvlF1ihUpMnaMe14939n45HJTUs9GEhzdhOayyfU
p+3xJGnSKCjbAA8i+fUb4MNqIlAYwvxUXRkOZjM4byZF+Ba6FQYmeXCcHt202pX1
z2kPE1HMtFZt4GmzMl/hOOjL1OZYHmnNCxjHfMjUD+lwp2sWebgCAGpRGx1AccwS
yDwU0A2rrOWRSvQSQ6DUb5BlOf0V0kQgPBOWxgrb4EbzMQn7SwelB2ZkHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJh3W4UMYMn+wlfYwhib5YhVYpV3MB8GA1UdIwQY
MBaAFLMcTOZj4ewkXnR82Ebxpp3bg0s7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMt
NDY1YWRjMjk1OWYyLzEvbUhkYmhReGd5ZjdDVjlqQ0dKdmxpRlZpbFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMtNDY1YWRjMjk1OWYy
LzEvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQcwDAN
BgkqhkiG9w0BAQsFAAOCAQEAl/OVKQdeal/5MxuIf4AEytNrb63HKM1SAWLL0tm1
69gcxk0qrwPZGnvSFfG/0olLo/UIn3BGuqU220BY0GA+GyAQnEs16HJ9KlQ3gxVF
yj2P34Fc0RjWf0+uBouNLwSxUflIBdr2RCtkGYqw5vg9fi0wll5kypa8vApWF9bz
pd9vJmdFJh4+ibD5LnnXPksCRDY5ChhgihhvgzYZyHyzrdx52tvfPSfBGNCB69u9
6yGe8CCgXJ6o0x6DLQbFYbBLHCysZIETWxMpVhuApr05x3lXwE/rKLj8kvPQR23C
mrL63ga2jnl2Kn91rRO3B2ygNmjuzMONSKr54qnwSsVeAA==
-----END CERTIFICATE-----