Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/789a81-af21-44ed-8d61-ad5558882a30/1/EOrjJ206-cNc6nPsRmj9Xq1MWg4.roa
File:                     EOrjJ206-cNc6nPsRmj9Xq1MWg4.roa (raw, json)
Hash identifier:          vO7x01BbTB3wJdfDbJ6wOxE+9CWzNPx81DDtWct/VYI=
Subject key identifier:   10:EA:E3:27:6D:3A:F9:C3:5C:EA:73:EC:46:68:FD:5E:AD:4C:5A:0E
Certificate issuer:       /CN=bde07455dff8b0faaa4c89ebcc79c5e907fb7bab
Certificate serial:       01934771F175DE1CB8C4E1E92016E82A4AE5
Authority key identifier: BD:E0:74:55:DF:F8:B0:FA:AA:4C:89:EB:CC:79:C5:E9:07:FB:7B:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veB0Vd_4sPqqTInrzHnF6Qf7e6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/789a81-af21-44ed-8d61-ad5558882a30/1/EOrjJ206-cNc6nPsRmj9Xq1MWg4.roa
Signing time:             Wed 20 Nov 2024 02:41:09 +0000
ROA not before:           Wed 20 Nov 2024 02:41:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213839
IP address blocks:        2a14:7ec0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/789a81-af21-44ed-8d61-ad5558882a30/1/veB0Vd_4sPqqTInrzHnF6Qf7e6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/789a81-af21-44ed-8d61-ad5558882a30/1/veB0Vd_4sPqqTInrzHnF6Qf7e6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veB0Vd_4sPqqTInrzHnF6Qf7e6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:47:71:f1:75:de:1c:b8:c4:e1:e9:20:16:e8:2a:4a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde07455dff8b0faaa4c89ebcc79c5e907fb7bab
        Validity
            Not Before: Nov 20 02:41:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10eae3276d3af9c35cea73ec4668fd5ead4c5a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:83:d7:92:e2:ae:a2:84:94:e5:ec:b6:bd:df:
                    ba:7f:03:80:b1:92:0d:00:96:28:99:9b:14:08:ce:
                    85:b0:97:6b:40:9c:2b:99:ff:30:bb:42:00:29:a3:
                    22:02:c7:d9:ca:d6:10:e9:f0:26:94:d7:55:86:7e:
                    2e:8b:44:e4:43:34:74:59:81:c5:cd:4b:b2:63:9f:
                    6b:c9:86:fe:61:9e:07:61:9a:7b:d5:58:37:29:a3:
                    25:a8:68:09:4a:85:24:4d:e4:71:a5:51:1e:2e:77:
                    11:e1:77:0d:cf:90:ab:97:b7:30:f4:e9:fc:7a:96:
                    72:ef:1d:19:0b:d7:f8:8a:19:fc:ca:83:10:80:53:
                    b4:40:a5:58:68:da:d3:2b:37:f4:ed:ec:63:06:bf:
                    c5:5e:ca:d0:c7:b4:6e:05:87:49:9a:04:74:f6:6e:
                    52:78:6f:2d:21:10:12:e1:a2:06:c8:ba:3f:a0:d9:
                    e8:e9:bc:50:71:7a:f4:57:58:08:e9:33:bd:1f:35:
                    10:fa:d9:54:68:4f:6c:63:70:d3:53:50:21:b5:42:
                    63:b1:1c:49:c9:68:26:93:40:d7:1c:39:d5:6a:59:
                    ed:26:51:80:4a:ac:07:a6:85:6a:c0:ea:08:0e:99:
                    0f:e4:be:16:49:d1:3b:de:73:c7:6e:79:3e:4f:a2:
                    cd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EA:E3:27:6D:3A:F9:C3:5C:EA:73:EC:46:68:FD:5E:AD:4C:5A:0E
            X509v3 Authority Key Identifier:
                keyid:BD:E0:74:55:DF:F8:B0:FA:AA:4C:89:EB:CC:79:C5:E9:07:FB:7B:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veB0Vd_4sPqqTInrzHnF6Qf7e6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/789a81-af21-44ed-8d61-ad5558882a30/1/EOrjJ206-cNc6nPsRmj9Xq1MWg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/789a81-af21-44ed-8d61-ad5558882a30/1/veB0Vd_4sPqqTInrzHnF6Qf7e6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:3b:f8:ac:96:c2:2d:48:ef:35:d4:2c:56:c9:b0:32:01:e6:
         8c:d4:18:f9:0b:34:d9:b3:7c:58:ef:c3:0a:64:32:ee:e8:85:
         2d:cf:1c:6b:2a:6c:bd:e4:36:92:06:fd:c5:94:c6:7d:b2:9f:
         e3:3c:7e:0c:48:62:6d:52:3e:40:c4:e7:df:eb:33:67:97:b2:
         c2:6a:da:c5:8c:05:ce:c8:dd:9e:57:fd:dc:19:5c:33:f0:4a:
         de:c0:46:62:6a:c8:b5:55:e6:64:c3:1b:03:e0:a3:47:7a:f7:
         da:3e:95:08:83:fb:8c:9d:cb:ee:ea:88:ca:12:0b:f6:ba:d3:
         c4:1f:97:ee:3b:48:26:46:2a:66:24:ba:f6:98:66:9a:6a:f3:
         5c:1f:7f:2d:6d:03:9b:c5:9f:dd:fc:9d:d0:2f:2a:47:99:53:
         d6:7f:bb:72:68:cd:36:0b:10:88:ee:92:f7:57:17:25:40:26:
         b3:1e:f4:f1:01:08:a0:b1:de:f2:57:1c:89:5e:33:b2:c6:a4:
         af:4c:5f:e3:73:8c:de:2c:29:f4:f5:2f:6d:0b:f5:10:11:69:
         11:05:8c:43:aa:5f:b9:13:84:76:e1:80:a5:a1:10:9c:75:02:
         9f:a8:55:0e:52:ef:28:ea:d6:86:c4:fe:9b:6e:ce:ea:6f:22:
         30:da:c9:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNHcfF13hy4xOHpIBboKkrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTA3NDU1ZGZmOGIwZmFhYTRjODllYmNjNzljNWU5MDdm
YjdiYWIwHhcNMjQxMTIwMDI0MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGVhZTMyNzZkM2FmOWMzNWNlYTczZWM0NjY4ZmQ1ZWFkNGM1YTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IPXkuKuooSU5ey2vd+6fwOAsZIN
AJYomZsUCM6FsJdrQJwrmf8wu0IAKaMiAsfZytYQ6fAmlNdVhn4ui0TkQzR0WYHF
zUuyY59ryYb+YZ4HYZp71Vg3KaMlqGgJSoUkTeRxpVEeLncR4XcNz5Crl7cw9On8
epZy7x0ZC9f4ihn8yoMQgFO0QKVYaNrTKzf07exjBr/FXsrQx7RuBYdJmgR09m5S
eG8tIRAS4aIGyLo/oNno6bxQcXr0V1gI6TO9HzUQ+tlUaE9sY3DTU1AhtUJjsRxJ
yWgmk0DXHDnValntJlGASqwHpoVqwOoIDpkP5L4WSdE73nPHbnk+T6LNTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBDq4ydtOvnDXOpz7EZo/V6tTFoOMB8GA1UdIwQY
MBaAFL3gdFXf+LD6qkyJ68x5xekH+3urMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVCMFZkXzRzUHFxVElucnpIbkY2UWY3ZTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83ODlhODEtYWYyMS00NGVkLThkNjEt
YWQ1NTU4ODgyYTMwLzEvRU9yakoyMDYtY05jNm5Qc1JtajlYcTFNV2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83ODlhODEtYWYyMS00NGVkLThkNjEtYWQ1NTU4ODgyYTMw
LzEvdmVCMFZkXzRzUHFxVElucnpIbkY2UWY3ZTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhR+wDAN
BgkqhkiG9w0BAQsFAAOCAQEAFzv4rJbCLUjvNdQsVsmwMgHmjNQY+Qs02bN8WO/D
CmQy7uiFLc8caypsveQ2kgb9xZTGfbKf4zx+DEhibVI+QMTn3+szZ5eywmraxYwF
zsjdnlf93BlcM/BK3sBGYmrItVXmZMMbA+CjR3r32j6VCIP7jJ3L7uqIyhIL9rrT
xB+X7jtIJkYqZiS69phmmmrzXB9/LW0Dm8Wf3fyd0C8qR5lT1n+7cmjNNgsQiO6S
91cXJUAmsx708QEIoLHe8lcciV4zssakr0xf43OM3iwp9PUvbQv1EBFpEQWMQ6pf
uROEduGApaEQnHUCn6hVDlLvKOrWhsT+m27O6m8iMNrJTg==
-----END CERTIFICATE-----