Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/8lvBAnLQxzUArd8yCng2a5HHSQc.roa
File:                     8lvBAnLQxzUArd8yCng2a5HHSQc.roa (raw, json)
Hash identifier:          93p+RnPP4rOMJI7b5TuZrJuoyU0OMTX5aQRpafWV6yM=
Subject key identifier:   F2:5B:C1:02:72:D0:C7:35:00:AD:DF:32:0A:78:36:6B:91:C7:49:07
Certificate issuer:       /CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
Certificate serial:       019261885BDF15F61570429973AEC98968B6
Authority key identifier: 07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/8lvBAnLQxzUArd8yCng2a5HHSQc.roa
Signing time:             Sun 06 Oct 2024 11:12:59 +0000
ROA not before:           Sun 06 Oct 2024 11:12:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        2a14:6:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:61:88:5b:df:15:f6:15:70:42:99:73:ae:c9:89:68:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
        Validity
            Not Before: Oct  6 11:12:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f25bc10272d0c73500addf320a78366b91c74907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5b:75:1f:45:a5:08:75:81:22:8d:2e:43:c3:
                    57:ab:cb:67:4c:a2:2e:6b:cc:a4:e9:fb:93:9e:35:
                    13:c4:63:77:cf:d5:26:15:3c:b2:a1:82:63:bd:53:
                    d9:9c:f6:bb:4f:90:77:de:94:69:83:a2:74:75:00:
                    5c:dd:19:d2:ea:7f:d1:fb:41:a9:ce:d3:7e:4d:42:
                    9e:7e:89:20:cf:aa:85:e7:e7:56:c4:7f:dc:7e:f7:
                    29:f0:71:91:6f:17:43:7e:8b:bd:f6:0f:15:66:11:
                    55:b4:dc:e2:25:4d:80:ad:62:f8:c9:23:a4:17:76:
                    51:b5:b5:fd:11:9b:23:b8:07:8a:1c:93:8e:7d:43:
                    0c:fe:5d:df:93:9e:21:84:c2:7e:3c:93:d9:19:93:
                    4f:96:4e:d0:f4:b9:16:83:ba:3d:60:22:25:b4:81:
                    6c:b7:50:3a:90:0c:fe:d5:59:11:2a:01:44:1d:9f:
                    0e:2d:0b:c4:dd:d0:d1:3d:07:37:7f:3e:47:cd:a0:
                    2a:0e:98:e7:9c:42:b3:bd:76:bf:a5:a0:cf:9c:7a:
                    91:31:60:77:7a:fc:ae:f3:8e:d7:e1:06:8c:56:38:
                    8f:31:f9:be:8a:98:f2:bb:fd:d1:76:6f:8c:9f:02:
                    16:5e:e0:22:45:4b:ba:e7:db:fd:98:12:af:24:61:
                    b3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5B:C1:02:72:D0:C7:35:00:AD:DF:32:0A:78:36:6B:91:C7:49:07
            X509v3 Authority Key Identifier:
                keyid:07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/8lvBAnLQxzUArd8yCng2a5HHSQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:e6:78:7e:e4:bf:4a:fd:d6:0d:d4:b1:dc:36:51:9f:52:27:
         5f:fe:97:1f:0c:35:63:84:d5:48:b1:aa:e9:8d:96:1e:ec:47:
         02:2b:56:82:a9:70:8f:cc:a6:1e:27:00:c2:16:a7:e0:6c:91:
         38:9e:ef:2a:64:49:44:bc:3d:fd:ac:e7:8e:41:be:f7:a2:99:
         67:a2:41:7e:df:45:ac:81:5c:e1:0c:05:4f:e1:be:89:10:e5:
         62:13:9b:f8:56:07:d6:78:a2:09:36:bd:3f:81:d3:6a:5b:13:
         18:41:09:c6:2c:46:62:99:37:73:be:87:1c:e6:07:62:5b:81:
         50:cd:c9:7d:a2:eb:5d:23:3b:e6:25:3e:a0:77:05:c8:be:e6:
         41:20:6d:84:1a:d2:85:ad:90:a5:47:5d:ba:8b:a1:c9:a7:13:
         36:d0:52:a8:fe:b4:d1:8a:d3:76:6b:32:10:bb:b1:46:b5:d6:
         33:4f:3e:a0:79:22:ed:80:fb:84:8f:c1:98:2c:d8:81:43:fc:
         ca:fc:f7:f1:4f:34:bf:50:52:d1:36:3e:d9:cd:a4:fe:72:3c:
         f1:84:74:12:65:4a:74:b2:16:47:eb:02:8c:62:69:88:08:3c:
         00:de:9a:ca:c7:d9:6b:54:ad:a3:aa:ef:a0:05:b4:64:af:42:
         b4:8a:f1:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJhiFvfFfYVcEKZc67JiWi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjBiYTU5YjFjNzZjZjIwZGM0MzgyZTVhMjg1NGQ3MTQy
YzI2YmEwHhcNMjQxMDA2MTExMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjViYzEwMjcyZDBjNzM1MDBhZGRmMzIwYTc4MzY2YjkxYzc0OTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlt1H0WlCHWBIo0uQ8NXq8tnTKIu
a8yk6fuTnjUTxGN3z9UmFTyyoYJjvVPZnPa7T5B33pRpg6J0dQBc3RnS6n/R+0Gp
ztN+TUKefokgz6qF5+dWxH/cfvcp8HGRbxdDfou99g8VZhFVtNziJU2ArWL4ySOk
F3ZRtbX9EZsjuAeKHJOOfUMM/l3fk54hhMJ+PJPZGZNPlk7Q9LkWg7o9YCIltIFs
t1A6kAz+1VkRKgFEHZ8OLQvE3dDRPQc3fz5HzaAqDpjnnEKzvXa/paDPnHqRMWB3
evyu847X4QaMVjiPMfm+ipjyu/3Rdm+MnwIWXuAiRUu659v9mBKvJGGzjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPJbwQJy0Mc1AK3fMgp4NmuRx0kHMB8GA1UdIwQY
MBaAFAfwulmxx2zyDcQ4LlooVNcULCa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTkt
MjIwMGIzY2M1N2U2LzEvOGx2QkFuTFF4elVBcmQ4eUNuZzJhNUhIU1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTktMjIwMGIzY2M1N2U2
LzEvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQABgAS
MA0GCSqGSIb3DQEBCwUAA4IBAQAb5nh+5L9K/dYN1LHcNlGfUidf/pcfDDVjhNVI
sarpjZYe7EcCK1aCqXCPzKYeJwDCFqfgbJE4nu8qZElEvD39rOeOQb73oplnokF+
30WsgVzhDAVP4b6JEOViE5v4VgfWeKIJNr0/gdNqWxMYQQnGLEZimTdzvocc5gdi
W4FQzcl9outdIzvmJT6gdwXIvuZBIG2EGtKFrZClR126i6HJpxM20FKo/rTRitN2
azIQu7FGtdYzTz6geSLtgPuEj8GYLNiBQ/zK/PfxTzS/UFLRNj7ZzaT+cjzxhHQS
ZUp0shZH6wKMYmmICDwA3prKx9lrVK2jqu+gBbRkr0K0ivHM
-----END CERTIFICATE-----