Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/atVp66hGLJPTLu6YIrgDA5C98zM.roa
File:                     atVp66hGLJPTLu6YIrgDA5C98zM.roa (raw, json)
Hash identifier:          I0K5f64WgZj5Y9/RBxT9qBl44VUqVjbBGXq9mYWWb/k=
Subject key identifier:   6A:D5:69:EB:A8:46:2C:93:D3:2E:EE:98:22:B8:03:03:90:BD:F3:33
Certificate issuer:       /CN=8faccbac71477b940e5cd4103e3eee61db615915
Certificate serial:       019054BE5788B83731DFA902A780B0C0380C
Authority key identifier: 8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/atVp66hGLJPTLu6YIrgDA5C98zM.roa
Signing time:             Wed 26 Jun 2024 13:31:18 +0000
ROA not before:           Wed 26 Jun 2024 13:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211275
IP address blocks:        2a14:7240:410::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:54:be:57:88:b8:37:31:df:a9:02:a7:80:b0:c0:38:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8faccbac71477b940e5cd4103e3eee61db615915
        Validity
            Not Before: Jun 26 13:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad569eba8462c93d32eee9822b8030390bdf333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:37:a4:5d:7c:87:c4:30:02:60:f7:33:57:9b:
                    23:04:b3:db:3a:09:e3:bb:d0:c9:50:57:dd:ea:d4:
                    93:f6:c8:58:8e:55:cc:b7:ce:f9:84:25:25:61:fa:
                    71:af:67:3e:a6:82:44:de:d7:5b:1c:89:ad:75:ff:
                    b7:84:e3:54:50:39:fa:f6:27:ff:0b:9a:71:a8:9d:
                    d7:e1:0e:71:b0:89:32:06:ec:91:c2:1d:0a:d4:4a:
                    e2:9a:dd:15:e9:21:6a:fb:31:05:19:69:f9:47:d1:
                    49:c9:88:ad:06:10:f2:29:92:a9:8d:a8:29:aa:d9:
                    e6:1d:19:86:4c:f1:66:b4:fa:e9:74:45:e9:6e:50:
                    bb:fd:d8:33:28:2f:cb:a4:0c:b2:41:57:8b:2e:c5:
                    ac:f0:ee:43:70:ed:e7:e6:7e:69:39:f5:39:3e:dd:
                    51:3f:a9:96:20:26:6d:7a:07:5d:88:88:05:7d:c0:
                    29:a4:25:41:ce:72:3e:6d:f5:12:d1:5d:d6:bd:aa:
                    81:6f:0a:d2:37:13:20:2c:06:3d:64:8e:46:ad:40:
                    c0:1a:32:86:9b:e5:e8:a3:9f:de:57:d3:f7:28:c5:
                    7b:2c:55:76:12:03:a7:4b:d0:d0:90:9c:ab:f6:d7:
                    36:70:bf:d1:1f:00:a8:06:0f:e5:b4:29:be:48:42:
                    67:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D5:69:EB:A8:46:2C:93:D3:2E:EE:98:22:B8:03:03:90:BD:F3:33
            X509v3 Authority Key Identifier:
                keyid:8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/atVp66hGLJPTLu6YIrgDA5C98zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7240:410::/44

    Signature Algorithm: sha256WithRSAEncryption
         9b:c9:3f:44:e5:9d:11:70:89:b9:e5:49:cf:7d:9c:16:32:7c:
         4e:6b:cd:ae:17:e6:a0:6f:31:b6:2d:92:38:7f:b8:02:ed:61:
         b4:f0:86:a0:dd:b0:fa:04:31:58:57:70:53:05:47:a6:bc:c3:
         2d:fd:ac:f1:7d:1a:b5:69:4e:27:88:27:66:40:3f:e7:a1:2d:
         42:57:07:f0:3f:9e:7c:48:89:c2:3a:cb:3b:12:6b:41:3f:e6:
         2b:22:f8:7f:40:d8:37:73:39:64:29:a3:18:5b:fd:f2:a1:dc:
         a5:0f:ea:f7:9e:93:5d:31:1d:50:7f:15:9c:4f:5e:d5:40:4f:
         a7:cd:6e:38:65:7e:b8:88:95:ac:56:16:7f:6d:fd:d7:7d:34:
         82:a5:39:fa:4d:c9:e7:da:57:06:78:8d:1d:92:6b:5d:a6:81:
         47:25:fc:8f:1f:a7:65:81:e4:1d:f7:14:e3:4d:55:a6:6d:dd:
         dc:fa:88:0a:3b:4d:c0:24:fd:c1:d1:3e:85:49:62:72:81:e0:
         85:76:26:aa:e2:7b:12:96:a6:f9:6a:56:e8:14:8d:51:d3:12:
         a0:65:9b:d4:92:51:f7:91:0b:5a:86:75:67:cf:8b:88:ab:7a:
         ef:af:49:c6:5b:8d:d0:87:c0:1b:e4:28:54:7d:15:9f:bf:ed:
         fc:4f:53:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBUvleIuDcx36kCp4CwwDgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYWNjYmFjNzE0NzdiOTQwZTVjZDQxMDNlM2VlZTYxZGI2
MTU5MTUwHhcNMjQwNjI2MTMzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ1NjllYmE4NDYyYzkzZDMyZWVlOTgyMmI4MDMwMzkwYmRmMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTekXXyHxDACYPczV5sjBLPbOgnj
u9DJUFfd6tST9shYjlXMt875hCUlYfpxr2c+poJE3tdbHImtdf+3hONUUDn69if/
C5pxqJ3X4Q5xsIkyBuyRwh0K1Erimt0V6SFq+zEFGWn5R9FJyYitBhDyKZKpjagp
qtnmHRmGTPFmtPrpdEXpblC7/dgzKC/LpAyyQVeLLsWs8O5DcO3n5n5pOfU5Pt1R
P6mWICZtegddiIgFfcAppCVBznI+bfUS0V3WvaqBbwrSNxMgLAY9ZI5GrUDAGjKG
m+Xoo5/eV9P3KMV7LFV2EgOnS9DQkJyr9tc2cL/RHwCoBg/ltCm+SEJnmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGrVaeuoRiyT0y7umCK4AwOQvfMzMB8GA1UdIwQY
MBaAFI+sy6xxR3uUDlzUED4+7mHbYVkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMt
MDk4ZGIzYTI0ZmYwLzEvYXRWcDY2aEdMSlBUTHU2WUlyZ0RBNUM5OHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMtMDk4ZGIzYTI0ZmYw
LzEvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRyQAQQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCbyT9E5Z0RcIm55UnPfZwWMnxOa82uF+agbzG2
LZI4f7gC7WG08Iag3bD6BDFYV3BTBUemvMMt/azxfRq1aU4niCdmQD/noS1CVwfw
P558SInCOss7EmtBP+YrIvh/QNg3czlkKaMYW/3yodylD+r3npNdMR1QfxWcT17V
QE+nzW44ZX64iJWsVhZ/bf3XfTSCpTn6Tcnn2lcGeI0dkmtdpoFHJfyPH6dlgeQd
9xTjTVWmbd3c+ogKO03AJP3B0T6FSWJygeCFdiaq4nsSlqb5alboFI1R0xKgZZvU
klH3kQtahnVnz4uIq3rvr0nGW43Qh8Ab5ChUfRWfv+38T1Pw
-----END CERTIFICATE-----