Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/KN9uI1in7Rmxa8HsRJep2umNYyE.roa
File:                     KN9uI1in7Rmxa8HsRJep2umNYyE.roa (raw, json)
Hash identifier:          crqDDQtsssivLMlh3BryM/t/6EhYdNgQzMt8o99nqug=
Subject key identifier:   28:DF:6E:23:58:A7:ED:19:B1:6B:C1:EC:44:97:A9:DA:E9:8D:63:21
Certificate issuer:       /CN=a81297b1d36a42de38e8480bb929b45bc9030c9d
Certificate serial:       018F1C80B1A075EBA428EB99546D1AB432C2
Authority key identifier: A8:12:97:B1:D3:6A:42:DE:38:E8:48:0B:B9:29:B4:5B:C9:03:0C:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/KN9uI1in7Rmxa8HsRJep2umNYyE.roa
Signing time:             Fri 26 Apr 2024 22:22:27 +0000
ROA not before:           Fri 26 Apr 2024 22:22:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a14:3244:2470::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1c:80:b1:a0:75:eb:a4:28:eb:99:54:6d:1a:b4:32:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81297b1d36a42de38e8480bb929b45bc9030c9d
        Validity
            Not Before: Apr 26 22:22:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28df6e2358a7ed19b16bc1ec4497a9dae98d6321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fa:6e:d1:ff:26:7a:79:55:d6:29:91:ac:a5:
                    b2:d8:7b:c7:0a:8e:80:2e:19:64:da:73:f6:09:3c:
                    28:97:43:a5:01:24:e8:52:64:a2:cb:9a:b2:c6:5e:
                    44:2d:2d:29:e4:57:a4:1f:a7:bd:a6:1e:ef:f0:fb:
                    4a:ed:64:30:ff:0c:26:b1:a4:c4:70:c5:56:4d:41:
                    e0:5a:ed:63:2f:22:fc:f3:30:48:7f:6a:c4:68:4e:
                    32:9f:a3:a3:52:fc:3c:71:25:35:ae:0c:00:96:f2:
                    4a:a2:de:99:40:f1:84:69:95:ee:e6:6c:f5:23:fa:
                    a8:80:7b:71:4f:e3:4f:35:d0:3c:a9:dd:a2:1e:9c:
                    66:3c:3f:30:9c:a1:36:58:59:a6:7b:14:a9:cc:f7:
                    df:b7:36:80:d9:ba:de:6e:fe:c4:65:a0:68:2a:c9:
                    2f:d1:97:98:de:32:9e:bc:9f:a4:d3:4c:63:63:07:
                    76:ce:d8:95:ed:7d:23:13:0a:8c:b4:f1:ae:e3:07:
                    5f:cf:55:78:52:c4:82:95:41:10:7b:02:92:4a:ac:
                    81:5e:1a:d0:e2:85:92:74:6f:0c:e7:78:9e:9d:2d:
                    65:ba:28:01:2d:51:29:db:38:c1:60:f8:44:b6:0f:
                    91:e1:77:2e:b8:59:6e:d8:22:35:f3:d5:02:9c:ce:
                    92:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:DF:6E:23:58:A7:ED:19:B1:6B:C1:EC:44:97:A9:DA:E9:8D:63:21
            X509v3 Authority Key Identifier:
                keyid:A8:12:97:B1:D3:6A:42:DE:38:E8:48:0B:B9:29:B4:5B:C9:03:0C:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/KN9uI1in7Rmxa8HsRJep2umNYyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:3244:2470::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:09:b9:fb:39:95:65:f2:a7:7d:b2:c0:d5:17:ef:62:60:59:
         b0:e8:ba:10:e2:48:7b:b4:cc:4d:f4:d1:91:7f:a5:f1:0f:6a:
         94:93:51:36:97:d4:0c:6c:dc:9c:a1:cf:63:86:e6:ec:24:c6:
         81:b5:10:c4:82:fe:cf:fa:4b:50:a6:2c:99:06:f6:e3:31:e8:
         70:53:e6:41:ba:bd:fe:19:56:40:cb:1c:f9:70:55:7a:f7:ec:
         3c:60:af:a0:4b:96:1f:c9:09:f8:3f:1d:7e:08:31:a9:6c:c0:
         93:c8:7b:25:ab:9b:bb:37:6f:01:98:d3:34:d7:91:dc:1f:af:
         98:54:c7:4a:90:6e:3e:99:7c:68:2c:23:5b:75:ab:53:da:bc:
         0a:5a:25:1b:90:cb:61:1c:36:28:3d:8b:51:d7:cf:e5:bd:6e:
         ce:fa:ea:62:5f:65:16:9d:a1:dc:d6:c2:a4:6e:61:03:11:c4:
         a2:eb:86:1a:b7:f6:4d:56:c9:d0:71:12:c1:1e:c4:62:6b:65:
         ba:b2:5f:a6:bd:f1:ec:f9:1c:0c:1d:87:30:ab:72:98:58:af:
         89:c1:d9:22:8a:d2:73:4c:f7:f0:c6:c3:5e:2d:ba:d4:44:aa:
         85:de:48:86:be:b3:88:6f:50:2a:70:0d:2f:a2:c8:bf:01:36:
         05:9f:c0:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8cgLGgdeukKOuZVG0atDLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTI5N2IxZDM2YTQyZGUzOGU4NDgwYmI5MjliNDViYzkw
MzBjOWQwHhcNMjQwNDI2MjIyMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGRmNmUyMzU4YTdlZDE5YjE2YmMxZWM0NDk3YTlkYWU5OGQ2MzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvpu0f8menlV1imRrKWy2HvHCo6A
Lhlk2nP2CTwol0OlASToUmSiy5qyxl5ELS0p5FekH6e9ph7v8PtK7WQw/wwmsaTE
cMVWTUHgWu1jLyL88zBIf2rEaE4yn6OjUvw8cSU1rgwAlvJKot6ZQPGEaZXu5mz1
I/qogHtxT+NPNdA8qd2iHpxmPD8wnKE2WFmmexSpzPfftzaA2brebv7EZaBoKskv
0ZeY3jKevJ+k00xjYwd2ztiV7X0jEwqMtPGu4wdfz1V4UsSClUEQewKSSqyBXhrQ
4oWSdG8M53ienS1luigBLVEp2zjBYPhEtg+R4XcuuFlu2CI189UCnM6SJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCjfbiNYp+0ZsWvB7ESXqdrpjWMhMB8GA1UdIwQY
MBaAFKgSl7HTakLeOOhIC7kptFvJAwydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJLWHNkTnFRdDQ0NkVnTHVTbTBXOGtEREowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MjBlNWYtN2YzMy00ZDlkLThjZGUt
MjJkZDBmMzkyOGQ1LzEvS045dUkxaW43Um14YThIc1JKZXAydW1OWXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MjBlNWYtN2YzMy00ZDlkLThjZGUtMjJkZDBmMzkyOGQ1
LzEvcUJLWHNkTnFRdDQ0NkVnTHVTbTBXOGtEREowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQyRCRw
MA0GCSqGSIb3DQEBCwUAA4IBAQAzCbn7OZVl8qd9ssDVF+9iYFmw6LoQ4kh7tMxN
9NGRf6XxD2qUk1E2l9QMbNycoc9jhubsJMaBtRDEgv7P+ktQpiyZBvbjMehwU+ZB
ur3+GVZAyxz5cFV69+w8YK+gS5YfyQn4Px1+CDGpbMCTyHslq5u7N28BmNM015Hc
H6+YVMdKkG4+mXxoLCNbdatT2rwKWiUbkMthHDYoPYtR18/lvW7O+upiX2UWnaHc
1sKkbmEDEcSi64Yat/ZNVsnQcRLBHsRia2W6sl+mvfHs+RwMHYcwq3KYWK+Jwdki
itJzTPfwxsNeLbrURKqF3kiGvrOIb1AqcA0vosi/ATYFn8BA
-----END CERTIFICATE-----