Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/vMHATnzwQjutwctwwQWsq4wvPSw.roa
File:                     vMHATnzwQjutwctwwQWsq4wvPSw.roa (raw, json)
Hash identifier:          E4ItVq6aAXrKYlmiZz2lvg0tkEDxuKzvGvuPach/Uq4=
Subject key identifier:   BC:C1:C0:4E:7C:F0:42:3B:AD:C1:CB:70:C1:05:AC:AB:8C:2F:3D:2C
Certificate issuer:       /CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
Certificate serial:       0190BB204C1C82C4E349B639980311CF2092
Authority key identifier: 2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/vMHATnzwQjutwctwwQWsq4wvPSw.roa
Signing time:             Tue 16 Jul 2024 10:39:34 +0000
ROA not before:           Tue 16 Jul 2024 10:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:1b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:20:4c:1c:82:c4:e3:49:b6:39:98:03:11:cf:20:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
        Validity
            Not Before: Jul 16 10:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcc1c04e7cf0423badc1cb70c105acab8c2f3d2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:93:69:62:c2:7a:30:93:91:b0:07:04:35:e8:
                    d9:20:d1:fb:e6:13:09:83:bc:ed:09:a5:72:25:e3:
                    6e:c3:35:c2:00:36:44:6c:14:d7:50:98:e3:1d:11:
                    b2:92:9f:4f:2e:ed:83:bc:a3:c6:3c:f0:fb:81:7b:
                    6e:e6:81:76:3f:59:19:30:f1:1c:21:ff:07:07:a9:
                    48:8f:5b:4a:61:b0:56:8f:fa:ab:de:61:78:67:93:
                    e2:f0:9e:ac:51:30:2d:c3:d6:55:79:4d:db:4c:fc:
                    cf:e0:d8:c9:e1:15:a1:19:81:98:d1:f5:c7:24:36:
                    75:86:0e:02:6a:1f:4d:49:04:c3:27:14:da:ec:12:
                    d5:b0:ee:2a:79:f3:81:05:b9:5f:0c:62:54:63:fd:
                    0a:2d:7c:f9:82:a5:ca:11:65:50:99:9f:96:16:5d:
                    86:66:98:75:40:ed:3e:42:e7:17:22:cd:2a:89:ce:
                    11:df:16:0e:62:3e:f0:9c:1b:18:b4:14:f2:af:ba:
                    bf:d7:4c:ad:c7:84:26:93:90:32:f8:a1:f5:bf:4e:
                    f8:27:3a:94:10:f4:75:c0:10:12:ac:4d:11:eb:73:
                    54:2e:91:79:a2:59:23:1b:5f:00:56:bb:67:0a:4a:
                    89:d4:41:89:e0:1a:ef:af:df:80:0e:90:c7:07:02:
                    7d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C1:C0:4E:7C:F0:42:3B:AD:C1:CB:70:C1:05:AC:AB:8C:2F:3D:2C
            X509v3 Authority Key Identifier:
                keyid:2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/vMHATnzwQjutwctwwQWsq4wvPSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         e6:0e:1d:aa:da:be:50:86:e5:95:0d:0d:48:11:1f:3d:b2:8b:
         45:08:c4:0f:75:7c:76:0b:4c:45:ba:02:bd:df:a9:fa:aa:97:
         45:99:f6:e6:9c:be:1a:7a:55:5f:49:3c:1d:88:99:a6:86:d3:
         98:e9:16:89:85:3e:ea:92:11:86:30:ff:b5:01:70:39:ad:c4:
         84:3e:45:56:4b:33:02:39:db:9d:25:1a:1e:92:19:71:b9:54:
         dd:51:26:fe:86:de:6d:e7:db:ff:c4:69:6f:8d:49:4f:4c:7f:
         a8:84:38:8f:9e:1b:25:82:a4:8f:b7:a1:3d:cd:1f:ee:82:34:
         9c:c9:50:5e:db:d1:37:47:17:5d:89:c1:a3:ef:fa:f4:4f:31:
         95:e2:f8:ca:68:21:0b:ef:ec:5c:ca:9b:8c:ac:f4:68:a4:81:
         ad:41:17:01:dd:1d:3c:02:e5:06:cb:9b:76:62:b5:4d:2e:3e:
         0e:28:62:da:9e:81:64:ca:0a:a2:79:b5:63:0a:68:cd:cc:dd:
         b3:61:cf:37:43:3f:93:85:f5:48:2f:e9:16:ff:27:b5:21:11:
         71:49:ec:fb:37:4c:63:2d:2c:44:68:6f:02:7c:ca:37:32:3d:
         42:61:fd:8c:79:c0:fe:b1:0c:ae:18:3d:24:19:5e:77:03:9c:
         0b:8f:c8:8a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZC7IEwcgsTjSbY5mAMRzyCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYjgyODBjNmNiN2RiM2UwNzM5NTBkNTM1ZDZkOGM3MDVk
OTBiODcwHhcNMjQwNzE2MTAzOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2MxYzA0ZTdjZjA0MjNiYWRjMWNiNzBjMTA1YWNhYjhjMmYzZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pNpYsJ6MJORsAcENejZINH75hMJ
g7ztCaVyJeNuwzXCADZEbBTXUJjjHRGykp9PLu2DvKPGPPD7gXtu5oF2P1kZMPEc
If8HB6lIj1tKYbBWj/qr3mF4Z5Pi8J6sUTAtw9ZVeU3bTPzP4NjJ4RWhGYGY0fXH
JDZ1hg4Cah9NSQTDJxTa7BLVsO4qefOBBblfDGJUY/0KLXz5gqXKEWVQmZ+WFl2G
Zph1QO0+QucXIs0qic4R3xYOYj7wnBsYtBTyr7q/10ytx4Qmk5Ay+KH1v074JzqU
EPR1wBASrE0R63NULpF5olkjG18AVrtnCkqJ1EGJ4Brvr9+ADpDHBwJ9PQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLzBwE588EI7rcHLcMEFrKuMLz0sMB8GA1UdIwQY
MBaAFC+4KAxst9s+BzlQ1TXW2McF2QuHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQt
OWZkYjVjNTVhZTUwLzEvdk1IQVRuendRanV0d2N0d3dRV3NxNHd2UFN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQtOWZkYjVjNTVhZTUw
LzEvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQbQDAN
BgkqhkiG9w0BAQsFAAOCAQEA5g4dqtq+UIbllQ0NSBEfPbKLRQjED3V8dgtMRboC
vd+p+qqXRZn25py+GnpVX0k8HYiZpobTmOkWiYU+6pIRhjD/tQFwOa3EhD5FVksz
AjnbnSUaHpIZcblU3VEm/obebefb/8Rpb41JT0x/qIQ4j54bJYKkj7ehPc0f7oI0
nMlQXtvRN0cXXYnBo+/69E8xleL4ymghC+/sXMqbjKz0aKSBrUEXAd0dPALlBsub
dmK1TS4+Dihi2p6BZMoKonm1Ywpozczds2HPN0M/k4X1SC/pFv8ntSERcUns+zdM
Yy0sRGhvAnzKNzI9QmH9jHnA/rEMrhg9JBledwOcC4/Iig==
-----END CERTIFICATE-----