Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/o7thzKeJAxWHYZAinC9wxakwS1s.roa
File:                     o7thzKeJAxWHYZAinC9wxakwS1s.roa (raw, json)
Hash identifier:          gElzjkkchvSUuEnbKRJQvxIY3CkejeSDqbCa102hMTQ=
Subject key identifier:   A3:BB:61:CC:A7:89:03:15:87:61:90:22:9C:2F:70:C5:A9:30:4B:5B
Certificate issuer:       /CN=dc7fbd677441cbb5c0bd47bcd2f38ba192a336a6
Certificate serial:       018E2F533167A57DAC6A5B159CED6C115391
Authority key identifier: DC:7F:BD:67:74:41:CB:B5:C0:BD:47:BC:D2:F3:8B:A1:92:A3:36:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3H-9Z3RBy7XAvUe80vOLoZKjNqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/o7thzKeJAxWHYZAinC9wxakwS1s.roa
Signing time:             Mon 11 Mar 2024 21:02:45 +0000
ROA not before:           Mon 11 Mar 2024 21:02:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a14:6380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/3H-9Z3RBy7XAvUe80vOLoZKjNqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/3H-9Z3RBy7XAvUe80vOLoZKjNqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3H-9Z3RBy7XAvUe80vOLoZKjNqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2f:53:31:67:a5:7d:ac:6a:5b:15:9c:ed:6c:11:53:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7fbd677441cbb5c0bd47bcd2f38ba192a336a6
        Validity
            Not Before: Mar 11 21:02:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3bb61cca7890315876190229c2f70c5a9304b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:96:75:f6:b7:7d:9b:41:6c:b5:5e:56:9f:ba:
                    5e:3a:d4:90:00:1f:8d:e5:29:54:cc:ba:53:a1:18:
                    31:55:c1:c1:ea:27:46:01:92:e5:4a:b6:fe:c3:46:
                    da:84:be:dc:92:96:e1:19:b1:00:20:77:82:a7:ac:
                    83:08:8d:2a:02:f2:20:b7:72:22:89:f0:95:e7:1d:
                    72:3f:f5:ec:89:3f:32:7d:9f:20:e5:46:04:57:c0:
                    bf:de:e0:1f:4d:60:53:4c:0b:c7:c7:2f:6d:58:54:
                    6b:8b:7e:a6:b0:5a:f9:b5:2b:b2:05:f6:28:b3:af:
                    a7:8e:c3:d1:49:da:a8:6a:55:25:28:e2:6b:2b:b0:
                    a1:5d:4b:eb:1e:42:2d:53:dd:da:19:c6:df:e6:b0:
                    23:9b:81:9e:03:93:a7:1b:5c:96:62:1f:cb:14:7f:
                    21:6d:96:5f:b7:f7:14:29:2a:08:e2:21:b6:46:2f:
                    df:91:14:10:7c:13:41:f1:11:52:56:41:90:87:1c:
                    11:c5:7c:76:09:f6:77:1a:d1:93:bf:c9:5c:aa:3e:
                    10:49:9c:46:ea:9c:de:12:00:b7:5d:a6:16:a7:09:
                    34:00:e7:0e:79:96:db:27:22:07:a2:36:0d:2a:39:
                    3e:27:c6:6e:19:a2:ad:db:aa:a6:64:fb:b5:5d:b0:
                    a4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:BB:61:CC:A7:89:03:15:87:61:90:22:9C:2F:70:C5:A9:30:4B:5B
            X509v3 Authority Key Identifier:
                keyid:DC:7F:BD:67:74:41:CB:B5:C0:BD:47:BC:D2:F3:8B:A1:92:A3:36:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3H-9Z3RBy7XAvUe80vOLoZKjNqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/o7thzKeJAxWHYZAinC9wxakwS1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b25c3a-0c0b-4d4e-9813-76d3d480fa68/1/3H-9Z3RBy7XAvUe80vOLoZKjNqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         97:ea:5f:2c:b0:d5:99:b3:ec:74:06:93:44:cb:a4:92:94:13:
         49:3a:79:41:e7:72:fb:e8:48:66:3a:a2:d5:aa:bb:ea:c6:24:
         31:64:ff:a2:73:3f:9c:83:af:e2:02:02:de:74:3d:09:3a:7c:
         0a:b8:e2:a4:b9:b5:fd:48:ba:90:f2:2c:16:86:77:4f:11:a3:
         d3:4e:f3:b9:cf:b9:3f:a0:f0:7a:72:68:b1:8d:de:27:8e:94:
         76:c1:ce:72:a9:ad:39:3d:aa:45:8d:93:cc:2d:e3:27:28:5e:
         8c:4b:31:c6:a6:f4:64:7a:77:e7:dc:63:be:41:d4:3a:eb:7c:
         5c:46:61:f4:26:76:b3:9f:ad:fa:3d:54:e4:cf:10:78:8f:7c:
         2b:c8:03:1b:0a:e4:8a:c2:b2:f5:ec:2a:5f:36:10:8a:ee:aa:
         70:f6:3d:77:d2:53:c5:19:38:3e:7b:19:d6:aa:70:47:9c:61:
         1c:81:fc:f5:62:ea:35:94:fa:27:93:ca:b1:f1:59:a6:b8:d6:
         51:f6:ef:15:52:20:a3:98:58:c3:37:86:27:ca:42:1f:a2:9c:
         1b:3d:ce:3c:bd:72:9b:7c:69:1f:15:9d:c0:de:bd:64:3d:e5:
         fb:cf:13:97:f2:ce:79:d2:c9:2a:9d:e9:20:b0:2a:09:dc:27:
         28:5a:82:be
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4vUzFnpX2salsVnO1sEVORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjN2ZiZDY3NzQ0MWNiYjVjMGJkNDdiY2QyZjM4YmExOTJh
MzM2YTYwHhcNMjQwMzExMjEwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2JiNjFjY2E3ODkwMzE1ODc2MTkwMjI5YzJmNzBjNWE5MzA0YjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZZ19rd9m0FstV5Wn7peOtSQAB+N
5SlUzLpToRgxVcHB6idGAZLlSrb+w0bahL7ckpbhGbEAIHeCp6yDCI0qAvIgt3Ii
ifCV5x1yP/XsiT8yfZ8g5UYEV8C/3uAfTWBTTAvHxy9tWFRri36msFr5tSuyBfYo
s6+njsPRSdqoalUlKOJrK7ChXUvrHkItU93aGcbf5rAjm4GeA5OnG1yWYh/LFH8h
bZZft/cUKSoI4iG2Ri/fkRQQfBNB8RFSVkGQhxwRxXx2CfZ3GtGTv8lcqj4QSZxG
6pzeEgC3XaYWpwk0AOcOeZbbJyIHojYNKjk+J8ZuGaKt26qmZPu1XbCk1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKO7YcyniQMVh2GQIpwvcMWpMEtbMB8GA1UdIwQY
MBaAFNx/vWd0Qcu1wL1HvNLzi6GSozamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0gtOVozUkJ5N1hBdlVlODB2T0xvWktqTnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iMjVjM2EtMGMwYi00ZDRlLTk4MTMt
NzZkM2Q0ODBmYTY4LzEvbzd0aHpLZUpBeFdIWVpBaW5DOXd4YWt3UzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iMjVjM2EtMGMwYi00ZDRlLTk4MTMtNzZkM2Q0ODBmYTY4
LzEvM0gtOVozUkJ5N1hBdlVlODB2T0xvWktqTnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRjgDAN
BgkqhkiG9w0BAQsFAAOCAQEAl+pfLLDVmbPsdAaTRMukkpQTSTp5Qedy++hIZjqi
1aq76sYkMWT/onM/nIOv4gIC3nQ9CTp8CrjipLm1/Ui6kPIsFoZ3TxGj007zuc+5
P6DwenJosY3eJ46UdsHOcqmtOT2qRY2TzC3jJyhejEsxxqb0ZHp359xjvkHUOut8
XEZh9CZ2s5+t+j1U5M8QeI98K8gDGwrkisKy9ewqXzYQiu6qcPY9d9JTxRk4PnsZ
1qpwR5xhHIH89WLqNZT6J5PKsfFZprjWUfbvFVIgo5hYwzeGJ8pCH6KcGz3OPL1y
m3xpHxWdwN69ZD3l+88Tl/LOedLJKp3pILAqCdwnKFqCvg==
-----END CERTIFICATE-----