Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/d073f1-96ed-4b35-a3f4-f8307779945b/1/AHDfV3qUMZw2Psv1FmiLwBrvYCg.roa
File:                     AHDfV3qUMZw2Psv1FmiLwBrvYCg.roa (raw, json)
Hash identifier:          khPoPmvQ4FVfSc77Bwxa6VsF4gtkQ5fmeahFc/AvaG0=
Subject key identifier:   00:70:DF:57:7A:94:31:9C:36:3E:CB:F5:16:68:8B:C0:1A:EF:60:28
Certificate issuer:       /CN=f4dcb5741e29352ddd42469270178506008a4140
Certificate serial:       0193A1781788FBD40C456B2261FCB612A823
Authority key identifier: F4:DC:B5:74:1E:29:35:2D:DD:42:46:92:70:17:85:06:00:8A:41:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Ny1dB4pNS3dQkaScBeFBgCKQUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/d073f1-96ed-4b35-a3f4-f8307779945b/1/AHDfV3qUMZw2Psv1FmiLwBrvYCg.roa
Signing time:             Sat 07 Dec 2024 14:13:42 +0000
ROA not before:           Sat 07 Dec 2024 14:13:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8772
IP address blocks:        2a0a:e140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/d073f1-96ed-4b35-a3f4-f8307779945b/1/9Ny1dB4pNS3dQkaScBeFBgCKQUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/d073f1-96ed-4b35-a3f4-f8307779945b/1/9Ny1dB4pNS3dQkaScBeFBgCKQUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Ny1dB4pNS3dQkaScBeFBgCKQUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:a1:78:17:88:fb:d4:0c:45:6b:22:61:fc:b6:12:a8:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4dcb5741e29352ddd42469270178506008a4140
        Validity
            Not Before: Dec  7 14:13:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0070df577a94319c363ecbf516688bc01aef6028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:dc:b0:5d:81:e0:95:4b:1b:a5:ea:85:f8:be:
                    eb:dd:30:3e:c9:70:76:3c:c1:78:fe:2b:5d:6b:28:
                    d9:af:ef:23:ab:6e:01:ba:5c:cb:18:f1:cf:3f:b2:
                    20:02:8e:18:fc:e5:63:6b:b0:56:68:4e:39:49:12:
                    7b:28:81:77:f3:f5:ef:12:07:53:b1:7b:3a:21:2e:
                    94:2b:af:28:7a:2f:23:cd:8b:ca:de:d2:12:8e:38:
                    26:57:2b:fb:2b:89:81:b7:a9:05:a0:8a:b2:b2:da:
                    af:11:b2:3e:b6:bf:f2:0e:a3:bd:92:fb:7b:38:ab:
                    49:5e:43:91:1a:5c:71:60:c4:96:e6:d3:cd:20:90:
                    08:dd:0c:42:d3:a8:d7:2d:b7:65:20:0c:41:c4:fb:
                    64:a8:fd:ea:16:b2:29:04:d7:02:79:1c:8a:f2:d4:
                    24:25:96:51:97:ef:12:19:13:c8:c3:48:03:a0:ca:
                    a9:cd:70:1b:5e:1e:30:6c:e6:ee:83:b1:7a:18:28:
                    61:0f:2c:2c:e4:31:d6:14:95:48:c9:cf:1e:bb:e2:
                    c8:aa:12:2c:d0:bc:1f:25:39:f5:b8:5b:8d:18:c9:
                    be:53:79:95:2d:63:eb:4c:88:c6:5d:04:85:a0:c8:
                    83:30:9a:b0:5a:8e:89:0c:40:20:74:20:a4:7c:e3:
                    c1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:70:DF:57:7A:94:31:9C:36:3E:CB:F5:16:68:8B:C0:1A:EF:60:28
            X509v3 Authority Key Identifier:
                keyid:F4:DC:B5:74:1E:29:35:2D:DD:42:46:92:70:17:85:06:00:8A:41:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Ny1dB4pNS3dQkaScBeFBgCKQUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d073f1-96ed-4b35-a3f4-f8307779945b/1/AHDfV3qUMZw2Psv1FmiLwBrvYCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/d073f1-96ed-4b35-a3f4-f8307779945b/1/9Ny1dB4pNS3dQkaScBeFBgCKQUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:e140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:f7:ae:9b:f1:14:34:08:e6:fc:e2:88:6a:ca:74:49:eb:cd:
         81:69:3c:3c:9c:dc:03:b5:02:62:16:7c:87:19:4c:ca:ff:87:
         4e:6e:4b:7c:bd:fb:dd:92:dc:a9:de:cd:67:c6:b7:96:10:5b:
         3b:5b:bd:fd:7b:24:e6:01:3a:07:5d:c7:54:00:6f:59:7d:23:
         f6:29:28:05:38:1d:ee:ed:91:3e:23:cf:d9:c2:36:ae:1d:d7:
         aa:13:d5:61:78:db:fa:0f:79:0e:ca:82:17:d0:6c:69:08:ac:
         e5:7c:3c:a8:60:f8:62:0e:c8:cd:f5:1a:4a:cf:56:c2:b8:ed:
         f4:da:5e:89:24:38:8c:cd:50:db:9a:e6:70:61:50:c9:e6:1e:
         24:59:19:f5:fb:8d:95:45:c3:c3:17:4a:b5:32:eb:f8:a8:9f:
         1c:0f:2d:37:18:e6:78:fd:b4:84:2a:b6:fa:61:57:65:fa:2c:
         5e:d5:09:cc:3b:a2:aa:fc:3c:7c:9d:a1:bd:66:98:fb:31:0b:
         41:fc:13:35:39:76:a9:80:e8:06:73:b0:24:3e:c2:3d:29:58:
         d7:3f:45:da:ff:2b:91:af:99:6e:17:4e:84:ed:4e:bf:37:55:
         e4:3f:15:96:61:f1:06:c1:93:75:22:57:62:18:30:4a:e0:ed:
         95:62:7d:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZOheBeI+9QMRWsiYfy2EqgjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZGNiNTc0MWUyOTM1MmRkZDQyNDY5MjcwMTc4NTA2MDA4
YTQxNDAwHhcNMjQxMjA3MTQxMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDcwZGY1NzdhOTQzMTljMzYzZWNiZjUxNjY4OGJjMDFhZWY2MDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdywXYHglUsbpeqF+L7r3TA+yXB2
PMF4/itdayjZr+8jq24BulzLGPHPP7IgAo4Y/OVja7BWaE45SRJ7KIF38/XvEgdT
sXs6IS6UK68oei8jzYvK3tISjjgmVyv7K4mBt6kFoIqystqvEbI+tr/yDqO9kvt7
OKtJXkORGlxxYMSW5tPNIJAI3QxC06jXLbdlIAxBxPtkqP3qFrIpBNcCeRyK8tQk
JZZRl+8SGRPIw0gDoMqpzXAbXh4wbObug7F6GChhDyws5DHWFJVIyc8eu+LIqhIs
0LwfJTn1uFuNGMm+U3mVLWPrTIjGXQSFoMiDMJqwWo6JDEAgdCCkfOPBqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFABw31d6lDGcNj7L9RZoi8Aa72AoMB8GA1UdIwQY
MBaAFPTctXQeKTUt3UJGknAXhQYAikFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU55MWRCNHBOUzNkUWthU2NCZUZCZ0NLUVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kMDczZjEtOTZlZC00YjM1LWEzZjQt
ZjgzMDc3Nzk5NDViLzEvQUhEZlYzcVVNWncyUHN2MUZtaUx3QnJ2WUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kMDczZjEtOTZlZC00YjM1LWEzZjQtZjgzMDc3Nzk5NDVi
LzEvOU55MWRCNHBOUzNkUWthU2NCZUZCZ0NLUVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgrhQDAN
BgkqhkiG9w0BAQsFAAOCAQEAWveum/EUNAjm/OKIasp0SevNgWk8PJzcA7UCYhZ8
hxlMyv+HTm5LfL373ZLcqd7NZ8a3lhBbO1u9/Xsk5gE6B13HVABvWX0j9ikoBTgd
7u2RPiPP2cI2rh3XqhPVYXjb+g95DsqCF9BsaQis5Xw8qGD4Yg7IzfUaSs9Wwrjt
9NpeiSQ4jM1Q25rmcGFQyeYeJFkZ9fuNlUXDwxdKtTLr+KifHA8tNxjmeP20hCq2
+mFXZfosXtUJzDuiqvw8fJ2hvWaY+zELQfwTNTl2qYDoBnOwJD7CPSlY1z9F2v8r
ka+ZbhdOhO1OvzdV5D8VlmHxBsGTdSJXYhgwSuDtlWJ94g==
-----END CERTIFICATE-----