Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/t77JVDRA6bQ75_uXpSIL6TA_tRM.roa
File:                     t77JVDRA6bQ75_uXpSIL6TA_tRM.roa (raw, json)
Hash identifier:          +sl3MuILVAU829f/IAJ703QEclQRS2m/pfk7hbVWxAo=
Subject key identifier:   B7:BE:C9:54:34:40:E9:B4:3B:E7:FB:97:A5:22:0B:E9:30:3F:B5:13
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0193556480DC41B66AD5B2352C9EE329E77A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/t77JVDRA6bQ75_uXpSIL6TA_tRM.roa
Signing time:             Fri 22 Nov 2024 19:41:09 +0000
ROA not before:           Fri 22 Nov 2024 19:41:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36680
IP address blocks:        2a14:62c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:55:64:80:dc:41:b6:6a:d5:b2:35:2c:9e:e3:29:e7:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Nov 22 19:41:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7bec9543440e9b43be7fb97a5220be9303fb513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0b:4c:71:f4:89:b8:84:d6:49:05:c7:0d:c4:
                    af:e7:b5:a6:e7:6d:14:07:21:1f:70:db:51:8a:17:
                    7b:a1:f3:ef:ae:fb:d9:94:ea:c4:6a:8f:c8:84:c9:
                    65:a0:46:59:7a:94:9e:c3:d6:f2:aa:61:de:25:b9:
                    99:ae:38:41:cf:63:30:9d:79:33:9a:2f:d8:bf:38:
                    00:a9:68:f2:3c:fd:f7:cf:24:cd:8a:b6:74:bf:35:
                    c0:3e:e5:50:42:46:69:6c:0b:d6:28:17:44:83:2c:
                    53:8c:32:00:2f:ff:25:00:c1:9f:cd:f0:0a:50:66:
                    06:f8:c1:d3:89:e2:db:d4:5d:10:81:b8:75:e9:63:
                    ff:14:26:c3:7d:cd:84:67:20:05:32:b2:ab:a7:93:
                    d4:fa:42:59:e8:a9:57:03:f2:74:6b:43:58:d7:98:
                    54:c0:59:7f:2f:49:8f:4c:62:12:c1:4a:e1:ca:23:
                    e4:c6:20:35:c9:13:e7:25:7f:90:ac:a9:9f:52:23:
                    d4:c4:91:7c:88:81:fb:d8:86:98:46:67:a0:5a:95:
                    5d:68:6e:cb:17:e8:b8:89:f4:49:d0:eb:0d:a7:66:
                    42:58:44:13:5b:2e:a8:36:50:a7:27:b3:1e:89:f2:
                    b8:7f:c8:38:9d:ab:66:27:9d:8f:93:1f:c0:71:28:
                    01:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BE:C9:54:34:40:E9:B4:3B:E7:FB:97:A5:22:0B:E9:30:3F:B5:13
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/t77JVDRA6bQ75_uXpSIL6TA_tRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:62c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:1a:05:6f:e4:6e:4e:3b:61:39:fe:c5:8c:50:cf:07:83:d4:
         29:b2:5e:d7:50:58:f2:8a:13:62:76:40:d7:72:7f:17:bf:fc:
         28:fc:d9:7a:ac:e0:28:7b:21:94:d8:94:0d:2e:13:43:1d:5a:
         4d:01:96:8b:c1:82:a9:0e:b5:0c:b7:65:d0:7d:7f:95:4e:54:
         69:f2:a5:32:ef:29:0a:6f:0f:b6:59:b0:d5:10:c5:9d:b9:1e:
         d1:25:b2:0e:d9:fd:41:69:88:fc:f1:c1:78:26:88:1c:2c:3e:
         53:41:58:47:05:45:f1:74:04:2d:14:56:9c:0b:28:80:5c:d7:
         c0:53:7f:64:ee:e7:f6:59:36:41:c6:32:0a:22:55:d1:6b:f5:
         dc:88:29:0e:ba:e1:21:28:d4:55:58:93:3c:cb:66:05:d2:81:
         0a:7a:74:b8:bf:4c:19:f9:d0:e1:77:6c:33:70:60:bf:94:74:
         7a:60:03:0d:84:0a:18:e6:6e:51:37:14:35:c8:aa:e5:7b:2f:
         66:0d:34:a6:6b:bb:63:95:d2:32:d9:28:41:49:97:ed:d0:6b:
         1f:2a:d7:ae:c3:fa:b5:70:85:33:8c:b3:10:57:ce:b7:f4:a1:
         ba:f8:e0:59:45:6e:33:f7:28:bd:41:a3:0f:0b:f4:31:99:30:
         e2:8a:c9:6b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNVZIDcQbZq1bI1LJ7jKed6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQxMTIyMTk0MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JlYzk1NDM0NDBlOWI0M2JlN2ZiOTdhNTIyMGJlOTMwM2ZiNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQtMcfSJuITWSQXHDcSv57Wm520U
ByEfcNtRihd7ofPvrvvZlOrEao/IhMlloEZZepSew9byqmHeJbmZrjhBz2MwnXkz
mi/YvzgAqWjyPP33zyTNirZ0vzXAPuVQQkZpbAvWKBdEgyxTjDIAL/8lAMGfzfAK
UGYG+MHTieLb1F0Qgbh16WP/FCbDfc2EZyAFMrKrp5PU+kJZ6KlXA/J0a0NY15hU
wFl/L0mPTGISwUrhyiPkxiA1yRPnJX+QrKmfUiPUxJF8iIH72IaYRmegWpVdaG7L
F+i4ifRJ0OsNp2ZCWEQTWy6oNlCnJ7MeifK4f8g4natmJ52Pkx/AcSgB8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLe+yVQ0QOm0O+f7l6UiC+kwP7UTMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdDc3SlZEUkE2YlE3NV91WHBTSUw2VEFfdFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAZRoFb+RuTjthOf7FjFDPB4PUKbJe11BY8ooTYnZA
13J/F7/8KPzZeqzgKHshlNiUDS4TQx1aTQGWi8GCqQ61DLdl0H1/lU5UafKlMu8p
Cm8Ptlmw1RDFnbke0SWyDtn9QWmI/PHBeCaIHCw+U0FYRwVF8XQELRRWnAsogFzX
wFN/ZO7n9lk2QcYyCiJV0Wv13IgpDrrhISjUVViTPMtmBdKBCnp0uL9MGfnQ4Xds
M3Bgv5R0emADDYQKGOZuUTcUNciq5XsvZg00pmu7Y5XSMtkoQUmX7dBrHyrXrsP6
tXCFM4yzEFfOt/ShuvjgWUVuM/covUGjDwv0MZkw4orJaw==
-----END CERTIFICATE-----