Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/0AvsaKhi_X4x4Co6PAxKjjIChd8.roa
File:                     0AvsaKhi_X4x4Co6PAxKjjIChd8.roa (raw, json)
Hash identifier:          I8iKCNfM4WbePU3RiqtuEj1Ax6nZT3W/H/DhSFY1dSE=
Subject key identifier:   D0:0B:EC:68:A8:62:FD:7E:31:E0:2A:3A:3C:0C:4A:8E:32:02:85:DF
Certificate issuer:       /CN=c0debc8850b690f1232796911bfe3c4c9aa867dc
Certificate serial:       0192767637C384D00EACC5812670B5974604
Authority key identifier: C0:DE:BC:88:50:B6:90:F1:23:27:96:91:1B:FE:3C:4C:9A:A8:67:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wN68iFC2kPEjJ5aRG_48TJqoZ9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/0AvsaKhi_X4x4Co6PAxKjjIChd8.roa
Signing time:             Thu 10 Oct 2024 12:45:11 +0000
ROA not before:           Thu 10 Oct 2024 12:45:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5524
IP address blocks:        2a14:6ec0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/wN68iFC2kPEjJ5aRG_48TJqoZ9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/wN68iFC2kPEjJ5aRG_48TJqoZ9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wN68iFC2kPEjJ5aRG_48TJqoZ9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:76:37:c3:84:d0:0e:ac:c5:81:26:70:b5:97:46:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0debc8850b690f1232796911bfe3c4c9aa867dc
        Validity
            Not Before: Oct 10 12:45:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d00bec68a862fd7e31e02a3a3c0c4a8e320285df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:57:dc:a9:48:cc:a8:ff:c9:8f:bc:48:f7:
                    33:91:a7:b2:38:42:ac:99:f7:39:17:00:42:b1:3c:
                    5d:46:c8:8d:d2:26:52:37:91:3c:c8:03:a6:3b:13:
                    41:3b:ba:8f:d8:6f:fc:b4:49:b1:6f:cc:c7:b8:03:
                    78:66:a1:e4:8c:35:51:d9:ab:fd:c6:71:6d:6a:7e:
                    9b:9e:f4:dd:25:7c:cc:d4:88:40:c1:55:d1:55:e7:
                    dc:fc:9b:dc:04:8b:a7:68:d6:7e:c5:97:ea:a0:c5:
                    7d:31:09:99:d9:ef:91:19:ec:65:34:c0:e7:c3:78:
                    12:57:a6:98:1c:10:bc:dd:67:82:85:80:0b:11:fb:
                    1e:41:9e:b2:8e:cd:9d:83:d1:78:4a:fd:8d:4a:76:
                    eb:0a:33:5d:2f:21:97:c8:51:90:5a:4b:91:10:3c:
                    44:5d:6a:01:e5:4b:4a:16:b4:d8:6e:f6:5e:7d:01:
                    d8:62:ab:a4:20:85:a5:bc:81:06:cc:1c:49:48:76:
                    82:c7:75:29:35:1b:5d:22:96:f3:25:0a:42:e7:f2:
                    48:2d:3f:bf:42:b4:88:dc:53:6a:9c:da:f8:43:02:
                    67:d2:74:b5:aa:68:d6:06:0e:05:4d:60:46:d8:87:
                    2e:2d:d7:3e:72:0a:10:0e:83:c6:57:41:47:f1:c8:
                    46:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:0B:EC:68:A8:62:FD:7E:31:E0:2A:3A:3C:0C:4A:8E:32:02:85:DF
            X509v3 Authority Key Identifier:
                keyid:C0:DE:BC:88:50:B6:90:F1:23:27:96:91:1B:FE:3C:4C:9A:A8:67:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wN68iFC2kPEjJ5aRG_48TJqoZ9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/0AvsaKhi_X4x4Co6PAxKjjIChd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/e3ca71-36f0-4c52-bc01-c6ac4dd7c8e4/1/wN68iFC2kPEjJ5aRG_48TJqoZ9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:a2:bc:43:d2:a7:93:4d:b1:13:39:3a:53:32:42:90:ca:03:
         9d:d6:7d:8a:32:3e:15:f7:2e:0e:bb:87:2d:ad:e4:74:8a:7a:
         45:62:d1:7c:fe:93:96:45:46:77:df:72:d8:cc:8e:e2:64:f6:
         6d:33:8c:c4:85:d9:38:02:45:f9:16:30:55:a6:c6:67:bf:b1:
         d5:ae:77:ea:5d:ed:2f:06:7f:8a:b9:73:eb:eb:82:9d:19:4d:
         69:f3:70:55:54:5d:2e:93:57:21:f8:6b:7f:73:03:a2:4b:9e:
         fe:4d:27:53:16:c1:f4:fa:a2:dc:98:01:74:c1:2d:1f:f8:00:
         c5:e5:eb:e2:18:89:4c:4f:52:bf:3c:34:f0:1f:eb:e5:e6:6e:
         e2:29:6c:e0:35:52:f3:0a:62:03:a1:6c:59:8d:94:25:64:43:
         c6:e0:7b:33:af:32:01:3a:af:ee:90:34:af:e6:75:63:a2:db:
         39:31:70:07:fb:c8:74:37:2a:fe:1a:90:45:52:ee:65:38:54:
         bf:11:b0:aa:fe:5d:b0:71:c3:85:68:a1:a6:d2:17:bc:02:bb:
         14:52:86:b3:ec:24:43:3e:fe:3a:5a:54:e3:3e:f7:e4:07:1b:
         61:ce:8f:de:00:07:cf:aa:7c:f0:a0:5e:84:a0:dd:63:1b:7d:
         a5:f5:a2:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJ2djfDhNAOrMWBJnC1l0YEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZGViYzg4NTBiNjkwZjEyMzI3OTY5MTFiZmUzYzRjOWFh
ODY3ZGMwHhcNMjQxMDEwMTI0NTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDBiZWM2OGE4NjJmZDdlMzFlMDJhM2EzYzBjNGE4ZTMyMDI4NWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3BX3KlIzKj/yY+8SPczkaeyOEKs
mfc5FwBCsTxdRsiN0iZSN5E8yAOmOxNBO7qP2G/8tEmxb8zHuAN4ZqHkjDVR2av9
xnFtan6bnvTdJXzM1IhAwVXRVefc/JvcBIunaNZ+xZfqoMV9MQmZ2e+RGexlNMDn
w3gSV6aYHBC83WeChYALEfseQZ6yjs2dg9F4Sv2NSnbrCjNdLyGXyFGQWkuREDxE
XWoB5UtKFrTYbvZefQHYYqukIIWlvIEGzBxJSHaCx3UpNRtdIpbzJQpC5/JILT+/
QrSI3FNqnNr4QwJn0nS1qmjWBg4FTWBG2IcuLdc+cgoQDoPGV0FH8chGowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNAL7GioYv1+MeAqOjwMSo4yAoXfMB8GA1UdIwQY
MBaAFMDevIhQtpDxIyeWkRv+PEyaqGfcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd042OGlGQzJrUEVqSjVhUkdfNDhUSnFvWjl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lM2NhNzEtMzZmMC00YzUyLWJjMDEt
YzZhYzRkZDdjOGU0LzEvMEF2c2FLaGlfWDR4NENvNlBBeEtqaklDaGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lM2NhNzEtMzZmMC00YzUyLWJjMDEtYzZhYzRkZDdjOGU0
LzEvd042OGlGQzJrUEVqSjVhUkdfNDhUSnFvWjl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAGqK8Q9Knk02xEzk6UzJCkMoDndZ9ijI+FfcuDruH
La3kdIp6RWLRfP6TlkVGd99y2MyO4mT2bTOMxIXZOAJF+RYwVabGZ7+x1a536l3t
LwZ/irlz6+uCnRlNafNwVVRdLpNXIfhrf3MDokue/k0nUxbB9Pqi3JgBdMEtH/gA
xeXr4hiJTE9Svzw08B/r5eZu4ils4DVS8wpiA6FsWY2UJWRDxuB7M68yATqv7pA0
r+Z1Y6LbOTFwB/vIdDcq/hqQRVLuZThUvxGwqv5dsHHDhWihptIXvAK7FFKGs+wk
Qz7+OlpU4z735AcbYc6P3gAHz6p88KBehKDdYxt9pfWi5A==
-----END CERTIFICATE-----