Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/DMw5-A9P9wRayzZptvt6INF9xuc.roa
File:                     DMw5-A9P9wRayzZptvt6INF9xuc.roa (raw, json)
Hash identifier:          /QBi79+/SWOrz3Jl12/GmxQi8aFT/NWuJVZSw86L/8M=
Subject key identifier:   0C:CC:39:F8:0F:4F:F7:04:5A:CB:36:69:B6:FB:7A:20:D1:7D:C6:E7
Certificate issuer:       /CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
Certificate serial:       018CC26CF646E0C82BA1B25DD897B7D53C06
Authority key identifier: 63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/DMw5-A9P9wRayzZptvt6INF9xuc.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200373
IP address blocks:        2a14:4b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f6:46:e0:c8:2b:a1:b2:5d:d8:97:b7:d5:3c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ccc39f80f4ff7045acb3669b6fb7a20d17dc6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7d:eb:01:41:1d:5d:2d:0f:fe:24:6b:5c:cb:
                    9d:05:a8:61:b8:4e:05:83:65:e2:3c:b2:11:7b:86:
                    2f:28:f4:12:93:5b:4d:92:e9:54:a9:f5:2b:b5:1c:
                    cd:dd:1a:95:10:cd:8a:14:20:5e:a6:0a:d3:a6:cd:
                    5f:7f:54:3a:2c:db:a5:15:df:b1:5d:b0:f2:e3:17:
                    3e:02:16:6f:cb:b2:0b:e0:0a:13:65:9d:18:e9:1a:
                    2c:d5:47:b2:59:60:24:1e:84:33:10:9a:8f:0f:39:
                    6b:c0:ea:e2:c5:cd:b0:fc:a8:5f:45:ad:50:5d:2d:
                    0b:0b:16:77:07:98:a6:82:f9:67:65:23:99:3f:56:
                    58:ab:57:9b:ef:89:7c:1e:b6:38:af:0f:e2:a7:91:
                    1a:e8:9e:2b:53:74:e6:18:6f:0b:3e:c8:29:f4:1f:
                    4d:79:07:94:d1:af:f3:bf:9b:87:83:55:3c:13:ea:
                    3e:ed:39:fa:bc:17:2c:95:dd:7f:89:65:64:23:5a:
                    fa:9e:17:08:ff:68:c6:cb:af:d2:88:b7:65:3f:fb:
                    8e:22:b0:52:3e:e8:28:f4:a0:60:90:78:4c:79:72:
                    6f:e5:e9:11:ea:72:7f:00:4d:6d:a3:34:20:f3:26:
                    21:39:5c:b8:ad:2d:d1:68:1e:19:db:c4:99:d1:80:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:CC:39:F8:0F:4F:F7:04:5A:CB:36:69:B6:FB:7A:20:D1:7D:C6:E7
            X509v3 Authority Key Identifier:
                keyid:63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/DMw5-A9P9wRayzZptvt6INF9xuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:82:59:56:bc:1d:e9:62:b2:1d:ae:14:85:d6:e1:49:56:09:
         4e:d2:42:27:c3:b7:86:48:3b:4a:47:a8:5f:05:a3:42:91:89:
         81:c3:5b:7b:60:ac:d7:93:2a:2d:a1:86:dc:79:80:a1:b7:93:
         de:f1:ae:b5:31:d1:38:ab:98:92:c9:4f:8d:4a:46:a2:50:5f:
         d1:14:fa:37:71:40:ed:00:5a:75:dc:08:81:d4:d8:ed:d1:5e:
         d0:a6:cc:93:4b:1b:a2:03:0a:8d:ac:3a:65:c5:2a:fb:b7:2e:
         b4:73:62:c9:43:1c:99:db:a6:a6:b6:7b:89:7b:20:1b:04:af:
         66:a6:ac:d5:ec:9c:07:ea:cc:24:f8:eb:bf:6a:a3:c7:bf:6e:
         98:f2:c1:3b:ca:bd:57:61:22:a4:30:d0:bc:1a:14:81:59:92:
         01:4a:54:f1:6e:99:68:65:01:2b:a6:0b:f6:7c:29:cf:86:f2:
         5a:96:3e:98:eb:88:9c:f6:5e:9e:f7:ce:06:34:78:65:ab:d4:
         93:22:91:80:24:50:9b:e5:76:b7:10:8e:b8:e5:d3:24:83:5c:
         8e:b1:2b:05:ff:ce:b9:41:b7:2c:29:3b:54:eb:e3:ee:61:09:
         20:23:fd:3d:1c:b4:af:3c:a8:d1:21:0f:bb:b1:41:e4:5e:36:
         05:6c:93:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbPZG4MgrobJd2Je31TwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNWQ1YjY0NGUyMmZiNDg4ZTRkNmMwMDEyYjBhYWJmMjM4
ZTYxZTUwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2NjMzlmODBmNGZmNzA0NWFjYjM2NjliNmZiN2EyMGQxN2RjNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsX3rAUEdXS0P/iRrXMudBahhuE4F
g2XiPLIRe4YvKPQSk1tNkulUqfUrtRzN3RqVEM2KFCBepgrTps1ff1Q6LNulFd+x
XbDy4xc+AhZvy7IL4AoTZZ0Y6Ros1UeyWWAkHoQzEJqPDzlrwOrixc2w/KhfRa1Q
XS0LCxZ3B5imgvlnZSOZP1ZYq1eb74l8HrY4rw/ip5Ea6J4rU3TmGG8LPsgp9B9N
eQeU0a/zv5uHg1U8E+o+7Tn6vBcsld1/iWVkI1r6nhcI/2jGy6/SiLdlP/uOIrBS
Pugo9KBgkHhMeXJv5ekR6nJ/AE1tozQg8yYhOVy4rS3RaB4Z28SZ0YDTAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAzMOfgPT/cEWss2abb7eiDRfcbnMB8GA1UdIwQY
MBaAFGNdW2ROIvtIjk1sABKwqr8jjmHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGIt
ZjVhZjYxNmI1NDgzLzEvRE13NS1BOVA5d1JheXpacHR2dDZJTkY5eHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGItZjVhZjYxNmI1NDgz
LzEvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRLADAN
BgkqhkiG9w0BAQsFAAOCAQEArIJZVrwd6WKyHa4UhdbhSVYJTtJCJ8O3hkg7Skeo
XwWjQpGJgcNbe2Cs15MqLaGG3HmAobeT3vGutTHROKuYkslPjUpGolBf0RT6N3FA
7QBaddwIgdTY7dFe0KbMk0sbogMKjaw6ZcUq+7cutHNiyUMcmdumprZ7iXsgGwSv
Zqas1eycB+rMJPjrv2qjx79umPLBO8q9V2EipDDQvBoUgVmSAUpU8W6ZaGUBK6YL
9nwpz4byWpY+mOuInPZenvfOBjR4ZavUkyKRgCRQm+V2txCOuOXTJINcjrErBf/O
uUG3LCk7VOvj7mEJICP9PRy0rzyo0SEPu7FB5F42BWyT3w==
-----END CERTIFICATE-----