Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/84de8a-7e05-4069-a523-c3b6345a0d05/1/fYfbjFSr4IgKxBVZJ9hShKmCfyY.roa
File:                     fYfbjFSr4IgKxBVZJ9hShKmCfyY.roa (raw, json)
Hash identifier:          7jc2/oZRJiP8nbF8BC7Cz3r+1JCOggOg3TQclJ7qjRo=
Subject key identifier:   7D:87:DB:8C:54:AB:E0:88:0A:C4:15:59:27:D8:52:84:A9:82:7F:26
Certificate issuer:       /CN=55121e5b92fde64889f6aab2cc5ce86fc0e5a07e
Certificate serial:       0190174BFDCF477680AAA52D18E84E97205E
Authority key identifier: 55:12:1E:5B:92:FD:E6:48:89:F6:AA:B2:CC:5C:E8:6F:C0:E5:A0:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VRIeW5L95kiJ9qqyzFzob8DloH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/84de8a-7e05-4069-a523-c3b6345a0d05/1/fYfbjFSr4IgKxBVZJ9hShKmCfyY.roa
Signing time:             Fri 14 Jun 2024 15:09:34 +0000
ROA not before:           Fri 14 Jun 2024 15:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        2a14:27c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/84de8a-7e05-4069-a523-c3b6345a0d05/1/VRIeW5L95kiJ9qqyzFzob8DloH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/84de8a-7e05-4069-a523-c3b6345a0d05/1/VRIeW5L95kiJ9qqyzFzob8DloH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VRIeW5L95kiJ9qqyzFzob8DloH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:4b:fd:cf:47:76:80:aa:a5:2d:18:e8:4e:97:20:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55121e5b92fde64889f6aab2cc5ce86fc0e5a07e
        Validity
            Not Before: Jun 14 15:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d87db8c54abe0880ac4155927d85284a9827f26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bd:63:d4:8c:ea:f9:0e:83:2f:43:60:46:29:
                    18:b9:bb:92:0b:c3:98:36:ab:35:ce:52:60:ea:79:
                    7c:05:c6:d4:c6:1f:e7:88:7a:30:0c:2b:2b:d6:46:
                    9a:61:45:c8:3c:39:4e:5c:00:dd:ae:36:6b:45:bc:
                    7f:43:76:0e:ff:56:8e:cc:72:2b:52:87:3c:b4:c5:
                    41:0e:dd:7a:6e:0c:7b:9b:c6:64:d9:40:6c:d3:28:
                    c7:ef:04:36:7e:01:20:5c:60:42:35:69:ec:3a:6f:
                    8f:1a:9b:09:6f:d7:f0:cc:27:11:66:97:75:f2:f1:
                    c7:5d:e8:9a:48:36:b9:7f:d2:af:ee:7c:bc:d0:79:
                    35:c4:95:5a:13:ba:55:af:77:28:39:25:88:fd:96:
                    0e:71:75:8e:f9:2a:ad:bb:d8:0b:5e:d1:4a:c6:f8:
                    08:bd:eb:0d:49:91:8d:b0:61:1a:0e:16:ab:bd:f7:
                    e5:7b:d0:e5:92:5b:de:37:26:19:49:5d:93:25:38:
                    0b:0b:d9:3c:a0:6a:37:77:96:09:6d:66:0d:62:9c:
                    53:32:20:87:a6:7d:c2:2c:5f:4d:25:82:27:bc:48:
                    ee:14:e0:73:7c:3e:16:7b:45:6a:92:6d:20:0a:8d:
                    08:6b:1e:de:ec:67:c4:c1:98:6d:7c:d4:e0:31:f9:
                    c6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:87:DB:8C:54:AB:E0:88:0A:C4:15:59:27:D8:52:84:A9:82:7F:26
            X509v3 Authority Key Identifier:
                keyid:55:12:1E:5B:92:FD:E6:48:89:F6:AA:B2:CC:5C:E8:6F:C0:E5:A0:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VRIeW5L95kiJ9qqyzFzob8DloH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/84de8a-7e05-4069-a523-c3b6345a0d05/1/fYfbjFSr4IgKxBVZJ9hShKmCfyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/84de8a-7e05-4069-a523-c3b6345a0d05/1/VRIeW5L95kiJ9qqyzFzob8DloH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:27c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:91:83:b6:f3:77:a5:86:20:ed:f0:bc:49:a6:ae:a0:5a:46:
         11:f9:ac:e4:c6:92:fe:c8:39:e9:9b:25:d3:4d:99:16:80:56:
         56:e1:e8:56:b6:1a:51:bd:2b:71:f0:85:61:b2:67:ac:86:d0:
         01:6a:b4:af:62:8a:d5:42:5b:e6:47:d7:e1:e8:42:b2:f2:70:
         8e:81:b1:16:61:ec:4a:5a:fa:d9:59:15:e2:52:bc:3c:02:4a:
         c9:ae:a3:3c:6b:42:61:bc:61:5f:e6:87:a6:cd:a1:24:d1:b0:
         4f:9b:4c:1f:47:c3:e6:3b:92:e7:f7:04:b4:00:af:0e:ef:0d:
         35:9e:82:56:23:bf:2a:b6:83:47:8c:fb:29:46:e0:8f:78:5a:
         fd:9d:0f:63:e1:f8:6a:c7:e7:9b:bf:7d:03:15:94:c3:72:a9:
         e8:e4:67:1e:c8:f1:1a:6f:9d:ca:1d:12:d1:0c:96:94:ba:09:
         c3:d3:53:d4:bb:c3:9a:e8:ad:b5:97:5c:7e:67:bd:83:66:bc:
         dc:c3:0f:6b:94:cc:cb:58:fd:e9:c6:c6:ce:c9:77:36:65:d5:
         c1:f6:83:1d:c3:a0:2d:e3:5a:88:ee:36:21:25:59:29:fb:d1:
         0c:2c:aa:bc:f0:70:49:3b:40:19:3f:ce:c0:3b:3d:a6:15:fa:
         7a:5b:e7:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZAXS/3PR3aAqqUtGOhOlyBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MTIxZTViOTJmZGU2NDg4OWY2YWFiMmNjNWNlODZmYzBl
NWEwN2UwHhcNMjQwNjE0MTUwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDg3ZGI4YzU0YWJlMDg4MGFjNDE1NTkyN2Q4NTI4NGE5ODI3ZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr1j1Izq+Q6DL0NgRikYubuSC8OY
Nqs1zlJg6nl8BcbUxh/niHowDCsr1kaaYUXIPDlOXADdrjZrRbx/Q3YO/1aOzHIr
Uoc8tMVBDt16bgx7m8Zk2UBs0yjH7wQ2fgEgXGBCNWnsOm+PGpsJb9fwzCcRZpd1
8vHHXeiaSDa5f9Kv7ny80Hk1xJVaE7pVr3coOSWI/ZYOcXWO+Sqtu9gLXtFKxvgI
vesNSZGNsGEaDharvffle9DlklveNyYZSV2TJTgLC9k8oGo3d5YJbWYNYpxTMiCH
pn3CLF9NJYInvEjuFOBzfD4We0Vqkm0gCo0Iax7e7GfEwZhtfNTgMfnG2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH2H24xUq+CICsQVWSfYUoSpgn8mMB8GA1UdIwQY
MBaAFFUSHluS/eZIifaqssxc6G/A5aB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlJJZVc1TDk1a2lKOXFxeXpGem9iOERsb0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84NGRlOGEtN2UwNS00MDY5LWE1MjMt
YzNiNjM0NWEwZDA1LzEvZllmYmpGU3I0SWdLeEJWWko5aFNoS21DZnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84NGRlOGEtN2UwNS00MDY5LWE1MjMtYzNiNjM0NWEwZDA1
LzEvVlJJZVc1TDk1a2lKOXFxeXpGem9iOERsb0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhQnwDAN
BgkqhkiG9w0BAQsFAAOCAQEAf5GDtvN3pYYg7fC8SaauoFpGEfms5MaS/sg56Zsl
002ZFoBWVuHoVrYaUb0rcfCFYbJnrIbQAWq0r2KK1UJb5kfX4ehCsvJwjoGxFmHs
Slr62VkV4lK8PAJKya6jPGtCYbxhX+aHps2hJNGwT5tMH0fD5juS5/cEtACvDu8N
NZ6CViO/KraDR4z7KUbgj3ha/Z0PY+H4asfnm799AxWUw3Kp6ORnHsjxGm+dyh0S
0QyWlLoJw9NT1LvDmuittZdcfme9g2a83MMPa5TMy1j96cbGzsl3NmXVwfaDHcOg
LeNaiO42ISVZKfvRDCyqvPBwSTtAGT/OwDs9phX6elvnqg==
-----END CERTIFICATE-----