Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/eCaNmdlr7EcdHM_pju2g6N8OYSI.roa
File:                     eCaNmdlr7EcdHM_pju2g6N8OYSI.roa (raw, json)
Hash identifier:          lz9MQT+OFcfRllT0PXCOiqEMSR6znYjGX/4UYVJrNfg=
Subject key identifier:   78:26:8D:99:D9:6B:EC:47:1D:1C:CF:E9:8E:ED:A0:E8:DF:0E:61:22
Certificate issuer:       /CN=8d1bef730527aae1ecf8fb3085659d6fdfeed797
Certificate serial:       018D07976D10C4FAC075353F94C3EB86E1C0
Authority key identifier: 8D:1B:EF:73:05:27:AA:E1:EC:F8:FB:30:85:65:9D:6F:DF:EE:D7:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRvvcwUnquHs-PswhWWdb9_u15c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/eCaNmdlr7EcdHM_pju2g6N8OYSI.roa
Signing time:             Sun 14 Jan 2024 10:49:40 +0000
ROA not before:           Sun 14 Jan 2024 10:49:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216285
IP address blocks:        2a14:4280::/32 maxlen: 32
                          2a14:4280:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/jRvvcwUnquHs-PswhWWdb9_u15c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/jRvvcwUnquHs-PswhWWdb9_u15c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRvvcwUnquHs-PswhWWdb9_u15c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:07:97:6d:10:c4:fa:c0:75:35:3f:94:c3:eb:86:e1:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1bef730527aae1ecf8fb3085659d6fdfeed797
        Validity
            Not Before: Jan 14 10:49:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78268d99d96bec471d1ccfe98eeda0e8df0e6122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:df:ee:5a:80:74:89:0e:93:2d:40:3c:5c:7e:
                    0a:2c:ad:f0:80:07:fd:05:dc:b9:50:9e:3c:5a:42:
                    2e:76:2d:1e:5c:a8:7b:d0:d2:10:07:f3:54:f7:a3:
                    4a:f1:b6:54:32:7b:59:9e:fb:9d:75:61:81:9e:ff:
                    75:07:8e:f3:80:bd:6a:30:7e:0d:e3:43:e3:a3:31:
                    fe:20:bc:d7:ac:90:55:bd:c1:6a:b4:52:a2:b7:45:
                    11:cb:36:22:25:fc:91:37:a7:f3:18:69:40:b4:b7:
                    0b:25:89:0e:eb:a1:91:3c:07:0f:7a:5b:3c:4b:9d:
                    3a:fd:31:ec:85:29:a6:c2:24:a6:25:2c:6c:b0:69:
                    d4:01:75:5d:5a:83:7c:02:a9:ed:44:a6:11:89:d6:
                    36:8f:b2:e0:0f:b0:3a:e7:ca:96:1c:df:75:bc:8c:
                    e0:3d:05:dd:aa:c1:1c:ee:c4:33:51:1e:02:18:14:
                    4f:f6:dc:20:77:86:c0:a0:6a:05:bb:30:67:75:c3:
                    47:f4:87:59:94:28:1b:29:4b:a4:3a:21:02:1f:09:
                    27:df:29:42:06:02:66:ba:32:12:ee:88:6f:66:54:
                    5d:f1:f9:a4:87:66:99:fd:39:d4:62:7b:f1:2e:ae:
                    70:d2:36:0c:e6:fd:33:3c:7f:c9:6a:1f:0d:18:b9:
                    f8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:26:8D:99:D9:6B:EC:47:1D:1C:CF:E9:8E:ED:A0:E8:DF:0E:61:22
            X509v3 Authority Key Identifier:
                keyid:8D:1B:EF:73:05:27:AA:E1:EC:F8:FB:30:85:65:9D:6F:DF:EE:D7:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRvvcwUnquHs-PswhWWdb9_u15c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/eCaNmdlr7EcdHM_pju2g6N8OYSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b716ad-ed04-4de4-b994-4aab2d68fa5a/1/jRvvcwUnquHs-PswhWWdb9_u15c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4280::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:62:61:a8:5e:5e:45:28:10:0b:b1:ea:9c:da:22:3e:a7:76:
         a4:3c:41:91:1e:c5:51:e1:de:4d:97:3b:25:69:45:b6:b0:3e:
         e6:64:1a:6c:50:07:b9:a6:e0:88:bc:39:a5:f6:52:6b:6f:a4:
         11:8c:f1:b7:b7:88:cb:2f:e2:9d:ff:c4:d9:5c:5e:12:fb:61:
         a6:d8:a0:a8:87:61:bb:36:86:81:f8:c0:76:f2:c1:a7:69:bc:
         78:61:e8:2d:fb:d4:a0:ce:70:47:4d:b3:a1:f8:e8:69:dd:26:
         4d:9b:58:ec:03:f0:85:e4:ff:5c:60:97:45:92:2e:6b:d3:a2:
         13:57:05:2b:be:58:88:52:62:9b:cc:73:89:4d:06:8a:22:5e:
         bd:a7:ee:3f:41:00:ed:27:1c:10:04:27:3d:0b:25:c5:3a:86:
         12:73:69:f5:0c:a9:e0:c4:6a:35:e9:1c:ac:53:e1:f0:23:a3:
         6d:d4:04:2c:97:31:e3:fc:c9:2a:bf:d9:1f:e0:ba:6e:9b:ff:
         ab:64:ed:84:d3:a9:29:8a:96:22:bd:88:70:69:fd:b8:5e:bb:
         79:34:f1:23:1f:14:04:ec:76:4d:b3:e1:79:46:35:12:ee:ee:
         b2:9c:2a:ae:42:81:55:e8:71:06:ed:dc:51:d7:18:6b:3f:c4:
         94:c0:67:83
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0Hl20QxPrAdTU/lMPrhuHAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWJlZjczMDUyN2FhZTFlY2Y4ZmIzMDg1NjU5ZDZmZGZl
ZWQ3OTcwHhcNMjQwMTE0MTA0OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODI2OGQ5OWQ5NmJlYzQ3MWQxY2NmZTk4ZWVkYTBlOGRmMGU2MTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9/uWoB0iQ6TLUA8XH4KLK3wgAf9
Bdy5UJ48WkIudi0eXKh70NIQB/NU96NK8bZUMntZnvuddWGBnv91B47zgL1qMH4N
40PjozH+ILzXrJBVvcFqtFKit0URyzYiJfyRN6fzGGlAtLcLJYkO66GRPAcPels8
S506/THshSmmwiSmJSxssGnUAXVdWoN8AqntRKYRidY2j7LgD7A658qWHN91vIzg
PQXdqsEc7sQzUR4CGBRP9twgd4bAoGoFuzBndcNH9IdZlCgbKUukOiECHwkn3ylC
BgJmujIS7ohvZlRd8fmkh2aZ/TnUYnvxLq5w0jYM5v0zPH/Jah8NGLn4lwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHgmjZnZa+xHHRzP6Y7toOjfDmEiMB8GA1UdIwQY
MBaAFI0b73MFJ6rh7Pj7MIVlnW/f7teXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJ2dmN3VW5xdUhzLVBzd2hXV2RiOV91MTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iNzE2YWQtZWQwNC00ZGU0LWI5OTQt
NGFhYjJkNjhmYTVhLzEvZUNhTm1kbHI3RWNkSE1fcGp1Mmc2TjhPWVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iNzE2YWQtZWQwNC00ZGU0LWI5OTQtNGFhYjJkNjhmYTVh
LzEvalJ2dmN3VW5xdUhzLVBzd2hXV2RiOV91MTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRCgDAN
BgkqhkiG9w0BAQsFAAOCAQEAUGJhqF5eRSgQC7HqnNoiPqd2pDxBkR7FUeHeTZc7
JWlFtrA+5mQabFAHuabgiLw5pfZSa2+kEYzxt7eIyy/inf/E2VxeEvthptigqIdh
uzaGgfjAdvLBp2m8eGHoLfvUoM5wR02zofjoad0mTZtY7APwheT/XGCXRZIua9Oi
E1cFK75YiFJim8xziU0GiiJevafuP0EA7SccEAQnPQslxTqGEnNp9Qyp4MRqNekc
rFPh8COjbdQELJcx4/zJKr/ZH+C6bpv/q2TthNOpKYqWIr2IcGn9uF67eTTxIx8U
BOx2TbPheUY1Eu7uspwqrkKBVehxBu3cUdcYaz/ElMBngw==
-----END CERTIFICATE-----