Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/Y4rkJ9M6Bql9qJXZJpGNOXhrUoU.roa
File:                     Y4rkJ9M6Bql9qJXZJpGNOXhrUoU.roa (raw, json)
Hash identifier:          MMWA95usVkOo/ULJ7fq+aOftoicurzhnf/O0QzrElUA=
Subject key identifier:   63:8A:E4:27:D3:3A:06:A9:7D:A8:95:D9:26:91:8D:39:78:6B:52:85
Certificate issuer:       /CN=ef55459645979c413d0bc6f7454f0d36e40e99f9
Certificate serial:       0192CFBCC43AC501F399D12A288DA585898C
Authority key identifier: EF:55:45:96:45:97:9C:41:3D:0B:C6:F7:45:4F:0D:36:E4:0E:99:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/Y4rkJ9M6Bql9qJXZJpGNOXhrUoU.roa
Signing time:             Sun 27 Oct 2024 20:48:27 +0000
ROA not before:           Sun 27 Oct 2024 20:48:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        2a14:47c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cf:bc:c4:3a:c5:01:f3:99:d1:2a:28:8d:a5:85:89:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef55459645979c413d0bc6f7454f0d36e40e99f9
        Validity
            Not Before: Oct 27 20:48:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=638ae427d33a06a97da895d926918d39786b5285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6e:d1:0c:aa:26:ca:b5:66:8b:36:9d:51:e9:
                    15:14:93:ab:56:91:9c:92:33:3f:95:c6:b6:b3:aa:
                    b3:7d:4b:ad:53:ac:41:ea:61:19:88:4b:23:13:96:
                    dd:44:6c:84:f8:e5:e6:c6:10:e7:09:89:a1:4d:e6:
                    55:b0:e9:a9:43:59:22:f2:1e:3e:98:e9:40:6b:c1:
                    62:53:34:f1:f1:e4:d2:82:df:2e:a1:09:02:16:d1:
                    d4:fc:8c:8f:44:41:90:e6:b8:f5:75:3c:18:4f:d4:
                    4e:a5:9e:40:a7:f2:63:c9:e1:a8:a8:26:c5:4c:ae:
                    d5:2b:d1:92:b5:60:0d:47:cb:06:f2:21:bc:2e:8f:
                    e3:3b:99:fb:77:34:cc:0a:18:9b:99:bd:d2:8e:f0:
                    26:84:48:4f:71:bb:4d:db:35:23:a0:67:c3:3b:3f:
                    c6:47:74:b2:67:84:e2:f2:5c:7e:bf:61:a1:58:47:
                    b3:60:17:b6:4b:d8:17:2b:4b:38:a9:26:11:94:4f:
                    21:f6:9d:d7:7d:1b:ab:ac:70:85:5b:80:8d:d4:94:
                    e0:2d:3b:3e:dc:14:77:d5:04:94:03:94:d2:ca:b0:
                    c5:42:aa:2c:e0:fb:f3:2a:e0:3f:c4:3d:55:20:2c:
                    68:e7:fb:d7:f3:c4:3e:c9:ee:fd:cd:43:c6:d1:4a:
                    e7:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:8A:E4:27:D3:3A:06:A9:7D:A8:95:D9:26:91:8D:39:78:6B:52:85
            X509v3 Authority Key Identifier:
                keyid:EF:55:45:96:45:97:9C:41:3D:0B:C6:F7:45:4F:0D:36:E4:0E:99:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71VFlkWXnEE9C8b3RU8NNuQOmfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/Y4rkJ9M6Bql9qJXZJpGNOXhrUoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0512df-7d0c-463b-8724-82531e9c7804/1/71VFlkWXnEE9C8b3RU8NNuQOmfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:47c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:34:b9:5e:e6:34:c4:2e:4d:3c:f9:5e:9c:1a:19:82:c2:e0:
         a4:b8:be:e5:d0:fa:34:dd:8c:64:e5:06:b7:43:fc:bb:16:ec:
         3c:f8:b1:81:d7:61:63:ee:d7:c5:0c:0b:dc:dd:c6:47:84:57:
         e6:70:da:48:b2:42:b8:29:82:3b:1b:e6:ac:57:d1:7a:c1:81:
         ac:f3:ed:50:c9:65:3f:81:5d:12:e5:b8:01:b8:b0:3b:14:09:
         cd:9b:e2:00:f0:2f:49:3a:f7:e7:ba:55:17:bb:44:9b:8f:78:
         dd:79:58:a6:0b:35:08:70:1f:b4:c5:d5:11:fa:51:29:22:09:
         8b:e1:12:bc:ca:e0:24:fd:ad:c1:42:e2:28:ce:ea:f1:bd:74:
         7c:34:a4:b0:4d:1a:da:77:37:50:ba:11:58:53:6a:16:ec:6a:
         9e:ee:6d:3a:d5:1e:bc:e6:ef:28:7b:06:9c:18:73:cf:10:23:
         0c:8d:7a:71:38:91:9f:9c:cf:55:6c:50:52:ab:f3:00:5f:ee:
         b9:68:07:1f:2d:b3:4c:99:e6:eb:99:57:ef:ee:10:43:e8:1f:
         61:a5:2c:a6:21:a2:2e:bc:f8:9d:e7:21:e7:bf:db:a0:2e:e2:
         21:06:40:7a:be:0a:bf:0d:f0:f0:1b:fa:b0:31:13:93:95:55:
         db:a4:bb:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLPvMQ6xQHzmdEqKI2lhYmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTU0NTk2NDU5NzljNDEzZDBiYzZmNzQ1NGYwZDM2ZTQw
ZTk5ZjkwHhcNMjQxMDI3MjA0ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzhhZTQyN2QzM2EwNmE5N2RhODk1ZDkyNjkxOGQzOTc4NmI1Mjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz27RDKomyrVmizadUekVFJOrVpGc
kjM/lca2s6qzfUutU6xB6mEZiEsjE5bdRGyE+OXmxhDnCYmhTeZVsOmpQ1ki8h4+
mOlAa8FiUzTx8eTSgt8uoQkCFtHU/IyPREGQ5rj1dTwYT9ROpZ5Ap/JjyeGoqCbF
TK7VK9GStWANR8sG8iG8Lo/jO5n7dzTMChibmb3SjvAmhEhPcbtN2zUjoGfDOz/G
R3SyZ4Ti8lx+v2GhWEezYBe2S9gXK0s4qSYRlE8h9p3XfRurrHCFW4CN1JTgLTs+
3BR31QSUA5TSyrDFQqos4PvzKuA/xD1VICxo5/vX88Q+ye79zUPG0Urn+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGOK5CfTOgapfaiV2SaRjTl4a1KFMB8GA1UdIwQY
MBaAFO9VRZZFl5xBPQvG90VPDTbkDpn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFWRmxrV1huRUU5QzhiM1JVOE5OdVFPbWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wNTEyZGYtN2QwYy00NjNiLTg3MjQt
ODI1MzFlOWM3ODA0LzEvWTRya0o5TTZCcWw5cUpYWkpwR05PWGhyVW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wNTEyZGYtN2QwYy00NjNiLTg3MjQtODI1MzFlOWM3ODA0
LzEvNzFWRmxrV1huRUU5QzhiM1JVOE5OdVFPbWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRHwDAN
BgkqhkiG9w0BAQsFAAOCAQEALjS5XuY0xC5NPPlenBoZgsLgpLi+5dD6NN2MZOUG
t0P8uxbsPPixgddhY+7XxQwL3N3GR4RX5nDaSLJCuCmCOxvmrFfResGBrPPtUMll
P4FdEuW4AbiwOxQJzZviAPAvSTr357pVF7tEm4943XlYpgs1CHAftMXVEfpRKSIJ
i+ESvMrgJP2twULiKM7q8b10fDSksE0a2nc3ULoRWFNqFuxqnu5tOtUevObvKHsG
nBhzzxAjDI16cTiRn5zPVWxQUqvzAF/uuWgHHy2zTJnm65lX7+4QQ+gfYaUspiGi
Lrz4nech57/boC7iIQZAer4Kvw3w8Bv6sDETk5VV26S7BA==
-----END CERTIFICATE-----