Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/7aa04e-4807-4988-9103-842397e30643/1/h7ETLfyQmL_b22CUnmqfJbv8XcU.roa
File:                     h7ETLfyQmL_b22CUnmqfJbv8XcU.roa (raw, json)
Hash identifier:          GvscP45iqYd2rs4fdmtdGUU7bJ6EyKUaKDdAzQiywgY=
Subject key identifier:   87:B1:13:2D:FC:90:98:BF:DB:DB:60:94:9E:6A:9F:25:BB:FC:5D:C5
Certificate issuer:       /CN=7f249b9544620683f94b388a7551a68a6493ed12
Certificate serial:       019436008BF0F2398D1F946E82D323CF7A89
Authority key identifier: 7F:24:9B:95:44:62:06:83:F9:4B:38:8A:75:51:A6:8A:64:93:ED:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fySblURiBoP5SziKdVGmimST7RI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/7aa04e-4807-4988-9103-842397e30643/1/h7ETLfyQmL_b22CUnmqfJbv8XcU.roa
Signing time:             Sun 05 Jan 2025 10:26:32 +0000
ROA not before:           Sun 05 Jan 2025 10:26:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213665
IP address blocks:        2a14:ee00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/7aa04e-4807-4988-9103-842397e30643/1/fySblURiBoP5SziKdVGmimST7RI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/7aa04e-4807-4988-9103-842397e30643/1/fySblURiBoP5SziKdVGmimST7RI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fySblURiBoP5SziKdVGmimST7RI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:36:00:8b:f0:f2:39:8d:1f:94:6e:82:d3:23:cf:7a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f249b9544620683f94b388a7551a68a6493ed12
        Validity
            Not Before: Jan  5 10:26:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87b1132dfc9098bfdbdb60949e6a9f25bbfc5dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c5:82:dd:78:50:0d:f4:1a:60:28:86:b2:83:
                    2d:8a:24:44:6c:71:69:82:be:06:ac:70:1f:b0:32:
                    a4:a7:45:04:c7:9f:c4:3d:8d:b9:71:28:7f:22:a9:
                    5b:5f:a0:a9:c0:1d:60:25:70:a8:07:54:2e:84:af:
                    1d:ee:fa:4e:db:b8:47:71:d3:1a:a5:ae:15:88:15:
                    54:a2:ef:a0:db:29:b4:a6:89:f1:78:6e:fc:f7:46:
                    7d:4b:1a:99:34:e9:a3:7d:37:07:b0:87:4d:ef:75:
                    17:f5:d3:1f:e7:fd:95:00:d5:a9:1d:9b:ef:1c:a6:
                    ef:17:9b:23:28:92:5f:16:fc:9d:13:0c:84:ff:3e:
                    ce:d4:ae:09:d2:6d:2b:8a:04:14:8c:62:62:34:c0:
                    9b:98:e2:8f:3b:7a:56:9a:93:84:e5:4b:41:4d:54:
                    d8:ee:72:c6:e0:0f:0d:dc:d0:3e:b5:a4:6d:a5:e8:
                    8d:a2:d1:1a:24:f4:05:14:64:85:58:ef:3f:61:0c:
                    a0:f4:28:cf:98:bc:7d:52:31:3d:bf:a8:9b:1c:d7:
                    46:29:1a:d6:9f:a9:a2:22:ac:1c:26:84:dd:0b:49:
                    ac:ea:2d:b3:a6:2b:16:4c:00:8d:66:42:8b:88:6a:
                    9f:19:65:18:e4:fc:b5:40:b8:8b:7d:0e:35:6d:b0:
                    ad:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B1:13:2D:FC:90:98:BF:DB:DB:60:94:9E:6A:9F:25:BB:FC:5D:C5
            X509v3 Authority Key Identifier:
                keyid:7F:24:9B:95:44:62:06:83:F9:4B:38:8A:75:51:A6:8A:64:93:ED:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fySblURiBoP5SziKdVGmimST7RI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/7aa04e-4807-4988-9103-842397e30643/1/h7ETLfyQmL_b22CUnmqfJbv8XcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/7aa04e-4807-4988-9103-842397e30643/1/fySblURiBoP5SziKdVGmimST7RI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ee00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:a9:ed:bf:c9:5f:49:5c:57:79:35:3f:a4:b3:38:30:5b:47:
         8c:45:99:d2:92:24:92:7b:b3:62:d6:df:dd:98:32:8d:35:51:
         42:71:12:f1:17:7b:76:d7:78:ba:5d:b8:7e:a9:cd:a8:a2:31:
         dd:bc:ed:14:52:80:3a:44:64:6c:97:b7:e5:64:77:8f:ba:7d:
         73:ab:23:fe:02:86:7c:fe:d7:a3:df:da:fb:2c:23:38:f5:de:
         0f:b7:4a:f8:34:54:ea:b7:9f:fc:9b:b8:0e:a1:49:ed:b7:12:
         8c:36:c4:09:d3:a2:13:f3:ab:7b:36:49:c4:f0:7d:e5:c5:c1:
         dc:97:8d:fc:9b:0b:62:3c:99:dc:31:3f:df:88:13:e1:4e:b2:
         f2:d8:3d:2d:22:a6:05:43:c6:ce:e7:d1:cf:42:b5:17:c4:49:
         5d:76:e6:fe:b8:ea:09:08:82:48:c9:c1:91:a9:bb:b4:dd:02:
         04:74:99:74:de:c0:59:db:db:de:40:d9:18:70:54:a5:5e:2b:
         84:b9:bc:0e:83:f1:9e:cd:1e:2b:f4:9e:52:8f:38:67:d7:05:
         80:41:d8:3a:22:2c:6d:3f:84:2f:76:60:f1:51:fb:84:a5:4a:
         76:3b:59:c5:2d:5d:39:94:d9:5d:26:e2:0e:23:62:e8:1e:34:
         24:79:c5:61
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQ2AIvw8jmNH5RugtMjz3qJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMjQ5Yjk1NDQ2MjA2ODNmOTRiMzg4YTc1NTFhNjhhNjQ5
M2VkMTIwHhcNMjUwMTA1MTAyNjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2IxMTMyZGZjOTA5OGJmZGJkYjYwOTQ5ZTZhOWYyNWJiZmM1ZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcWC3XhQDfQaYCiGsoMtiiREbHFp
gr4GrHAfsDKkp0UEx5/EPY25cSh/IqlbX6CpwB1gJXCoB1QuhK8d7vpO27hHcdMa
pa4ViBVUou+g2ym0ponxeG7890Z9SxqZNOmjfTcHsIdN73UX9dMf5/2VANWpHZvv
HKbvF5sjKJJfFvydEwyE/z7O1K4J0m0rigQUjGJiNMCbmOKPO3pWmpOE5UtBTVTY
7nLG4A8N3NA+taRtpeiNotEaJPQFFGSFWO8/YQyg9CjPmLx9UjE9v6ibHNdGKRrW
n6miIqwcJoTdC0ms6i2zpisWTACNZkKLiGqfGWUY5Py1QLiLfQ41bbCtnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIexEy38kJi/29tglJ5qnyW7/F3FMB8GA1UdIwQY
MBaAFH8km5VEYgaD+Us4inVRpopkk+0SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnlTYmxVUmlCb1A1U3ppS2RWR21pbVNUN1JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi83YWEwNGUtNDgwNy00OTg4LTkxMDMt
ODQyMzk3ZTMwNjQzLzEvaDdFVExmeVFtTF9iMjJDVW5tcWZKYnY4WGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi83YWEwNGUtNDgwNy00OTg4LTkxMDMtODQyMzk3ZTMwNjQz
LzEvZnlTYmxVUmlCb1A1U3ppS2RWR21pbVNUN1JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTuADAN
BgkqhkiG9w0BAQsFAAOCAQEAX6ntv8lfSVxXeTU/pLM4MFtHjEWZ0pIkknuzYtbf
3ZgyjTVRQnES8Rd7dtd4ul24fqnNqKIx3bztFFKAOkRkbJe35WR3j7p9c6sj/gKG
fP7Xo9/a+ywjOPXeD7dK+DRU6ref/Ju4DqFJ7bcSjDbECdOiE/OrezZJxPB95cXB
3JeN/JsLYjyZ3DE/34gT4U6y8tg9LSKmBUPGzufRz0K1F8RJXXbm/rjqCQiCSMnB
kam7tN0CBHSZdN7AWdvb3kDZGHBUpV4rhLm8DoPxns0eK/SeUo84Z9cFgEHYOiIs
bT+EL3Zg8VH7hKVKdjtZxS1dOZTZXSbiDiNi6B40JHnFYQ==
-----END CERTIFICATE-----