Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/K00WmW5sEHKCLpLvVv60BoUQm4s.roa
File:                     K00WmW5sEHKCLpLvVv60BoUQm4s.roa (raw, json)
Hash identifier:          ncjL2w5gOHJ6tPKmBPikCLMvXIm1ETyJLSfjWWa/IUM=
Subject key identifier:   2B:4D:16:99:6E:6C:10:72:82:2E:92:EF:56:FE:B4:06:85:10:9B:8B
Certificate issuer:       /CN=0a69b39b08f3f62ce3e083bbc8aeeceadc498b69
Certificate serial:       01909E689D409EE2B688C2B13892E7A4CF6C
Authority key identifier: 0A:69:B3:9B:08:F3:F6:2C:E3:E0:83:BB:C8:AE:EC:EA:DC:49:8B:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cmmzmwjz9izj4IO7yK7s6txJi2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/K00WmW5sEHKCLpLvVv60BoUQm4s.roa
Signing time:             Wed 10 Jul 2024 20:49:34 +0000
ROA not before:           Wed 10 Jul 2024 20:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214895
IP address blocks:        2a0a:14c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/Cmmzmwjz9izj4IO7yK7s6txJi2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/Cmmzmwjz9izj4IO7yK7s6txJi2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cmmzmwjz9izj4IO7yK7s6txJi2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9e:68:9d:40:9e:e2:b6:88:c2:b1:38:92:e7:a4:cf:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a69b39b08f3f62ce3e083bbc8aeeceadc498b69
        Validity
            Not Before: Jul 10 20:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b4d16996e6c1072822e92ef56feb40685109b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f6:d1:ab:77:89:eb:d6:90:96:2d:77:9a:6e:
                    df:18:4b:1c:8a:18:02:b2:fe:70:08:ac:68:82:f3:
                    b5:bf:91:5b:79:1b:eb:24:b3:30:1d:af:e0:f8:ca:
                    d5:ed:50:12:fc:ae:05:34:2d:03:6b:d9:e5:4c:89:
                    fa:86:0d:fa:2c:87:04:14:94:f8:d0:cd:68:37:0a:
                    8f:50:14:06:8b:2c:b1:fa:f1:95:7f:df:3a:65:06:
                    9f:98:d8:96:7d:9d:d6:7d:ab:09:e0:88:81:3c:e2:
                    db:64:06:e7:df:c4:c8:90:98:c7:9e:e1:41:02:b5:
                    89:aa:21:c7:d5:81:11:42:19:90:70:f2:30:41:a6:
                    f8:b4:9f:09:e4:8f:68:af:98:f6:84:da:10:54:8f:
                    28:04:3e:f2:5d:86:f9:85:0d:b2:57:29:dc:f6:c2:
                    ec:6b:01:4a:d2:00:a2:57:62:f2:6f:02:2b:6e:c9:
                    db:cf:91:05:11:1d:48:60:31:31:12:df:6c:46:22:
                    13:5d:10:5b:ea:41:d2:be:d6:56:8a:28:b7:78:de:
                    74:34:e5:2a:55:40:be:1f:75:38:2e:e2:41:b1:d3:
                    33:a4:32:79:80:a0:bf:57:12:22:33:d0:d5:b3:d5:
                    2c:15:1d:27:4c:a0:f4:27:fb:87:77:7a:71:d2:27:
                    d7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4D:16:99:6E:6C:10:72:82:2E:92:EF:56:FE:B4:06:85:10:9B:8B
            X509v3 Authority Key Identifier:
                keyid:0A:69:B3:9B:08:F3:F6:2C:E3:E0:83:BB:C8:AE:EC:EA:DC:49:8B:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cmmzmwjz9izj4IO7yK7s6txJi2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/K00WmW5sEHKCLpLvVv60BoUQm4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/Cmmzmwjz9izj4IO7yK7s6txJi2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:14c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:ba:47:0d:a8:9b:3d:0e:4a:b3:fa:f5:70:35:12:08:af:42:
         ee:b6:95:3b:d8:66:fb:e1:92:67:22:d1:1d:b0:1f:bf:20:d9:
         89:ff:84:8f:19:af:0f:f2:e0:39:9a:4f:d5:e3:e5:2e:1c:53:
         54:f4:e3:cb:8c:98:4c:78:14:26:22:5a:a5:91:b4:d3:f7:95:
         16:8f:f6:8c:a4:e9:6c:5f:1c:ce:d6:0b:19:5d:70:84:0e:5c:
         55:8b:de:08:59:93:f7:00:1d:a6:47:23:18:a0:27:3b:d9:c3:
         5b:64:66:b2:ac:bb:ab:39:25:4c:4d:c6:a8:ae:59:1a:d4:bc:
         ac:2f:de:45:63:ce:db:88:01:cb:bb:d9:ec:cc:6d:11:81:57:
         20:11:bd:c9:92:79:38:9c:cc:51:77:41:0d:aa:c3:a8:49:09:
         43:d2:b2:11:ef:05:19:54:e4:a2:7f:a2:3c:55:f2:e8:e7:9a:
         2c:f2:3a:ec:ee:85:26:56:c9:71:21:b1:7a:b4:84:03:50:92:
         91:14:f9:78:15:da:40:38:fc:a5:6b:81:9d:e4:e8:50:4f:ac:
         b4:bc:67:0a:3d:c1:33:53:32:47:e7:0c:6e:b4:e9:3d:8b:cc:
         23:50:78:d6:a3:03:d6:1c:41:47:f2:c2:bc:ab:bd:44:6f:eb:
         38:83:dc:39
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCeaJ1AnuK2iMKxOJLnpM9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNjliMzliMDhmM2Y2MmNlM2UwODNiYmM4YWVlY2VhZGM0
OThiNjkwHhcNMjQwNzEwMjA0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjRkMTY5OTZlNmMxMDcyODIyZTkyZWY1NmZlYjQwNjg1MTA5YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/bRq3eJ69aQli13mm7fGEscihgC
sv5wCKxogvO1v5FbeRvrJLMwHa/g+MrV7VAS/K4FNC0Da9nlTIn6hg36LIcEFJT4
0M1oNwqPUBQGiyyx+vGVf986ZQafmNiWfZ3WfasJ4IiBPOLbZAbn38TIkJjHnuFB
ArWJqiHH1YERQhmQcPIwQab4tJ8J5I9or5j2hNoQVI8oBD7yXYb5hQ2yVync9sLs
awFK0gCiV2LybwIrbsnbz5EFER1IYDExEt9sRiITXRBb6kHSvtZWiii3eN50NOUq
VUC+H3U4LuJBsdMzpDJ5gKC/VxIiM9DVs9UsFR0nTKD0J/uHd3px0ifXjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCtNFplubBBygi6S71b+tAaFEJuLMB8GA1UdIwQY
MBaAFApps5sI8/Ys4+CDu8iu7OrcSYtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ21tem13ano5aXpqNElPN3lLN3M2dHhKaTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8yZjMyNDUtMmIzNi00Y2Y1LTllNjAt
YzA5YWZhMDBjYjg0LzEvSzAwV21XNXNFSEtDTHBMdlZ2NjBCb1VRbTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8yZjMyNDUtMmIzNi00Y2Y1LTllNjAtYzA5YWZhMDBjYjg0
LzEvQ21tem13ano5aXpqNElPN3lLN3M2dHhKaTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgoUwDAN
BgkqhkiG9w0BAQsFAAOCAQEACbpHDaibPQ5Ks/r1cDUSCK9C7raVO9hm++GSZyLR
HbAfvyDZif+EjxmvD/LgOZpP1ePlLhxTVPTjy4yYTHgUJiJapZG00/eVFo/2jKTp
bF8cztYLGV1whA5cVYveCFmT9wAdpkcjGKAnO9nDW2Rmsqy7qzklTE3GqK5ZGtS8
rC/eRWPO24gBy7vZ7MxtEYFXIBG9yZJ5OJzMUXdBDarDqEkJQ9KyEe8FGVTkon+i
PFXy6OeaLPI67O6FJlbJcSGxerSEA1CSkRT5eBXaQDj8pWuBneToUE+stLxnCj3B
M1MyR+cMbrTpPYvMI1B41qMD1hxBR/LCvKu9RG/rOIPcOQ==
-----END CERTIFICATE-----