Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/DRoLzkgS0bVA5XZLK1NxNql74qY.roa
File:                     DRoLzkgS0bVA5XZLK1NxNql74qY.roa (raw, json)
Hash identifier:          9PjSLYN3xndr+q3wIsZT/kXFYveNl9dzIPRFaPh6JMA=
Subject key identifier:   0D:1A:0B:CE:48:12:D1:B5:40:E5:76:4B:2B:53:71:36:A9:7B:E2:A6
Certificate issuer:       /CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
Certificate serial:       019261839FC700334EA881832D609E848197
Authority key identifier: 07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/DRoLzkgS0bVA5XZLK1NxNql74qY.roa
Signing time:             Sun 06 Oct 2024 11:07:48 +0000
ROA not before:           Sun 06 Oct 2024 11:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a14:6:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:61:83:9f:c7:00:33:4e:a8:81:83:2d:60:9e:84:81:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
        Validity
            Not Before: Oct  6 11:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d1a0bce4812d1b540e5764b2b537136a97be2a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f8:39:e2:71:0b:22:11:cc:72:07:3f:59:18:
                    3f:45:b9:c9:c7:f7:f4:b2:09:dd:39:eb:6a:06:c1:
                    98:5c:62:8c:83:47:3f:d0:51:8a:d7:70:ec:f1:c8:
                    19:55:f6:95:32:24:e7:0f:4b:f8:e1:1d:5f:dd:61:
                    5e:df:e4:4a:cd:f2:e7:06:e4:fa:f7:49:20:cf:46:
                    51:1a:8d:20:37:f6:33:b4:4f:d0:1a:b8:56:2b:e3:
                    36:4c:8f:03:25:8c:4b:a4:7f:29:32:f0:ba:ef:d2:
                    4e:d3:11:38:79:16:dc:d0:4c:86:a2:77:0f:11:78:
                    5e:96:0e:0c:44:b8:ea:12:ed:95:64:0d:7a:3f:df:
                    dc:f4:fb:8f:20:29:e0:6b:13:62:d1:50:ab:59:7c:
                    05:db:56:f4:d5:97:3c:4f:7c:6b:b5:ed:0a:58:0f:
                    b3:29:61:a7:7c:0f:3b:29:aa:50:b5:d3:fc:f3:dd:
                    7d:91:5e:c5:48:bc:52:99:02:cc:cb:23:3c:79:a3:
                    ea:3e:c4:a6:11:cd:6b:e8:21:c7:56:c1:0d:bf:a9:
                    ed:11:55:dc:79:d3:eb:20:42:a7:4a:72:dc:de:32:
                    ca:2a:93:0e:87:e3:45:36:57:dc:1c:35:cb:e1:9b:
                    5b:ea:1e:c4:45:90:45:88:98:3f:f9:fd:92:22:98:
                    86:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1A:0B:CE:48:12:D1:B5:40:E5:76:4B:2B:53:71:36:A9:7B:E2:A6
            X509v3 Authority Key Identifier:
                keyid:07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/DRoLzkgS0bVA5XZLK1NxNql74qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:23:1c:c1:09:52:6d:1d:6b:5e:fd:06:40:5b:60:bd:b4:b0:
         44:45:b8:36:81:fd:67:ad:63:27:32:b2:fc:79:7d:5c:74:6f:
         03:e3:e5:b8:c3:36:58:aa:93:f6:26:22:73:5f:8d:6f:12:91:
         8b:81:76:b1:e0:93:6b:db:8f:b8:be:65:24:69:5c:cf:57:37:
         7c:f9:98:b8:59:88:1a:06:4f:89:17:b1:e3:78:49:03:f8:3f:
         34:e8:6a:8f:2c:76:f8:5f:97:5b:5c:35:14:6b:c0:b7:01:87:
         fe:52:85:80:6c:78:f4:ea:56:fc:98:f5:9d:96:14:24:dc:47:
         24:bd:37:dc:0f:4d:36:28:70:32:08:71:b3:ca:55:49:72:39:
         5c:b6:b7:18:bb:20:8a:7e:9b:25:a3:0b:12:04:bc:f5:5e:21:
         02:cf:a1:9e:44:b1:fb:5b:6c:bd:1e:56:3f:58:89:ba:49:68:
         fe:b4:ba:6d:e8:0c:e3:a6:b6:a3:fb:aa:0a:43:b4:b2:70:a4:
         af:40:ac:6e:bc:fd:7e:55:07:30:db:5d:51:a8:6a:57:05:9e:
         0d:d7:3f:76:bb:62:c8:c0:97:3d:d4:01:f7:ae:10:e4:43:25:
         cd:ba:60:d1:b8:da:a7:f2:f7:20:17:c4:09:00:75:47:1f:33:
         bc:0b:72:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJhg5/HADNOqIGDLWCehIGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjBiYTU5YjFjNzZjZjIwZGM0MzgyZTVhMjg1NGQ3MTQy
YzI2YmEwHhcNMjQxMDA2MTEwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFhMGJjZTQ4MTJkMWI1NDBlNTc2NGIyYjUzNzEzNmE5N2JlMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/g54nELIhHMcgc/WRg/RbnJx/f0
sgndOetqBsGYXGKMg0c/0FGK13Ds8cgZVfaVMiTnD0v44R1f3WFe3+RKzfLnBuT6
90kgz0ZRGo0gN/YztE/QGrhWK+M2TI8DJYxLpH8pMvC679JO0xE4eRbc0EyGoncP
EXhelg4MRLjqEu2VZA16P9/c9PuPICngaxNi0VCrWXwF21b01Zc8T3xrte0KWA+z
KWGnfA87KapQtdP88919kV7FSLxSmQLMyyM8eaPqPsSmEc1r6CHHVsENv6ntEVXc
edPrIEKnSnLc3jLKKpMOh+NFNlfcHDXL4Ztb6h7ERZBFiJg/+f2SIpiGhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA0aC85IEtG1QOV2SytTcTape+KmMB8GA1UdIwQY
MBaAFAfwulmxx2zyDcQ4LlooVNcULCa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTkt
MjIwMGIzY2M1N2U2LzEvRFJvTHprZ1MwYlZBNVhaTEsxTnhOcWw3NHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTktMjIwMGIzY2M1N2U2
LzEvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQABgAR
MA0GCSqGSIb3DQEBCwUAA4IBAQAbIxzBCVJtHWte/QZAW2C9tLBERbg2gf1nrWMn
MrL8eX1cdG8D4+W4wzZYqpP2JiJzX41vEpGLgXax4JNr24+4vmUkaVzPVzd8+Zi4
WYgaBk+JF7HjeEkD+D806GqPLHb4X5dbXDUUa8C3AYf+UoWAbHj06lb8mPWdlhQk
3EckvTfcD002KHAyCHGzylVJcjlctrcYuyCKfpslowsSBLz1XiECz6GeRLH7W2y9
HlY/WIm6SWj+tLpt6Azjpraj+6oKQ7SycKSvQKxuvP1+VQcw211RqGpXBZ4N1z92
u2LIwJc91AH3rhDkQyXNumDRuNqn8vcgF8QJAHVHHzO8C3JA
-----END CERTIFICATE-----