Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/fN_4x_lcOU6L7RFmONZt2YTUCVY.roa
File:                     fN_4x_lcOU6L7RFmONZt2YTUCVY.roa (raw, json)
Hash identifier:          0TMMNjkdeImiUrndCx1I/NO7PaEb4Y6F/xHzSRQsxS0=
Subject key identifier:   7C:DF:F8:C7:F9:5C:39:4E:8B:ED:11:66:38:D6:6D:D9:84:D4:09:56
Certificate issuer:       /CN=8d3526bb31b9e30c49045f4368c602ee98bec01a
Certificate serial:       0191EAB1398740B21C30DC137AE86F6D18F7
Authority key identifier: 8D:35:26:BB:31:B9:E3:0C:49:04:5F:43:68:C6:02:EE:98:BE:C0:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTUmuzG54wxJBF9DaMYC7pi-wBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/fN_4x_lcOU6L7RFmONZt2YTUCVY.roa
Signing time:             Fri 13 Sep 2024 09:22:48 +0000
ROA not before:           Fri 13 Sep 2024 09:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207277
IP address blocks:        2a14:2780::/48 maxlen: 48
                          2a14:2780:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/jTUmuzG54wxJBF9DaMYC7pi-wBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/jTUmuzG54wxJBF9DaMYC7pi-wBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTUmuzG54wxJBF9DaMYC7pi-wBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:b1:39:87:40:b2:1c:30:dc:13:7a:e8:6f:6d:18:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3526bb31b9e30c49045f4368c602ee98bec01a
        Validity
            Not Before: Sep 13 09:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cdff8c7f95c394e8bed116638d66dd984d40956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b3:f9:e7:89:c5:95:51:d7:1a:2f:b0:86:17:
                    69:5f:c1:5a:7c:72:a8:14:83:b5:b0:93:e6:68:39:
                    b3:1b:f0:2a:0d:af:06:c3:99:62:dc:ef:6d:69:0b:
                    d5:27:c0:f5:2a:1a:a4:bb:b6:2a:ac:26:99:59:3b:
                    46:68:09:d1:39:89:f0:4b:5b:59:29:af:3c:c0:d5:
                    25:15:bb:b9:75:71:7f:fa:8c:2d:29:d7:2e:28:7c:
                    df:72:6d:0e:80:be:0c:3a:db:89:cf:83:07:d0:6a:
                    23:ee:b4:8f:67:38:17:6c:a7:b0:82:14:3b:66:03:
                    3d:1e:2d:00:43:bf:f5:7a:71:98:74:57:ff:12:05:
                    8b:39:0f:0d:64:87:43:0f:37:16:8f:48:6e:ac:a3:
                    b1:e4:65:18:e4:34:88:56:d9:82:e4:91:ae:66:90:
                    e2:15:f5:d0:3a:52:f4:39:ed:89:49:81:5f:05:43:
                    8b:57:a1:c7:44:96:06:06:51:19:c8:67:29:ee:e3:
                    db:f2:de:fb:3e:30:91:93:8d:98:f1:32:33:53:54:
                    f6:4a:43:e8:4e:c4:1f:65:3e:18:ce:22:4f:d5:c4:
                    c5:35:aa:1d:92:26:74:67:32:49:96:df:bc:ba:e3:
                    59:0f:1a:28:d8:5e:28:66:4e:5d:ac:0b:23:a9:ed:
                    0e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:DF:F8:C7:F9:5C:39:4E:8B:ED:11:66:38:D6:6D:D9:84:D4:09:56
            X509v3 Authority Key Identifier:
                keyid:8D:35:26:BB:31:B9:E3:0C:49:04:5F:43:68:C6:02:EE:98:BE:C0:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTUmuzG54wxJBF9DaMYC7pi-wBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/fN_4x_lcOU6L7RFmONZt2YTUCVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/jTUmuzG54wxJBF9DaMYC7pi-wBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2780::/47

    Signature Algorithm: sha256WithRSAEncryption
         08:d4:f3:79:73:5c:35:4d:70:cd:44:b3:e3:1d:36:68:ba:82:
         fd:eb:8e:43:69:98:3e:cc:72:46:b9:fc:ec:6d:8f:fc:66:5c:
         22:b3:f9:ca:3d:7f:1b:51:cb:4a:1e:e3:70:04:70:73:4e:ff:
         3c:0d:e6:5b:8e:68:7e:b0:18:18:b4:f2:b5:e7:76:88:eb:bf:
         4f:5f:ad:b7:b8:de:56:bf:8a:26:5d:3b:6a:e7:a5:57:d5:fb:
         c8:f4:43:84:44:9c:b0:20:54:79:7f:72:46:ef:56:36:05:63:
         aa:76:20:76:4b:b8:16:b0:63:41:e7:fa:04:7b:c2:54:93:0a:
         f5:dd:11:04:87:c4:f8:81:59:96:46:a0:85:8e:7d:dc:c7:51:
         e3:81:a1:81:5e:99:8e:26:67:bf:27:a0:30:5a:37:39:27:c8:
         88:b3:39:70:de:97:b9:2f:62:be:bf:ec:63:bd:a5:78:03:c4:
         78:c0:b3:6f:4c:9f:8d:f2:64:f1:0e:fa:dc:7f:cb:4b:63:a3:
         b3:1d:b7:29:f8:74:56:a1:d0:17:97:99:f6:1f:65:46:51:6f:
         73:28:56:0a:84:86:82:d1:c4:1b:d2:df:2b:90:2b:19:b8:83:
         f8:3f:f4:a9:32:12:1e:0d:73:34:90:ba:03:0d:5b:4a:6b:49:
         65:67:bb:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHqsTmHQLIcMNwTeuhvbRj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzUyNmJiMzFiOWUzMGM0OTA0NWY0MzY4YzYwMmVlOThi
ZWMwMWEwHhcNMjQwOTEzMDkyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2RmZjhjN2Y5NWMzOTRlOGJlZDExNjYzOGQ2NmRkOTg0ZDQwOTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbP554nFlVHXGi+whhdpX8FafHKo
FIO1sJPmaDmzG/AqDa8Gw5li3O9taQvVJ8D1Khqku7YqrCaZWTtGaAnROYnwS1tZ
Ka88wNUlFbu5dXF/+owtKdcuKHzfcm0OgL4MOtuJz4MH0Goj7rSPZzgXbKewghQ7
ZgM9Hi0AQ7/1enGYdFf/EgWLOQ8NZIdDDzcWj0hurKOx5GUY5DSIVtmC5JGuZpDi
FfXQOlL0Oe2JSYFfBUOLV6HHRJYGBlEZyGcp7uPb8t77PjCRk42Y8TIzU1T2SkPo
TsQfZT4YziJP1cTFNaodkiZ0ZzJJlt+8uuNZDxoo2F4oZk5drAsjqe0ONQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHzf+Mf5XDlOi+0RZjjWbdmE1AlWMB8GA1UdIwQY
MBaAFI01JrsxueMMSQRfQ2jGAu6YvsAaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRVbXV6RzU0d3hKQkY5RGFNWUM3cGktd0JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYTRiMjEtZmRhMy00YzhhLWFlZTAt
NzI1M2RhMzUxMGVlLzEvZk5fNHhfbGNPVTZMN1JGbU9OWnQyWVRVQ1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYTRiMjEtZmRhMy00YzhhLWFlZTAtNzI1M2RhMzUxMGVl
LzEvalRVbXV6RzU0d3hKQkY5RGFNWUM3cGktd0JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhQngAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAI1PN5c1w1TXDNRLPjHTZouoL9645DaZg+zHJG
ufzsbY/8Zlwis/nKPX8bUctKHuNwBHBzTv88DeZbjmh+sBgYtPK153aI679PX623
uN5Wv4omXTtq56VX1fvI9EOERJywIFR5f3JG71Y2BWOqdiB2S7gWsGNB5/oEe8JU
kwr13REEh8T4gVmWRqCFjn3cx1HjgaGBXpmOJme/J6AwWjc5J8iIszlw3pe5L2K+
v+xjvaV4A8R4wLNvTJ+N8mTxDvrcf8tLY6OzHbcp+HRWodAXl5n2H2VGUW9zKFYK
hIaC0cQb0t8rkCsZuIP4P/SpMhIeDXM0kLoDDVtKa0llZ7vT
-----END CERTIFICATE-----