Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/jONklVTOSwkXwpjmz3JmmhbePX8.roa
File:                     jONklVTOSwkXwpjmz3JmmhbePX8.roa (raw, json)
Hash identifier:          a4VMX8wgm1UXGd2Qf7HeHR1s3aIKlx9mHtBKqOzFS9Q=
Subject key identifier:   8C:E3:64:95:54:CE:4B:09:17:C2:98:E6:CF:72:66:9A:16:DE:3D:7F
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0190C70CAAB552C821D43B12631C60C63924
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/jONklVTOSwkXwpjmz3JmmhbePX8.roa
Signing time:             Thu 18 Jul 2024 18:13:34 +0000
ROA not before:           Thu 18 Jul 2024 18:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214534
IP address blocks:        2a14:67c1:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c7:0c:aa:b5:52:c8:21:d4:3b:12:63:1c:60:c6:39:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul 18 18:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ce3649554ce4b0917c298e6cf72669a16de3d7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3d:d3:09:e0:24:f7:58:4f:1c:01:e1:21:8e:
                    6e:b5:8f:b5:00:73:f7:78:87:34:7f:38:6f:59:7d:
                    91:a7:53:bf:38:a9:f4:a9:cf:93:42:8f:88:9f:60:
                    30:7a:cd:17:02:b9:9b:14:89:1b:29:99:8d:94:51:
                    f7:27:f9:8b:01:a0:36:99:49:1d:6b:a3:50:57:45:
                    38:bf:9f:92:eb:7b:82:0c:18:5a:3d:a7:db:32:9a:
                    1f:bd:39:8e:b1:4a:3f:68:1e:79:dd:74:8f:d5:9d:
                    9b:17:6f:26:29:d8:df:93:0b:bb:5f:5e:98:d9:1f:
                    19:a9:f2:50:c9:74:14:dc:46:8f:02:31:d0:52:15:
                    d8:c0:05:df:63:60:50:75:3b:2d:ce:49:8b:1b:9e:
                    7b:96:ec:48:2f:b2:3f:8c:b7:11:8a:06:6d:20:df:
                    d9:77:3c:04:1e:a0:f6:b7:39:5b:b7:5a:2a:f4:53:
                    81:e6:1e:dc:8f:75:4f:1b:17:82:93:3b:63:f9:fd:
                    17:69:cf:61:da:b2:36:07:79:14:de:75:e7:04:58:
                    d0:d0:18:c0:84:35:82:b8:d6:75:12:c3:40:5d:f3:
                    01:68:8a:9c:e4:6b:cc:64:eb:b8:1e:dc:9e:a1:62:
                    d8:99:4e:40:5c:26:78:c7:72:db:9c:8a:83:a8:1a:
                    68:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E3:64:95:54:CE:4B:09:17:C2:98:E6:CF:72:66:9A:16:DE:3D:7F
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/jONklVTOSwkXwpjmz3JmmhbePX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:2a:15:77:ee:ad:25:79:4e:3f:f4:66:e9:e8:28:35:7e:62:
         a2:7d:db:11:62:3c:3c:20:85:c8:a1:9d:aa:3b:7f:6c:7f:1c:
         bf:d2:1e:2e:8b:99:44:82:1b:24:06:5b:7e:ad:b4:c6:77:6b:
         d1:25:0f:07:5d:5f:02:e1:07:b8:47:0e:4b:ee:92:e0:24:07:
         0c:3d:77:53:00:8e:77:2f:ec:94:64:f1:41:0f:fd:c4:bd:39:
         31:cd:91:d1:36:9a:68:95:f4:1f:0d:69:df:b0:52:08:c3:f7:
         b3:04:66:04:d4:5d:f7:2d:60:3e:9b:fc:3c:f4:d5:26:fe:85:
         95:c7:84:42:e8:d5:10:37:6c:1e:bf:e2:18:78:85:04:f4:84:
         d4:04:92:2f:5f:d7:e8:73:1a:02:82:7d:84:f5:77:93:18:bf:
         c4:de:d7:c7:bc:c2:6a:84:5a:f0:32:b8:58:ba:96:a8:3e:6d:
         df:a4:9e:65:a4:df:25:f7:86:0a:3f:c8:77:6f:e9:99:ca:6f:
         f4:b8:a0:e8:65:dd:68:8e:89:76:af:d4:52:e9:9c:ee:ee:d4:
         3b:54:27:5c:b5:e4:35:58:ed:0e:a2:91:19:8f:92:4c:f9:ee:
         71:75:d9:3e:a4:93:13:cb:a9:60:95:55:c5:7f:56:9a:59:06:
         f6:ca:8d:5b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZDHDKq1Usgh1DsSYxxgxjkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQwNzE4MTgxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2UzNjQ5NTU0Y2U0YjA5MTdjMjk4ZTZjZjcyNjY5YTE2ZGUzZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1z3TCeAk91hPHAHhIY5utY+1AHP3
eIc0fzhvWX2Rp1O/OKn0qc+TQo+In2Awes0XArmbFIkbKZmNlFH3J/mLAaA2mUkd
a6NQV0U4v5+S63uCDBhaPafbMpofvTmOsUo/aB553XSP1Z2bF28mKdjfkwu7X16Y
2R8ZqfJQyXQU3EaPAjHQUhXYwAXfY2BQdTstzkmLG557luxIL7I/jLcRigZtIN/Z
dzwEHqD2tzlbt1oq9FOB5h7cj3VPGxeCkztj+f0Xac9h2rI2B3kU3nXnBFjQ0BjA
hDWCuNZ1EsNAXfMBaIqc5GvMZOu4HtyeoWLYmU5AXCZ4x3LbnIqDqBpofQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIzjZJVUzksJF8KY5s9yZpoW3j1/MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvak9Oa2xWVE9Td2tYd3BqbXozSm1taGJlUFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwQIw
DQYJKoZIhvcNAQELBQADggEBAH8qFXfurSV5Tj/0ZunoKDV+YqJ92xFiPDwghcih
nao7f2x/HL/SHi6LmUSCGyQGW36ttMZ3a9ElDwddXwLhB7hHDkvukuAkBww9d1MA
jncv7JRk8UEP/cS9OTHNkdE2mmiV9B8Nad+wUgjD97MEZgTUXfctYD6b/Dz01Sb+
hZXHhELo1RA3bB6/4hh4hQT0hNQEki9f1+hzGgKCfYT1d5MYv8Te18e8wmqEWvAy
uFi6lqg+bd+knmWk3yX3hgo/yHdv6ZnKb/S4oOhl3WiOiXav1FLpnO7u1DtUJ1y1
5DVY7Q6ikRmPkkz57nF12T6kkxPLqWCVVcV/VppZBvbKjVs=
-----END CERTIFICATE-----