Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/JSNxkdlP9tKX-tzblYkybzWcezQ.roa
File:                     JSNxkdlP9tKX-tzblYkybzWcezQ.roa (raw, json)
Hash identifier:          UGyE+P9Blm5zibHnospzZISVanA54FNXSxi3/DTGN2E=
Subject key identifier:   25:23:71:91:D9:4F:F6:D2:97:FA:DC:DB:95:89:32:6F:35:9C:7B:34
Certificate issuer:       /CN=04d3c5de9ff3cce131c8bfcdcce333947d92635e
Certificate serial:       018FF7FD5C444AEF9BFBED4655680BF7251D
Authority key identifier: 04:D3:C5:DE:9F:F3:CC:E1:31:C8:BF:CD:CC:E3:33:94:7D:92:63:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BNPF3p_zzOExyL_NzOMzlH2SY14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/JSNxkdlP9tKX-tzblYkybzWcezQ.roa
Signing time:             Sat 08 Jun 2024 13:15:27 +0000
ROA not before:           Sat 08 Jun 2024 13:15:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214824
IP address blocks:        2a14:4e40::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/BNPF3p_zzOExyL_NzOMzlH2SY14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/BNPF3p_zzOExyL_NzOMzlH2SY14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BNPF3p_zzOExyL_NzOMzlH2SY14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f7:fd:5c:44:4a:ef:9b:fb:ed:46:55:68:0b:f7:25:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04d3c5de9ff3cce131c8bfcdcce333947d92635e
        Validity
            Not Before: Jun  8 13:15:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25237191d94ff6d297fadcdb9589326f359c7b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:72:db:96:b6:0b:b8:e9:56:cb:ae:4e:cd:a6:
                    f0:d9:75:8b:a3:15:a7:6a:ec:d6:1d:52:0c:4f:ef:
                    71:e9:39:6d:27:f4:e9:a5:80:37:db:d4:fa:c1:f9:
                    35:22:33:e4:57:67:eb:ae:2b:57:a7:68:12:76:4f:
                    1d:67:7f:08:32:f2:47:ba:2c:d1:eb:e9:6c:80:63:
                    14:a9:53:4b:0c:b4:31:a0:1f:d4:0f:1c:22:1c:68:
                    d9:0a:a9:20:e9:82:68:b7:81:e0:e0:83:62:03:76:
                    8e:5c:1e:8c:57:57:8d:f1:ec:06:5d:66:8e:ff:5f:
                    1d:69:7c:96:c1:2b:67:88:13:0c:5a:f0:43:c3:51:
                    d2:c4:21:64:eb:96:d4:4b:f4:c6:3c:78:f5:71:75:
                    77:d4:fb:8d:ea:31:3c:c9:6c:da:b8:35:08:28:85:
                    71:a4:88:55:4a:03:03:bf:13:16:64:93:7c:43:8b:
                    70:49:ed:44:64:36:a7:4a:b4:b2:a1:05:bd:c8:ff:
                    b2:90:2b:09:02:d9:fe:2c:d5:26:16:04:f7:7b:39:
                    6a:1a:37:6b:65:1e:ff:51:56:f0:02:bf:a2:cd:d3:
                    03:da:56:da:35:83:25:0a:bf:26:9f:a2:c7:b0:cf:
                    37:cc:1f:58:47:ea:85:fc:e2:a3:cd:65:5d:25:8c:
                    1d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:23:71:91:D9:4F:F6:D2:97:FA:DC:DB:95:89:32:6F:35:9C:7B:34
            X509v3 Authority Key Identifier:
                keyid:04:D3:C5:DE:9F:F3:CC:E1:31:C8:BF:CD:CC:E3:33:94:7D:92:63:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BNPF3p_zzOExyL_NzOMzlH2SY14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/JSNxkdlP9tKX-tzblYkybzWcezQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/BNPF3p_zzOExyL_NzOMzlH2SY14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4e40::/64

    Signature Algorithm: sha256WithRSAEncryption
         6a:ca:d4:a2:36:19:a9:90:1a:57:db:0e:49:31:0d:13:70:dc:
         75:e3:3d:ad:7d:70:0a:79:20:dd:78:83:a6:43:5d:50:41:9d:
         1d:bc:1f:5d:56:ef:b0:13:65:12:ee:a2:ac:b5:fc:bd:35:23:
         b6:27:1b:5a:2d:31:81:7e:72:46:46:4c:4b:b2:ee:7d:3a:b7:
         c3:fc:e4:0e:da:a0:6e:b2:2a:7b:74:9d:29:5c:96:68:75:20:
         02:ad:21:19:5f:c3:16:09:72:d5:5e:ec:4f:b5:99:0e:19:a9:
         9c:af:73:44:eb:a8:88:86:b9:88:73:e6:3c:bf:3e:f0:34:9e:
         13:cf:55:f9:5f:55:5e:28:ba:ea:75:49:7e:fc:c2:27:53:dc:
         e3:cc:cd:a0:44:98:14:2d:22:9d:b2:8b:38:a3:9d:9e:62:bd:
         ea:b9:8d:15:75:24:ba:77:bd:9e:9d:fa:93:76:c6:e4:a4:a4:
         f6:38:60:da:38:eb:33:43:f8:2c:e9:80:10:ec:eb:cf:44:e9:
         02:9f:0d:28:fb:9c:20:39:07:5f:4a:9c:dd:8b:40:af:ec:8e:
         33:95:25:94:be:ee:e2:ec:2c:64:69:c9:9c:41:17:1f:42:95:
         4c:81:6e:91:59:6f:69:25:8f:f4:ff:99:77:e1:b3:0d:58:9b:
         25:45:cb:cf
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAY/3/VxESu+b++1GVWgL9yUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZDNjNWRlOWZmM2NjZTEzMWM4YmZjZGNjZTMzMzk0N2Q5
MjYzNWUwHhcNMjQwNjA4MTMxNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTIzNzE5MWQ5NGZmNmQyOTdmYWRjZGI5NTg5MzI2ZjM1OWM3YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXLblrYLuOlWy65Ozabw2XWLoxWn
auzWHVIMT+9x6TltJ/TppYA329T6wfk1IjPkV2frritXp2gSdk8dZ38IMvJHuizR
6+lsgGMUqVNLDLQxoB/UDxwiHGjZCqkg6YJot4Hg4INiA3aOXB6MV1eN8ewGXWaO
/18daXyWwStniBMMWvBDw1HSxCFk65bUS/TGPHj1cXV31PuN6jE8yWzauDUIKIVx
pIhVSgMDvxMWZJN8Q4twSe1EZDanSrSyoQW9yP+ykCsJAtn+LNUmFgT3ezlqGjdr
ZR7/UVbwAr+izdMD2lbaNYMlCr8mn6LHsM83zB9YR+qF/OKjzWVdJYwdbQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFCUjcZHZT/bSl/rc25WJMm81nHs0MB8GA1UdIwQY
MBaAFATTxd6f88zhMci/zczjM5R9kmNeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk5QRjNwX3p6T0V4eUxfTnpPTXpsSDJTWTE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yNjA3ZmItNmI4NC00NTZlLWFhMDkt
OWQ4YmM4MTE1ZjY4LzEvSlNOeGtkbFA5dEtYLXR6YmxZa3lieldjZXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yNjA3ZmItNmI4NC00NTZlLWFhMDktOWQ4YmM4MTE1ZjY4
LzEvQk5QRjNwX3p6T0V4eUxfTnpPTXpsSDJTWTE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKhROQAAA
AAAwDQYJKoZIhvcNAQELBQADggEBAGrK1KI2GamQGlfbDkkxDRNw3HXjPa19cAp5
IN14g6ZDXVBBnR28H11W77ATZRLuoqy1/L01I7YnG1otMYF+ckZGTEuy7n06t8P8
5A7aoG6yKnt0nSlclmh1IAKtIRlfwxYJctVe7E+1mQ4ZqZyvc0TrqIiGuYhz5jy/
PvA0nhPPVflfVV4ouup1SX78widT3OPMzaBEmBQtIp2yizijnZ5iveq5jRV1JLp3
vZ6d+pN2xuSkpPY4YNo46zND+CzpgBDs689E6QKfDSj7nCA5B19KnN2LQK/sjjOV
JZS+7uLsLGRpyZxBFx9ClUyBbpFZb2klj/T/mXfhsw1YmyVFy88=
-----END CERTIFICATE-----