Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/6ycCWqYjYlNcZ7IAZsb5Arirg4I.roa
File:                     6ycCWqYjYlNcZ7IAZsb5Arirg4I.roa (raw, json)
Hash identifier:          ovqjj/lSONWUYpXYkYZfxLCv9rY4f5kLp7f+3mAfupk=
Subject key identifier:   EB:27:02:5A:A6:23:62:53:5C:67:B2:00:66:C6:F9:02:B8:AB:83:82
Certificate issuer:       /CN=8faccbac71477b940e5cd4103e3eee61db615915
Certificate serial:       01905AA4B847D66598E8569EF8658F4F7D66
Authority key identifier: 8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/6ycCWqYjYlNcZ7IAZsb5Arirg4I.roa
Signing time:             Thu 27 Jun 2024 17:01:02 +0000
ROA not before:           Thu 27 Jun 2024 17:01:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a14:7240:a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:a4:b8:47:d6:65:98:e8:56:9e:f8:65:8f:4f:7d:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8faccbac71477b940e5cd4103e3eee61db615915
        Validity
            Not Before: Jun 27 17:01:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb27025aa62362535c67b20066c6f902b8ab8382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:9b:2b:6e:1f:1e:ba:73:18:5a:ef:e2:8d:66:
                    ed:07:2e:4b:f7:62:c1:5f:03:f2:76:a3:dc:c4:80:
                    a8:ee:eb:32:c9:7a:ed:8a:ac:bf:33:de:1e:f7:6a:
                    78:42:da:c4:29:69:ea:61:03:9c:46:d2:fe:8f:78:
                    59:5c:7c:d1:d4:bf:eb:81:56:7d:44:9d:0b:1c:29:
                    b9:5a:32:fd:5c:0b:f8:4a:7f:fb:0d:84:08:eb:4b:
                    db:ec:68:41:7b:b1:04:0f:71:14:8f:2d:42:3b:4c:
                    91:3e:30:5e:04:f2:76:42:66:28:b4:3f:13:4d:33:
                    65:d8:d7:d9:63:7c:a9:75:3c:d4:a4:98:4e:ad:ff:
                    22:80:e1:85:ea:a0:b2:a7:63:6e:56:25:d8:f3:f4:
                    30:33:2f:81:69:95:a4:0c:6b:64:64:19:6a:2f:2d:
                    ea:ef:63:3a:ca:be:7d:0e:9f:2e:d7:82:45:c0:ab:
                    22:8e:89:c2:75:d0:45:a0:ed:26:33:ff:aa:07:d8:
                    fa:76:9f:bc:f7:31:9b:ae:0c:b0:ea:1d:40:2a:2d:
                    ab:07:24:8d:9d:4e:ea:7e:d3:35:7b:12:c1:b6:49:
                    05:5b:31:74:e0:44:47:8b:a9:82:ca:8f:5b:39:04:
                    75:be:2c:23:a5:b6:d4:86:99:a0:e6:0f:ee:a5:a2:
                    80:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:27:02:5A:A6:23:62:53:5C:67:B2:00:66:C6:F9:02:B8:AB:83:82
            X509v3 Authority Key Identifier:
                keyid:8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/6ycCWqYjYlNcZ7IAZsb5Arirg4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7240:a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:b8:88:55:2d:7e:5c:96:13:aa:78:5c:02:1d:a5:50:24:ca:
         88:b0:aa:69:24:86:5a:55:d7:c4:7f:00:89:7a:96:b7:92:ce:
         38:a0:df:6a:e5:8b:cc:ad:84:19:75:0a:fb:cc:a3:45:08:32:
         94:d1:6d:48:eb:72:4b:f5:be:0e:63:f4:08:40:88:2a:28:6e:
         59:9c:a0:a1:66:1e:83:e8:18:b3:76:b1:2a:b9:2b:39:ec:27:
         46:f1:6c:ba:e3:f5:d5:4b:b1:8a:36:e8:56:79:c8:74:88:23:
         f9:55:31:01:fd:5c:6f:f2:0b:ab:16:aa:1e:e3:d8:c8:82:f2:
         d6:98:3b:13:09:d4:f8:48:9f:56:3b:e2:18:8f:89:97:3c:cd:
         b3:20:fd:32:52:f6:08:30:42:7c:af:14:45:af:19:75:9b:c6:
         c2:63:77:de:9a:d1:0c:6c:44:44:cc:b3:05:f2:e1:d5:70:1a:
         b2:f7:3f:ca:4d:ca:fe:6d:d2:b3:09:88:f9:65:a4:45:9a:dd:
         8a:b5:e5:84:bc:9e:7b:bf:09:32:25:eb:0d:5c:d9:88:3b:2f:
         7b:f8:81:e3:b4:b8:d9:1b:bd:2d:7a:f3:6b:f7:d0:1d:26:83:
         5b:61:f9:54:a9:cd:eb:82:a5:6f:9b:8a:46:92:6c:eb:87:0b:
         7b:8f:77:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBapLhH1mWY6Fae+GWPT31mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYWNjYmFjNzE0NzdiOTQwZTVjZDQxMDNlM2VlZTYxZGI2
MTU5MTUwHhcNMjQwNjI3MTcwMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjI3MDI1YWE2MjM2MjUzNWM2N2IyMDA2NmM2ZjkwMmI4YWI4MzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35srbh8eunMYWu/ijWbtBy5L92LB
XwPydqPcxICo7usyyXrtiqy/M94e92p4QtrEKWnqYQOcRtL+j3hZXHzR1L/rgVZ9
RJ0LHCm5WjL9XAv4Sn/7DYQI60vb7GhBe7EED3EUjy1CO0yRPjBeBPJ2QmYotD8T
TTNl2NfZY3ypdTzUpJhOrf8igOGF6qCyp2NuViXY8/QwMy+BaZWkDGtkZBlqLy3q
72M6yr59Dp8u14JFwKsijonCddBFoO0mM/+qB9j6dp+89zGbrgyw6h1AKi2rBySN
nU7qftM1exLBtkkFWzF04ERHi6mCyo9bOQR1viwjpbbUhpmg5g/upaKAUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOsnAlqmI2JTXGeyAGbG+QK4q4OCMB8GA1UdIwQY
MBaAFI+sy6xxR3uUDlzUED4+7mHbYVkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMt
MDk4ZGIzYTI0ZmYwLzEvNnljQ1dxWWpZbE5jWjdJQVpzYjVBcmlyZzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMtMDk4ZGIzYTI0ZmYw
LzEvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRyQAoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBLuIhVLX5clhOqeFwCHaVQJMqIsKppJIZaVdfE
fwCJepa3ks44oN9q5YvMrYQZdQr7zKNFCDKU0W1I63JL9b4OY/QIQIgqKG5ZnKCh
Zh6D6BizdrEquSs57CdG8Wy64/XVS7GKNuhWech0iCP5VTEB/Vxv8gurFqoe49jI
gvLWmDsTCdT4SJ9WO+IYj4mXPM2zIP0yUvYIMEJ8rxRFrxl1m8bCY3femtEMbERE
zLMF8uHVcBqy9z/KTcr+bdKzCYj5ZaRFmt2KteWEvJ57vwkyJesNXNmIOy97+IHj
tLjZG70tevNr99AdJoNbYflUqc3rgqVvm4pGkmzrhwt7j3d/
-----END CERTIFICATE-----