Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/53386c-48c5-42ee-bd09-e50abc8e8844/1/2nineEYJaQTNNde93LTKRw8eSD4.roa
File:                     2nineEYJaQTNNde93LTKRw8eSD4.roa (raw, json)
Hash identifier:          ztVERzzfJudIum0GjucswnY4JW64JKYZH8uprKnAsMM=
Subject key identifier:   DA:78:A7:78:46:09:69:04:CD:35:D7:BD:DC:B4:CA:47:0F:1E:48:3E
Certificate issuer:       /CN=96fcda128fe82afc06e8aad1c8e5ccdfb35561e4
Certificate serial:       018FE922431D009220E2B3AF3D2FCA2EB106
Authority key identifier: 96:FC:DA:12:8F:E8:2A:FC:06:E8:AA:D1:C8:E5:CC:DF:B3:55:61:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvzaEo_oKvwG6KrRyOXM37NVYeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/53386c-48c5-42ee-bd09-e50abc8e8844/1/2nineEYJaQTNNde93LTKRw8eSD4.roa
Signing time:             Wed 05 Jun 2024 16:01:27 +0000
ROA not before:           Wed 05 Jun 2024 16:01:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214797
IP address blocks:        2a14:5cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/53386c-48c5-42ee-bd09-e50abc8e8844/1/lvzaEo_oKvwG6KrRyOXM37NVYeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/53386c-48c5-42ee-bd09-e50abc8e8844/1/lvzaEo_oKvwG6KrRyOXM37NVYeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lvzaEo_oKvwG6KrRyOXM37NVYeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e9:22:43:1d:00:92:20:e2:b3:af:3d:2f:ca:2e:b1:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96fcda128fe82afc06e8aad1c8e5ccdfb35561e4
        Validity
            Not Before: Jun  5 16:01:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da78a77846096904cd35d7bddcb4ca470f1e483e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:8d:a4:8b:8d:ac:91:a3:be:ba:2b:91:6b:
                    9c:8c:f4:f1:dd:18:97:c5:20:10:d2:5e:d3:01:9a:
                    e7:37:b7:f4:5b:72:f6:60:cd:39:db:8b:ba:ab:92:
                    aa:1a:98:de:f6:b1:f0:c2:10:70:dd:64:11:98:ad:
                    e0:be:2c:2f:27:d9:63:71:f4:bc:9a:c1:8b:8f:e9:
                    13:86:ab:a8:2c:0e:c9:72:ae:c3:0e:15:85:d6:7d:
                    cf:43:dc:51:a7:d0:87:79:b3:6a:a6:81:e0:8f:79:
                    48:51:e0:df:e0:cf:23:9d:a6:aa:59:1e:6f:28:58:
                    d4:d5:6e:25:87:4e:05:7e:89:22:62:a4:85:c7:d6:
                    9a:6e:15:4a:5b:c3:e6:76:32:11:f0:34:3a:f8:27:
                    7f:89:4c:ae:4f:90:39:c1:e4:20:34:49:c8:7a:48:
                    77:f5:90:2f:2a:76:2b:67:bb:83:9f:f2:0a:b0:46:
                    89:3a:e8:1e:eb:12:af:12:0a:02:2f:01:cf:6b:00:
                    c8:0a:fe:5d:e7:62:fb:8f:6e:80:57:b2:25:b1:08:
                    ff:63:5a:af:41:04:45:a9:75:fe:59:34:8d:1c:ec:
                    d4:ea:42:ad:26:6b:41:b1:73:4b:b0:88:05:eb:d5:
                    af:3e:37:7e:17:f5:7c:40:d2:b6:86:87:41:fd:f1:
                    24:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:78:A7:78:46:09:69:04:CD:35:D7:BD:DC:B4:CA:47:0F:1E:48:3E
            X509v3 Authority Key Identifier:
                keyid:96:FC:DA:12:8F:E8:2A:FC:06:E8:AA:D1:C8:E5:CC:DF:B3:55:61:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvzaEo_oKvwG6KrRyOXM37NVYeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/53386c-48c5-42ee-bd09-e50abc8e8844/1/2nineEYJaQTNNde93LTKRw8eSD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/53386c-48c5-42ee-bd09-e50abc8e8844/1/lvzaEo_oKvwG6KrRyOXM37NVYeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:a1:15:15:c8:d4:a9:f0:29:89:97:e9:35:6f:a1:57:cd:df:
         80:df:be:03:3b:2a:d2:51:f7:00:03:e2:3e:bf:3d:f9:f4:49:
         4c:44:15:71:d1:eb:68:62:0f:50:64:31:08:42:a9:4f:a6:40:
         81:50:9e:a4:bf:0e:e6:4b:24:27:9c:36:bb:e4:f3:65:46:ee:
         84:17:ba:72:96:69:2c:ba:f5:33:9d:7e:e0:2c:8b:1e:53:5d:
         b2:12:c6:b6:35:06:65:26:04:88:03:db:28:78:09:f4:92:2b:
         1b:b7:ad:08:27:e3:1b:2d:ff:7e:2b:59:fa:92:ac:1b:dc:19:
         a6:c8:00:d0:5d:30:44:dc:df:17:5c:9f:59:3c:c3:60:6f:82:
         b5:2b:58:80:92:fc:5c:30:07:eb:a8:25:4f:5e:ff:d3:18:31:
         97:0a:8f:d4:ba:d2:72:6b:60:a5:5a:f6:44:e4:72:7e:18:72:
         88:d1:60:bc:9e:de:4a:e2:eb:97:ca:7e:d3:43:62:c7:c0:11:
         62:94:b0:fd:25:40:cd:e6:24:c1:01:39:3c:56:2d:93:09:c0:
         36:fb:e4:9a:7e:f5:d6:83:31:fc:5a:33:c3:fe:24:69:83:44:
         23:01:8d:73:4a:7e:52:03:ba:b3:17:ea:90:e6:78:f3:1f:e2:
         89:e7:d5:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/pIkMdAJIg4rOvPS/KLrEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZmNkYTEyOGZlODJhZmMwNmU4YWFkMWM4ZTVjY2RmYjM1
NTYxZTQwHhcNMjQwNjA1MTYwMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc4YTc3ODQ2MDk2OTA0Y2QzNWQ3YmRkY2I0Y2E0NzBmMWU0ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkeNpIuNrJGjvrorkWucjPTx3RiX
xSAQ0l7TAZrnN7f0W3L2YM0524u6q5KqGpje9rHwwhBw3WQRmK3gviwvJ9ljcfS8
msGLj+kThquoLA7Jcq7DDhWF1n3PQ9xRp9CHebNqpoHgj3lIUeDf4M8jnaaqWR5v
KFjU1W4lh04FfokiYqSFx9aabhVKW8PmdjIR8DQ6+Cd/iUyuT5A5weQgNEnIekh3
9ZAvKnYrZ7uDn/IKsEaJOuge6xKvEgoCLwHPawDICv5d52L7j26AV7IlsQj/Y1qv
QQRFqXX+WTSNHOzU6kKtJmtBsXNLsIgF69WvPjd+F/V8QNK2hodB/fEk9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNp4p3hGCWkEzTXXvdy0ykcPHkg+MB8GA1UdIwQY
MBaAFJb82hKP6Cr8Buiq0cjlzN+zVWHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZ6YUVvX29LdndHNktyUnlPWE0zN05WWWVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81MzM4NmMtNDhjNS00MmVlLWJkMDkt
ZTUwYWJjOGU4ODQ0LzEvMm5pbmVFWUphUVROTmRlOTNMVEtSdzhlU0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi81MzM4NmMtNDhjNS00MmVlLWJkMDktZTUwYWJjOGU4ODQ0
LzEvbHZ6YUVvX29LdndHNktyUnlPWE0zN05WWWVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRcwDAN
BgkqhkiG9w0BAQsFAAOCAQEAjaEVFcjUqfApiZfpNW+hV83fgN++Azsq0lH3AAPi
Pr89+fRJTEQVcdHraGIPUGQxCEKpT6ZAgVCepL8O5kskJ5w2u+TzZUbuhBe6cpZp
LLr1M51+4CyLHlNdshLGtjUGZSYEiAPbKHgJ9JIrG7etCCfjGy3/fitZ+pKsG9wZ
psgA0F0wRNzfF1yfWTzDYG+CtStYgJL8XDAH66glT17/0xgxlwqP1LrScmtgpVr2
RORyfhhyiNFgvJ7eSuLrl8p+00Nix8ARYpSw/SVAzeYkwQE5PFYtkwnANvvkmn71
1oMx/Fozw/4kaYNEIwGNc0p+UgO6sxfqkOZ48x/iiefVBg==
-----END CERTIFICATE-----