Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/kN2N6bA6xKnw00IQy23tz2BGTM4.roa
File:                     kN2N6bA6xKnw00IQy23tz2BGTM4.roa (raw, json)
Hash identifier:          LxPXvYNNuo7p3z/RWRVB0inHJEIt4GaWCDvZiw8datU=
Subject key identifier:   90:DD:8D:E9:B0:3A:C4:A9:F0:D3:42:10:CB:6D:ED:CF:60:46:4C:CE
Certificate issuer:       /CN=8faccbac71477b940e5cd4103e3eee61db615915
Certificate serial:       01905AA4B962B38667CFBE0E72FF19083602
Authority key identifier: 8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/kN2N6bA6xKnw00IQy23tz2BGTM4.roa
Signing time:             Thu 27 Jun 2024 17:01:02 +0000
ROA not before:           Thu 27 Jun 2024 17:01:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a14:7240:a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:a4:b9:62:b3:86:67:cf:be:0e:72:ff:19:08:36:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8faccbac71477b940e5cd4103e3eee61db615915
        Validity
            Not Before: Jun 27 17:01:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90dd8de9b03ac4a9f0d34210cb6dedcf60464cce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f1:b3:c9:9e:8a:d9:22:d8:dd:ac:73:13:4b:
                    40:63:76:f7:b3:18:96:c7:83:76:7f:a5:56:61:df:
                    67:ab:d2:54:d1:f3:a4:e1:03:32:1b:2c:0f:c4:1d:
                    84:57:37:d1:f5:ab:c6:f4:72:b5:bc:d6:74:ec:f1:
                    a3:c5:49:87:56:27:ba:2d:cf:e2:86:3a:25:7c:a5:
                    85:a0:97:d1:fd:f8:e6:2e:72:be:4b:8b:90:e5:eb:
                    cf:6e:81:4b:7f:06:11:70:12:8b:53:0e:5d:c6:c3:
                    f4:32:01:1c:5d:9d:78:ae:aa:0f:0c:10:03:a0:c4:
                    35:47:4c:a3:62:b3:d3:b9:4b:56:4a:d2:c1:03:36:
                    12:b3:d7:06:65:52:9e:87:3d:cc:75:29:eb:42:28:
                    25:76:88:f1:af:88:4b:7a:6e:f4:5a:c2:f3:7d:e6:
                    d8:61:2c:ee:d4:24:53:37:db:54:22:cd:e0:84:1e:
                    26:70:26:2a:45:2d:17:f2:8d:42:c2:e9:e9:e9:32:
                    a9:9d:20:5e:b3:be:e2:27:34:07:59:00:03:03:6a:
                    c6:51:03:dc:f3:b7:4c:2b:a0:e8:d0:00:a2:7f:5a:
                    91:20:2f:b1:25:c0:70:54:22:20:9d:4e:c9:fb:82:
                    01:c7:1f:9a:2d:a2:e0:66:2f:41:b7:28:18:7b:9e:
                    72:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:DD:8D:E9:B0:3A:C4:A9:F0:D3:42:10:CB:6D:ED:CF:60:46:4C:CE
            X509v3 Authority Key Identifier:
                keyid:8F:AC:CB:AC:71:47:7B:94:0E:5C:D4:10:3E:3E:EE:61:DB:61:59:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j6zLrHFHe5QOXNQQPj7uYdthWRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/kN2N6bA6xKnw00IQy23tz2BGTM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/017eef-c49e-47a7-9ed3-098db3a24ff0/1/j6zLrHFHe5QOXNQQPj7uYdthWRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7240:a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:62:9b:36:ff:8d:2f:16:b7:a8:6b:ae:4e:5f:ac:38:22:b2:
         7b:04:e4:ee:19:ad:29:e8:b9:d1:6d:60:44:32:cd:84:e0:74:
         a5:66:0f:0d:8d:ea:3c:35:0f:66:a5:41:81:a2:93:2a:05:93:
         0b:38:ad:1e:00:0d:21:f3:ed:ec:6f:e3:45:7d:26:0e:a5:b8:
         ff:7a:a9:69:16:aa:6f:2a:8c:4b:bc:d9:57:0e:60:68:08:3c:
         7f:5c:ea:62:d7:1f:db:a8:7b:58:c9:a6:97:32:e3:ee:75:1a:
         d5:5d:45:a1:e5:8a:ea:1c:cc:15:98:67:12:ee:35:c5:c5:fc:
         8a:33:a9:8c:07:26:4a:84:9f:1f:af:17:b7:52:69:3a:0a:5d:
         15:71:aa:2f:6e:51:3c:f6:5a:b6:77:c8:81:a6:68:e0:29:84:
         2c:03:81:02:9f:fe:53:8b:60:9c:67:e6:bb:92:2d:9e:b1:dc:
         a6:9e:19:bf:77:9c:f0:15:5f:2b:ab:e3:b6:68:06:1c:e7:27:
         5e:ad:e3:42:0a:f5:49:54:04:e9:7c:24:ca:07:a8:b6:99:bf:
         67:4b:2d:a3:0c:a5:bf:44:37:12:ee:fa:ba:93:88:d7:06:03:
         fe:71:ff:ff:9f:64:b5:3f:c8:96:8c:80:c9:83:9f:72:c2:11:
         28:e1:88:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBapLlis4Znz74Ocv8ZCDYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYWNjYmFjNzE0NzdiOTQwZTVjZDQxMDNlM2VlZTYxZGI2
MTU5MTUwHhcNMjQwNjI3MTcwMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGRkOGRlOWIwM2FjNGE5ZjBkMzQyMTBjYjZkZWRjZjYwNDY0Y2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/GzyZ6K2SLY3axzE0tAY3b3sxiW
x4N2f6VWYd9nq9JU0fOk4QMyGywPxB2EVzfR9avG9HK1vNZ07PGjxUmHVie6Lc/i
hjolfKWFoJfR/fjmLnK+S4uQ5evPboFLfwYRcBKLUw5dxsP0MgEcXZ14rqoPDBAD
oMQ1R0yjYrPTuUtWStLBAzYSs9cGZVKehz3MdSnrQigldojxr4hLem70WsLzfebY
YSzu1CRTN9tUIs3ghB4mcCYqRS0X8o1Cwunp6TKpnSBes77iJzQHWQADA2rGUQPc
87dMK6Do0ACif1qRIC+xJcBwVCIgnU7J+4IBxx+aLaLgZi9BtygYe55yCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJDdjemwOsSp8NNCEMtt7c9gRkzOMB8GA1UdIwQY
MBaAFI+sy6xxR3uUDlzUED4+7mHbYVkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMt
MDk4ZGIzYTI0ZmYwLzEva04yTjZiQTZ4S253MDBJUXkyM3R6MkJHVE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8wMTdlZWYtYzQ5ZS00N2E3LTllZDMtMDk4ZGIzYTI0ZmYw
LzEvajZ6THJIRkhlNVFPWE5RUVBqN3VZZHRoV1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRyQAoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBLYps2/40vFreoa65OX6w4IrJ7BOTuGa0p6LnR
bWBEMs2E4HSlZg8Njeo8NQ9mpUGBopMqBZMLOK0eAA0h8+3sb+NFfSYOpbj/eqlp
FqpvKoxLvNlXDmBoCDx/XOpi1x/bqHtYyaaXMuPudRrVXUWh5YrqHMwVmGcS7jXF
xfyKM6mMByZKhJ8frxe3Umk6Cl0VcaovblE89lq2d8iBpmjgKYQsA4ECn/5Ti2Cc
Z+a7ki2esdymnhm/d5zwFV8rq+O2aAYc5ydereNCCvVJVATpfCTKB6i2mb9nSy2j
DKW/RDcS7vq6k4jXBgP+cf//n2S1P8iWjIDJg59ywhEo4YjI
-----END CERTIFICATE-----