Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VBm1I9Jt3dK4aPCbQMkKU3WlH-k.roa
File:                     VBm1I9Jt3dK4aPCbQMkKU3WlH-k.roa (raw, json)
Hash identifier:          Z9qHPT0ab19W+gpdrpXQxewmfuOrU9J1ChhvDMK4M50=
Subject key identifier:   54:19:B5:23:D2:6D:DD:D2:B8:68:F0:9B:40:C9:0A:53:75:A5:1F:E9
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0192DA319B7676859A5C3300828A576F7A07
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VBm1I9Jt3dK4aPCbQMkKU3WlH-k.roa
Signing time:             Tue 29 Oct 2024 21:32:16 +0000
ROA not before:           Tue 29 Oct 2024 21:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214411
IP address blocks:        2a14:72c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:da:31:9b:76:76:85:9a:5c:33:00:82:8a:57:6f:7a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Oct 29 21:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5419b523d26dddd2b868f09b40c90a5375a51fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a0:5c:a7:e3:09:b8:ab:d5:b6:e6:e1:1f:c2:
                    41:04:86:ae:8b:06:81:89:8a:7c:55:e1:16:26:82:
                    b1:ef:2f:20:97:1f:ec:6c:56:8e:1e:24:79:9f:2a:
                    ca:74:eb:69:02:7f:c4:8b:11:61:0d:62:49:4f:03:
                    a6:b0:c5:97:4b:79:d0:8f:2a:77:16:d2:3c:99:64:
                    7e:6d:e9:20:13:64:3f:ec:7f:f9:ad:b1:d1:41:eb:
                    09:67:48:b1:80:f5:ac:f8:9e:48:a2:eb:8e:b4:ea:
                    4e:4d:80:c2:d8:c2:8d:16:7b:ce:b9:5c:c3:4e:da:
                    ec:37:94:e8:ca:7c:6f:46:9d:f6:64:13:6f:00:86:
                    d9:79:0a:77:6a:d1:08:1a:88:28:c4:4e:36:fe:bc:
                    f2:d3:97:1e:2e:83:ad:0d:43:b8:80:9b:fc:40:f3:
                    ed:e9:b2:d1:93:08:92:6d:61:d5:46:49:e3:63:e5:
                    0b:6d:0a:de:6e:69:d3:88:70:31:88:80:d2:55:f6:
                    1d:c2:51:8b:3b:d6:25:85:12:57:96:18:cd:5c:8b:
                    0e:91:b7:19:a3:6b:cb:96:4b:ea:07:32:09:60:f6:
                    cc:a5:60:1e:9f:8f:12:de:1e:f5:0f:49:0e:23:77:
                    6c:28:bd:d5:1e:69:0d:1c:e3:5d:41:76:bc:46:46:
                    fc:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:19:B5:23:D2:6D:DD:D2:B8:68:F0:9B:40:C9:0A:53:75:A5:1F:E9
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VBm1I9Jt3dK4aPCbQMkKU3WlH-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:72c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:ad:10:91:0b:9c:74:9c:7a:74:88:59:32:2b:64:04:92:7e:
         a2:0e:48:03:4c:ba:fc:66:b2:74:51:03:03:6f:6a:a9:53:ad:
         1f:ff:b7:c6:3c:f5:47:9c:1f:8b:62:77:c6:09:65:fe:4b:05:
         30:7f:40:5f:61:0e:75:bd:12:f5:5e:6b:15:52:b3:9f:2a:c5:
         0d:55:68:4f:dd:e0:78:cf:42:e0:cd:d5:79:74:fa:42:f1:a6:
         2c:bc:29:3f:c6:51:92:65:01:1e:da:fd:50:bc:44:c7:71:cb:
         80:70:60:47:cb:54:17:46:f7:22:18:e8:d4:79:ca:02:71:8c:
         03:82:ab:fb:76:1f:aa:2b:52:63:30:db:43:a9:84:67:3f:44:
         b9:96:b8:94:9f:39:ae:bf:36:09:ff:1d:6c:82:9c:6e:a2:6d:
         f8:79:c3:27:a9:7e:44:c4:e7:e2:c8:a4:b7:a4:ed:10:f7:3e:
         25:93:f0:f6:c8:89:6a:74:1d:3f:30:29:6b:6b:41:39:1f:42:
         74:df:c4:82:a9:e3:31:1e:e9:c4:94:7c:79:31:aa:a4:b1:8a:
         1f:65:da:4e:75:5c:84:6f:dd:09:6c:e8:6e:16:e7:7e:3e:2f:
         19:71:59:5b:a4:34:14:d0:fd:b3:df:d9:a8:3a:9d:e5:0c:dd:
         f1:52:88:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLaMZt2doWaXDMAgopXb3oHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQxMDI5MjEzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDE5YjUyM2QyNmRkZGQyYjg2OGYwOWI0MGM5MGE1Mzc1YTUxZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqBcp+MJuKvVtubhH8JBBIauiwaB
iYp8VeEWJoKx7y8glx/sbFaOHiR5nyrKdOtpAn/EixFhDWJJTwOmsMWXS3nQjyp3
FtI8mWR+bekgE2Q/7H/5rbHRQesJZ0ixgPWs+J5IouuOtOpOTYDC2MKNFnvOuVzD
TtrsN5ToynxvRp32ZBNvAIbZeQp3atEIGogoxE42/rzy05ceLoOtDUO4gJv8QPPt
6bLRkwiSbWHVRknjY+ULbQrebmnTiHAxiIDSVfYdwlGLO9YlhRJXlhjNXIsOkbcZ
o2vLlkvqBzIJYPbMpWAen48S3h71D0kOI3dsKL3VHmkNHONdQXa8Rkb8OQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFQZtSPSbd3SuGjwm0DJClN1pR/pMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvVkJtMUk5SnQzZEs0YVBDYlFNa0tVM1dsSC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRywDAN
BgkqhkiG9w0BAQsFAAOCAQEAia0QkQucdJx6dIhZMitkBJJ+og5IA0y6/GaydFED
A29qqVOtH/+3xjz1R5wfi2J3xgll/ksFMH9AX2EOdb0S9V5rFVKznyrFDVVoT93g
eM9C4M3VeXT6QvGmLLwpP8ZRkmUBHtr9ULxEx3HLgHBgR8tUF0b3Ihjo1HnKAnGM
A4Kr+3YfqitSYzDbQ6mEZz9EuZa4lJ85rr82Cf8dbIKcbqJt+HnDJ6l+RMTn4sik
t6TtEPc+JZPw9siJanQdPzApa2tBOR9CdN/EgqnjMR7pxJR8eTGqpLGKH2XaTnVc
hG/dCWzobhbnfj4vGXFZW6Q0FND9s9/ZqDqd5Qzd8VKIbQ==
-----END CERTIFICATE-----