Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/MZeHfhfNsnxHmfBUYltNryL48u0.roa
File:                     MZeHfhfNsnxHmfBUYltNryL48u0.roa (raw, json)
Hash identifier:          1llPepVnrGMAlKJZTxjmk6/MRLbiN1mxfwjbp2QeY5g=
Subject key identifier:   31:97:87:7E:17:CD:B2:7C:47:99:F0:54:62:5B:4D:AF:22:F8:F2:ED
Certificate issuer:       /CN=47ddbcce2628bf09fae6bf044218c657e8bd3c6e
Certificate serial:       018EA790236EAC59E612E8F6489414A336DF
Authority key identifier: 47:DD:BC:CE:26:28:BF:09:FA:E6:BF:04:42:18:C6:57:E8:BD:3C:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/MZeHfhfNsnxHmfBUYltNryL48u0.roa
Signing time:             Thu 04 Apr 2024 05:23:45 +0000
ROA not before:           Thu 04 Apr 2024 05:23:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215239
IP address blocks:        2a14:2d40::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a7:90:23:6e:ac:59:e6:12:e8:f6:48:94:14:a3:36:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47ddbcce2628bf09fae6bf044218c657e8bd3c6e
        Validity
            Not Before: Apr  4 05:23:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3197877e17cdb27c4799f054625b4daf22f8f2ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:65:3b:32:f2:3e:88:5b:36:3e:ad:19:8b:e2:
                    ce:79:3f:e7:18:76:4a:56:b1:51:f6:61:25:a8:95:
                    3c:ea:d6:39:08:21:cc:69:cd:7d:bb:8f:87:61:5e:
                    9b:3a:72:44:b8:8d:c6:b6:10:e7:b9:91:a1:05:df:
                    c8:78:2c:8c:16:2c:6f:cc:64:a3:7b:9a:a8:26:95:
                    70:08:8f:26:ed:e5:b2:08:2c:c9:48:cd:e3:f8:55:
                    97:1c:49:3c:c4:ad:db:19:de:6a:cf:2b:2a:f6:32:
                    d9:7d:a9:60:e3:6a:49:2e:65:0d:e0:6e:26:2c:77:
                    3b:ec:4f:0f:cf:90:a0:a7:7a:14:cd:28:5e:1f:67:
                    72:6a:25:9e:79:2c:17:0f:24:68:b3:69:78:64:0e:
                    ce:c3:31:c3:2a:c1:d9:89:18:44:5d:e8:ff:30:91:
                    4b:0d:26:f5:73:af:93:19:9a:90:49:8a:6c:71:8e:
                    19:71:54:c7:35:3b:3a:6c:f9:a4:59:8b:73:6c:da:
                    e7:ec:c6:e2:cd:db:52:f7:75:c7:cf:d7:a7:91:3b:
                    69:35:74:f5:55:fd:9f:dc:42:63:35:ef:9d:9f:c3:
                    80:4d:af:fa:53:ff:23:85:ed:a3:55:c3:09:ca:34:
                    fc:90:28:45:7c:70:6d:e5:97:4f:92:3b:9a:2f:f8:
                    ad:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:97:87:7E:17:CD:B2:7C:47:99:F0:54:62:5B:4D:AF:22:F8:F2:ED
            X509v3 Authority Key Identifier:
                keyid:47:DD:BC:CE:26:28:BF:09:FA:E6:BF:04:42:18:C6:57:E8:BD:3C:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/MZeHfhfNsnxHmfBUYltNryL48u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:de:48:db:ed:a0:b7:b4:5d:88:93:ef:72:05:8e:4d:62:e9:
         57:d2:83:53:61:38:ea:cf:34:c4:d0:f5:0d:b1:2b:ed:37:06:
         8e:6e:ee:36:79:2b:c2:d0:a3:22:d1:4f:56:46:cf:ff:5c:f0:
         20:b0:d1:20:a4:18:2d:a3:69:42:c9:a3:a5:9f:d1:92:2a:35:
         aa:b8:f0:dc:0f:88:8e:24:31:a0:6d:a7:b5:52:e9:89:50:ae:
         56:e7:59:40:2a:ef:4c:a3:2f:3f:f1:f6:f4:2e:58:36:57:12:
         fc:e1:48:cd:b5:ca:d9:b4:fd:9c:d6:67:3f:4e:b3:57:13:9b:
         c0:f6:85:2c:3e:16:5f:42:28:e5:c5:29:6b:05:a8:96:b9:8c:
         c8:36:8b:ab:bf:4a:6b:d7:95:fb:59:5f:63:ae:58:58:5a:92:
         1d:07:39:0f:3c:ae:8f:e7:e5:ae:c6:8b:91:e9:b6:3d:d7:66:
         bb:31:0d:91:bb:76:13:1c:65:7f:18:bf:5b:00:c9:54:14:ea:
         32:d7:1d:64:b0:4a:b4:d9:4c:a6:7e:39:91:0e:48:4a:c7:0d:
         33:2c:5c:ca:d7:91:28:b7:91:3f:66:da:b7:c5:92:fa:7f:a5:
         5a:df:a4:f9:12:ee:cd:8b:db:4d:24:73:b2:78:82:4f:79:f2:
         22:c1:0d:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6nkCNurFnmEuj2SJQUozbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZGRiY2NlMjYyOGJmMDlmYWU2YmYwNDQyMThjNjU3ZThi
ZDNjNmUwHhcNMjQwNDA0MDUyMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTk3ODc3ZTE3Y2RiMjdjNDc5OWYwNTQ2MjViNGRhZjIyZjhmMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWU7MvI+iFs2Pq0Zi+LOeT/nGHZK
VrFR9mElqJU86tY5CCHMac19u4+HYV6bOnJEuI3GthDnuZGhBd/IeCyMFixvzGSj
e5qoJpVwCI8m7eWyCCzJSM3j+FWXHEk8xK3bGd5qzysq9jLZfalg42pJLmUN4G4m
LHc77E8Pz5Cgp3oUzSheH2dyaiWeeSwXDyRos2l4ZA7OwzHDKsHZiRhEXej/MJFL
DSb1c6+TGZqQSYpscY4ZcVTHNTs6bPmkWYtzbNrn7MbizdtS93XHz9enkTtpNXT1
Vf2f3EJjNe+dn8OATa/6U/8jhe2jVcMJyjT8kChFfHBt5ZdPkjuaL/it0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDGXh34XzbJ8R5nwVGJbTa8i+PLtMB8GA1UdIwQY
MBaAFEfdvM4mKL8J+ua/BEIYxlfovTxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjkyOHppWW92d242NXI4RVFoakdWLWk5UEc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hM2IzNTUtOWFmYS00MzRlLTgwOTgt
NTBkNzA5YmZmZWI1LzEvTVplSGZoZk5zbnhIbWZCVVlsdE5yeUw0OHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hM2IzNTUtOWFmYS00MzRlLTgwOTgtNTBkNzA5YmZmZWI1
LzEvUjkyOHppWW92d242NXI4RVFoakdWLWk5UEc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQtQDAN
BgkqhkiG9w0BAQsFAAOCAQEAvt5I2+2gt7RdiJPvcgWOTWLpV9KDU2E46s80xND1
DbEr7TcGjm7uNnkrwtCjItFPVkbP/1zwILDRIKQYLaNpQsmjpZ/Rkio1qrjw3A+I
jiQxoG2ntVLpiVCuVudZQCrvTKMvP/H29C5YNlcS/OFIzbXK2bT9nNZnP06zVxOb
wPaFLD4WX0Io5cUpawWolrmMyDaLq79Ka9eV+1lfY65YWFqSHQc5Dzyuj+flrsaL
kem2PddmuzENkbt2Exxlfxi/WwDJVBTqMtcdZLBKtNlMpn45kQ5ISscNMyxcyteR
KLeRP2bat8WS+n+lWt+k+RLuzYvbTSRzsniCT3nyIsEN1w==
-----END CERTIFICATE-----