Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/7bSAFkw8mYGAQF0iWk3mXADuChs.roa
File:                     7bSAFkw8mYGAQF0iWk3mXADuChs.roa (raw, json)
Hash identifier:          ZXZEDJ9rklneLogew/FkYO56QINp+rf0V1tN2msa3e4=
Subject key identifier:   ED:B4:80:16:4C:3C:99:81:80:40:5D:22:5A:4D:E6:5C:00:EE:0A:1B
Certificate issuer:       /CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
Certificate serial:       0192B8EC10682D9E9AE05553A58B6DB1ECA4
Authority key identifier: 8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/7bSAFkw8mYGAQF0iWk3mXADuChs.roa
Signing time:             Wed 23 Oct 2024 10:28:51 +0000
ROA not before:           Wed 23 Oct 2024 10:28:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        2a14:2340::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:ec:10:68:2d:9e:9a:e0:55:53:a5:8b:6d:b1:ec:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
        Validity
            Not Before: Oct 23 10:28:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edb480164c3c998180405d225a4de65c00ee0a1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:86:dc:1e:c5:e1:2f:35:45:1b:a9:94:c5:dd:
                    66:8d:e9:da:1a:c6:ef:33:db:13:80:df:99:8c:a3:
                    c5:7c:a2:18:69:d1:42:77:e0:c5:39:b5:c3:1c:f7:
                    dd:f2:d1:4d:43:29:9d:d7:d6:0e:09:20:fc:33:c1:
                    b9:e9:8b:ca:27:5c:a7:46:27:37:98:d0:1c:a8:4d:
                    1a:fe:a8:b6:38:88:f0:fe:1c:5d:2d:c7:8a:f6:0c:
                    f9:74:8b:b6:9c:f1:49:a0:8f:14:71:a6:8b:30:41:
                    af:35:13:38:64:49:d3:0c:ed:dc:b6:36:c3:f7:55:
                    a9:d4:4b:1d:09:50:7a:89:1d:de:1b:7a:4b:28:39:
                    4a:44:a5:e5:bf:58:63:51:6f:6c:cc:11:c0:f3:8d:
                    af:a2:1b:a9:33:0b:91:69:08:e4:4f:a6:7c:25:72:
                    e0:68:ff:8e:3c:6d:3f:8a:ce:bc:e0:a7:2e:dd:cf:
                    5e:3f:70:f0:3b:a3:da:01:fb:7f:07:e5:38:27:bd:
                    83:51:dc:d3:cb:c7:69:31:49:64:ef:8e:80:d2:67:
                    39:54:38:d2:b5:e8:db:3a:d6:74:04:21:97:47:2d:
                    89:fc:5c:6b:c3:d2:b7:60:8d:59:70:f2:57:68:b1:
                    53:cc:89:ba:ea:d4:12:7e:b9:a5:2c:94:82:6d:c8:
                    1a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B4:80:16:4C:3C:99:81:80:40:5D:22:5A:4D:E6:5C:00:EE:0A:1B
            X509v3 Authority Key Identifier:
                keyid:8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/7bSAFkw8mYGAQF0iWk3mXADuChs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2340::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:81:1d:ad:d6:7d:cf:69:3f:39:65:32:a9:25:fa:95:1b:e9:
         ac:b3:37:c4:4d:ce:7b:7c:cf:3d:a8:67:b0:11:04:bb:2d:3c:
         be:62:27:7b:dc:a8:22:cb:f5:56:c3:2f:e6:90:c4:85:95:fe:
         ec:bc:49:7d:90:a7:ed:53:0b:ee:d9:29:83:55:8c:eb:1c:3b:
         c5:6b:b7:f4:2f:59:75:1a:0d:18:a3:75:ca:45:e6:a3:9f:1b:
         87:c1:9b:af:59:39:97:ee:e7:65:ae:82:71:0e:b3:60:9a:64:
         3f:1a:50:eb:53:23:a8:16:14:c1:77:6b:70:4a:bf:8d:c7:15:
         a1:8a:d0:c4:db:1e:ff:7a:9c:6d:e2:8d:22:55:58:99:c0:cd:
         46:75:6c:66:c2:3e:0f:35:ea:c7:31:45:0c:0c:a0:50:9a:3c:
         9a:aa:83:6e:f8:00:b8:99:01:c4:33:de:b2:8d:e1:ac:3f:fc:
         77:cb:03:d4:8b:de:8d:6f:c5:55:f7:38:80:64:97:b2:d1:a6:
         13:eb:9f:00:d4:81:1d:eb:b2:aa:d9:f2:0e:d1:a2:c5:9c:39:
         b8:d7:b1:4f:13:b0:45:14:ce:41:47:89:25:ae:e4:fd:ae:7b:
         4c:47:80:9e:20:5f:6f:75:a2:85:11:cc:8b:c3:bd:0c:01:a5:
         a4:fb:fa:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZK47BBoLZ6a4FVTpYttseykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjdjMDljMWEzZjczZWJlNjE3NDBhYjY1ZTU4OWY5MTY1
NWJkZWQwHhcNMjQxMDIzMTAyODUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGI0ODAxNjRjM2M5OTgxODA0MDVkMjI1YTRkZTY1YzAwZWUwYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3obcHsXhLzVFG6mUxd1mjenaGsbv
M9sTgN+ZjKPFfKIYadFCd+DFObXDHPfd8tFNQymd19YOCSD8M8G56YvKJ1ynRic3
mNAcqE0a/qi2OIjw/hxdLceK9gz5dIu2nPFJoI8UcaaLMEGvNRM4ZEnTDO3ctjbD
91Wp1EsdCVB6iR3eG3pLKDlKRKXlv1hjUW9szBHA842vohupMwuRaQjkT6Z8JXLg
aP+OPG0/is684Kcu3c9eP3DwO6PaAft/B+U4J72DUdzTy8dpMUlk746A0mc5VDjS
tejbOtZ0BCGXRy2J/Fxrw9K3YI1ZcPJXaLFTzIm66tQSfrmlLJSCbcgaLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO20gBZMPJmBgEBdIlpN5lwA7gobMB8GA1UdIwQY
MBaAFI73wJwaP3Pr5hdAq2XlifkWVb3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDkt
ZjYyYmU5ZThhNjcxLzEvN2JTQUZrdzhtWUdBUUYwaVdrM21YQUR1Q2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDktZjYyYmU5ZThhNjcx
LzEvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQjQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVgR2t1n3PaT85ZTKpJfqVG+msszfETc57fM89
qGewEQS7LTy+Yid73Kgiy/VWwy/mkMSFlf7svEl9kKftUwvu2SmDVYzrHDvFa7f0
L1l1Gg0Yo3XKReajnxuHwZuvWTmX7udlroJxDrNgmmQ/GlDrUyOoFhTBd2twSr+N
xxWhitDE2x7/epxt4o0iVViZwM1GdWxmwj4PNerHMUUMDKBQmjyaqoNu+AC4mQHE
M96yjeGsP/x3ywPUi96Nb8VV9ziAZJey0aYT658A1IEd67Kq2fIO0aLFnDm417FP
E7BFFM5BR4klruT9rntMR4CeIF9vdaKFEcyLw70MAaWk+/qk
-----END CERTIFICATE-----