Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/fdxYL63AEvQAdIwfzbtSa-HhPKY.roa
File:                     fdxYL63AEvQAdIwfzbtSa-HhPKY.roa (raw, json)
Hash identifier:          ov94SQrO08WCMBks7nwoT2ghwOrT9eBLAzlbqe0OoHY=
Subject key identifier:   7D:DC:58:2F:AD:C0:12:F4:00:74:8C:1F:CD:BB:52:6B:E1:E1:3C:A6
Certificate issuer:       /CN=8faccbac71477b940e5cd4103e3eee61db615915
Certificate serial:       01905A211F59AB9514478BE1ECC5586645AB
Authority key identifier: 8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/fdxYL63AEvQAdIwfzbtSa-HhPKY.roa
Signing time:             Thu 27 Jun 2024 14:37:18 +0000
ROA not before:           Thu 27 Jun 2024 14:37:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214618
IP address blocks:        2a14:7240:a10::/48 maxlen: 48
                          2a14:7240:a01c::/48 maxlen: 48
                          2a14:7240:e01c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:21:1f:59:ab:95:14:47:8b:e1:ec:c5:58:66:45:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8faccbac71477b940e5cd4103e3eee61db615915
        Validity
            Not Before: Jun 27 14:37:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ddc582fadc012f400748c1fcdbb526be1e13ca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0d:6a:b2:41:6c:e9:8c:5a:16:49:0c:cd:50:
                    c6:7a:32:79:0f:51:38:ee:46:8a:dd:9e:fa:4b:14:
                    5a:f0:3d:53:68:40:1d:99:f4:e8:d3:6e:1c:14:82:
                    a1:b0:91:82:74:df:d4:06:f0:ad:87:52:48:8d:7d:
                    36:73:d6:e9:02:69:8c:0b:b1:51:90:47:ef:ce:b6:
                    fb:64:09:b6:c2:ab:d5:4f:c5:72:d0:3c:52:eb:89:
                    a1:b2:b4:cd:76:f5:a7:09:f1:6a:e1:e9:aa:de:89:
                    88:dd:60:f4:c2:65:ca:4e:42:08:96:1f:53:1f:52:
                    6f:42:cd:00:f0:8f:4d:32:96:38:4c:e7:82:94:b2:
                    8d:93:6a:3f:68:98:03:df:8b:fe:d4:35:cb:f8:96:
                    3c:f6:1e:7f:48:00:da:d0:32:de:40:0d:88:f0:59:
                    37:00:56:75:15:ff:98:9d:ce:34:7a:33:65:65:09:
                    05:ec:63:86:76:3d:43:f5:79:8e:05:1a:1a:5e:95:
                    8c:61:34:bf:e7:9a:e8:f9:3b:79:31:f9:86:15:42:
                    c0:88:b3:3d:b0:20:f3:ed:d9:a7:95:43:61:b6:8d:
                    99:7c:fd:e4:8c:b9:1e:2c:12:06:a1:81:0f:8f:f8:
                    88:b2:2c:c2:a0:75:9b:8b:31:96:43:de:50:d9:28:
                    37:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DC:58:2F:AD:C0:12:F4:00:74:8C:1F:CD:BB:52:6B:E1:E1:3C:A6
            X509v3 Authority Key Identifier:
                keyid:8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/fdxYL63AEvQAdIwfzbtSa-HhPKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7240:a10::/48
                  2a14:7240:a01c::/48
                  2a14:7240:e01c::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:15:ce:6e:65:52:44:97:b0:06:36:b8:1d:4e:90:38:14:81:
         85:68:80:b3:63:16:db:bd:d7:2f:51:2f:ee:a8:56:6f:df:97:
         b4:90:d1:69:57:7f:ed:b8:81:f7:8a:a3:33:cc:e2:44:69:31:
         cb:0f:52:38:dc:7a:4e:f1:cf:49:25:94:ae:e8:f4:cd:e6:c0:
         a0:45:0b:9d:29:26:4e:31:48:2e:14:0a:4f:ea:1f:21:b9:2f:
         e7:80:c8:5e:9c:40:4a:bd:1a:c5:8f:ee:f0:92:7b:fa:24:de:
         47:a5:78:f6:fb:a8:d8:18:62:cb:09:11:24:2e:6e:3d:87:87:
         2f:a5:57:2a:4c:a9:c0:bc:de:ed:be:fb:0e:da:8d:0d:bc:a4:
         0f:2c:95:0f:6a:8d:2a:c1:5a:e7:e6:16:f3:13:1e:d3:6c:d3:
         2c:e0:ea:66:e8:72:70:48:d4:5d:e5:3a:f9:96:a3:b4:8e:97:
         0c:b0:5d:9b:0a:ff:d7:bb:67:52:7b:95:2a:7c:b2:ad:28:fe:
         3e:17:ce:79:ae:1b:c5:e3:e3:69:f8:05:1d:ba:29:87:cf:50:
         14:bc:98:7f:6a:53:55:88:ef:f2:0f:d6:9f:89:f9:fc:34:7c:
         47:4f:ef:1b:d5:f8:a8:fc:09:1a:52:07:8e:b7:2f:71:23:3f:
         cf:b4:8a:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZBaIR9Zq5UUR4vh7MVYZkWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYWNjYmFjNzE0NzdiOTQwZTVjZDQxMDNlM2VlZTYxZGI2
MTU5MTUwHhcNMjQwNjI3MTQzNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGRjNTgyZmFkYzAxMmY0MDA3NDhjMWZjZGJiNTI2YmUxZTEzY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ1qskFs6YxaFkkMzVDGejJ5D1E4
7kaK3Z76SxRa8D1TaEAdmfTo024cFIKhsJGCdN/UBvCth1JIjX02c9bpAmmMC7FR
kEfvzrb7ZAm2wqvVT8Vy0DxS64mhsrTNdvWnCfFq4emq3omI3WD0wmXKTkIIlh9T
H1JvQs0A8I9NMpY4TOeClLKNk2o/aJgD34v+1DXL+JY89h5/SADa0DLeQA2I8Fk3
AFZ1Ff+Ync40ejNlZQkF7GOGdj1D9XmOBRoaXpWMYTS/55ro+Tt5MfmGFULAiLM9
sCDz7dmnlUNhto2ZfP3kjLkeLBIGoYEPj/iIsizCoHWbizGWQ95Q2Sg3EwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH3cWC+twBL0AHSMH827Umvh4TymMB8GA1UdIwQY
MBaAFI+sy6xxR3uUDlzUED4+7mHbYVkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMt
MDk4ZGIzYTI0ZmYwLzEvZmR4WUw2M0FFdlFBZEl3ZnpidFNhLUhoUEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMtMDk4ZGIzYTI0ZmYw
LzEvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKhRyQAoQ
AwcAKhRyQKAcAwcAKhRyQOAcMA0GCSqGSIb3DQEBCwUAA4IBAQADFc5uZVJEl7AG
NrgdTpA4FIGFaICzYxbbvdcvUS/uqFZv35e0kNFpV3/tuIH3iqMzzOJEaTHLD1I4
3HpO8c9JJZSu6PTN5sCgRQudKSZOMUguFApP6h8huS/ngMhenEBKvRrFj+7wknv6
JN5HpXj2+6jYGGLLCREkLm49h4cvpVcqTKnAvN7tvvsO2o0NvKQPLJUPao0qwVrn
5hbzEx7TbNMs4Opm6HJwSNRd5Tr5lqO0jpcMsF2bCv/Xu2dSe5UqfLKtKP4+F855
rhvF4+Np+AUduimHz1AUvJh/alNViO/yD9afifn8NHxHT+8b1fio/AkaUgeOty9x
Iz/PtIqd
-----END CERTIFICATE-----