Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/6efd9c-64c3-42b6-92fd-ab7881b0df2b/1/Wz97JorlHgdGGCCUfiVfFid-kec.roa
File:                     Wz97JorlHgdGGCCUfiVfFid-kec.roa (raw, json)
Hash identifier:          VQqJiVkR2+hFlj+i7T5pXRVCvuoD7ttsj/ojbdKTa+E=
Subject key identifier:   5B:3F:7B:26:8A:E5:1E:07:46:18:20:94:7E:25:5F:16:27:7E:91:E7
Certificate issuer:       /CN=20d68183d6018f504c5e6fae228e1b350c6f0fef
Certificate serial:       0190ABB91F8C946C18B840915F7BC3E21560
Authority key identifier: 20:D6:81:83:D6:01:8F:50:4C:5E:6F:AE:22:8E:1B:35:0C:6F:0F:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INaBg9YBj1BMXm-uIo4bNQxvD-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/6efd9c-64c3-42b6-92fd-ab7881b0df2b/1/Wz97JorlHgdGGCCUfiVfFid-kec.roa
Signing time:             Sat 13 Jul 2024 10:52:34 +0000
ROA not before:           Sat 13 Jul 2024 10:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:4840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/6efd9c-64c3-42b6-92fd-ab7881b0df2b/1/INaBg9YBj1BMXm-uIo4bNQxvD-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/6efd9c-64c3-42b6-92fd-ab7881b0df2b/1/INaBg9YBj1BMXm-uIo4bNQxvD-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INaBg9YBj1BMXm-uIo4bNQxvD-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ab:b9:1f:8c:94:6c:18:b8:40:91:5f:7b:c3:e2:15:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d68183d6018f504c5e6fae228e1b350c6f0fef
        Validity
            Not Before: Jul 13 10:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b3f7b268ae51e07461820947e255f16277e91e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:dc:27:56:8d:75:02:8b:f6:80:de:58:bf:1a:
                    c7:bc:0d:9b:99:3f:c6:c2:2e:b6:9b:56:ff:65:37:
                    37:b6:3f:be:2a:f6:2b:1e:4c:76:3a:b7:4d:1d:e7:
                    89:86:94:95:b5:72:13:21:49:26:a0:38:26:95:ee:
                    61:23:21:f1:97:f1:68:7d:32:b4:c3:03:05:b5:10:
                    49:ed:3c:07:43:91:49:45:88:7a:fa:ef:70:b9:14:
                    4b:c5:a7:9a:0e:13:be:3b:67:d6:75:24:f0:b6:e3:
                    86:67:06:82:c6:99:d8:6b:33:c1:e5:f6:35:e8:95:
                    3a:f2:d2:86:c5:6a:d9:ed:9e:1d:69:11:0c:e9:dd:
                    32:08:54:b1:c3:cd:29:45:3e:b9:27:c5:7c:e2:27:
                    6b:63:1e:c5:66:0b:b4:cb:3a:0c:90:71:8d:c2:14:
                    de:5b:d6:9a:71:e5:f1:b4:d3:06:46:2d:9f:25:3c:
                    d0:08:90:b3:c0:e5:4e:60:aa:ef:de:38:f1:80:c1:
                    97:2e:b0:e1:a6:65:28:64:95:5a:fa:cb:cb:7f:4d:
                    b1:68:2d:f2:05:78:02:51:ca:26:f1:0c:7a:29:b8:
                    85:57:0c:89:ef:75:67:b3:d2:ce:5b:2b:f2:44:a2:
                    76:00:52:d1:78:3f:06:9a:95:3b:a6:b7:ef:ec:21:
                    6b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:3F:7B:26:8A:E5:1E:07:46:18:20:94:7E:25:5F:16:27:7E:91:E7
            X509v3 Authority Key Identifier:
                keyid:20:D6:81:83:D6:01:8F:50:4C:5E:6F:AE:22:8E:1B:35:0C:6F:0F:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INaBg9YBj1BMXm-uIo4bNQxvD-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6efd9c-64c3-42b6-92fd-ab7881b0df2b/1/Wz97JorlHgdGGCCUfiVfFid-kec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6efd9c-64c3-42b6-92fd-ab7881b0df2b/1/INaBg9YBj1BMXm-uIo4bNQxvD-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4840::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:ec:cf:67:2b:fd:ed:66:8e:1d:6d:b7:58:78:22:37:13:d7:
         d5:e0:4a:93:70:a2:a1:28:d0:10:0c:e9:55:87:fe:e9:26:03:
         d5:68:f8:bd:d3:7c:e6:6b:c4:90:89:57:f4:74:f9:ca:da:0e:
         0f:59:42:7e:01:c1:04:b6:a2:23:76:8b:b5:f6:18:d8:70:8d:
         bf:46:12:f0:dc:df:be:37:65:fb:32:80:35:df:88:30:fc:ca:
         72:4f:4c:1f:ab:77:8e:c7:11:39:d3:f6:aa:91:17:aa:91:de:
         e1:ce:b5:fd:61:05:49:80:3e:ca:1b:40:0c:c7:78:0f:8d:1a:
         b6:d6:cf:7d:40:0c:d6:96:eb:1c:ea:55:a3:fc:bf:80:93:b5:
         4d:84:b1:d6:52:17:61:9e:da:0c:83:cf:91:ab:bb:5e:42:97:
         30:e9:2f:cd:b3:94:b8:dc:af:a8:b2:c8:4c:ac:e6:9f:12:81:
         56:65:af:79:c7:d1:c2:a0:35:fe:2b:0b:3f:b5:23:67:72:15:
         25:ff:49:61:7f:89:ac:97:d3:4b:51:a3:24:44:02:9b:72:86:
         eb:12:03:c7:4a:b5:16:65:f8:34:4b:47:0a:c9:71:ba:9e:1c:
         ee:97:ea:63:8a:a9:b4:06:cc:53:3d:96:11:03:b0:f1:fd:50:
         cd:17:76:d0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCruR+MlGwYuECRX3vD4hVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDY4MTgzZDYwMThmNTA0YzVlNmZhZTIyOGUxYjM1MGM2
ZjBmZWYwHhcNMjQwNzEzMTA1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjNmN2IyNjhhZTUxZTA3NDYxODIwOTQ3ZTI1NWYxNjI3N2U5MWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdwnVo11Aov2gN5YvxrHvA2bmT/G
wi62m1b/ZTc3tj++KvYrHkx2OrdNHeeJhpSVtXITIUkmoDgmle5hIyHxl/FofTK0
wwMFtRBJ7TwHQ5FJRYh6+u9wuRRLxaeaDhO+O2fWdSTwtuOGZwaCxpnYazPB5fY1
6JU68tKGxWrZ7Z4daREM6d0yCFSxw80pRT65J8V84idrYx7FZgu0yzoMkHGNwhTe
W9aaceXxtNMGRi2fJTzQCJCzwOVOYKrv3jjxgMGXLrDhpmUoZJVa+svLf02xaC3y
BXgCUcom8Qx6KbiFVwyJ73Vns9LOWyvyRKJ2AFLReD8GmpU7prfv7CFrGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFs/eyaK5R4HRhgglH4lXxYnfpHnMB8GA1UdIwQY
MBaAFCDWgYPWAY9QTF5vriKOGzUMbw/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5hQmc5WUJqMUJNWG0tdUlvNGJOUXh2RC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82ZWZkOWMtNjRjMy00MmI2LTkyZmQt
YWI3ODgxYjBkZjJiLzEvV3o5N0pvcmxIZ2RHR0NDVWZpVmZGaWQta2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82ZWZkOWMtNjRjMy00MmI2LTkyZmQtYWI3ODgxYjBkZjJi
LzEvSU5hQmc5WUJqMUJNWG0tdUlvNGJOUXh2RC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRIQDAN
BgkqhkiG9w0BAQsFAAOCAQEAV+zPZyv97WaOHW23WHgiNxPX1eBKk3CioSjQEAzp
VYf+6SYD1Wj4vdN85mvEkIlX9HT5ytoOD1lCfgHBBLaiI3aLtfYY2HCNv0YS8Nzf
vjdl+zKANd+IMPzKck9MH6t3jscROdP2qpEXqpHe4c61/WEFSYA+yhtADMd4D40a
ttbPfUAM1pbrHOpVo/y/gJO1TYSx1lIXYZ7aDIPPkau7XkKXMOkvzbOUuNyvqLLI
TKzmnxKBVmWvecfRwqA1/isLP7UjZ3IVJf9JYX+JrJfTS1GjJEQCm3KG6xIDx0q1
FmX4NEtHCslxup4c7pfqY4qptAbMUz2WEQOw8f1QzRd20A==
-----END CERTIFICATE-----