Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/7S97QcsaN09Kf3KU44NQK59VyHk.roa
File:                     7S97QcsaN09Kf3KU44NQK59VyHk.roa (raw, json)
Hash identifier:          VXUB1vYou2bB3TNTWTI/YJjXseL/43kpE//M2B1ICts=
Subject key identifier:   ED:2F:7B:41:CB:1A:37:4F:4A:7F:72:94:E3:83:50:2B:9F:55:C8:79
Certificate issuer:       /CN=8d1bef730527aae1ecf8fb3085659d6fdfeed797
Certificate serial:       019208936058FC9BA027CF3CAB45269BBB13
Authority key identifier: 8D:1B:EF:73:05:27:AA:E1:EC:F8:FB:30:85:65:9D:6F:DF:EE:D7:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRvvcwUnquHs-PswhWWdb9_u15c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/7S97QcsaN09Kf3KU44NQK59VyHk.roa
Signing time:             Thu 19 Sep 2024 04:38:48 +0000
ROA not before:           Thu 19 Sep 2024 04:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216285
IP address blocks:        2a14:4280::/29 maxlen: 29
                          2a14:4280::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/jRvvcwUnquHs-PswhWWdb9_u15c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/jRvvcwUnquHs-PswhWWdb9_u15c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRvvcwUnquHs-PswhWWdb9_u15c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:08:93:60:58:fc:9b:a0:27:cf:3c:ab:45:26:9b:bb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1bef730527aae1ecf8fb3085659d6fdfeed797
        Validity
            Not Before: Sep 19 04:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed2f7b41cb1a374f4a7f7294e383502b9f55c879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9c:88:24:bd:cc:3e:77:66:ad:42:5b:25:49:
                    48:8f:df:08:83:92:75:6b:4a:00:ba:7d:43:a7:61:
                    61:76:40:30:09:c5:99:59:bb:95:e3:1d:7d:d1:3f:
                    a1:51:b4:fc:62:18:e2:be:45:a1:fc:c7:a7:33:8a:
                    3b:76:89:49:4b:b3:19:d5:4f:86:1a:a5:0e:61:d1:
                    ae:39:a7:e7:c1:91:15:3f:c8:45:86:cc:54:28:64:
                    1a:df:76:80:ce:69:52:a1:aa:19:ce:17:63:d0:ef:
                    05:3d:f4:af:31:7d:27:94:36:c1:15:b3:a6:d1:41:
                    dc:0c:43:60:e3:25:0e:4b:29:0e:f4:f4:c3:ab:7d:
                    f1:53:ba:c7:65:6d:8d:fb:c2:5e:06:8e:44:2b:cb:
                    3a:58:97:ec:f7:aa:90:59:3a:f3:ec:29:8e:f5:d7:
                    84:64:cd:e1:5f:bc:67:af:4c:ca:4a:2e:d8:23:d9:
                    6e:22:cd:d6:fc:cb:b7:e1:c4:ca:50:a6:3c:16:f6:
                    1f:52:15:50:24:80:b1:76:81:30:ee:73:9e:00:16:
                    16:76:36:ab:ef:5a:b1:f2:0d:46:8e:39:12:fc:dc:
                    d2:bc:da:1f:02:9b:08:67:31:e4:67:33:cb:c2:f7:
                    34:06:26:d6:a5:63:65:8f:e5:33:04:8c:4e:14:4e:
                    a6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:2F:7B:41:CB:1A:37:4F:4A:7F:72:94:E3:83:50:2B:9F:55:C8:79
            X509v3 Authority Key Identifier:
                keyid:8D:1B:EF:73:05:27:AA:E1:EC:F8:FB:30:85:65:9D:6F:DF:EE:D7:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRvvcwUnquHs-PswhWWdb9_u15c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/7S97QcsaN09Kf3KU44NQK59VyHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/jRvvcwUnquHs-PswhWWdb9_u15c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:e5:0c:31:a7:00:12:30:89:c4:83:e2:32:40:14:fe:c9:a1:
         0f:b1:71:a1:5c:b5:d0:26:d8:0b:5c:9d:6d:f8:f0:ff:cb:47:
         a0:96:bf:3e:b1:1b:d7:cc:8a:2c:a6:10:7b:e6:82:e3:c0:bd:
         58:c3:79:a1:43:0f:b7:16:be:0a:57:51:cf:92:e3:fa:dc:7b:
         3b:dd:33:5c:32:90:ff:6c:a1:60:d9:9e:63:9a:30:99:6f:1e:
         f6:a1:da:52:64:7d:a8:8a:0f:30:e5:1d:ea:8f:b5:23:14:19:
         5e:37:94:8f:2b:55:d8:4d:ee:60:ee:f8:ff:85:4c:85:67:ad:
         09:a6:06:7e:7b:ee:08:15:af:20:31:cd:4d:a8:06:9f:ea:48:
         91:50:e2:31:6e:ef:64:e4:81:96:5f:7c:95:79:c5:0c:ec:86:
         34:b5:08:51:9d:95:8c:3c:c5:58:ff:b5:3b:66:1e:a1:d4:7f:
         2a:4c:ed:5c:b1:be:19:ad:8c:5c:27:12:02:34:35:a8:18:46:
         f3:66:f0:ca:b4:3f:0f:e7:58:94:ef:f8:ad:1e:c9:3c:5c:3e:
         c8:06:e1:b3:37:57:2a:81:a5:00:e0:c6:64:84:92:01:38:10:
         00:07:e6:00:08:c5:a0:44:13:4d:1d:eb:42:ac:1b:8c:29:49:
         1d:8d:9a:bd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZIIk2BY/JugJ888q0Umm7sTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWJlZjczMDUyN2FhZTFlY2Y4ZmIzMDg1NjU5ZDZmZGZl
ZWQ3OTcwHhcNMjQwOTE5MDQzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDJmN2I0MWNiMWEzNzRmNGE3ZjcyOTRlMzgzNTAyYjlmNTVjODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZyIJL3MPndmrUJbJUlIj98Ig5J1
a0oAun1Dp2FhdkAwCcWZWbuV4x190T+hUbT8YhjivkWh/MenM4o7dolJS7MZ1U+G
GqUOYdGuOafnwZEVP8hFhsxUKGQa33aAzmlSoaoZzhdj0O8FPfSvMX0nlDbBFbOm
0UHcDENg4yUOSykO9PTDq33xU7rHZW2N+8JeBo5EK8s6WJfs96qQWTrz7CmO9deE
ZM3hX7xnr0zKSi7YI9luIs3W/Mu34cTKUKY8FvYfUhVQJICxdoEw7nOeABYWdjar
71qx8g1GjjkS/NzSvNofApsIZzHkZzPLwvc0BibWpWNlj+UzBIxOFE6mhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO0ve0HLGjdPSn9ylOODUCufVch5MB8GA1UdIwQY
MBaAFI0b73MFJ6rh7Pj7MIVlnW/f7teXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJ2dmN3VW5xdUhzLVBzd2hXV2RiOV91MTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iNzE2YWQtZWQwNC00ZGU0LWI5OTQt
NGFhYjJkNjhmYTVhLzEvN1M5N1Fjc2FOMDlLZjNLVTQ0TlFLNTlWeUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iNzE2YWQtZWQwNC00ZGU0LWI5OTQtNGFhYjJkNjhmYTVh
LzEvalJ2dmN3VW5xdUhzLVBzd2hXV2RiOV91MTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRCgDAN
BgkqhkiG9w0BAQsFAAOCAQEAN+UMMacAEjCJxIPiMkAU/smhD7FxoVy10CbYC1yd
bfjw/8tHoJa/PrEb18yKLKYQe+aC48C9WMN5oUMPtxa+CldRz5Lj+tx7O90zXDKQ
/2yhYNmeY5owmW8e9qHaUmR9qIoPMOUd6o+1IxQZXjeUjytV2E3uYO74/4VMhWet
CaYGfnvuCBWvIDHNTagGn+pIkVDiMW7vZOSBll98lXnFDOyGNLUIUZ2VjDzFWP+1
O2YeodR/KkztXLG+Ga2MXCcSAjQ1qBhG82bwyrQ/D+dYlO/4rR7JPFw+yAbhszdX
KoGlAODGZISSATgQAAfmAAjFoEQTTR3rQqwbjClJHY2avQ==
-----END CERTIFICATE-----