Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/Qv9R29xRWPk32aqNOs1PjLeRabw.roa
File:                     Qv9R29xRWPk32aqNOs1PjLeRabw.roa (raw, json)
Hash identifier:          dqR21AOmis1IsB5D70HHGt2CwElurr+Lx6hZfsSDESY=
Subject key identifier:   42:FF:51:DB:DC:51:58:F9:37:D9:AA:8D:3A:CD:4F:8C:B7:91:69:BC
Certificate issuer:       /CN=07bca0482d605587eb0e0c851c38e807755f9017
Certificate serial:       0190BB3BC2F857356CF58C16CF069A8F97D6
Authority key identifier: 07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/Qv9R29xRWPk32aqNOs1PjLeRabw.roa
Signing time:             Tue 16 Jul 2024 11:09:34 +0000
ROA not before:           Tue 16 Jul 2024 11:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:1740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:3b:c2:f8:57:35:6c:f5:8c:16:cf:06:9a:8f:97:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07bca0482d605587eb0e0c851c38e807755f9017
        Validity
            Not Before: Jul 16 11:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42ff51dbdc5158f937d9aa8d3acd4f8cb79169bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:46:01:ab:21:ca:11:d9:2c:87:7f:05:ce:31:
                    a4:1f:3f:dd:d2:e2:74:fa:ab:9f:87:96:54:2b:55:
                    e6:b8:22:15:81:00:2c:d6:23:84:44:d8:40:aa:2e:
                    eb:68:19:9e:5a:c5:56:76:9b:d3:42:07:0c:50:69:
                    f9:c1:2d:20:b7:72:14:56:aa:bd:0a:be:fd:0f:b9:
                    99:52:80:8e:c6:bf:02:95:52:f3:72:cd:14:88:06:
                    34:a2:5d:98:8c:7e:67:af:58:82:e3:82:30:35:1b:
                    5a:b4:bc:d0:1d:88:37:07:2a:70:14:04:17:06:25:
                    88:cd:df:6a:9e:9d:31:26:dc:6e:95:33:1c:f3:db:
                    03:7c:e7:81:38:06:13:12:92:46:04:c6:8c:b6:92:
                    2e:1d:64:5c:6d:b3:d8:58:0f:7d:42:a8:e4:bf:cf:
                    c1:3a:8b:30:b4:d3:d7:5f:ae:ba:64:ba:63:7a:9d:
                    0b:c4:40:cf:34:a1:4d:19:7e:b6:f0:98:5c:d1:ff:
                    50:7c:f2:2d:22:e6:68:3e:b4:1b:b8:12:19:1e:e6:
                    22:ba:81:57:72:99:63:8a:ac:58:04:a4:c9:f4:34:
                    97:3b:a5:a7:a7:e9:04:fe:a0:45:af:d8:61:40:a5:
                    97:71:57:99:b9:f1:e2:d4:52:f5:0d:45:30:69:b8:
                    8d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:FF:51:DB:DC:51:58:F9:37:D9:AA:8D:3A:CD:4F:8C:B7:91:69:BC
            X509v3 Authority Key Identifier:
                keyid:07:BC:A0:48:2D:60:55:87:EB:0E:0C:85:1C:38:E8:07:75:5F:90:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B7ygSC1gVYfrDgyFHDjoB3VfkBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/Qv9R29xRWPk32aqNOs1PjLeRabw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/766311-caa4-4399-8b35-fc79af1f6fb3/1/B7ygSC1gVYfrDgyFHDjoB3VfkBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1740::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:30:1a:8d:2d:91:11:7f:62:16:65:d4:73:06:e7:a2:fc:5c:
         14:13:a1:da:ce:91:aa:ff:bf:a4:e3:35:28:f5:02:70:a3:4d:
         8e:86:17:e6:43:c7:11:db:c8:bf:c2:49:b1:1e:f5:c1:9c:3e:
         7e:b9:d5:6b:6e:84:35:52:91:9e:dc:f5:c6:51:7c:57:dc:8f:
         15:a9:33:bf:0c:cb:80:f1:ff:d5:01:88:ab:c1:51:6e:da:fd:
         b6:96:37:b1:90:01:fb:49:9c:43:74:75:01:36:73:64:29:d9:
         47:99:3c:9a:97:06:16:9e:89:6e:12:06:d7:46:5c:d1:dd:7b:
         f4:72:70:ca:1c:fc:4f:42:ea:07:33:38:58:2d:e1:46:b4:a9:
         3a:4a:8b:24:8e:ba:9e:3b:11:e8:17:ac:63:bd:e2:8c:20:46:
         2d:cb:a3:d9:88:1c:54:1c:38:36:f0:0d:f4:a9:dc:fe:52:57:
         0d:07:e8:0c:85:37:5d:df:e7:22:32:1e:22:e5:49:33:e7:cd:
         79:2d:75:dd:39:c5:9d:b6:cc:ea:ef:b8:e9:af:37:38:45:e3:
         69:32:8b:83:89:51:11:57:94:94:cb:bf:db:f0:60:7b:6e:0c:
         9f:9c:1d:28:55:31:7f:a1:4c:17:bb:27:73:fd:58:a9:30:72:
         fa:86:d5:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZC7O8L4VzVs9YwWzwaaj5fWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YmNhMDQ4MmQ2MDU1ODdlYjBlMGM4NTFjMzhlODA3NzU1
ZjkwMTcwHhcNMjQwNzE2MTEwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmZmNTFkYmRjNTE1OGY5MzdkOWFhOGQzYWNkNGY4Y2I3OTE2OWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkYBqyHKEdksh38FzjGkHz/d0uJ0
+qufh5ZUK1XmuCIVgQAs1iOERNhAqi7raBmeWsVWdpvTQgcMUGn5wS0gt3IUVqq9
Cr79D7mZUoCOxr8ClVLzcs0UiAY0ol2YjH5nr1iC44IwNRtatLzQHYg3BypwFAQX
BiWIzd9qnp0xJtxulTMc89sDfOeBOAYTEpJGBMaMtpIuHWRcbbPYWA99Qqjkv8/B
OoswtNPXX666ZLpjep0LxEDPNKFNGX628Jhc0f9QfPItIuZoPrQbuBIZHuYiuoFX
cpljiqxYBKTJ9DSXO6Wnp+kE/qBFr9hhQKWXcVeZufHi1FL1DUUwabiNTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEL/UdvcUVj5N9mqjTrNT4y3kWm8MB8GA1UdIwQY
MBaAFAe8oEgtYFWH6w4MhRw46Ad1X5AXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjd5Z1NDMWdWWWZyRGd5RkhEam9CM1Zma0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NjYzMTEtY2FhNC00Mzk5LThiMzUt
ZmM3OWFmMWY2ZmIzLzEvUXY5UjI5eFJXUGszMmFxTk9zMVBqTGVSYWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NjYzMTEtY2FhNC00Mzk5LThiMzUtZmM3OWFmMWY2ZmIz
LzEvQjd5Z1NDMWdWWWZyRGd5RkhEam9CM1Zma0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQXQDAN
BgkqhkiG9w0BAQsFAAOCAQEAsjAajS2REX9iFmXUcwbnovxcFBOh2s6Rqv+/pOM1
KPUCcKNNjoYX5kPHEdvIv8JJsR71wZw+frnVa26ENVKRntz1xlF8V9yPFakzvwzL
gPH/1QGIq8FRbtr9tpY3sZAB+0mcQ3R1ATZzZCnZR5k8mpcGFp6JbhIG10Zc0d17
9HJwyhz8T0LqBzM4WC3hRrSpOkqLJI66njsR6BesY73ijCBGLcuj2YgcVBw4NvAN
9Knc/lJXDQfoDIU3Xd/nIjIeIuVJM+fNeS113TnFnbbM6u+46a83OEXjaTKLg4lR
EVeUlMu/2/Bge24Mn5wdKFUxf6FMF7snc/1YqTBy+obVzg==
-----END CERTIFICATE-----