Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/j52KM_A1VVdrS2zWqPNnAgneGLs.roa
File:                     j52KM_A1VVdrS2zWqPNnAgneGLs.roa (raw, json)
Hash identifier:          uWrtScTPzXCcv4OEECoSEzSRhwYVgoQY0/PHQOFTyhw=
Subject key identifier:   8F:9D:8A:33:F0:35:55:57:6B:4B:6C:D6:A8:F3:67:02:09:DE:18:BB
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       0192BE7207B189124EA5AB26E2168ED47AD4
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/j52KM_A1VVdrS2zWqPNnAgneGLs.roa
Signing time:             Thu 24 Oct 2024 12:13:17 +0000
ROA not before:           Thu 24 Oct 2024 12:13:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214052
IP address blocks:        2a14:6781:1400::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:72:07:b1:89:12:4e:a5:ab:26:e2:16:8e:d4:7a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Oct 24 12:13:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f9d8a33f03555576b4b6cd6a8f3670209de18bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:8b:a3:58:80:5e:b7:cb:f5:5f:19:90:0c:
                    0c:d6:76:6b:43:09:0b:cd:76:0d:eb:56:1a:27:e5:
                    0c:14:d7:7d:fe:0a:b2:31:37:5d:ef:36:68:4f:5b:
                    55:49:83:b2:0b:66:c8:58:16:b0:92:f0:50:7d:7c:
                    5c:eb:9d:63:96:78:88:0b:10:12:6a:33:ac:06:cd:
                    3b:94:95:30:6e:64:2a:01:85:c3:d6:66:5c:39:5f:
                    ea:83:e0:49:31:56:06:f0:6e:24:0a:1e:ed:74:f8:
                    fe:91:b4:c8:53:15:58:0c:d7:0a:40:17:79:fe:97:
                    d4:3d:6c:f1:37:b9:c5:bc:10:1f:3a:73:07:83:77:
                    cd:87:d9:81:bd:88:f5:a9:08:ae:96:b6:7b:61:0f:
                    a2:06:08:b2:9e:ff:fa:27:4c:f6:6e:50:2c:b9:c5:
                    f3:60:71:bf:77:05:32:36:83:8a:d4:19:66:c7:31:
                    74:74:75:db:15:b1:f7:5b:02:65:c2:b9:13:21:d0:
                    e5:2b:bc:38:58:31:7a:2a:8a:02:de:2f:02:83:4a:
                    1a:9e:c8:b5:ca:0b:34:9a:01:53:37:19:4c:bf:90:
                    b4:7d:79:10:a7:60:c1:ad:4c:88:3c:d5:23:74:4a:
                    b3:26:f0:8e:b4:4a:e4:11:26:be:a1:71:1a:b6:00:
                    a2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:9D:8A:33:F0:35:55:57:6B:4B:6C:D6:A8:F3:67:02:09:DE:18:BB
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/j52KM_A1VVdrS2zWqPNnAgneGLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6781:1400::/38

    Signature Algorithm: sha256WithRSAEncryption
         6d:df:50:c1:ac:2b:48:8f:9d:1d:5c:0c:4a:93:be:91:ec:f4:
         c1:10:9c:3a:71:ce:37:fe:ea:91:b2:5f:38:82:4d:93:bb:34:
         8c:51:e4:79:2e:0c:9a:ae:89:95:c1:b0:13:e1:bf:6b:97:f3:
         67:71:72:cb:4e:7c:89:5d:8e:2d:94:df:e1:a3:12:17:73:28:
         e4:1b:74:51:09:0d:cf:d7:51:08:40:72:dc:ae:84:f7:9e:ab:
         16:7f:e0:ed:50:1a:62:ce:29:45:4a:7a:02:09:11:95:ec:d9:
         92:66:47:76:b0:a0:d6:3c:f3:b2:b1:35:ad:81:d6:07:00:af:
         4c:e9:4c:a9:20:bc:6e:19:57:17:2b:8a:8c:44:39:90:ad:31:
         ab:ae:be:a3:bc:da:81:32:b3:8f:03:1a:e0:9c:91:0f:56:7f:
         99:4b:49:48:d2:59:ce:24:5e:c7:79:a8:3c:6a:5d:8f:bc:e6:
         52:70:dd:57:ac:59:c1:a0:48:40:38:0d:16:94:b5:e0:1b:8e:
         a2:6d:af:c8:77:98:f4:45:44:e9:38:d8:b8:48:7a:57:93:12:
         71:d6:09:4c:a2:a8:34:0e:9c:c7:81:d6:c1:ab:36:13:df:d1:
         e7:ba:b0:2e:49:06:39:95:c1:76:58:0b:fa:85:62:4e:e0:02:
         56:9d:90:26
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZK+cgexiRJOpasm4haO1HrUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQxMDI0MTIxMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjlkOGEzM2YwMzU1NTU3NmI0YjZjZDZhOGYzNjcwMjA5ZGUxOGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnGLo1iAXrfL9V8ZkAwM1nZrQwkL
zXYN61YaJ+UMFNd9/gqyMTdd7zZoT1tVSYOyC2bIWBawkvBQfXxc651jlniICxAS
ajOsBs07lJUwbmQqAYXD1mZcOV/qg+BJMVYG8G4kCh7tdPj+kbTIUxVYDNcKQBd5
/pfUPWzxN7nFvBAfOnMHg3fNh9mBvYj1qQiulrZ7YQ+iBgiynv/6J0z2blAsucXz
YHG/dwUyNoOK1BlmxzF0dHXbFbH3WwJlwrkTIdDlK7w4WDF6KooC3i8Cg0oansi1
ygs0mgFTNxlMv5C0fXkQp2DBrUyIPNUjdEqzJvCOtErkESa+oXEatgCioQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI+dijPwNVVXa0ts1qjzZwIJ3hi7MB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvajUyS01fQTFWVmRyUzJ6V3FQTm5BZ25lR0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhRngRQw
DQYJKoZIhvcNAQELBQADggEBAG3fUMGsK0iPnR1cDEqTvpHs9MEQnDpxzjf+6pGy
XziCTZO7NIxR5HkuDJquiZXBsBPhv2uX82dxcstOfIldji2U3+GjEhdzKOQbdFEJ
Dc/XUQhActyuhPeeqxZ/4O1QGmLOKUVKegIJEZXs2ZJmR3awoNY887KxNa2B1gcA
r0zpTKkgvG4ZVxcrioxEOZCtMauuvqO82oEys48DGuCckQ9Wf5lLSUjSWc4kXsd5
qDxqXY+85lJw3VesWcGgSEA4DRaUteAbjqJtr8h3mPRFROk42LhIeleTEnHWCUyi
qDQOnMeB1sGrNhPf0ee6sC5JBjmVwXZYC/qFYk7gAladkCY=
-----END CERTIFICATE-----