Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/fAB4Lf1JAr3VBhTiojT8jO4v3Lw.roa
File:                     fAB4Lf1JAr3VBhTiojT8jO4v3Lw.roa (raw, json)
Hash identifier:          fWlomx8K5UvPpE/STlqTzLBrKXPJPSQQwXceR8jU0is=
Subject key identifier:   7C:00:78:2D:FD:49:02:BD:D5:06:14:E2:A2:34:FC:8C:EE:2F:DC:BC
Certificate issuer:       /CN=1fd0875cd0051d0c0925aca041034e7840a6770b
Certificate serial:       019021950BE09830BD6768D35DE71FAB0FAD
Authority key identifier: 1F:D0:87:5C:D0:05:1D:0C:09:25:AC:A0:41:03:4E:78:40:A6:77:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/fAB4Lf1JAr3VBhTiojT8jO4v3Lw.roa
Signing time:             Sun 16 Jun 2024 15:05:34 +0000
ROA not before:           Sun 16 Jun 2024 15:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        2a14:4f80::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:21:95:0b:e0:98:30:bd:67:68:d3:5d:e7:1f:ab:0f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fd0875cd0051d0c0925aca041034e7840a6770b
        Validity
            Not Before: Jun 16 15:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c00782dfd4902bdd50614e2a234fc8cee2fdcbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b0:5f:93:62:2d:8c:3d:13:21:c3:98:a2:7b:
                    96:4f:17:b1:ad:34:dd:b4:3c:aa:5b:63:ce:08:c8:
                    3a:93:8b:f2:dc:33:95:b1:3f:6a:26:02:d1:a6:fd:
                    c3:8e:43:33:33:cc:bf:73:62:64:f8:a5:02:24:64:
                    a3:4b:58:13:b0:eb:87:34:99:3a:f9:d0:63:40:cf:
                    37:88:0a:45:b9:8e:d4:12:6c:5d:ce:d3:d0:21:93:
                    86:90:ac:ca:83:e1:3a:76:aa:f2:e4:eb:8a:ee:5d:
                    cc:5a:c0:6d:2d:84:26:25:46:76:29:9d:3e:9c:bc:
                    2f:47:02:65:66:03:11:39:6e:7f:24:50:d1:19:23:
                    3f:b5:b1:98:c7:ea:a1:8f:33:a3:69:68:38:4b:84:
                    01:92:9b:60:b1:ab:db:c5:9b:cf:e2:b0:76:99:65:
                    83:d4:0c:10:52:57:57:87:f4:d4:3d:d0:27:0a:be:
                    7b:d9:9a:b2:54:16:00:66:37:11:a4:81:48:d0:69:
                    82:93:44:2b:79:9c:ef:2b:8e:01:be:81:06:e4:b5:
                    1d:d8:2f:c1:c1:06:eb:41:38:0d:c2:a6:c7:71:57:
                    92:3d:2b:9b:40:20:ce:32:c5:cf:52:f6:4a:d6:23:
                    b3:f4:04:e7:e1:60:84:6b:3f:1e:d3:c9:fe:94:6d:
                    4e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:00:78:2D:FD:49:02:BD:D5:06:14:E2:A2:34:FC:8C:EE:2F:DC:BC
            X509v3 Authority Key Identifier:
                keyid:1F:D0:87:5C:D0:05:1D:0C:09:25:AC:A0:41:03:4E:78:40:A6:77:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/fAB4Lf1JAr3VBhTiojT8jO4v3Lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4f80::/38

    Signature Algorithm: sha256WithRSAEncryption
         7f:8d:20:9c:5d:be:01:bb:91:dc:d4:4c:98:ed:52:a0:c8:a1:
         6b:17:7b:fd:42:b3:13:67:ce:89:e2:5b:15:09:ea:13:2e:b7:
         f7:c9:6b:4d:be:80:e5:d0:19:9b:91:23:56:e1:7a:de:2b:11:
         ce:65:e6:13:95:e4:17:19:44:0a:0c:84:57:f4:71:fa:5b:b8:
         74:9d:5d:99:0d:e5:7f:37:93:2f:d1:d0:73:3d:e7:2b:14:c3:
         72:cd:7f:ab:8e:a8:d4:f6:af:26:3f:f8:91:14:66:6c:d0:f1:
         da:74:79:f1:c0:7a:2c:c0:e7:81:32:91:51:c1:17:d1:96:0c:
         c4:f4:6d:e2:f8:cf:1e:fa:b8:d4:53:3d:92:0a:dd:5c:a5:dd:
         82:6c:49:60:50:4d:9e:6d:7c:2b:a6:92:24:b6:9e:83:ee:7c:
         85:1f:f5:24:62:c4:6b:ae:e9:c1:8d:ff:2e:7e:5d:fb:88:ae:
         09:e1:21:c3:d2:09:e3:e8:09:3f:2b:af:f0:8e:95:13:72:12:
         91:91:73:5e:7b:85:ea:02:78:45:25:de:86:9e:28:ff:b2:40:
         60:1e:21:ab:01:81:eb:37:fc:34:88:69:b7:fb:d4:2b:06:db:
         c6:cb:90:2e:a7:55:7f:f8:50:b5:2a:b2:5a:1e:c7:82:01:a9:
         8c:29:62:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZAhlQvgmDC9Z2jTXecfqw+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZDA4NzVjZDAwNTFkMGMwOTI1YWNhMDQxMDM0ZTc4NDBh
Njc3MGIwHhcNMjQwNjE2MTUwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzAwNzgyZGZkNDkwMmJkZDUwNjE0ZTJhMjM0ZmM4Y2VlMmZkY2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37Bfk2ItjD0TIcOYonuWTxexrTTd
tDyqW2POCMg6k4vy3DOVsT9qJgLRpv3DjkMzM8y/c2Jk+KUCJGSjS1gTsOuHNJk6
+dBjQM83iApFuY7UEmxdztPQIZOGkKzKg+E6dqry5OuK7l3MWsBtLYQmJUZ2KZ0+
nLwvRwJlZgMROW5/JFDRGSM/tbGYx+qhjzOjaWg4S4QBkptgsavbxZvP4rB2mWWD
1AwQUldXh/TUPdAnCr572ZqyVBYAZjcRpIFI0GmCk0QreZzvK44BvoEG5LUd2C/B
wQbrQTgNwqbHcVeSPSubQCDOMsXPUvZK1iOz9ATn4WCEaz8e08n+lG1ODQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHwAeC39SQK91QYU4qI0/IzuL9y8MB8GA1UdIwQY
MBaAFB/Qh1zQBR0MCSWsoEEDTnhApncLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDlDSFhOQUZIUXdKSmF5Z1FRTk9lRUNtZHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yMjEwNDgtM2JhZC00NjljLWI5MzMt
ZTA4MDJmNDc0NDQ0LzEvZkFCNExmMUpBcjNWQmhUaW9qVDhqTzR2M0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yMjEwNDgtM2JhZC00NjljLWI5MzMtZTA4MDJmNDc0NDQ0
LzEvSDlDSFhOQUZIUXdKSmF5Z1FRTk9lRUNtZHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhRPgAAw
DQYJKoZIhvcNAQELBQADggEBAH+NIJxdvgG7kdzUTJjtUqDIoWsXe/1CsxNnzoni
WxUJ6hMut/fJa02+gOXQGZuRI1bhet4rEc5l5hOV5BcZRAoMhFf0cfpbuHSdXZkN
5X83ky/R0HM95ysUw3LNf6uOqNT2ryY/+JEUZmzQ8dp0efHAeizA54EykVHBF9GW
DMT0beL4zx76uNRTPZIK3Vyl3YJsSWBQTZ5tfCumkiS2noPufIUf9SRixGuu6cGN
/y5+XfuIrgnhIcPSCePoCT8rr/COlRNyEpGRc157heoCeEUl3oaeKP+yQGAeIasB
ges3/DSIabf71CsG28bLkC6nVX/4ULUqsloex4IBqYwpYjo=
-----END CERTIFICATE-----