Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GVAZU7QYSurZwm-kkXVGlgUOYSU.roa
File:                     GVAZU7QYSurZwm-kkXVGlgUOYSU.roa (raw, json)
Hash identifier:          FesapFX5aeu8OBTZ2+xBFaC2W/BPny5kkoYWozUheKE=
Subject key identifier:   19:50:19:53:B4:18:4A:EA:D9:C2:6F:A4:91:75:46:96:05:0E:61:25
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01925E18615CA4D4FD379226B10539909187
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GVAZU7QYSurZwm-kkXVGlgUOYSU.roa
Signing time:             Sat 05 Oct 2024 19:11:48 +0000
ROA not before:           Sat 05 Oct 2024 19:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a14:35c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:18:61:5c:a4:d4:fd:37:92:26:b1:05:39:90:91:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Oct  5 19:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19501953b4184aead9c26fa491754696050e6125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:20:6d:60:9a:b6:29:72:59:bd:18:9e:b5:cc:
                    13:b2:83:3a:f3:cd:a8:f2:fc:66:2a:a7:ed:ae:d4:
                    5d:15:9e:0a:ae:84:b3:50:ad:89:8a:23:56:9c:58:
                    f4:d5:42:19:1e:85:4c:df:ca:20:06:29:bc:58:af:
                    99:f1:5e:75:6f:98:6f:80:17:2a:30:41:28:cb:31:
                    91:48:9b:21:79:28:e2:e5:ae:e4:3d:92:bb:17:4b:
                    6d:23:e8:dc:7b:99:b9:f7:74:e9:a6:67:e2:53:b5:
                    a6:9a:61:ec:85:e8:23:34:e0:0a:43:dc:e1:e2:ae:
                    49:9f:f2:f7:e0:47:ef:e4:d1:e8:bf:00:8b:69:a4:
                    09:63:4b:a0:84:a7:19:9b:06:26:5d:2f:17:78:fe:
                    c7:94:6d:4c:c2:c7:95:35:6f:75:7b:4a:16:4e:86:
                    81:54:52:0c:7f:51:52:d5:2f:1f:1e:7b:88:0a:a8:
                    d4:09:9e:a5:d1:2d:a9:0a:59:66:0d:07:d6:d9:d8:
                    22:f9:e1:21:d7:6c:2e:d4:76:5f:42:68:f3:a3:d1:
                    0c:4a:84:af:71:e2:27:6c:f0:23:26:8f:73:13:a2:
                    19:5d:d6:73:b6:34:f8:59:df:cb:7b:2d:11:7e:16:
                    a5:1d:c5:48:73:92:1e:5e:05:b0:80:9b:20:bd:e4:
                    45:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:50:19:53:B4:18:4A:EA:D9:C2:6F:A4:91:75:46:96:05:0E:61:25
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GVAZU7QYSurZwm-kkXVGlgUOYSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:35c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:f4:31:d3:a7:10:f2:02:c6:de:c3:68:62:35:63:fb:82:f3:
         4c:cb:fe:39:c6:51:86:a2:b0:b1:af:c2:a8:41:88:3d:2c:2c:
         0b:59:ef:b8:d1:d7:ec:4f:57:a0:a4:3f:d2:a9:5a:38:7a:1f:
         b1:18:77:0c:19:6b:61:f7:80:25:c4:1d:1c:89:e8:3b:f2:6a:
         24:c7:fa:19:24:b5:59:e4:7a:12:20:8c:4b:7c:47:7d:80:17:
         2f:d6:32:8e:f4:4c:63:e8:04:33:58:01:7b:a8:03:55:ee:51:
         7c:84:be:d7:ae:58:29:7c:c1:29:5d:2c:a9:ad:05:f4:a1:2a:
         4b:54:a9:35:63:f4:10:d5:2f:ff:7b:7a:23:9a:05:0d:b5:f3:
         d6:89:fa:fd:61:48:fb:83:46:4b:28:c3:e5:1a:a1:c4:2d:ee:
         1f:e6:f6:89:d7:ad:e2:40:b7:5c:60:df:d1:23:c9:40:77:65:
         9a:e2:f7:98:0c:c0:59:e4:99:1a:4c:00:f7:d8:21:0d:13:56:
         57:c7:87:6f:d3:1d:18:58:93:50:8e:5a:f9:96:79:ec:fb:51:
         2f:aa:8a:58:c7:b5:a9:c1:ab:c1:36:69:6a:74:4a:69:ac:c8:
         e4:9a:3a:29:30:b6:ac:5c:1d:cf:82:e9:f3:c6:a3:14:cc:43:
         72:f6:8e:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJeGGFcpNT9N5ImsQU5kJGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQxMDA1MTkxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTUwMTk1M2I0MTg0YWVhZDljMjZmYTQ5MTc1NDY5NjA1MGU2MTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryBtYJq2KXJZvRietcwTsoM6882o
8vxmKqftrtRdFZ4KroSzUK2JiiNWnFj01UIZHoVM38ogBim8WK+Z8V51b5hvgBcq
MEEoyzGRSJsheSji5a7kPZK7F0ttI+jce5m593TppmfiU7WmmmHshegjNOAKQ9zh
4q5Jn/L34Efv5NHovwCLaaQJY0ughKcZmwYmXS8XeP7HlG1MwseVNW91e0oWToaB
VFIMf1FS1S8fHnuICqjUCZ6l0S2pCllmDQfW2dgi+eEh12wu1HZfQmjzo9EMSoSv
ceInbPAjJo9zE6IZXdZztjT4Wd/Ley0RfhalHcVIc5IeXgWwgJsgveRFOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBlQGVO0GErq2cJvpJF1RpYFDmElMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvR1ZBWlU3UVlTdXJad20ta2tYVkdsZ1VPWVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQ1wDAN
BgkqhkiG9w0BAQsFAAOCAQEAhfQx06cQ8gLG3sNoYjVj+4LzTMv+OcZRhqKwsa/C
qEGIPSwsC1nvuNHX7E9XoKQ/0qlaOHofsRh3DBlrYfeAJcQdHInoO/JqJMf6GSS1
WeR6EiCMS3xHfYAXL9YyjvRMY+gEM1gBe6gDVe5RfIS+165YKXzBKV0sqa0F9KEq
S1SpNWP0ENUv/3t6I5oFDbXz1on6/WFI+4NGSyjD5RqhxC3uH+b2idet4kC3XGDf
0SPJQHdlmuL3mAzAWeSZGkwA99ghDRNWV8eHb9MdGFiTUI5a+ZZ57PtRL6qKWMe1
qcGrwTZpanRKaazI5Jo6KTC2rFwdz4Lp88ajFMxDcvaOcw==
-----END CERTIFICATE-----