Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/RgO-ockD6WgwYrTAoXEjptE-bYc.roa
File:                     RgO-ockD6WgwYrTAoXEjptE-bYc.roa (raw, json)
Hash identifier:          7gLorKZY6Y1guOsTicTohcjrXyC2DZgLgDlRQgk5HuE=
Subject key identifier:   46:03:BE:A1:C9:03:E9:68:30:62:B4:C0:A1:71:23:A6:D1:3E:6D:87
Certificate issuer:       /CN=d90482763070955e7ea87e2ca37b891b864b2577
Certificate serial:       01907DBE19E2E0273AB5FDE4356A7111796B
Authority key identifier: D9:04:82:76:30:70:95:5E:7E:A8:7E:2C:A3:7B:89:1B:86:4B:25:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2QSCdjBwlV5-qH4so3uJG4ZLJXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/RgO-ockD6WgwYrTAoXEjptE-bYc.roa
Signing time:             Thu 04 Jul 2024 12:35:28 +0000
ROA not before:           Thu 04 Jul 2024 12:35:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209642
IP address blocks:        2a14:7540::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/2QSCdjBwlV5-qH4so3uJG4ZLJXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/2QSCdjBwlV5-qH4so3uJG4ZLJXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2QSCdjBwlV5-qH4so3uJG4ZLJXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7d:be:19:e2:e0:27:3a:b5:fd:e4:35:6a:71:11:79:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90482763070955e7ea87e2ca37b891b864b2577
        Validity
            Not Before: Jul  4 12:35:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4603bea1c903e9683062b4c0a17123a6d13e6d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:db:b7:7d:72:b1:a6:b3:aa:ab:48:fa:38:94:
                    a2:9a:bc:16:bf:5a:65:92:eb:29:fb:d4:ff:32:28:
                    02:93:5d:b9:ea:37:20:56:37:b4:b5:ce:30:c4:63:
                    22:c3:3e:50:53:12:7e:3e:f2:0f:98:3d:68:98:f2:
                    35:2c:8a:14:9a:d1:94:88:dd:f1:14:5c:59:58:82:
                    84:ad:92:3b:60:c5:c0:7c:56:41:e7:c5:14:25:dc:
                    af:87:70:f9:0e:c8:f3:bb:6a:d2:6c:07:7f:2a:9c:
                    71:9e:10:a6:9b:02:a2:82:2a:d3:21:28:12:4f:49:
                    3c:10:1a:77:41:fc:be:a6:9e:94:9e:6f:25:ac:fd:
                    82:ae:e6:30:97:85:4d:96:5e:93:f3:59:0b:23:37:
                    9e:80:46:c4:ac:cf:60:8f:a4:05:da:63:10:37:f4:
                    67:8d:57:c0:3b:a8:ce:28:7b:08:08:a1:9e:a6:5d:
                    8d:0f:4e:2c:8a:30:0a:13:05:c7:63:42:1d:54:6a:
                    d5:56:77:f8:01:70:04:bd:f1:40:30:12:0b:f4:84:
                    10:02:41:14:e7:28:20:c7:d9:81:2d:69:bb:f3:82:
                    8d:58:c0:f3:d3:6d:3c:17:b9:b0:c8:6d:c4:13:14:
                    92:36:c0:cc:14:3f:55:9a:4f:d9:5a:f8:c0:be:86:
                    10:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:03:BE:A1:C9:03:E9:68:30:62:B4:C0:A1:71:23:A6:D1:3E:6D:87
            X509v3 Authority Key Identifier:
                keyid:D9:04:82:76:30:70:95:5E:7E:A8:7E:2C:A3:7B:89:1B:86:4B:25:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2QSCdjBwlV5-qH4so3uJG4ZLJXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/RgO-ockD6WgwYrTAoXEjptE-bYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/2QSCdjBwlV5-qH4so3uJG4ZLJXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7540::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:ef:59:ec:9a:51:ff:a9:80:c9:9f:47:ca:24:41:fa:89:17:
         6c:75:0b:50:01:51:19:53:32:fe:f3:7a:f4:06:c4:38:99:78:
         2e:36:17:3b:8e:3d:b5:d0:74:c5:3b:60:c9:bd:8a:3f:d1:69:
         5e:6b:e4:ec:4d:86:59:2a:68:15:e0:d7:f1:ba:0b:53:d8:1b:
         cc:ec:1d:05:c7:40:d8:51:80:71:88:00:08:56:3a:3a:9b:6e:
         9f:92:ea:ed:e2:55:d9:4f:5f:bd:76:b0:34:36:63:da:ff:41:
         bd:17:83:93:19:6a:bd:a2:c0:72:04:f4:2f:0e:6e:0a:72:ee:
         fa:b2:d2:15:39:aa:90:03:3c:56:d1:25:cc:fe:01:bf:5d:ee:
         e7:f3:f8:20:6d:65:f5:c9:90:51:e5:71:4a:8b:dd:3f:de:3c:
         0b:c9:59:09:89:5e:e3:b9:c1:8e:ad:3c:08:b4:15:dd:9e:b7:
         f3:36:c6:91:55:06:61:7b:bf:4c:57:55:46:72:4d:8f:23:ec:
         fa:1c:48:8d:9f:80:81:b4:eb:cc:83:d2:a5:2f:0f:9e:38:96:
         77:10:52:c8:e6:43:84:57:95:e4:22:7e:d9:65:34:3d:72:6f:
         ea:48:6d:25:7b:27:93:6b:1c:f1:e7:db:d6:dd:b3:74:4b:35:
         53:43:a8:6f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZB9vhni4Cc6tf3kNWpxEXlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MDQ4Mjc2MzA3MDk1NWU3ZWE4N2UyY2EzN2I4OTFiODY0
YjI1NzcwHhcNMjQwNzA0MTIzNTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjAzYmVhMWM5MDNlOTY4MzA2MmI0YzBhMTcxMjNhNmQxM2U2ZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitu3fXKxprOqq0j6OJSimrwWv1pl
kusp+9T/MigCk1256jcgVje0tc4wxGMiwz5QUxJ+PvIPmD1omPI1LIoUmtGUiN3x
FFxZWIKErZI7YMXAfFZB58UUJdyvh3D5Dsjzu2rSbAd/KpxxnhCmmwKigirTISgS
T0k8EBp3Qfy+pp6Unm8lrP2CruYwl4VNll6T81kLIzeegEbErM9gj6QF2mMQN/Rn
jVfAO6jOKHsICKGepl2ND04sijAKEwXHY0IdVGrVVnf4AXAEvfFAMBIL9IQQAkEU
5yggx9mBLWm784KNWMDz0208F7mwyG3EExSSNsDMFD9Vmk/ZWvjAvoYQHwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEYDvqHJA+loMGK0wKFxI6bRPm2HMB8GA1UdIwQY
MBaAFNkEgnYwcJVefqh+LKN7iRuGSyV3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlFTQ2RqQndsVjUtcUg0c28zdUpHNFpMSlhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC85NGMyYmItZTgwYS00ZjJjLTgyMDgt
YTliMjc2Njc3M2FhLzEvUmdPLW9ja0Q2V2d3WXJUQW9YRWpwdEUtYlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC85NGMyYmItZTgwYS00ZjJjLTgyMDgtYTliMjc2Njc3M2Fh
LzEvMlFTQ2RqQndsVjUtcUg0c28zdUpHNFpMSlhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1QAAw
DQYJKoZIhvcNAQELBQADggEBAC3vWeyaUf+pgMmfR8okQfqJF2x1C1ABURlTMv7z
evQGxDiZeC42FzuOPbXQdMU7YMm9ij/RaV5r5OxNhlkqaBXg1/G6C1PYG8zsHQXH
QNhRgHGIAAhWOjqbbp+S6u3iVdlPX712sDQ2Y9r/Qb0Xg5MZar2iwHIE9C8Obgpy
7vqy0hU5qpADPFbRJcz+Ab9d7ufz+CBtZfXJkFHlcUqL3T/ePAvJWQmJXuO5wY6t
PAi0Fd2et/M2xpFVBmF7v0xXVUZyTY8j7PocSI2fgIG068yD0qUvD544lncQUsjm
Q4RXleQiftllND1yb+pIbSV7J5NrHPHn29bds3RLNVNDqG8=
-----END CERTIFICATE-----