Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/fe9eb3-3b1b-4ff4-a374-5a5d0bd8760e/1/iDoSqKc6llKQxGfTmZCZ2YcY4cs.roa
File:                     iDoSqKc6llKQxGfTmZCZ2YcY4cs.roa (raw, json)
Hash identifier:          es0ka58c7y8IgQ5dN6WBs931acMAS5ZhFggaGnqiGkE=
Subject key identifier:   88:3A:12:A8:A7:3A:96:52:90:C4:67:D3:99:90:99:D9:87:18:E1:CB
Certificate issuer:       /CN=1f4439c757b6b646df16844f5a529ee27520736e
Certificate serial:       018F154846FC990996810F3B942604F970BE
Authority key identifier: 1F:44:39:C7:57:B6:B6:46:DF:16:84:4F:5A:52:9E:E2:75:20:73:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0Q5x1e2tkbfFoRPWlKe4nUgc24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/fe9eb3-3b1b-4ff4-a374-5a5d0bd8760e/1/iDoSqKc6llKQxGfTmZCZ2YcY4cs.roa
Signing time:             Thu 25 Apr 2024 12:43:29 +0000
ROA not before:           Thu 25 Apr 2024 12:43:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15377
IP address blocks:        2a14:45c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/fe9eb3-3b1b-4ff4-a374-5a5d0bd8760e/1/H0Q5x1e2tkbfFoRPWlKe4nUgc24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/fe9eb3-3b1b-4ff4-a374-5a5d0bd8760e/1/H0Q5x1e2tkbfFoRPWlKe4nUgc24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0Q5x1e2tkbfFoRPWlKe4nUgc24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:48:46:fc:99:09:96:81:0f:3b:94:26:04:f9:70:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4439c757b6b646df16844f5a529ee27520736e
        Validity
            Not Before: Apr 25 12:43:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=883a12a8a73a965290c467d3999099d98718e1cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:27:be:8e:c8:68:f2:ee:1f:9f:25:08:0e:71:
                    71:a0:6c:00:5e:af:9a:ec:0b:0a:84:5e:dc:61:3a:
                    64:98:da:9f:2b:8c:47:53:57:17:2b:bc:4a:25:1f:
                    70:68:76:3e:fa:2e:b3:fa:e7:73:3c:51:28:51:43:
                    bc:46:22:b5:ae:be:c8:98:e0:c2:26:b4:12:51:8c:
                    3b:08:f3:f9:9e:fa:53:a1:cc:35:c9:38:b4:04:5c:
                    03:b2:e3:e3:09:db:cf:ae:42:54:3c:98:06:71:4d:
                    64:66:41:13:15:08:57:08:d7:cb:63:b8:5b:71:60:
                    d6:43:39:f1:c4:66:64:e9:97:30:d5:a2:e4:a4:f5:
                    10:b2:77:4e:05:ec:f7:2a:17:58:51:14:c4:43:a9:
                    e2:83:01:d6:66:6c:c4:59:5a:55:f6:b2:e3:1b:97:
                    de:24:83:6d:6d:c2:1c:52:a8:c4:39:78:36:61:d0:
                    85:ff:14:0c:f8:5e:c4:47:50:12:63:18:07:4d:bf:
                    be:34:47:e1:60:97:e5:2c:b9:80:52:08:7c:1d:43:
                    f1:36:ce:5c:e6:39:5b:77:1c:c5:54:af:47:d1:ae:
                    23:41:62:0d:bf:2b:45:87:91:49:7a:a0:07:c3:15:
                    74:60:f7:5b:0c:52:e2:29:98:37:70:88:1b:25:9c:
                    42:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:3A:12:A8:A7:3A:96:52:90:C4:67:D3:99:90:99:D9:87:18:E1:CB
            X509v3 Authority Key Identifier:
                keyid:1F:44:39:C7:57:B6:B6:46:DF:16:84:4F:5A:52:9E:E2:75:20:73:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0Q5x1e2tkbfFoRPWlKe4nUgc24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/fe9eb3-3b1b-4ff4-a374-5a5d0bd8760e/1/iDoSqKc6llKQxGfTmZCZ2YcY4cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/fe9eb3-3b1b-4ff4-a374-5a5d0bd8760e/1/H0Q5x1e2tkbfFoRPWlKe4nUgc24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:45c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:6f:97:34:ab:62:15:b8:2a:89:32:56:b6:50:16:9d:0f:23:
         5d:9f:51:ce:e2:9c:96:fb:54:64:90:c7:26:73:18:dd:2d:d6:
         23:28:77:2e:dc:be:1a:80:c6:12:ac:86:79:6e:d8:cf:dd:46:
         3d:d5:68:cd:0a:53:07:f8:d0:bb:93:ba:0b:de:ca:a3:e1:b9:
         97:53:f0:8e:dc:7d:71:c6:99:f6:d8:54:a1:71:7a:76:b4:f0:
         97:d5:b6:44:19:d6:33:0a:57:4c:cd:e9:26:3a:64:e2:83:4d:
         11:47:16:70:d8:b8:1d:e8:12:28:c1:bd:1b:3f:c6:36:1b:4b:
         27:a3:b1:31:ba:6a:0e:6f:95:4f:f0:92:f3:41:fd:10:3e:f1:
         50:0d:31:c9:cb:4a:d5:ad:a8:ea:11:84:e2:af:c9:8f:5b:2a:
         33:da:66:5b:3a:ae:83:3a:cc:bc:3b:89:bc:01:dc:66:57:ac:
         41:d2:14:bd:fb:af:aa:6a:0a:62:91:d3:7c:11:7f:76:73:d7:
         ac:76:3a:02:16:96:cc:26:80:f5:31:64:fe:71:d2:49:ec:4d:
         89:96:f4:c0:cf:45:c2:f4:65:37:fd:dd:69:2c:00:67:e9:9b:
         72:1c:43:0c:70:4e:cb:23:66:cb:c7:b5:f1:b2:75:d3:f5:e0:
         ee:c9:b5:16
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8VSEb8mQmWgQ87lCYE+XC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDQzOWM3NTdiNmI2NDZkZjE2ODQ0ZjVhNTI5ZWUyNzUy
MDczNmUwHhcNMjQwNDI1MTI0MzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODNhMTJhOGE3M2E5NjUyOTBjNDY3ZDM5OTkwOTlkOTg3MThlMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSe+jsho8u4fnyUIDnFxoGwAXq+a
7AsKhF7cYTpkmNqfK4xHU1cXK7xKJR9waHY++i6z+udzPFEoUUO8RiK1rr7ImODC
JrQSUYw7CPP5nvpTocw1yTi0BFwDsuPjCdvPrkJUPJgGcU1kZkETFQhXCNfLY7hb
cWDWQznxxGZk6Zcw1aLkpPUQsndOBez3KhdYURTEQ6nigwHWZmzEWVpV9rLjG5fe
JINtbcIcUqjEOXg2YdCF/xQM+F7ER1ASYxgHTb++NEfhYJflLLmAUgh8HUPxNs5c
5jlbdxzFVK9H0a4jQWINvytFh5FJeqAHwxV0YPdbDFLiKZg3cIgbJZxCUQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIg6EqinOpZSkMRn05mQmdmHGOHLMB8GA1UdIwQY
MBaAFB9EOcdXtrZG3xaET1pSnuJ1IHNuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBRNXgxZTJ0a2JmRm9SUFdsS2U0blVnYzI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mZTllYjMtM2IxYi00ZmY0LWEzNzQt
NWE1ZDBiZDg3NjBlLzEvaURvU3FLYzZsbEtReEdmVG1aQ1oyWWNZNGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mZTllYjMtM2IxYi00ZmY0LWEzNzQtNWE1ZDBiZDg3NjBl
LzEvSDBRNXgxZTJ0a2JmRm9SUFdsS2U0blVnYzI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRFwDAN
BgkqhkiG9w0BAQsFAAOCAQEABm+XNKtiFbgqiTJWtlAWnQ8jXZ9RzuKclvtUZJDH
JnMY3S3WIyh3Lty+GoDGEqyGeW7Yz91GPdVozQpTB/jQu5O6C97Ko+G5l1Pwjtx9
ccaZ9thUoXF6drTwl9W2RBnWMwpXTM3pJjpk4oNNEUcWcNi4HegSKMG9Gz/GNhtL
J6OxMbpqDm+VT/CS80H9ED7xUA0xyctK1a2o6hGE4q/Jj1sqM9pmWzqugzrMvDuJ
vAHcZlesQdIUvfuvqmoKYpHTfBF/dnPXrHY6AhaWzCaA9TFk/nHSSexNiZb0wM9F
wvRlN/3daSwAZ+mbchxDDHBOyyNmy8e18bJ10/Xg7sm1Fg==
-----END CERTIFICATE-----