Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/x8-qLbnxwmNpedaUHIMbW5LAkPQ.roa
File:                     x8-qLbnxwmNpedaUHIMbW5LAkPQ.roa (raw, json)
Hash identifier:          oBVWtU/vXhvYIkcaGAW1yJiXnbxnu4LVhvnTehTHHm8=
Subject key identifier:   C7:CF:AA:2D:B9:F1:C2:63:69:79:D6:94:1C:83:1B:5B:92:C0:90:F4
Certificate issuer:       /CN=66ed3ba68c78bff2c4724400ade6348482fb4364
Certificate serial:       0191D3E2819AD360C4826192214CE3A4FACA
Authority key identifier: 66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/x8-qLbnxwmNpedaUHIMbW5LAkPQ.roa
Signing time:             Sun 08 Sep 2024 23:05:22 +0000
ROA not before:           Sun 08 Sep 2024 23:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214709
IP address blocks:        2a14:3f87:9000::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d3:e2:81:9a:d3:60:c4:82:61:92:21:4c:e3:a4:fa:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ed3ba68c78bff2c4724400ade6348482fb4364
        Validity
            Not Before: Sep  8 23:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7cfaa2db9f1c2636979d6941c831b5b92c090f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:84:35:f0:e1:2c:fe:f5:4e:0f:54:2c:d1:fb:
                    9b:89:5b:63:10:93:92:27:e4:67:b9:2b:db:0e:13:
                    b2:b8:22:ad:60:ea:a3:a4:74:6a:27:d4:d1:7d:bc:
                    44:0a:4d:9f:37:82:98:81:63:4c:6a:1b:fe:b7:05:
                    65:cd:31:6e:e1:2a:1c:0f:9a:17:9f:49:b1:fb:52:
                    ed:b2:79:e4:5f:be:5f:0c:66:ba:32:77:2d:86:3f:
                    20:db:4b:db:bb:34:fe:4d:c4:2e:f8:be:14:2f:ad:
                    e8:ef:2e:8a:47:5f:ad:27:c8:7a:73:e7:c3:cc:de:
                    bf:28:1e:15:9a:4b:42:d7:5d:42:29:b3:93:82:98:
                    d9:26:a8:99:38:c5:d2:44:00:68:1f:6a:76:1c:8f:
                    c8:e2:4f:7b:de:83:12:43:a1:68:69:51:ab:8f:cc:
                    6c:05:5a:b6:d6:66:fb:42:24:d1:ed:ed:0a:dd:4d:
                    d7:9e:c9:64:1b:2b:aa:a3:44:ab:62:4d:56:3e:45:
                    02:1a:c0:5d:ab:dc:8e:f2:cb:44:07:bb:8b:90:92:
                    db:76:6b:79:9e:5e:a4:ff:b6:47:4d:69:90:7d:53:
                    a9:87:e3:52:08:ff:d6:d5:4d:d8:96:cb:72:85:7e:
                    6e:17:b4:e4:a6:45:4d:ce:77:e1:1b:4c:ae:3d:f7:
                    8f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:CF:AA:2D:B9:F1:C2:63:69:79:D6:94:1C:83:1B:5B:92:C0:90:F4
            X509v3 Authority Key Identifier:
                keyid:66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/x8-qLbnxwmNpedaUHIMbW5LAkPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:3f87:9000::/38

    Signature Algorithm: sha256WithRSAEncryption
         74:e6:5e:af:2a:46:41:e2:01:ff:9f:c4:6f:22:e9:82:9c:5f:
         19:93:51:b2:e2:a8:f5:3f:cc:0e:7c:f6:68:90:ae:1e:15:a0:
         13:f1:8e:83:50:b4:86:5b:92:17:bd:69:85:dc:42:2a:50:b2:
         e7:02:d1:d0:29:c2:c3:14:66:f8:aa:05:41:80:86:25:3d:93:
         bc:f2:fe:7a:8a:4a:da:2c:ab:a3:a3:36:f6:90:c5:31:a8:17:
         68:b4:31:10:f8:36:9a:ae:c9:a7:c7:b5:f8:2c:05:4f:d9:08:
         12:83:69:97:31:33:7f:2c:88:58:91:cd:2c:92:d5:b0:a7:bf:
         5f:34:2b:6f:4d:b3:5c:49:e3:0d:18:f0:6d:13:6c:5a:78:ae:
         2c:68:d0:d3:8f:8e:2c:a4:7e:ff:e7:c4:39:76:4b:c2:8f:37:
         1d:f6:d2:99:41:8f:58:7e:a3:66:14:73:d4:97:6f:f4:8f:3d:
         45:35:fa:ef:33:9e:ac:c4:d7:2f:8e:06:99:c3:1d:ab:4a:dd:
         1f:17:0d:d7:64:33:17:cd:21:5a:b5:f7:04:c9:72:0b:16:dd:
         6d:39:5c:4e:62:67:f4:4a:e4:b0:06:92:b5:e4:62:3f:ca:df:
         e2:e3:54:53:9f:d9:31:38:95:a6:a4:8d:1c:84:91:c5:b2:0d:
         cc:a9:08:6f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZHT4oGa02DEgmGSIUzjpPrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWQzYmE2OGM3OGJmZjJjNDcyNDQwMGFkZTYzNDg0ODJm
YjQzNjQwHhcNMjQwOTA4MjMwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2NmYWEyZGI5ZjFjMjYzNjk3OWQ2OTQxYzgzMWI1YjkyYzA5MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IQ18OEs/vVOD1Qs0fubiVtjEJOS
J+RnuSvbDhOyuCKtYOqjpHRqJ9TRfbxECk2fN4KYgWNMahv+twVlzTFu4SocD5oX
n0mx+1LtsnnkX75fDGa6Mncthj8g20vbuzT+TcQu+L4UL63o7y6KR1+tJ8h6c+fD
zN6/KB4VmktC111CKbOTgpjZJqiZOMXSRABoH2p2HI/I4k973oMSQ6FoaVGrj8xs
BVq21mb7QiTR7e0K3U3XnslkGyuqo0SrYk1WPkUCGsBdq9yO8stEB7uLkJLbdmt5
nl6k/7ZHTWmQfVOph+NSCP/W1U3YlstyhX5uF7TkpkVNznfhG0yuPfePXQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMfPqi258cJjaXnWlByDG1uSwJD0MB8GA1UdIwQY
MBaAFGbtO6aMeL/yxHJEAK3mNISC+0NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMt
MGE0M2I3YTNlYjU0LzEveDgtcUxibnh3bU5wZWRhVUhJTWJXNUxBa1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMtMGE0M2I3YTNlYjU0
LzEvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhQ/h5Aw
DQYJKoZIhvcNAQELBQADggEBAHTmXq8qRkHiAf+fxG8i6YKcXxmTUbLiqPU/zA58
9miQrh4VoBPxjoNQtIZbkhe9aYXcQipQsucC0dApwsMUZviqBUGAhiU9k7zy/nqK
Stosq6OjNvaQxTGoF2i0MRD4NpquyafHtfgsBU/ZCBKDaZcxM38siFiRzSyS1bCn
v180K29Ns1xJ4w0Y8G0TbFp4rixo0NOPjiykfv/nxDl2S8KPNx320plBj1h+o2YU
c9SXb/SPPUU1+u8znqzE1y+OBpnDHatK3R8XDddkMxfNIVq19wTJcgsW3W05XE5i
Z/RK5LAGkrXkYj/K3+LjVFOf2TE4laakjRyEkcWyDcypCG8=
-----END CERTIFICATE-----