Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa
File:                     326131343a366634353a3a2f33362d3438203d3e203530323234.roa (raw, json)
Hash identifier:          Cm6iG7rXYSmOBRLZv4C/D104nGz4969UDdr1rCKUD0A=
Subject key identifier:   05:BC:CD:42:7E:F1:90:E8:EF:77:A7:77:01:7E:F3:EC:F7:EB:33:8A
Certificate issuer:       /CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
Certificate serial:       4B99EDCC4A4328C4B640EB9998FFBB749B0C61E7
Authority key identifier: 3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa
Signing time:             Fri 18 Jul 2025 17:43:52 +0000
ROA not before:           Fri 18 Jul 2025 17:38:52 +0000
ROA not after:            Fri 17 Jul 2026 17:43:52 +0000
asID:                     50224
IP address blocks:        2a14:6f45::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 09:58:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:99:ed:cc:4a:43:28:c4:b6:40:eb:99:98:ff:bb:74:9b:0c:61:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
        Validity
            Not Before: Jul 18 17:38:52 2025 GMT
            Not After : Jul 17 17:43:52 2026 GMT
        Subject: CN=05BCCD427EF190E8EF77A777017EF3ECF7EB338A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ce:79:66:f3:c0:84:87:cb:c7:e6:92:bf:8c:
                    59:51:10:ed:ea:ab:e2:0c:1e:a4:dd:e6:ae:6e:73:
                    35:a0:98:0f:e1:09:0b:5d:a0:ad:32:d5:14:d7:52:
                    b6:e1:e0:4b:ba:de:6d:8c:b4:bc:33:d9:b4:2e:66:
                    dc:cd:74:0d:97:fa:9c:90:5d:5d:62:a5:52:4f:66:
                    22:e1:07:bb:f1:f1:8e:58:85:26:69:3b:da:8d:03:
                    d6:f1:bf:a3:54:f8:e5:a1:8a:b4:36:f8:f7:db:5b:
                    94:1e:a0:73:42:94:40:62:cf:2e:2d:b3:fc:a8:03:
                    44:8b:6d:32:e9:2a:d5:58:a4:4b:e5:a7:3f:27:8b:
                    ff:f3:33:89:75:bb:24:d0:c2:35:95:c5:32:f0:3a:
                    b6:00:78:61:ba:44:80:2e:8b:99:f4:5a:6e:06:fc:
                    d5:2c:92:3e:6b:bd:4e:32:23:af:99:90:be:f3:92:
                    d1:c1:02:46:e8:85:14:5c:b4:b0:f4:ac:79:60:32:
                    12:8b:90:0b:b7:05:fc:d2:a5:8c:00:f1:53:f1:10:
                    5c:12:39:2b:13:7d:bd:f0:5c:97:34:b2:2a:32:6e:
                    63:88:71:ed:28:af:df:35:bf:ed:6f:f4:fb:0b:e5:
                    5e:bc:01:fb:55:9f:f8:2a:c7:14:6a:8c:cf:f7:2d:
                    79:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:BC:CD:42:7E:F1:90:E8:EF:77:A7:77:01:7E:F3:EC:F7:EB:33:8A
            X509v3 Authority Key Identifier:
                keyid:3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6f45::/36

    Signature Algorithm: sha256WithRSAEncryption
         44:e9:1a:6d:47:9e:d2:4d:f4:49:f8:e1:79:a9:88:10:05:06:
         21:a3:62:f6:fb:cb:1b:88:c8:33:ee:60:f6:31:94:31:90:d5:
         09:d8:d1:b9:28:89:b7:f7:82:b2:07:3f:b3:d5:a6:29:82:8e:
         45:03:95:e4:53:c4:cb:29:7a:b7:30:24:80:fb:0b:35:56:9f:
         a7:fe:47:e3:d6:ee:ae:ca:b0:2a:5f:16:eb:0e:a0:a8:5d:07:
         05:f9:17:26:f0:32:6a:d5:8b:ff:c1:d7:7a:f3:2c:4a:2f:6c:
         17:56:80:32:ab:4a:08:37:fc:16:5b:ce:cf:4c:7b:e5:bd:cd:
         be:55:16:90:aa:47:dd:93:1c:84:5b:74:7c:23:10:28:85:52:
         88:20:0c:5d:ca:69:29:8c:7e:23:e8:0a:cd:a0:55:d1:e5:a0:
         62:99:94:06:c1:a8:6e:24:3a:dc:1a:ec:86:7b:b0:33:15:49:
         bb:e9:a3:66:16:25:26:76:91:a8:6d:18:37:eb:6e:2c:b8:46:
         01:72:96:70:d1:ae:2e:2d:26:2c:22:15:41:38:4e:3b:ba:98:
         37:1e:ac:d3:67:cf:dc:d3:c0:79:cc:5b:fa:f3:ef:c3:89:b1:
         a2:f9:08:f7:a6:cb:a7:e7:21:19:17:0a:e0:15:d7:3e:44:1b:
         0c:5a:aa:b0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUS5ntzEpDKMS2QOuZmP+7dJsMYecwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2VlZWJiOTQ2YThkMjFkNDA4M2M5M2RjMDljZWU1NTdi
YjJhYzMyZTAeFw0yNTA3MTgxNzM4NTJaFw0yNjA3MTcxNzQzNTJaMDMxMTAvBgNV
BAMTKDA1QkNDRDQyN0VGMTkwRThFRjc3QTc3NzAxN0VGM0VDRjdFQjMzOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuznlm88CEh8vH5pK/jFlREO3q
q+IMHqTd5q5uczWgmA/hCQtdoK0y1RTXUrbh4Eu63m2MtLwz2bQuZtzNdA2X+pyQ
XV1ipVJPZiLhB7vx8Y5YhSZpO9qNA9bxv6NU+OWhirQ2+PfbW5QeoHNClEBizy4t
s/yoA0SLbTLpKtVYpEvlpz8ni//zM4l1uyTQwjWVxTLwOrYAeGG6RIAui5n0Wm4G
/NUskj5rvU4yI6+ZkL7zktHBAkbohRRctLD0rHlgMhKLkAu3BfzSpYwA8VPxEFwS
OSsTfb3wXJc0sioybmOIce0or981v+1v9PsL5V68AftVn/gqxxRqjM/3LXlTAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUBbzNQn7xkOjvd6d3AX7z7PfrM4owHwYDVR0j
BBgwFoAUPu67lGqNIdQIPJPcCc7lV7sqwy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmZmN2E5ODktZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5
YjNkLzQvM0VFRUJCOTQ2QThEMjFENDA4M0M5M0RDMDlDRUU1NTdCQjJBQzMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1B1NjdsR3FOSWRRSVBKUGNDYzdsVjdz
cXd5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmZmN2E5ODkt
ZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5YjNkLzQvMzI2MTMxMzQzYTM2NjYzNDM1
M2EzYTJmMzMzNjJkMzQzODIwM2QzZTIwMzUzMDMyMzIzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoU
b0UAMA0GCSqGSIb3DQEBCwUAA4IBAQBE6RptR57STfRJ+OF5qYgQBQYho2L2+8sb
iMgz7mD2MZQxkNUJ2NG5KIm394KyBz+z1aYpgo5FA5XkU8TLKXq3MCSA+ws1Vp+n
/kfj1u6uyrAqXxbrDqCoXQcF+Rcm8DJq1Yv/wdd68yxKL2wXVoAyq0oIN/wWW87P
THvlvc2+VRaQqkfdkxyEW3R8IxAohVKIIAxdymkpjH4j6ArNoFXR5aBimZQGwahu
JDrcGuyGe7AzFUm76aNmFiUmdpGobRg3624suEYBcpZw0a4uLSYsIhVBOE47upg3
HqzTZ8/c08B5zFv68+/DibGi+Qj3psun5yEZFwrgFdc+RBsMWqqw
-----END CERTIFICATE-----