Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/OYKPc_lev13m7c0K2xIt_bDXYyc.roa
File:                     OYKPc_lev13m7c0K2xIt_bDXYyc.roa (raw, json)
Hash identifier:          aob3cQrPcgwzLrRp5snLH1nqMq2xsJ/zTqFGEt5DzxA=
Subject key identifier:   39:82:8F:73:F9:5E:BF:5D:E6:ED:CD:0A:DB:12:2D:FD:B0:D7:63:27
Certificate issuer:       /CN=f03ed4fedf56d0b02b172c8f89ec376510cd3174
Certificate serial:       01921DE214D8A9828794BF7440636846B571
Authority key identifier: F0:3E:D4:FE:DF:56:D0:B0:2B:17:2C:8F:89:EC:37:65:10:CD:31:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8D7U_t9W0LArFyyPiew3ZRDNMXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/OYKPc_lev13m7c0K2xIt_bDXYyc.roa
Signing time:             Mon 23 Sep 2024 07:56:48 +0000
ROA not before:           Mon 23 Sep 2024 07:56:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2a14:34c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/8D7U_t9W0LArFyyPiew3ZRDNMXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/8D7U_t9W0LArFyyPiew3ZRDNMXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8D7U_t9W0LArFyyPiew3ZRDNMXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:e2:14:d8:a9:82:87:94:bf:74:40:63:68:46:b5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f03ed4fedf56d0b02b172c8f89ec376510cd3174
        Validity
            Not Before: Sep 23 07:56:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39828f73f95ebf5de6edcd0adb122dfdb0d76327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f9:57:f0:2e:e0:d8:e5:80:34:02:45:67:c4:
                    80:72:4f:2e:00:29:68:64:df:84:15:fb:ae:5a:ea:
                    a0:b9:5c:98:99:90:25:22:9c:07:51:9c:92:0d:a2:
                    e2:3e:60:d3:ed:83:9d:59:ca:db:e7:6f:c6:0d:a2:
                    54:af:47:35:30:e2:ee:d0:21:a5:db:da:b6:2b:a9:
                    8f:3f:af:9c:ea:cc:5f:ed:06:7c:13:59:04:bb:c9:
                    4d:fc:b5:4d:e6:a1:44:61:8a:1e:e7:44:96:8d:a0:
                    c9:cb:ea:5c:77:82:9f:2c:79:5d:de:a1:54:56:1b:
                    9a:c0:4d:62:8b:7c:09:ea:54:34:41:71:6c:35:89:
                    15:a1:cf:00:d7:7e:ce:84:bf:b1:6c:4e:63:85:f5:
                    88:4e:03:79:d6:26:69:8a:6f:86:f9:2d:45:cf:75:
                    18:f6:c9:98:1f:31:09:78:d6:4f:c1:21:ca:30:65:
                    91:0b:10:4b:90:7f:1e:26:76:53:46:c5:84:1b:88:
                    29:f5:32:bb:c4:25:83:74:a0:ce:23:ce:de:0a:ca:
                    35:3c:81:6d:2c:21:e6:99:1d:67:36:f5:f2:49:58:
                    ee:ec:65:aa:8f:df:ab:84:00:56:cd:b9:ac:ca:60:
                    3e:03:71:21:69:df:60:b8:03:3c:0d:62:6d:97:bb:
                    4e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:82:8F:73:F9:5E:BF:5D:E6:ED:CD:0A:DB:12:2D:FD:B0:D7:63:27
            X509v3 Authority Key Identifier:
                keyid:F0:3E:D4:FE:DF:56:D0:B0:2B:17:2C:8F:89:EC:37:65:10:CD:31:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8D7U_t9W0LArFyyPiew3ZRDNMXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/OYKPc_lev13m7c0K2xIt_bDXYyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e63950-76e8-4f2b-8731-fb4fd07e26a0/1/8D7U_t9W0LArFyyPiew3ZRDNMXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:34c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:63:61:83:8e:da:93:f1:f7:83:dc:b6:a9:0c:02:9b:cf:cf:
         52:db:8a:c0:05:f3:02:f6:4d:37:d5:34:b5:27:36:e4:e2:fd:
         7b:43:95:06:47:e1:50:0f:c4:f4:f9:75:a4:15:c8:a1:97:61:
         bb:a4:11:7c:6e:0a:e7:e7:bb:4b:1d:40:0b:a1:18:40:56:a4:
         d9:05:92:02:3e:7b:ed:2c:51:9a:cd:a6:b8:f5:4e:2d:ec:cc:
         62:f9:06:fe:7e:e8:83:5d:d0:84:7a:fb:bb:26:31:1f:60:0d:
         96:af:c1:ab:9c:b3:ec:af:9d:09:0e:db:7b:2f:2e:24:57:bb:
         88:dc:df:55:c9:e9:6c:47:1e:0e:fb:80:65:6b:73:51:9a:5c:
         f0:b1:f6:c9:95:1b:9d:4c:6e:b2:50:e7:c1:64:68:0d:f0:76:
         96:98:12:e0:be:5a:26:63:0e:88:bf:3d:d1:1f:44:52:2e:8a:
         1f:2b:e8:87:35:dd:bb:26:01:57:52:3b:8c:9e:eb:92:ca:ec:
         51:11:a3:de:eb:18:25:b4:ce:2d:e7:66:2b:a6:ae:62:7b:df:
         94:00:7c:16:7e:33:ac:94:8d:00:1a:ca:06:6e:b7:1d:64:19:
         32:bc:5a:19:9e:f4:c5:27:ed:c8:8a:fb:93:13:83:19:ec:ec:
         43:3c:d9:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZId4hTYqYKHlL90QGNoRrVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwM2VkNGZlZGY1NmQwYjAyYjE3MmM4Zjg5ZWMzNzY1MTBj
ZDMxNzQwHhcNMjQwOTIzMDc1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTgyOGY3M2Y5NWViZjVkZTZlZGNkMGFkYjEyMmRmZGIwZDc2MzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqflX8C7g2OWANAJFZ8SAck8uAClo
ZN+EFfuuWuqguVyYmZAlIpwHUZySDaLiPmDT7YOdWcrb52/GDaJUr0c1MOLu0CGl
29q2K6mPP6+c6sxf7QZ8E1kEu8lN/LVN5qFEYYoe50SWjaDJy+pcd4KfLHld3qFU
VhuawE1ii3wJ6lQ0QXFsNYkVoc8A137OhL+xbE5jhfWITgN51iZpim+G+S1Fz3UY
9smYHzEJeNZPwSHKMGWRCxBLkH8eJnZTRsWEG4gp9TK7xCWDdKDOI87eCso1PIFt
LCHmmR1nNvXySVju7GWqj9+rhABWzbmsymA+A3Ehad9guAM8DWJtl7tO0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDmCj3P5Xr9d5u3NCtsSLf2w12MnMB8GA1UdIwQY
MBaAFPA+1P7fVtCwKxcsj4nsN2UQzTF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEQ3VV90OVcwTEFyRnl5UGlldzNaUkROTVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lNjM5NTAtNzZlOC00ZjJiLTg3MzEt
ZmI0ZmQwN2UyNmEwLzEvT1lLUGNfbGV2MTNtN2MwSzJ4SXRfYkRYWXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lNjM5NTAtNzZlOC00ZjJiLTg3MzEtZmI0ZmQwN2UyNmEw
LzEvOEQ3VV90OVcwTEFyRnl5UGlldzNaUkROTVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQ0wDAN
BgkqhkiG9w0BAQsFAAOCAQEAJWNhg47ak/H3g9y2qQwCm8/PUtuKwAXzAvZNN9U0
tSc25OL9e0OVBkfhUA/E9Pl1pBXIoZdhu6QRfG4K5+e7Sx1AC6EYQFak2QWSAj57
7SxRms2muPVOLezMYvkG/n7og13QhHr7uyYxH2ANlq/Bq5yz7K+dCQ7bey8uJFe7
iNzfVcnpbEceDvuAZWtzUZpc8LH2yZUbnUxuslDnwWRoDfB2lpgS4L5aJmMOiL89
0R9EUi6KHyvohzXduyYBV1I7jJ7rksrsURGj3usYJbTOLedmK6auYnvflAB8Fn4z
rJSNABrKBm63HWQZMrxaGZ70xSftyIr7kxODGezsQzzZSw==
-----END CERTIFICATE-----