Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/Yx0svQExlJ5DX_3gVYYWBjwakl0.roa
File:                     Yx0svQExlJ5DX_3gVYYWBjwakl0.roa (raw, json)
Hash identifier:          HbsYLf1I5BO4UxNGaeAu+kPKzSjyYlk5Lgy2+P3f3Ds=
Subject key identifier:   63:1D:2C:BD:01:31:94:9E:43:5F:FD:E0:55:86:16:06:3C:1A:92:5D
Certificate issuer:       /CN=1fd0875cd0051d0c0925aca041034e7840a6770b
Certificate serial:       0190DF9C94472B1429384BD1817469F7D9F0
Authority key identifier: 1F:D0:87:5C:D0:05:1D:0C:09:25:AC:A0:41:03:4E:78:40:A6:77:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/Yx0svQExlJ5DX_3gVYYWBjwakl0.roa
Signing time:             Tue 23 Jul 2024 12:41:39 +0000
ROA not before:           Tue 23 Jul 2024 12:41:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        2a14:4f80::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:df:9c:94:47:2b:14:29:38:4b:d1:81:74:69:f7:d9:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fd0875cd0051d0c0925aca041034e7840a6770b
        Validity
            Not Before: Jul 23 12:41:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=631d2cbd0131949e435ffde0558616063c1a925d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5d:5d:90:c2:1c:d9:ae:98:2e:07:55:c1:be:
                    03:3c:51:36:d8:86:fd:7a:c3:9b:59:14:d8:c8:c9:
                    03:37:9e:04:6f:5c:00:49:7b:ab:cf:ab:22:56:29:
                    a6:04:2e:37:92:79:65:40:7b:11:dd:e0:1c:b0:30:
                    df:7a:8a:29:a8:77:07:ab:0d:6d:8f:05:9d:74:37:
                    30:64:4c:a7:c3:67:ea:2a:72:9b:f9:21:ee:45:fd:
                    36:56:2a:94:40:59:ba:76:9c:47:d7:7d:4f:17:fa:
                    e0:49:3d:45:93:aa:af:44:15:36:bc:96:e0:d5:41:
                    de:ea:b5:64:56:3d:87:08:5c:6b:fd:cf:b0:a1:bc:
                    f1:42:bc:2a:4f:24:a2:0b:57:d3:8e:df:04:2e:ca:
                    00:c1:b0:a6:ce:6f:23:ab:04:fe:af:76:1b:a3:d6:
                    a3:5e:ac:92:ec:bb:36:9b:74:51:f0:6b:68:cb:2c:
                    64:a2:f8:1e:44:c9:85:44:35:f9:dd:63:cf:fa:ec:
                    18:dd:e2:c1:7a:c4:a9:bc:29:a1:cb:61:1f:e3:bd:
                    f2:4d:17:2d:c9:99:a6:04:c5:20:ac:9a:0d:65:18:
                    24:bf:13:ea:85:32:13:08:0f:24:ad:5c:aa:45:08:
                    15:71:58:97:9a:b4:81:f4:d6:bc:06:4a:8a:d8:e8:
                    74:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:1D:2C:BD:01:31:94:9E:43:5F:FD:E0:55:86:16:06:3C:1A:92:5D
            X509v3 Authority Key Identifier:
                keyid:1F:D0:87:5C:D0:05:1D:0C:09:25:AC:A0:41:03:4E:78:40:A6:77:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H9CHXNAFHQwJJaygQQNOeECmdws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/Yx0svQExlJ5DX_3gVYYWBjwakl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/221048-3bad-469c-b933-e0802f474444/1/H9CHXNAFHQwJJaygQQNOeECmdws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4f80::/38

    Signature Algorithm: sha256WithRSAEncryption
         50:a3:8a:c4:ba:87:d0:c8:c4:1a:da:bd:40:4d:d2:ec:63:19:
         7e:eb:2b:28:ee:85:a4:85:37:9a:b4:7c:71:2d:0a:a9:3b:e9:
         a3:39:ae:32:35:f2:8a:dc:c1:85:13:9d:6e:ac:f2:da:2d:6c:
         fd:1e:ef:ee:f5:27:c1:77:f7:14:a0:e7:3a:4a:04:c1:a1:2b:
         74:ea:6c:ab:1f:61:d0:54:c4:4a:f8:a6:60:31:95:a3:25:51:
         ec:da:55:42:c2:23:df:43:d7:46:d8:61:70:52:50:d5:b5:ea:
         f4:41:0d:94:87:39:89:8e:25:af:e7:f9:ae:4a:0b:76:11:1e:
         c5:b4:d0:68:0a:31:3c:ed:02:04:31:e9:9a:f4:34:fe:8a:c4:
         32:b0:15:5c:70:94:fa:46:c0:c4:91:0a:1e:de:38:e5:49:1b:
         dc:a1:af:df:b7:68:6a:e4:37:1e:53:5b:ec:60:29:af:0b:88:
         c9:67:09:8c:14:e0:cb:98:da:fc:12:9b:d9:4d:fd:fc:53:ad:
         23:f9:c6:ae:a5:ed:85:b1:fe:4e:76:e3:56:6b:ff:ec:9c:13:
         69:36:e7:ad:3d:82:df:9c:73:d5:fb:95:d6:00:11:ac:4e:61:
         80:f9:07:0c:dc:3d:8e:95:ff:f4:84:5f:79:e3:e7:c8:1d:40:
         10:bb:62:47
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZDfnJRHKxQpOEvRgXRp99nwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZDA4NzVjZDAwNTFkMGMwOTI1YWNhMDQxMDM0ZTc4NDBh
Njc3MGIwHhcNMjQwNzIzMTI0MTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzFkMmNiZDAxMzE5NDllNDM1ZmZkZTA1NTg2MTYwNjNjMWE5MjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyF1dkMIc2a6YLgdVwb4DPFE22Ib9
esObWRTYyMkDN54Eb1wASXurz6siVimmBC43knllQHsR3eAcsDDfeoopqHcHqw1t
jwWddDcwZEynw2fqKnKb+SHuRf02ViqUQFm6dpxH131PF/rgST1Fk6qvRBU2vJbg
1UHe6rVkVj2HCFxr/c+wobzxQrwqTySiC1fTjt8ELsoAwbCmzm8jqwT+r3Ybo9aj
XqyS7Ls2m3RR8GtoyyxkovgeRMmFRDX53WPP+uwY3eLBesSpvCmhy2Ef473yTRct
yZmmBMUgrJoNZRgkvxPqhTITCA8krVyqRQgVcViXmrSB9Na8BkqK2Oh0KQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGMdLL0BMZSeQ1/94FWGFgY8GpJdMB8GA1UdIwQY
MBaAFB/Qh1zQBR0MCSWsoEEDTnhApncLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDlDSFhOQUZIUXdKSmF5Z1FRTk9lRUNtZHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yMjEwNDgtM2JhZC00NjljLWI5MzMt
ZTA4MDJmNDc0NDQ0LzEvWXgwc3ZRRXhsSjVEWF8zZ1ZZWVdCandha2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yMjEwNDgtM2JhZC00NjljLWI5MzMtZTA4MDJmNDc0NDQ0
LzEvSDlDSFhOQUZIUXdKSmF5Z1FRTk9lRUNtZHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhRPgAAw
DQYJKoZIhvcNAQELBQADggEBAFCjisS6h9DIxBravUBN0uxjGX7rKyjuhaSFN5q0
fHEtCqk76aM5rjI18orcwYUTnW6s8totbP0e7+71J8F39xSg5zpKBMGhK3TqbKsf
YdBUxEr4pmAxlaMlUezaVULCI99D10bYYXBSUNW16vRBDZSHOYmOJa/n+a5KC3YR
HsW00GgKMTztAgQx6Zr0NP6KxDKwFVxwlPpGwMSRCh7eOOVJG9yhr9+3aGrkNx5T
W+xgKa8LiMlnCYwU4MuY2vwSm9lN/fxTrSP5xq6l7YWx/k5241Zr/+ycE2k25609
gt+cc9X7ldYAEaxOYYD5BwzcPY6V//SEX3nj58gdQBC7Ykc=
-----END CERTIFICATE-----