Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/LCu2MpKyoGRgdQ9OHxLhi5w695g.roa
File:                     LCu2MpKyoGRgdQ9OHxLhi5w695g.roa (raw, json)
Hash identifier:          hO87EXmXppJucEuGAAjIA1Rl7xN89FyYkdlsiiiJUdA=
Subject key identifier:   2C:2B:B6:32:92:B2:A0:64:60:75:0F:4E:1F:12:E1:8B:9C:3A:F7:98
Certificate issuer:       /CN=32388fcf74d2e59524f4eb4d96e44c5222db63e1
Certificate serial:       0192E7668D151BCFE1CFE32C217323122CE8
Authority key identifier: 32:38:8F:CF:74:D2:E5:95:24:F4:EB:4D:96:E4:4C:52:22:DB:63:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MjiPz3TS5ZUk9OtNluRMUiLbY-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/LCu2MpKyoGRgdQ9OHxLhi5w695g.roa
Signing time:             Fri 01 Nov 2024 11:05:10 +0000
ROA not before:           Fri 01 Nov 2024 11:05:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8194
IP address blocks:        2a14:5680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/MjiPz3TS5ZUk9OtNluRMUiLbY-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/MjiPz3TS5ZUk9OtNluRMUiLbY-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MjiPz3TS5ZUk9OtNluRMUiLbY-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:66:8d:15:1b:cf:e1:cf:e3:2c:21:73:23:12:2c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32388fcf74d2e59524f4eb4d96e44c5222db63e1
        Validity
            Not Before: Nov  1 11:05:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c2bb63292b2a06460750f4e1f12e18b9c3af798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6a:1a:cb:9c:da:75:90:ee:8f:c7:15:55:ef:
                    7c:ab:14:45:8f:4b:cd:60:f9:24:d9:d1:97:f2:8e:
                    d1:2d:bd:45:dd:25:98:a1:41:c6:1d:b9:11:28:74:
                    8e:55:f9:98:a6:76:5b:c6:6d:de:37:bb:15:a5:db:
                    e6:42:64:0f:43:a7:bd:e8:70:29:00:c6:8c:9e:8c:
                    c6:29:d6:ff:9b:ea:e1:7f:47:d0:45:b4:b5:8f:f8:
                    4d:12:3f:eb:1b:20:68:fe:9b:d6:39:17:a5:31:64:
                    d4:41:00:e3:97:65:2e:ef:fd:26:5b:3b:0f:f2:89:
                    a6:c8:9e:bb:7b:a4:bc:ac:ac:b8:85:92:0c:34:64:
                    9f:3c:1b:94:8f:43:f9:1c:a1:ea:c6:75:38:a7:03:
                    76:8e:2c:31:b2:32:89:5b:83:b7:54:d5:b6:47:1c:
                    a8:db:c0:5f:bc:58:3f:96:db:50:88:bc:2f:ef:64:
                    8a:95:94:22:28:73:4d:d9:f3:47:67:50:54:89:7a:
                    55:7d:e4:24:f6:88:90:38:a6:aa:d9:89:7a:b2:36:
                    67:6a:10:93:2f:8c:9d:a7:44:7f:bb:b0:35:49:8f:
                    dd:f2:05:62:ef:f4:bb:b9:80:32:95:95:74:3c:aa:
                    e2:d1:d9:e1:e8:08:96:82:0c:6c:29:95:8f:3f:d9:
                    16:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:2B:B6:32:92:B2:A0:64:60:75:0F:4E:1F:12:E1:8B:9C:3A:F7:98
            X509v3 Authority Key Identifier:
                keyid:32:38:8F:CF:74:D2:E5:95:24:F4:EB:4D:96:E4:4C:52:22:DB:63:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MjiPz3TS5ZUk9OtNluRMUiLbY-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/LCu2MpKyoGRgdQ9OHxLhi5w695g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/MjiPz3TS5ZUk9OtNluRMUiLbY-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5680::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:4a:36:0e:bb:80:ad:02:04:25:63:67:f1:7c:c9:44:00:ae:
         e7:60:44:11:70:15:56:af:d4:38:a8:28:8d:b0:73:9d:f4:e0:
         0a:20:c5:3f:c4:b5:1e:95:ae:91:08:85:c5:4e:47:61:97:93:
         2d:fd:ce:7a:f3:bd:bf:8e:93:2b:bc:47:00:e4:9f:e8:8d:82:
         46:87:aa:18:c0:6d:a5:01:02:79:c2:70:69:6d:cd:49:bc:cc:
         63:aa:f9:4e:e5:0f:46:c3:93:d7:55:41:c1:fa:0c:a8:a3:0b:
         4e:a4:64:bb:fe:90:e4:9e:bf:ab:ca:e4:93:4a:f8:b8:b9:0e:
         4f:66:a4:db:74:ee:3f:79:65:31:50:1f:ed:4d:1e:a1:1a:a4:
         fb:00:fc:19:a4:58:74:3f:0f:9b:a4:07:f9:bd:54:c5:c2:13:
         1f:83:dc:50:15:c2:d2:fd:9c:ed:93:75:e2:58:fa:04:e5:47:
         f8:18:40:10:ce:5d:1d:1a:3f:0d:79:62:cb:84:ea:f0:34:77:
         fb:bc:c7:cb:eb:32:56:72:24:d4:d7:a2:e2:f5:d0:54:66:74:
         8c:31:4f:e7:44:9c:65:7d:e1:f4:e2:12:b3:07:15:97:b0:af:
         b3:e4:95:29:21:29:a1:e6:37:aa:c6:eb:27:3f:2f:14:d6:18:
         ca:c8:66:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLnZo0VG8/hz+MsIXMjEizoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMzg4ZmNmNzRkMmU1OTUyNGY0ZWI0ZDk2ZTQ0YzUyMjJk
YjYzZTEwHhcNMjQxMTAxMTEwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzJiYjYzMjkyYjJhMDY0NjA3NTBmNGUxZjEyZTE4YjljM2FmNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWoay5zadZDuj8cVVe98qxRFj0vN
YPkk2dGX8o7RLb1F3SWYoUHGHbkRKHSOVfmYpnZbxm3eN7sVpdvmQmQPQ6e96HAp
AMaMnozGKdb/m+rhf0fQRbS1j/hNEj/rGyBo/pvWORelMWTUQQDjl2Uu7/0mWzsP
8ommyJ67e6S8rKy4hZIMNGSfPBuUj0P5HKHqxnU4pwN2jiwxsjKJW4O3VNW2Rxyo
28BfvFg/lttQiLwv72SKlZQiKHNN2fNHZ1BUiXpVfeQk9oiQOKaq2Yl6sjZnahCT
L4ydp0R/u7A1SY/d8gVi7/S7uYAylZV0PKri0dnh6AiWggxsKZWPP9kWHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCwrtjKSsqBkYHUPTh8S4YucOveYMB8GA1UdIwQY
MBaAFDI4j8900uWVJPTrTZbkTFIi22PhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWppUHozVFM1WlVrOU90Tmx1Uk1VaUxiWS1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9hOWExYzktMzQ0NC00ZTViLWE3MjAt
MTgwNDBjOGUyMmVkLzEvTEN1Mk1wS3lvR1JnZFE5T0h4TGhpNXc2OTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9hOWExYzktMzQ0NC00ZTViLWE3MjAtMTgwNDBjOGUyMmVk
LzEvTWppUHozVFM1WlVrOU90Tmx1Uk1VaUxiWS1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRWgDAN
BgkqhkiG9w0BAQsFAAOCAQEAdEo2DruArQIEJWNn8XzJRACu52BEEXAVVq/UOKgo
jbBznfTgCiDFP8S1HpWukQiFxU5HYZeTLf3OevO9v46TK7xHAOSf6I2CRoeqGMBt
pQECecJwaW3NSbzMY6r5TuUPRsOT11VBwfoMqKMLTqRku/6Q5J6/q8rkk0r4uLkO
T2ak23TuP3llMVAf7U0eoRqk+wD8GaRYdD8Pm6QH+b1UxcITH4PcUBXC0v2c7ZN1
4lj6BOVH+BhAEM5dHRo/DXliy4Tq8DR3+7zHy+syVnIk1Nei4vXQVGZ0jDFP50Sc
ZX3h9OISswcVl7Cvs+SVKSEpoeY3qsbrJz8vFNYYyshmvw==
-----END CERTIFICATE-----