Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/1lObMefZGalYdj71yFwq5dFC0KI.roa
File:                     1lObMefZGalYdj71yFwq5dFC0KI.roa (raw, json)
Hash identifier:          HUQuejTdefWML19kpZkxFKCQ742FIGjjhxy1XBfPgAY=
Subject key identifier:   D6:53:9B:31:E7:D9:19:A9:58:76:3E:F5:C8:5C:2A:E5:D1:42:D0:A2
Certificate issuer:       /CN=f709528b8828b4d826355e2c52237d642071cd54
Certificate serial:       018CEE8016739253DFDEFB3979B04A346E11
Authority key identifier: F7:09:52:8B:88:28:B4:D8:26:35:5E:2C:52:23:7D:64:20:71:CD:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/1lObMefZGalYdj71yFwq5dFC0KI.roa
Signing time:             Tue 09 Jan 2024 13:53:40 +0000
ROA not before:           Tue 09 Jan 2024 13:53:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215759
IP address blocks:        2a14:6680:2000::/48 maxlen: 48
                          2a14:6680:1000::/48 maxlen: 48
                          2a14:6680:2001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:80:16:73:92:53:df:de:fb:39:79:b0:4a:34:6e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f709528b8828b4d826355e2c52237d642071cd54
        Validity
            Not Before: Jan  9 13:53:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6539b31e7d919a958763ef5c85c2ae5d142d0a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8d:be:50:12:f8:e9:21:11:33:9a:ec:5e:22:
                    f4:81:0f:be:45:f7:b0:42:94:83:2f:10:fd:84:53:
                    8e:dc:ac:58:59:4a:ff:1a:a9:fe:cd:54:60:25:28:
                    3a:c7:6e:aa:95:ad:9c:60:a7:5e:37:47:bf:18:b9:
                    9d:5f:e9:54:a8:7b:77:09:3e:18:43:1f:8b:c3:8c:
                    8f:1e:ef:66:36:e5:7e:ff:70:38:f3:5c:c4:6f:7c:
                    ca:18:54:ae:69:4c:60:ff:08:08:79:13:fb:67:05:
                    32:fb:41:1a:ed:57:19:9a:01:c2:9a:09:66:ad:3a:
                    b3:b9:9a:5c:af:4c:cf:61:0e:a0:d2:db:09:34:99:
                    d2:8b:ac:f2:d8:e2:8d:31:96:b3:96:6f:8a:21:d0:
                    3a:15:e6:61:32:3b:71:df:98:8a:cf:e8:34:a0:7e:
                    55:ec:d3:5a:ce:d6:4a:49:d5:28:9d:32:f4:e9:b6:
                    b4:98:b0:f9:33:80:2d:7d:ea:0c:1e:04:02:c5:6e:
                    ba:4a:2b:9a:7b:47:c1:10:92:57:29:ba:a7:9d:77:
                    49:1b:52:2b:7b:49:85:4e:f7:49:11:4a:58:83:03:
                    5e:9f:37:12:52:0d:63:2b:74:98:01:0c:60:fb:cc:
                    32:9c:a7:b2:91:7f:53:8a:6f:fb:13:0b:ad:9a:0e:
                    26:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:53:9B:31:E7:D9:19:A9:58:76:3E:F5:C8:5C:2A:E5:D1:42:D0:A2
            X509v3 Authority Key Identifier:
                keyid:F7:09:52:8B:88:28:B4:D8:26:35:5E:2C:52:23:7D:64:20:71:CD:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/1lObMefZGalYdj71yFwq5dFC0KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2d9d80-b8bf-465a-a291-9f74facae8f1/1/9wlSi4gotNgmNV4sUiN9ZCBxzVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6680:1000::/48
                  2a14:6680:2000::/47

    Signature Algorithm: sha256WithRSAEncryption
         99:4d:7c:93:d2:70:a4:2d:03:fa:26:fb:fc:e5:cb:25:e6:4d:
         ca:b1:c6:c2:bb:15:4d:1a:23:12:07:9f:6c:80:57:18:82:ce:
         5e:e6:bb:6b:6a:36:7b:f3:69:0b:fe:db:6a:2e:c7:55:dd:1b:
         3c:3f:6f:5c:e0:fa:a0:66:21:1e:ea:98:69:c9:73:1f:40:29:
         dc:26:17:4f:96:f9:ad:a7:f8:c2:c9:10:8a:43:2e:cd:28:cc:
         c8:e3:b8:28:d9:90:03:55:f4:50:33:75:fb:23:d6:f3:2b:e6:
         e3:5b:49:75:00:46:76:f9:ee:b6:ba:62:e7:89:14:49:98:45:
         65:ac:6a:65:09:fd:fd:76:15:f1:b7:c5:c0:34:89:5a:9d:e7:
         ce:7f:1e:68:7a:4e:d4:fa:d5:57:d6:17:d6:57:40:e5:c3:78:
         ff:1d:ea:a1:5a:fb:bb:57:f5:bb:6e:9c:3c:7f:94:d9:1b:62:
         ad:4d:4c:f0:5d:42:d1:61:38:ea:03:12:e0:01:58:b3:14:73:
         1f:6f:1d:f0:21:f5:23:c4:b7:28:b8:86:71:4a:56:9b:14:f3:
         73:8c:7c:fb:41:e4:cb:cb:19:67:34:1c:70:f1:20:08:05:fe:
         6e:74:b4:8f:9e:f1:6c:b7:ed:3a:bb:79:a1:99:8c:61:52:a9:
         da:ef:6c:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzugBZzklPf3vs5ebBKNG4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MDk1MjhiODgyOGI0ZDgyNjM1NWUyYzUyMjM3ZDY0MjA3
MWNkNTQwHhcNMjQwMTA5MTM1MzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjUzOWIzMWU3ZDkxOWE5NTg3NjNlZjVjODVjMmFlNWQxNDJkMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh42+UBL46SERM5rsXiL0gQ++Rfew
QpSDLxD9hFOO3KxYWUr/Gqn+zVRgJSg6x26qla2cYKdeN0e/GLmdX+lUqHt3CT4Y
Qx+Lw4yPHu9mNuV+/3A481zEb3zKGFSuaUxg/wgIeRP7ZwUy+0Ea7VcZmgHCmglm
rTqzuZpcr0zPYQ6g0tsJNJnSi6zy2OKNMZazlm+KIdA6FeZhMjtx35iKz+g0oH5V
7NNaztZKSdUonTL06ba0mLD5M4AtfeoMHgQCxW66Siuae0fBEJJXKbqnnXdJG1Ir
e0mFTvdJEUpYgwNenzcSUg1jK3SYAQxg+8wynKeykX9Tim/7Ewutmg4mPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNZTmzHn2RmpWHY+9chcKuXRQtCiMB8GA1UdIwQY
MBaAFPcJUouIKLTYJjVeLFIjfWQgcc1UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXdsU2k0Z290TmdtTlY0c1VpTjlaQ0J4elZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yZDlkODAtYjhiZi00NjVhLWEyOTEt
OWY3NGZhY2FlOGYxLzEvMWxPYk1lZlpHYWxZZGo3MXlGd3E1ZEZDMEtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yZDlkODAtYjhiZi00NjVhLWEyOTEtOWY3NGZhY2FlOGYx
LzEvOXdsU2k0Z290TmdtTlY0c1VpTjlaQ0J4elZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhRmgBAA
AwcBKhRmgCAAMA0GCSqGSIb3DQEBCwUAA4IBAQCZTXyT0nCkLQP6Jvv85csl5k3K
scbCuxVNGiMSB59sgFcYgs5e5rtrajZ782kL/ttqLsdV3Rs8P29c4PqgZiEe6php
yXMfQCncJhdPlvmtp/jCyRCKQy7NKMzI47go2ZADVfRQM3X7I9bzK+bjW0l1AEZ2
+e62umLniRRJmEVlrGplCf39dhXxt8XANIlanefOfx5oek7U+tVX1hfWV0Dlw3j/
HeqhWvu7V/W7bpw8f5TZG2KtTUzwXULRYTjqAxLgAVizFHMfbx3wIfUjxLcouIZx
SlabFPNzjHz7QeTLyxlnNBxw8SAIBf5udLSPnvFst+06u3mhmYxhUqna72zQ
-----END CERTIFICATE-----