Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/xGaxZRX_Vf6Qjn6zYZvL3C1FxJw.roa
File:                     xGaxZRX_Vf6Qjn6zYZvL3C1FxJw.roa (raw, json)
Hash identifier:          Los677b7v6v/XkB+oJyDBa65LjiqXTVZFjLEgSsa6zE=
Subject key identifier:   C4:66:B1:65:15:FF:55:FE:90:8E:7E:B3:61:9B:CB:DC:2D:45:C4:9C
Certificate issuer:       /CN=a81297b1d36a42de38e8480bb929b45bc9030c9d
Certificate serial:       018F1C80B0962803726486FE2FD430995C34
Authority key identifier: A8:12:97:B1:D3:6A:42:DE:38:E8:48:0B:B9:29:B4:5B:C9:03:0C:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/xGaxZRX_Vf6Qjn6zYZvL3C1FxJw.roa
Signing time:             Fri 26 Apr 2024 22:22:26 +0000
ROA not before:           Fri 26 Apr 2024 22:22:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a14:3244:2470::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1c:80:b0:96:28:03:72:64:86:fe:2f:d4:30:99:5c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81297b1d36a42de38e8480bb929b45bc9030c9d
        Validity
            Not Before: Apr 26 22:22:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c466b16515ff55fe908e7eb3619bcbdc2d45c49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:82:97:60:a1:9a:55:62:16:b2:b3:0e:eb:98:
                    0a:5d:93:ee:34:b7:f6:39:ca:06:31:db:95:e3:84:
                    3c:9f:47:94:05:3b:ca:d4:55:a0:e3:ff:97:42:3b:
                    12:aa:df:e9:45:11:3a:aa:0a:aa:0e:5a:9b:6b:84:
                    5b:73:18:f7:e3:b5:72:65:88:06:d8:4c:92:e1:52:
                    37:91:7c:01:8b:c1:30:b4:97:b1:9f:d7:62:5c:79:
                    d7:cb:6a:20:ee:aa:84:6f:4d:e0:dc:94:d2:c2:88:
                    e6:02:3a:80:b3:86:b7:37:f1:a3:59:84:ac:4f:48:
                    07:5d:e5:fa:00:42:53:59:d7:14:ce:7b:f2:03:91:
                    68:c2:ef:d9:b6:3c:f8:95:b2:6f:ba:c5:07:5f:ff:
                    32:68:99:35:b8:5b:e9:6c:c0:01:17:08:cb:68:55:
                    9a:a1:ff:51:c0:8a:7a:25:31:24:7b:1c:88:01:17:
                    58:62:20:aa:cf:b8:a7:48:46:4c:fc:78:29:01:db:
                    4e:6f:fa:7f:17:45:36:a4:85:08:9a:19:f0:5e:53:
                    89:40:a9:d5:3b:c0:2d:d6:d5:86:e0:77:dc:4e:e2:
                    4f:f9:bc:1f:a6:d3:21:f1:d8:4a:80:b5:73:7e:ca:
                    8d:cf:fe:da:45:91:57:54:9a:b3:b9:4e:7e:ca:0c:
                    a3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:66:B1:65:15:FF:55:FE:90:8E:7E:B3:61:9B:CB:DC:2D:45:C4:9C
            X509v3 Authority Key Identifier:
                keyid:A8:12:97:B1:D3:6A:42:DE:38:E8:48:0B:B9:29:B4:5B:C9:03:0C:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBKXsdNqQt446EgLuSm0W8kDDJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/xGaxZRX_Vf6Qjn6zYZvL3C1FxJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720e5f-7f33-4d9d-8cde-22dd0f3928d5/1/qBKXsdNqQt446EgLuSm0W8kDDJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:3244:2470::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:e2:49:f3:fd:6e:0e:7e:fa:a5:6c:a2:9a:13:83:a0:6b:a1:
         da:1e:96:cc:7c:ff:a3:b0:09:84:be:84:b2:5c:fd:94:74:70:
         49:61:cd:87:a1:f5:50:b4:56:33:99:46:65:75:dc:5c:69:fa:
         ef:59:9d:5f:af:44:c6:f3:b2:1f:46:fd:8c:5d:13:e6:7c:f4:
         ad:80:bc:06:ca:0f:46:82:e0:ff:8c:c8:81:50:bb:a7:db:e6:
         52:fc:16:57:39:83:2c:69:43:cf:c4:ef:6d:82:6e:08:cf:7e:
         fb:67:f2:98:6f:94:88:93:5d:ac:17:f5:02:ea:1c:51:39:7e:
         24:50:6e:21:b9:45:25:c4:3d:12:3e:58:44:11:9a:bc:b5:89:
         56:10:66:88:de:86:7b:1a:58:23:1f:f8:61:93:b4:ed:d1:dc:
         5c:a9:3c:87:23:c2:ee:e4:9d:96:b9:49:3e:8c:3f:32:0a:56:
         1a:41:25:8e:38:87:29:62:95:df:82:0c:7d:ae:1b:02:a7:14:
         b7:4e:6e:0b:1f:d7:21:2e:3e:e4:60:b5:80:6a:0e:d9:d5:1f:
         92:1f:23:d7:3c:0e:ce:c7:6d:bf:3b:3d:dd:9b:9c:20:a6:b5:
         73:f1:cd:ea:25:dc:bc:1a:2d:78:c5:c2:75:14:fc:81:c7:ff:
         50:dc:ee:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8cgLCWKANyZIb+L9QwmVw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTI5N2IxZDM2YTQyZGUzOGU4NDgwYmI5MjliNDViYzkw
MzBjOWQwHhcNMjQwNDI2MjIyMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDY2YjE2NTE1ZmY1NWZlOTA4ZTdlYjM2MTliY2JkYzJkNDVjNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYKXYKGaVWIWsrMO65gKXZPuNLf2
OcoGMduV44Q8n0eUBTvK1FWg4/+XQjsSqt/pRRE6qgqqDlqba4Rbcxj347VyZYgG
2EyS4VI3kXwBi8EwtJexn9diXHnXy2og7qqEb03g3JTSwojmAjqAs4a3N/GjWYSs
T0gHXeX6AEJTWdcUznvyA5Fowu/Ztjz4lbJvusUHX/8yaJk1uFvpbMABFwjLaFWa
of9RwIp6JTEkexyIARdYYiCqz7inSEZM/HgpAdtOb/p/F0U2pIUImhnwXlOJQKnV
O8At1tWG4HfcTuJP+bwfptMh8dhKgLVzfsqNz/7aRZFXVJqzuU5+ygyj6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMRmsWUV/1X+kI5+s2Gby9wtRcScMB8GA1UdIwQY
MBaAFKgSl7HTakLeOOhIC7kptFvJAwydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJLWHNkTnFRdDQ0NkVnTHVTbTBXOGtEREowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MjBlNWYtN2YzMy00ZDlkLThjZGUt
MjJkZDBmMzkyOGQ1LzEveEdheFpSWF9WZjZRam42elladkwzQzFGeEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MjBlNWYtN2YzMy00ZDlkLThjZGUtMjJkZDBmMzkyOGQ1
LzEvcUJLWHNkTnFRdDQ0NkVnTHVTbTBXOGtEREowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQyRCRw
MA0GCSqGSIb3DQEBCwUAA4IBAQA04knz/W4OfvqlbKKaE4Oga6HaHpbMfP+jsAmE
voSyXP2UdHBJYc2HofVQtFYzmUZlddxcafrvWZ1fr0TG87IfRv2MXRPmfPStgLwG
yg9GguD/jMiBULun2+ZS/BZXOYMsaUPPxO9tgm4Iz377Z/KYb5SIk12sF/UC6hxR
OX4kUG4huUUlxD0SPlhEEZq8tYlWEGaI3oZ7GlgjH/hhk7Tt0dxcqTyHI8Lu5J2W
uUk+jD8yClYaQSWOOIcpYpXfggx9rhsCpxS3Tm4LH9chLj7kYLWAag7Z1R+SHyPX
PA7Ox22/Oz3dm5wgprVz8c3qJdy8Gi14xcJ1FPyBx/9Q3O4N
-----END CERTIFICATE-----