Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/044350-8cc9-486d-87c9-572c4e129d32/1/bZdpzXbXKeGRAYcwQEcKhUSRsrg.roa
File:                     bZdpzXbXKeGRAYcwQEcKhUSRsrg.roa (raw, json)
Hash identifier:          sHRBfOPEZZasbO6mAm+imdh4an0ddFiPRQNciDAqfxU=
Subject key identifier:   6D:97:69:CD:76:D7:29:E1:91:01:87:30:40:47:0A:85:44:91:B2:B8
Certificate issuer:       /CN=bc995d15502780acdf7b6e6a1865edb5a0e7dc4b
Certificate serial:       01912BF6903844A24010250A6754F005E5ED
Authority key identifier: BC:99:5D:15:50:27:80:AC:DF:7B:6E:6A:18:65:ED:B5:A0:E7:DC:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJldFVAngKzfe25qGGXttaDn3Es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/044350-8cc9-486d-87c9-572c4e129d32/1/bZdpzXbXKeGRAYcwQEcKhUSRsrg.roa
Signing time:             Wed 07 Aug 2024 08:31:04 +0000
ROA not before:           Wed 07 Aug 2024 08:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        2a14:71c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/044350-8cc9-486d-87c9-572c4e129d32/1/vJldFVAngKzfe25qGGXttaDn3Es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/044350-8cc9-486d-87c9-572c4e129d32/1/vJldFVAngKzfe25qGGXttaDn3Es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJldFVAngKzfe25qGGXttaDn3Es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2b:f6:90:38:44:a2:40:10:25:0a:67:54:f0:05:e5:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc995d15502780acdf7b6e6a1865edb5a0e7dc4b
        Validity
            Not Before: Aug  7 08:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d9769cd76d729e19101873040470a854491b2b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:58:59:66:75:80:7d:b6:c8:bf:43:9b:1a:0b:
                    23:08:b2:26:34:b7:cd:53:cb:69:fc:74:6b:3b:9d:
                    30:fc:ec:e2:7a:ae:20:48:3f:be:70:8c:c6:6b:7c:
                    10:38:bc:76:94:c5:bc:38:d6:a6:33:ab:53:46:c9:
                    d5:7a:40:cc:15:bd:f7:16:78:e1:15:f8:9a:e1:14:
                    4c:e5:36:b3:8c:5d:0e:1b:16:2f:cc:90:80:b8:49:
                    97:73:b8:33:94:81:a4:a7:15:55:2c:5b:87:3d:2a:
                    8c:34:88:57:02:68:26:07:e4:50:ce:d3:db:2c:55:
                    44:e0:99:45:80:d2:4e:32:ad:c1:42:df:73:51:2a:
                    e2:af:98:0a:45:ff:53:71:cb:13:58:dd:66:3c:32:
                    7d:ef:89:86:f8:21:e7:0b:59:3d:1c:61:c7:5b:7f:
                    bd:72:c5:8c:3a:1b:4e:e5:13:b2:05:7b:25:be:89:
                    a5:cf:43:a4:80:c4:92:6d:15:9f:24:1a:d7:f3:be:
                    7c:a5:80:21:63:2a:e6:0b:68:32:65:db:05:62:0b:
                    34:cd:4e:d6:6c:74:a0:bc:c7:3f:0d:86:9a:6c:0a:
                    58:23:f6:e3:21:cb:1c:bb:16:81:f8:e6:ff:d3:10:
                    26:f2:51:d7:07:58:e4:d1:65:3f:31:7b:dc:e2:c6:
                    5e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:97:69:CD:76:D7:29:E1:91:01:87:30:40:47:0A:85:44:91:B2:B8
            X509v3 Authority Key Identifier:
                keyid:BC:99:5D:15:50:27:80:AC:DF:7B:6E:6A:18:65:ED:B5:A0:E7:DC:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJldFVAngKzfe25qGGXttaDn3Es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/044350-8cc9-486d-87c9-572c4e129d32/1/bZdpzXbXKeGRAYcwQEcKhUSRsrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/044350-8cc9-486d-87c9-572c4e129d32/1/vJldFVAngKzfe25qGGXttaDn3Es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:71c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:d7:41:e9:1c:34:d8:12:b5:4d:c4:09:9b:bd:00:a1:c7:dc:
         87:ba:30:45:ac:7b:07:e1:a2:01:f0:b4:c9:09:fd:89:fe:09:
         a4:b9:9a:62:76:94:13:a8:00:4a:f7:a4:75:71:6b:ac:79:2c:
         88:f2:15:4a:0c:05:90:66:2f:90:20:a7:b5:56:18:27:d6:92:
         82:f7:0d:09:00:77:4a:99:0e:cd:da:e1:b3:29:72:c8:1c:b4:
         b5:cf:e3:6b:23:50:0a:97:62:7b:d7:79:77:27:06:ed:24:ed:
         b5:ee:f5:3a:57:12:f2:08:ce:92:57:7d:13:c1:50:2c:13:13:
         bd:88:b8:48:ad:20:b1:5b:7d:4d:e3:5b:c6:1b:16:c1:bf:c7:
         a9:56:40:93:14:1b:51:29:67:6e:a6:37:cc:21:4c:21:b0:ca:
         73:21:80:f0:6b:2e:d3:d8:6e:5e:81:79:20:74:94:53:7b:37:
         03:5e:96:05:5b:ea:bd:ae:55:f4:e9:3b:86:4b:05:9e:87:57:
         aa:ce:af:ff:f3:b0:5f:7a:1c:da:d5:85:25:5b:9c:c3:8f:ec:
         59:24:84:cd:66:c4:41:8c:98:63:6d:0e:5a:bb:70:06:96:0e:
         96:f2:2a:ec:35:75:22:4d:7d:bf:b1:72:bf:c0:cd:3a:82:43:
         31:ca:7b:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZEr9pA4RKJAECUKZ1TwBeXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOTk1ZDE1NTAyNzgwYWNkZjdiNmU2YTE4NjVlZGI1YTBl
N2RjNGIwHhcNMjQwODA3MDgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDk3NjljZDc2ZDcyOWUxOTEwMTg3MzA0MDQ3MGE4NTQ0OTFiMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lhZZnWAfbbIv0ObGgsjCLImNLfN
U8tp/HRrO50w/Ozieq4gSD++cIzGa3wQOLx2lMW8ONamM6tTRsnVekDMFb33Fnjh
Ffia4RRM5TazjF0OGxYvzJCAuEmXc7gzlIGkpxVVLFuHPSqMNIhXAmgmB+RQztPb
LFVE4JlFgNJOMq3BQt9zUSrir5gKRf9TccsTWN1mPDJ974mG+CHnC1k9HGHHW3+9
csWMOhtO5ROyBXslvomlz0OkgMSSbRWfJBrX8758pYAhYyrmC2gyZdsFYgs0zU7W
bHSgvMc/DYaabApYI/bjIcscuxaB+Ob/0xAm8lHXB1jk0WU/MXvc4sZeBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG2Xac121ynhkQGHMEBHCoVEkbK4MB8GA1UdIwQY
MBaAFLyZXRVQJ4Cs33tuahhl7bWg59xLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkpsZEZWQW5nS3pmZTI1cUdHWHR0YURuM0VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8wNDQzNTAtOGNjOS00ODZkLTg3Yzkt
NTcyYzRlMTI5ZDMyLzEvYlpkcHpYYlhLZUdSQVljd1FFY0toVVNSc3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8wNDQzNTAtOGNjOS00ODZkLTg3YzktNTcyYzRlMTI5ZDMy
LzEvdkpsZEZWQW5nS3pmZTI1cUdHWHR0YURuM0VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRxwDAN
BgkqhkiG9w0BAQsFAAOCAQEAo9dB6Rw02BK1TcQJm70Aocfch7owRax7B+GiAfC0
yQn9if4JpLmaYnaUE6gASvekdXFrrHksiPIVSgwFkGYvkCCntVYYJ9aSgvcNCQB3
SpkOzdrhsylyyBy0tc/jayNQCpdie9d5dycG7STtte71OlcS8gjOkld9E8FQLBMT
vYi4SK0gsVt9TeNbxhsWwb/HqVZAkxQbUSlnbqY3zCFMIbDKcyGA8Gsu09huXoF5
IHSUU3s3A16WBVvqva5V9Ok7hksFnodXqs6v//OwX3oc2tWFJVucw4/sWSSEzWbE
QYyYY20OWrtwBpYOlvIq7DV1Ik19v7Fyv8DNOoJDMcp7nw==
-----END CERTIFICATE-----