Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/1MlzZ3fIdclKznmIUPO2TH2JW6A.roa
File:                     1MlzZ3fIdclKznmIUPO2TH2JW6A.roa (raw, json)
Hash identifier:          JIC4/GRwN8lOuX3PfTBj94+Wd5LHoCfF5A3SAGB5e5I=
Subject key identifier:   D4:C9:73:67:77:C8:75:C9:4A:CE:79:88:50:F3:B6:4C:7D:89:5B:A0
Certificate issuer:       /CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
Certificate serial:       018CCA2B789E3344F1F81F194F20C9499522
Authority key identifier: 07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/1MlzZ3fIdclKznmIUPO2TH2JW6A.roa
Signing time:             Tue 02 Jan 2024 12:34:55 +0000
ROA not before:           Tue 02 Jan 2024 12:34:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216176
IP address blocks:        2a14::/32 maxlen: 32
                          2a14:7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:78:9e:33:44:f1:f8:1f:19:4f:20:c9:49:95:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
        Validity
            Not Before: Jan  2 12:34:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4c9736777c875c94ace798850f3b64c7d895ba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:89:45:9d:98:95:91:c8:52:37:cb:2a:28:79:
                    75:52:cf:71:05:d4:e5:20:40:79:46:fc:3f:aa:5b:
                    f3:c9:ab:35:ba:bb:4a:ba:e4:3a:3d:4c:7c:f4:da:
                    73:ca:da:5e:86:c8:8e:ac:68:d1:6f:d4:ab:2e:f5:
                    f2:9a:0c:b2:6b:14:af:09:0f:73:67:43:c8:b2:ae:
                    26:24:b3:98:17:ca:12:f6:0a:c1:51:a8:f2:84:b2:
                    ab:bc:c2:14:75:78:96:19:50:81:fc:06:3e:4b:09:
                    0e:25:bf:f5:86:61:cf:ce:c9:6b:fb:f0:c1:d3:7e:
                    12:77:9a:98:71:a9:b3:d0:28:e9:0d:ab:69:d7:a3:
                    85:06:66:20:89:d1:e5:b1:03:19:d1:ec:b3:76:24:
                    87:88:1d:6b:3b:40:50:12:93:be:d0:d0:40:d5:a5:
                    d1:3f:b1:b4:12:54:08:38:d3:d2:de:16:bb:9a:72:
                    fa:c8:16:7d:70:89:e1:66:d0:be:09:d5:0f:51:cf:
                    3e:97:14:3e:df:44:ca:dc:af:de:45:07:d1:f5:ae:
                    50:f0:90:62:08:f3:43:9c:b8:c8:a0:43:ba:df:12:
                    2b:dc:5f:5a:8d:7b:69:09:05:c5:0c:19:aa:cd:ad:
                    c5:b7:16:a8:5b:c3:fa:13:d4:30:0f:42:09:0a:bf:
                    98:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C9:73:67:77:C8:75:C9:4A:CE:79:88:50:F3:B6:4C:7D:89:5B:A0
            X509v3 Authority Key Identifier:
                keyid:07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/1MlzZ3fIdclKznmIUPO2TH2JW6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14::/32
                  2a14:7::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:67:a8:0f:5a:2f:97:af:31:29:f2:fd:45:9c:07:34:57:82:
         61:17:3d:20:80:da:6f:f2:01:44:b1:3e:5a:da:08:e6:43:e3:
         8c:ab:96:46:84:18:71:06:10:a4:03:c8:49:81:5c:56:54:a5:
         e9:9b:1c:3e:37:3b:f7:f1:9b:4e:4c:23:9f:32:af:c3:c0:ad:
         91:aa:74:30:39:b6:d4:32:d3:0a:b5:f8:89:38:47:bf:5c:0b:
         c8:a1:81:ce:cd:f6:ea:14:0f:c5:ef:fc:4c:b7:54:f2:9a:5d:
         c3:b7:63:59:68:e7:42:28:00:c6:81:eb:2d:f6:79:53:16:3a:
         41:0d:3f:28:dd:92:f2:10:96:06:25:9b:18:0a:2a:40:95:b4:
         c5:e9:89:88:71:32:3b:20:24:26:de:7a:95:3a:b0:11:82:7b:
         d1:94:c3:d9:78:ed:b5:f8:18:06:1b:28:a6:49:07:f5:eb:c1:
         40:ca:25:ee:d8:9b:1b:88:d2:c8:25:53:cd:8b:08:32:be:44:
         c3:e8:8a:e2:f4:4c:f1:5f:de:52:97:1e:53:db:c1:a7:7a:64:
         46:f2:b7:a0:6d:fa:c9:a8:15:05:fe:2d:d9:a0:f0:6b:97:0c:
         6e:a1:f4:fe:44:b1:d0:7d:ab:e7:5a:4c:af:48:1f:32:40:e0:
         04:74:c5:ac
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKK3ieM0Tx+B8ZTyDJSZUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjBiYTU5YjFjNzZjZjIwZGM0MzgyZTVhMjg1NGQ3MTQy
YzI2YmEwHhcNMjQwMTAyMTIzNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGM5NzM2Nzc3Yzg3NWM5NGFjZTc5ODg1MGYzYjY0YzdkODk1YmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzolFnZiVkchSN8sqKHl1Us9xBdTl
IEB5Rvw/qlvzyas1urtKuuQ6PUx89NpzytpehsiOrGjRb9SrLvXymgyyaxSvCQ9z
Z0PIsq4mJLOYF8oS9grBUajyhLKrvMIUdXiWGVCB/AY+SwkOJb/1hmHPzslr+/DB
034Sd5qYcamz0CjpDatp16OFBmYgidHlsQMZ0eyzdiSHiB1rO0BQEpO+0NBA1aXR
P7G0ElQIONPS3ha7mnL6yBZ9cInhZtC+CdUPUc8+lxQ+30TK3K/eRQfR9a5Q8JBi
CPNDnLjIoEO63xIr3F9ajXtpCQXFDBmqza3FtxaoW8P6E9QwD0IJCr+YdwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNTJc2d3yHXJSs55iFDztkx9iVugMB8GA1UdIwQY
MBaAFAfwulmxx2zyDcQ4LlooVNcULCa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTkt
MjIwMGIzY2M1N2U2LzEvMU1selozZklkY2xLem5tSVVQTzJUSDJKVzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTktMjIwMGIzY2M1N2U2
LzEvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhQAAAMF
ACoUAAcwDQYJKoZIhvcNAQELBQADggEBAMZnqA9aL5evMSny/UWcBzRXgmEXPSCA
2m/yAUSxPlraCOZD44yrlkaEGHEGEKQDyEmBXFZUpembHD43O/fxm05MI58yr8PA
rZGqdDA5ttQy0wq1+Ik4R79cC8ihgc7N9uoUD8Xv/Ey3VPKaXcO3Y1lo50IoAMaB
6y32eVMWOkENPyjdkvIQlgYlmxgKKkCVtMXpiYhxMjsgJCbeepU6sBGCe9GUw9l4
7bX4GAYbKKZJB/XrwUDKJe7YmxuI0sglU82LCDK+RMPoiuL0TPFf3lKXHlPbwad6
ZEbyt6Bt+smoFQX+Ldmg8GuXDG6h9P5EsdB9q+daTK9IHzJA4AR0xaw=
-----END CERTIFICATE-----