Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/RXRev0w2atWuFXVEtwA0ZWEeA9Q.roa
File:                     RXRev0w2atWuFXVEtwA0ZWEeA9Q.roa (raw, json)
Hash identifier:          7Bs5Y39zdPO7/VAdN+CO08GETonNjGrKrkCg0bHyHTQ=
Subject key identifier:   45:74:5E:BF:4C:36:6A:D5:AE:15:75:44:B7:00:34:65:61:1E:03:D4
Certificate issuer:       /CN=f546f5c80c3ca82cf48ddabb63c6046a6812b743
Certificate serial:       0190ABB834DB11AB62C04F456D2293D2C196
Authority key identifier: F5:46:F5:C8:0C:3C:A8:2C:F4:8D:DA:BB:63:C6:04:6A:68:12:B7:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/RXRev0w2atWuFXVEtwA0ZWEeA9Q.roa
Signing time:             Sat 13 Jul 2024 10:51:34 +0000
ROA not before:           Sat 13 Jul 2024 10:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:b8:34:db:11:ab:62:c0:4f:45:6d:22:93:d2:c1:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f546f5c80c3ca82cf48ddabb63c6046a6812b743
        Validity
            Not Before: Jul 13 10:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45745ebf4c366ad5ae157544b7003465611e03d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:d8:6a:1f:d5:cc:43:35:30:5c:60:14:22:
                    12:1c:05:96:c1:a4:09:6c:97:f4:64:f6:d0:d6:b6:
                    f8:e8:10:8f:10:36:35:d6:96:26:ea:13:cb:f3:48:
                    67:d1:bb:3b:2c:0a:69:18:cc:b8:68:99:39:f7:cb:
                    e6:ab:e1:c6:f7:48:ab:b6:94:d4:00:3f:e2:8c:cd:
                    69:76:38:66:61:4d:1e:1f:6c:9b:d1:51:c2:31:6d:
                    5a:e0:82:68:49:30:53:21:3c:23:c5:41:ec:7d:71:
                    0e:4a:51:94:f7:ae:ab:25:66:7f:a2:1c:94:9f:93:
                    24:2c:25:0c:be:7c:07:84:cb:4e:3c:3b:6b:d5:7e:
                    12:ec:d3:f2:3b:21:cc:be:66:03:7a:91:ea:4c:1b:
                    73:54:58:99:6c:4d:f6:8e:9d:9a:6e:c4:79:56:54:
                    7e:ab:ef:3c:8e:f6:c8:d6:d5:d6:d7:a1:0b:bb:29:
                    14:68:83:e5:38:fc:55:01:61:cb:b1:38:aa:1d:2b:
                    e2:9e:4e:25:fc:43:ba:cd:85:65:c1:3a:73:b0:cc:
                    74:1d:56:b9:7b:f7:93:32:36:31:8a:25:26:16:00:
                    04:19:a5:df:47:17:04:30:cd:7e:cf:0f:bb:09:12:
                    c0:a7:b2:f3:d4:57:ed:86:21:08:61:71:8a:be:2f:
                    59:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:74:5E:BF:4C:36:6A:D5:AE:15:75:44:B7:00:34:65:61:1E:03:D4
            X509v3 Authority Key Identifier:
                keyid:F5:46:F5:C8:0C:3C:A8:2C:F4:8D:DA:BB:63:C6:04:6A:68:12:B7:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/RXRev0w2atWuFXVEtwA0ZWEeA9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:400::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:38:0e:5b:9e:0e:e5:13:c4:53:79:26:a5:f8:32:9f:78:8c:
         84:8d:cf:25:2f:d7:11:ad:22:bc:9f:64:93:41:4d:22:35:dc:
         ec:66:f0:33:54:52:0f:d4:3a:a6:f0:41:71:e3:a8:53:fa:01:
         1d:43:e4:9f:16:3f:ae:a2:e5:0f:8d:4b:08:7c:19:2e:4a:3b:
         96:ea:0c:13:7b:8b:87:43:83:b6:7f:19:b4:13:0d:cd:3d:40:
         35:79:ce:2f:96:5a:ea:e9:8f:c0:be:33:b2:af:34:70:bc:9f:
         d3:07:60:76:f3:fe:0d:7c:8f:ce:5d:90:40:f1:a9:6f:d8:57:
         ff:bd:76:fb:a2:bb:e2:31:f6:1d:81:f6:88:12:20:a5:40:00:
         bb:bd:08:a1:f0:33:83:b8:ce:57:a8:6b:68:fc:1f:46:a3:94:
         e4:7f:27:f8:eb:80:b8:e4:08:6b:41:de:54:14:45:c8:eb:f9:
         2c:8c:fd:81:8d:94:78:23:49:49:46:64:ac:f7:51:7c:f9:2f:
         aa:26:90:d2:36:41:47:17:d6:e1:b4:10:2b:98:6e:99:93:db:
         b5:6a:37:e2:1f:3d:e1:48:43:28:8c:12:f5:0f:2e:77:ea:a7:
         70:70:3c:de:a2:86:21:63:ea:06:5e:0c:c1:1c:24:0c:77:c6:
         b3:fc:05:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCruDTbEatiwE9FbSKT0sGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NDZmNWM4MGMzY2E4MmNmNDhkZGFiYjYzYzYwNDZhNjgx
MmI3NDMwHhcNMjQwNzEzMTA1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTc0NWViZjRjMzY2YWQ1YWUxNTc1NDRiNzAwMzQ2NTYxMWUwM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnnYah/VzEM1MFxgFCISHAWWwaQJ
bJf0ZPbQ1rb46BCPEDY11pYm6hPL80hn0bs7LAppGMy4aJk598vmq+HG90irtpTU
AD/ijM1pdjhmYU0eH2yb0VHCMW1a4IJoSTBTITwjxUHsfXEOSlGU966rJWZ/ohyU
n5MkLCUMvnwHhMtOPDtr1X4S7NPyOyHMvmYDepHqTBtzVFiZbE32jp2absR5VlR+
q+88jvbI1tXW16ELuykUaIPlOPxVAWHLsTiqHSvink4l/EO6zYVlwTpzsMx0HVa5
e/eTMjYxiiUmFgAEGaXfRxcEMM1+zw+7CRLAp7Lz1FfthiEIYXGKvi9ZfwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEV0Xr9MNmrVrhV1RLcANGVhHgPUMB8GA1UdIwQY
MBaAFPVG9cgMPKgs9I3au2PGBGpoErdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVViMXlBdzhxQ3owamRxN1k4WUVhbWdTdDBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mMTExZmYtYWNlYS00YmU5LWIzNTYt
NTQ2MjliOTJiNjgzLzEvUlhSZXYwdzJhdFd1RlhWRXR3QTBaV0VlQTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mMTExZmYtYWNlYS00YmU5LWIzNTYtNTQ2MjliOTJiNjgz
LzEvOVViMXlBdzhxQ3owamRxN1k4WUVhbWdTdDBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQEADAN
BgkqhkiG9w0BAQsFAAOCAQEAijgOW54O5RPEU3kmpfgyn3iMhI3PJS/XEa0ivJ9k
k0FNIjXc7GbwM1RSD9Q6pvBBceOoU/oBHUPknxY/rqLlD41LCHwZLko7luoME3uL
h0ODtn8ZtBMNzT1ANXnOL5Za6umPwL4zsq80cLyf0wdgdvP+DXyPzl2QQPGpb9hX
/712+6K74jH2HYH2iBIgpUAAu70IofAzg7jOV6hraPwfRqOU5H8n+OuAuOQIa0He
VBRFyOv5LIz9gY2UeCNJSUZkrPdRfPkvqiaQ0jZBRxfW4bQQK5humZPbtWo34h89
4UhDKIwS9Q8ud+qncHA83qKGIWPqBl4MwRwkDHfGs/wF6Q==
-----END CERTIFICATE-----