Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/PlNyg2RwFEGROgUOS-sF4U3g2Gc.roa
File:                     PlNyg2RwFEGROgUOS-sF4U3g2Gc.roa (raw, json)
Hash identifier:          7Z03kZ1F1780f05ndsxWSJevUCubeug83dya6Ulky0c=
Subject key identifier:   3E:53:72:83:64:70:14:41:91:3A:05:0E:4B:EB:05:E1:4D:E0:D8:67
Certificate issuer:       /CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
Certificate serial:       0190CA6954AF8B883989824B9CD8161E6A5C
Authority key identifier: 63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/PlNyg2RwFEGROgUOS-sF4U3g2Gc.roa
Signing time:             Fri 19 Jul 2024 09:53:38 +0000
ROA not before:           Fri 19 Jul 2024 09:53:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a14:4b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ca:69:54:af:8b:88:39:89:82:4b:9c:d8:16:1e:6a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
        Validity
            Not Before: Jul 19 09:53:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e53728364701441913a050e4beb05e14de0d867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e3:34:98:84:43:59:db:59:a0:bd:92:85:e7:
                    14:a2:ad:f6:68:3a:38:fc:34:7b:b0:b2:71:19:8e:
                    b8:f5:58:c1:5b:78:94:df:c4:c9:e5:ef:80:23:0e:
                    83:a1:e5:f2:33:8e:f1:a5:ca:a2:e4:95:d3:71:e7:
                    d8:73:0f:6f:38:07:b2:63:31:25:2f:95:9b:20:2d:
                    68:e7:f3:10:d2:da:67:66:b5:fc:b6:ee:cf:ea:2c:
                    ef:74:1e:5e:d3:bd:88:15:5e:3b:22:cd:a3:e8:de:
                    97:c6:82:52:a4:67:39:9f:05:f1:6d:31:5d:f4:33:
                    09:89:17:92:69:51:f4:cc:a6:5f:c2:1d:e9:80:81:
                    4a:14:c3:88:e8:57:b2:65:d7:84:fd:cc:c0:6b:81:
                    da:32:59:5f:84:70:7f:e3:91:bc:df:52:20:54:d9:
                    6e:d9:ae:0f:0b:40:39:ef:37:a4:d7:10:a7:84:ad:
                    14:6a:80:7f:b1:fc:70:75:24:78:48:99:e5:59:a6:
                    7a:9e:99:00:7d:42:02:52:8a:49:10:c1:6d:72:6e:
                    cf:02:e7:15:8b:d6:73:68:52:ee:dd:8a:bc:f8:c8:
                    6b:9b:84:7b:42:66:67:12:62:2b:c8:4d:e5:d6:7a:
                    64:13:19:65:f8:e7:4a:61:b2:11:1e:7a:7b:2a:de:
                    f7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:53:72:83:64:70:14:41:91:3A:05:0E:4B:EB:05:E1:4D:E0:D8:67
            X509v3 Authority Key Identifier:
                keyid:63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/PlNyg2RwFEGROgUOS-sF4U3g2Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:38:76:6c:df:88:36:d2:e8:68:6d:7b:3d:c8:e2:1b:ea:60:
         b6:41:ba:3e:1f:c7:d1:8e:98:cc:82:a4:6d:8c:9a:9b:6f:3f:
         67:7d:6a:89:94:30:ac:d2:34:32:30:86:2b:53:d5:dd:60:66:
         1d:97:5e:a3:f1:c4:5e:46:66:0e:d6:f0:51:0a:5a:55:e7:26:
         20:47:cf:f8:0c:ea:a2:b3:4d:32:44:1a:5e:24:c8:3b:b6:b2:
         93:1c:d0:40:1c:d1:34:94:53:5c:ac:8e:3b:e8:a3:13:04:8e:
         5a:08:cc:08:62:de:ee:b5:ec:c0:85:23:8f:8f:2c:2e:17:ed:
         7e:95:0f:2d:5e:55:c1:44:8c:44:0c:c8:f2:d0:ec:6d:94:f2:
         29:1e:0c:6b:3c:92:d8:78:bb:02:4c:10:fb:7e:15:03:84:1e:
         f8:20:71:fb:e7:0f:25:da:1d:cb:38:f5:44:ae:06:4a:a2:55:
         71:3b:c0:b9:40:3d:d0:ca:43:fa:01:43:7a:53:fb:a8:b7:d4:
         ef:45:b0:e9:f8:6d:da:d5:71:70:8e:fb:00:f2:4e:c4:c7:dc:
         81:1d:39:93:ae:45:6a:c2:00:f1:1a:ea:3e:b7:2a:4c:ba:41:
         0c:b4:c0:dc:79:b6:71:25:2b:9d:e0:23:e3:a1:74:d8:c1:5f:
         31:0f:05:02
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDKaVSvi4g5iYJLnNgWHmpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNWQ1YjY0NGUyMmZiNDg4ZTRkNmMwMDEyYjBhYWJmMjM4
ZTYxZTUwHhcNMjQwNzE5MDk1MzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTUzNzI4MzY0NzAxNDQxOTEzYTA1MGU0YmViMDVlMTRkZTBkODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+M0mIRDWdtZoL2ShecUoq32aDo4
/DR7sLJxGY649VjBW3iU38TJ5e+AIw6DoeXyM47xpcqi5JXTcefYcw9vOAeyYzEl
L5WbIC1o5/MQ0tpnZrX8tu7P6izvdB5e072IFV47Is2j6N6XxoJSpGc5nwXxbTFd
9DMJiReSaVH0zKZfwh3pgIFKFMOI6FeyZdeE/czAa4HaMllfhHB/45G831IgVNlu
2a4PC0A57zek1xCnhK0UaoB/sfxwdSR4SJnlWaZ6npkAfUICUopJEMFtcm7PAucV
i9ZzaFLu3Yq8+Mhrm4R7QmZnEmIryE3l1npkExll+OdKYbIRHnp7Kt730QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD5TcoNkcBRBkToFDkvrBeFN4NhnMB8GA1UdIwQY
MBaAFGNdW2ROIvtIjk1sABKwqr8jjmHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGIt
ZjVhZjYxNmI1NDgzLzEvUGxOeWcyUndGRUdST2dVT1Mtc0Y0VTNnMkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGItZjVhZjYxNmI1NDgz
LzEvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRLADAN
BgkqhkiG9w0BAQsFAAOCAQEAhTh2bN+INtLoaG17PcjiG+pgtkG6Ph/H0Y6YzIKk
bYyam28/Z31qiZQwrNI0MjCGK1PV3WBmHZdeo/HEXkZmDtbwUQpaVecmIEfP+Azq
orNNMkQaXiTIO7aykxzQQBzRNJRTXKyOO+ijEwSOWgjMCGLe7rXswIUjj48sLhft
fpUPLV5VwUSMRAzI8tDsbZTyKR4MazyS2Hi7AkwQ+34VA4Qe+CBx++cPJdodyzj1
RK4GSqJVcTvAuUA90MpD+gFDelP7qLfU70Ww6fht2tVxcI77APJOxMfcgR05k65F
asIA8RrqPrcqTLpBDLTA3Hm2cSUrneAj46F02MFfMQ8FAg==
-----END CERTIFICATE-----