Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/ynqtdmkFRb5nZtbBZj3aY1EMM-g.roa
File:                     ynqtdmkFRb5nZtbBZj3aY1EMM-g.roa (raw, json)
Hash identifier:          voxHDHgCz6aUQ5885sXmZjlZGrUFeoWIlR11kEFqaf0=
Subject key identifier:   CA:7A:AD:76:69:05:45:BE:67:66:D6:C1:66:3D:DA:63:51:0C:33:E8
Certificate issuer:       /CN=8794395ac822dfe01165216c7781ffd61db28d5b
Certificate serial:       019336802CD510117D53351A7CA855BE55C9
Authority key identifier: 87:94:39:5A:C8:22:DF:E0:11:65:21:6C:77:81:FF:D6:1D:B2:8D:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/ynqtdmkFRb5nZtbBZj3aY1EMM-g.roa
Signing time:             Sat 16 Nov 2024 19:43:09 +0000
ROA not before:           Sat 16 Nov 2024 19:43:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216271
IP address blocks:        2a14:7480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:36:80:2c:d5:10:11:7d:53:35:1a:7c:a8:55:be:55:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8794395ac822dfe01165216c7781ffd61db28d5b
        Validity
            Not Before: Nov 16 19:43:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca7aad76690545be6766d6c1663dda63510c33e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d8:4a:67:b1:86:84:fd:16:25:43:78:11:b0:
                    27:aa:4a:ba:9e:a0:34:cf:87:30:1e:68:0a:4a:dc:
                    20:02:09:93:22:19:e1:67:18:34:9c:b3:a4:9b:8e:
                    c8:8c:ce:50:7e:28:cc:7d:b3:ba:b6:88:bd:ee:eb:
                    1d:88:28:91:39:8f:44:a4:95:89:08:02:9c:a2:d0:
                    d3:9d:4e:d6:b8:be:5b:fb:b4:66:94:8a:b8:26:99:
                    e0:a2:56:01:03:98:b9:6c:39:7f:8f:1c:83:88:c2:
                    a6:69:44:ef:98:ac:dc:c6:cc:d7:c9:d5:8f:9f:b9:
                    23:0b:36:54:6d:bb:ef:d1:6b:13:ea:c3:4b:09:6c:
                    56:b2:a6:07:86:6c:b5:cc:b7:66:91:d0:be:d1:49:
                    21:7a:a0:fa:3d:02:cd:dd:7d:25:b3:43:35:99:f2:
                    80:90:0b:54:8b:c8:40:f8:9b:10:26:1d:3d:3d:49:
                    c2:ff:1a:b5:08:90:a4:fa:6b:56:c6:ab:0e:ba:de:
                    91:d7:c2:e2:a3:39:42:3f:d3:49:e6:84:b6:11:e5:
                    3b:af:91:9e:b4:a9:da:c2:32:c9:88:7a:eb:0c:08:
                    89:89:63:17:f2:51:bb:72:e9:41:78:c1:36:da:dc:
                    e2:96:93:20:7f:f4:8c:57:e7:f4:4b:07:45:fb:b9:
                    a5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7A:AD:76:69:05:45:BE:67:66:D6:C1:66:3D:DA:63:51:0C:33:E8
            X509v3 Authority Key Identifier:
                keyid:87:94:39:5A:C8:22:DF:E0:11:65:21:6C:77:81:FF:D6:1D:B2:8D:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/ynqtdmkFRb5nZtbBZj3aY1EMM-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a2a3a4-ab75-49d4-a941-353f9812b1db/1/h5Q5Wsgi3-ARZSFsd4H_1h2yjVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7480::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:52:a7:95:09:95:f4:eb:b7:99:13:92:f2:58:d7:e6:c2:17:
         8f:b4:c8:05:83:42:7f:e2:82:5e:12:9e:ea:32:ba:21:9a:da:
         e6:a8:e4:ee:2a:e1:95:0f:42:01:5a:ae:61:a2:32:05:3c:b0:
         50:e8:64:1a:4c:6f:a2:fe:df:4e:43:34:46:65:f7:58:a9:f0:
         9c:9e:fe:50:93:5f:48:16:08:30:8f:03:12:11:c8:c1:0d:dd:
         48:a1:f0:80:35:a2:d8:31:1e:ab:e7:d2:ca:3d:ff:27:ad:9f:
         ac:c0:83:5b:3b:24:26:eb:cc:02:01:dc:b8:3b:7c:14:5c:4a:
         ae:38:78:5f:c7:2c:d1:e6:e0:9f:ba:5e:a3:54:ba:cd:bc:ca:
         28:91:8a:1b:be:60:42:97:e2:3d:9c:70:86:eb:ee:83:8c:85:
         32:83:3d:5f:af:6c:2c:16:d2:f7:bd:df:4e:7a:ec:98:56:f8:
         12:10:81:c3:27:a6:b7:4e:2e:67:3e:60:38:e8:35:fa:61:e4:
         ea:81:b9:61:1e:1c:34:50:c3:89:23:b2:c1:a8:08:da:e5:99:
         de:bc:37:42:87:30:30:a8:d4:22:c4:b0:1c:8b:80:d1:54:9c:
         6b:e3:7c:8f:3c:d6:b3:ad:b5:97:d8:63:98:0e:30:29:bd:e3:
         8d:6d:76:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZM2gCzVEBF9UzUafKhVvlXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OTQzOTVhYzgyMmRmZTAxMTY1MjE2Yzc3ODFmZmQ2MWRi
MjhkNWIwHhcNMjQxMTE2MTk0MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdhYWQ3NjY5MDU0NWJlNjc2NmQ2YzE2NjNkZGE2MzUxMGMzM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09hKZ7GGhP0WJUN4EbAnqkq6nqA0
z4cwHmgKStwgAgmTIhnhZxg0nLOkm47IjM5QfijMfbO6toi97usdiCiROY9EpJWJ
CAKcotDTnU7WuL5b+7RmlIq4JpngolYBA5i5bDl/jxyDiMKmaUTvmKzcxszXydWP
n7kjCzZUbbvv0WsT6sNLCWxWsqYHhmy1zLdmkdC+0UkheqD6PQLN3X0ls0M1mfKA
kAtUi8hA+JsQJh09PUnC/xq1CJCk+mtWxqsOut6R18LiozlCP9NJ5oS2EeU7r5Ge
tKnawjLJiHrrDAiJiWMX8lG7culBeME22tzilpMgf/SMV+f0SwdF+7mlnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMp6rXZpBUW+Z2bWwWY92mNRDDPoMB8GA1UdIwQY
MBaAFIeUOVrIIt/gEWUhbHeB/9Ydso1bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDVRNVdzZ2kzLUFSWlNGc2Q0SF8xaDJ5alZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hMmEzYTQtYWI3NS00OWQ0LWE5NDEt
MzUzZjk4MTJiMWRiLzEveW5xdGRta0ZSYjVuWnRiQlpqM2FZMUVNTS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hMmEzYTQtYWI3NS00OWQ0LWE5NDEtMzUzZjk4MTJiMWRi
LzEvaDVRNVdzZ2kzLUFSWlNGc2Q0SF8xaDJ5alZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhR0gDAN
BgkqhkiG9w0BAQsFAAOCAQEAP1KnlQmV9Ou3mROS8ljX5sIXj7TIBYNCf+KCXhKe
6jK6IZra5qjk7irhlQ9CAVquYaIyBTywUOhkGkxvov7fTkM0RmX3WKnwnJ7+UJNf
SBYIMI8DEhHIwQ3dSKHwgDWi2DEeq+fSyj3/J62frMCDWzskJuvMAgHcuDt8FFxK
rjh4X8cs0ebgn7peo1S6zbzKKJGKG75gQpfiPZxwhuvug4yFMoM9X69sLBbS973f
TnrsmFb4EhCBwyemt04uZz5gOOg1+mHk6oG5YR4cNFDDiSOywagI2uWZ3rw3Qocw
MKjUIsSwHIuA0VSca+N8jzzWs621l9hjmA4wKb3jjW12Qg==
-----END CERTIFICATE-----