Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/4e8d57-53ca-49c5-97ef-1c876db44fe2/1/x4wnEsKHYftOyiDhdcvz3wCqgOk.roa
File:                     x4wnEsKHYftOyiDhdcvz3wCqgOk.roa (raw, json)
Hash identifier:          Ll5jOKkrYE+IoMqtvXxIwtg2/7+xp2hF1LciTvneJbE=
Subject key identifier:   C7:8C:27:12:C2:87:61:FB:4E:CA:20:E1:75:CB:F3:DF:00:AA:80:E9
Certificate issuer:       /CN=7316772efce2a133fb7f8720929d0560cef1db46
Certificate serial:       019080CF779A0499A3A775DAC92280F7E9D6
Authority key identifier: 73:16:77:2E:FC:E2:A1:33:FB:7F:87:20:92:9D:05:60:CE:F1:DB:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxZ3LvzioTP7f4cgkp0FYM7x20Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/4e8d57-53ca-49c5-97ef-1c876db44fe2/1/x4wnEsKHYftOyiDhdcvz3wCqgOk.roa
Signing time:             Fri 05 Jul 2024 02:53:18 +0000
ROA not before:           Fri 05 Jul 2024 02:53:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394109
IP address blocks:        2a14:78c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/4e8d57-53ca-49c5-97ef-1c876db44fe2/1/cxZ3LvzioTP7f4cgkp0FYM7x20Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/4e8d57-53ca-49c5-97ef-1c876db44fe2/1/cxZ3LvzioTP7f4cgkp0FYM7x20Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cxZ3LvzioTP7f4cgkp0FYM7x20Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:80:cf:77:9a:04:99:a3:a7:75:da:c9:22:80:f7:e9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7316772efce2a133fb7f8720929d0560cef1db46
        Validity
            Not Before: Jul  5 02:53:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c78c2712c28761fb4eca20e175cbf3df00aa80e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:50:fb:33:2d:85:5e:e6:c3:1c:58:b5:d5:7a:
                    61:a4:1d:94:a3:bf:96:8f:8f:53:6b:0f:06:97:97:
                    5d:d2:c9:e1:ea:aa:f7:30:bb:6b:05:55:7a:97:a5:
                    f4:77:1c:4b:31:13:1f:e0:51:3f:e5:79:f6:87:44:
                    e9:8a:8e:12:ed:0e:f1:27:ba:00:dc:a7:57:c9:d6:
                    6e:52:1e:31:62:3a:4d:b6:f5:e3:90:2f:76:9f:e7:
                    6e:03:c8:5d:be:e4:ce:e5:d8:47:d9:2d:56:ae:4d:
                    1a:67:a5:83:10:cc:51:96:58:8a:73:46:f2:01:1d:
                    88:d1:7a:9c:9f:0d:3e:f8:6e:f7:11:d7:89:eb:ad:
                    78:24:b3:64:51:23:d4:39:82:8f:b6:b2:09:d8:0c:
                    46:89:3d:f8:7d:76:ef:dd:3b:fb:72:4a:d7:ae:67:
                    87:51:2c:d2:84:4d:b1:55:38:d4:f0:9f:23:ad:1a:
                    b5:74:e0:64:0c:c0:f6:4a:88:b6:9b:35:b5:a9:15:
                    b1:34:02:d9:b7:13:05:c0:19:ed:4c:2a:4c:dd:b0:
                    d2:dc:17:a9:02:c4:c6:a5:95:0c:24:1a:be:d7:bd:
                    d8:b7:24:6a:3e:9f:7c:f8:ed:86:76:86:f2:a0:c8:
                    ab:ff:1d:bc:5a:bf:45:f0:1d:08:4a:f7:9a:98:26:
                    d7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8C:27:12:C2:87:61:FB:4E:CA:20:E1:75:CB:F3:DF:00:AA:80:E9
            X509v3 Authority Key Identifier:
                keyid:73:16:77:2E:FC:E2:A1:33:FB:7F:87:20:92:9D:05:60:CE:F1:DB:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxZ3LvzioTP7f4cgkp0FYM7x20Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4e8d57-53ca-49c5-97ef-1c876db44fe2/1/x4wnEsKHYftOyiDhdcvz3wCqgOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4e8d57-53ca-49c5-97ef-1c876db44fe2/1/cxZ3LvzioTP7f4cgkp0FYM7x20Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:78c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:96:1a:90:a6:b1:23:1c:c2:8c:a7:b7:1c:ec:5a:ba:ad:8f:
         ab:b5:5c:76:60:e0:9c:31:af:b3:f8:e4:79:0e:8f:b8:92:d1:
         78:6a:74:e0:72:63:91:01:61:69:b0:84:14:a0:12:05:0a:88:
         12:7f:2d:89:f3:af:12:4b:cc:7b:69:71:e4:06:af:07:e7:68:
         24:2f:61:1e:62:ab:62:4f:51:e4:7d:f5:7c:eb:5e:07:c9:4d:
         c1:91:f8:20:a6:1e:d6:a6:a9:1e:9d:83:2b:a4:c5:82:74:33:
         2a:a2:09:d2:ee:c7:ec:b8:f9:58:34:79:76:8e:1d:97:d5:12:
         4f:3c:98:fd:ad:cd:50:19:27:d5:5f:61:bd:0b:dc:29:f1:35:
         11:df:ac:53:20:93:db:0b:96:24:1c:3f:53:63:e6:59:46:26:
         78:6d:aa:55:1b:a7:9b:bf:4a:3c:8d:d3:94:4a:b8:bf:86:e0:
         8f:ec:25:74:53:91:bf:6a:29:3b:da:de:4a:a4:0e:ed:3b:1b:
         74:d8:a0:d6:53:bb:7f:fb:15:c5:6e:fe:f2:b6:bb:58:0c:bb:
         d6:1c:8d:b0:c6:76:22:50:a0:43:2b:ae:b8:22:c4:22:ec:21:
         12:92:e6:08:18:18:03:e8:4e:13:85:ec:de:54:3d:4f:e0:00:
         92:5d:7a:5a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCAz3eaBJmjp3XaySKA9+nWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTY3NzJlZmNlMmExMzNmYjdmODcyMDkyOWQwNTYwY2Vm
MWRiNDYwHhcNMjQwNzA1MDI1MzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhjMjcxMmMyODc2MWZiNGVjYTIwZTE3NWNiZjNkZjAwYWE4MGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVD7My2FXubDHFi11XphpB2Uo7+W
j49Taw8Gl5dd0snh6qr3MLtrBVV6l6X0dxxLMRMf4FE/5Xn2h0Tpio4S7Q7xJ7oA
3KdXydZuUh4xYjpNtvXjkC92n+duA8hdvuTO5dhH2S1Wrk0aZ6WDEMxRlliKc0by
AR2I0Xqcnw0++G73EdeJ6614JLNkUSPUOYKPtrIJ2AxGiT34fXbv3Tv7ckrXrmeH
USzShE2xVTjU8J8jrRq1dOBkDMD2Soi2mzW1qRWxNALZtxMFwBntTCpM3bDS3Bep
AsTGpZUMJBq+173YtyRqPp98+O2GdobyoMir/x28Wr9F8B0ISveamCbXMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMeMJxLCh2H7Tsog4XXL898AqoDpMB8GA1UdIwQY
MBaAFHMWdy784qEz+3+HIJKdBWDO8dtGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3haM0x2emlvVFA3ZjRjZ2twMEZZTTd4MjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80ZThkNTctNTNjYS00OWM1LTk3ZWYt
MWM4NzZkYjQ0ZmUyLzEveDR3bkVzS0hZZnRPeWlEaGRjdnozd0NxZ09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80ZThkNTctNTNjYS00OWM1LTk3ZWYtMWM4NzZkYjQ0ZmUy
LzEvY3haM0x2emlvVFA3ZjRjZ2twMEZZTTd4MjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhR4wDAN
BgkqhkiG9w0BAQsFAAOCAQEAQpYakKaxIxzCjKe3HOxauq2Pq7VcdmDgnDGvs/jk
eQ6PuJLReGp04HJjkQFhabCEFKASBQqIEn8tifOvEkvMe2lx5AavB+doJC9hHmKr
Yk9R5H31fOteB8lNwZH4IKYe1qapHp2DK6TFgnQzKqIJ0u7H7Lj5WDR5do4dl9US
TzyY/a3NUBkn1V9hvQvcKfE1Ed+sUyCT2wuWJBw/U2PmWUYmeG2qVRunm79KPI3T
lEq4v4bgj+wldFORv2opO9reSqQO7TsbdNig1lO7f/sVxW7+8ra7WAy71hyNsMZ2
IlCgQyuuuCLEIuwhEpLmCBgYA+hOE4Xs3lQ9T+AAkl16Wg==
-----END CERTIFICATE-----