Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/p-Q0AVRLHgEvv0w21olCov5x--w.roa
File:                     p-Q0AVRLHgEvv0w21olCov5x--w.roa (raw, json)
Hash identifier:          U3ugieloEYbWBz3KjtFltmhOrwd/+h8hgBIYo45uxqM=
Subject key identifier:   A7:E4:34:01:54:4B:1E:01:2F:BF:4C:36:D6:89:42:A2:FE:71:FB:EC
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0193237413938E2E9C9ADCBD32CEF5997127
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/p-Q0AVRLHgEvv0w21olCov5x--w.roa
Signing time:             Wed 13 Nov 2024 02:57:09 +0000
ROA not before:           Wed 13 Nov 2024 02:57:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213878
IP address blocks:        2a14:67c1:20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:23:74:13:93:8e:2e:9c:9a:dc:bd:32:ce:f5:99:71:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Nov 13 02:57:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7e43401544b1e012fbf4c36d68942a2fe71fbec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a1:d7:9b:ef:8c:a9:b0:a1:90:d2:9f:f6:e3:
                    d0:d6:f4:6d:8e:bc:b2:fa:e2:00:1f:55:6c:c5:a2:
                    93:e3:30:db:70:9b:2f:01:f0:72:6c:1e:de:4d:d7:
                    38:de:40:45:e8:4b:5a:4e:e8:12:6c:1b:e8:17:d4:
                    8a:ba:b9:5a:ee:a4:bd:29:64:ea:77:2e:6a:f0:1f:
                    2d:7a:e3:a7:cf:d0:b1:12:df:fc:6e:63:35:63:40:
                    fb:a5:80:51:97:ea:eb:6a:5b:d7:76:67:c5:4b:53:
                    3a:32:87:76:51:18:40:c3:c2:a1:71:ef:5e:b1:6c:
                    ff:78:c1:02:2b:51:57:46:6a:ff:ca:53:37:b7:64:
                    6c:1b:ac:dc:69:52:b4:ea:10:b4:cf:00:31:85:9a:
                    91:07:37:e4:a2:84:bf:ea:ff:f7:c6:f1:db:1b:89:
                    d5:ae:88:c6:3e:99:a1:0a:80:57:ab:1d:14:eb:f4:
                    3a:e8:de:7c:ff:74:8c:98:1a:d1:94:cb:59:d7:c0:
                    80:70:df:e0:b1:2d:ce:53:6e:bb:3f:05:23:c3:94:
                    25:88:7a:9c:01:5a:cd:bf:c2:72:00:4b:ae:f9:59:
                    1a:0e:a7:15:7a:d3:fb:38:c3:1e:e7:62:6e:16:35:
                    ae:ad:4c:a0:6c:a9:e7:92:40:0b:69:06:02:ac:16:
                    c8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E4:34:01:54:4B:1E:01:2F:BF:4C:36:D6:89:42:A2:FE:71:FB:EC
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/p-Q0AVRLHgEvv0w21olCov5x--w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         12:88:fd:34:02:a5:12:8b:94:d1:bf:d6:a6:0a:99:d4:62:d0:
         84:cb:4e:02:17:9c:f3:af:f4:bb:b6:29:41:db:cb:c3:a1:b4:
         33:00:c0:fc:a0:3f:53:8f:e1:95:52:fd:1c:79:63:c2:49:0d:
         f5:1a:f8:c0:49:6d:30:ca:4e:9d:38:5c:63:c5:77:35:ee:e4:
         72:47:c5:d6:7c:08:8c:67:6e:25:26:b3:25:49:79:6e:30:30:
         d6:48:26:af:ec:10:9f:4d:dc:b7:53:9e:78:ec:58:bc:91:1b:
         a5:36:cb:47:05:6e:1d:dd:a8:25:3c:0b:13:c0:fc:9b:dd:03:
         91:d5:0d:cc:ec:15:07:a5:da:00:40:84:27:eb:84:98:06:55:
         ea:51:63:61:8f:c9:8e:eb:59:a9:4b:f7:b7:a7:28:1d:72:29:
         c9:94:e9:07:74:0d:e2:52:ce:e1:36:9f:f7:2a:25:7a:dc:4d:
         4b:6c:a2:6f:2d:1f:7d:fd:53:25:cc:dc:3c:bf:5a:73:0e:37:
         39:93:12:1c:ed:b2:68:ea:88:b3:a5:c4:14:49:01:39:61:43:
         35:a8:61:58:d3:e6:7a:61:6a:1f:cc:ae:00:d7:a6:47:ab:16:
         58:2f:0c:d5:fd:f4:11:6f:56:55:c5:e5:a4:14:4d:c6:9f:25:
         c3:da:27:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMjdBOTji6cmty9Ms71mXEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQxMTEzMDI1NzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2U0MzQwMTU0NGIxZTAxMmZiZjRjMzZkNjg5NDJhMmZlNzFmYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qHXm++MqbChkNKf9uPQ1vRtjryy
+uIAH1VsxaKT4zDbcJsvAfBybB7eTdc43kBF6EtaTugSbBvoF9SKurla7qS9KWTq
dy5q8B8teuOnz9CxEt/8bmM1Y0D7pYBRl+rralvXdmfFS1M6Mod2URhAw8Khce9e
sWz/eMECK1FXRmr/ylM3t2RsG6zcaVK06hC0zwAxhZqRBzfkooS/6v/3xvHbG4nV
rojGPpmhCoBXqx0U6/Q66N58/3SMmBrRlMtZ18CAcN/gsS3OU267PwUjw5QliHqc
AVrNv8JyAEuu+VkaDqcVetP7OMMe52JuFjWurUygbKnnkkALaQYCrBbIpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKfkNAFUSx4BL79MNtaJQqL+cfvsMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvcC1RMEFWUkxIZ0V2djB3MjFvbENvdjV4LS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwQAg
MA0GCSqGSIb3DQEBCwUAA4IBAQASiP00AqUSi5TRv9amCpnUYtCEy04CF5zzr/S7
tilB28vDobQzAMD8oD9Tj+GVUv0ceWPCSQ31GvjASW0wyk6dOFxjxXc17uRyR8XW
fAiMZ24lJrMlSXluMDDWSCav7BCfTdy3U5547Fi8kRulNstHBW4d3aglPAsTwPyb
3QOR1Q3M7BUHpdoAQIQn64SYBlXqUWNhj8mO61mpS/e3pygdcinJlOkHdA3iUs7h
Np/3KiV63E1LbKJvLR99/VMlzNw8v1pzDjc5kxIc7bJo6oizpcQUSQE5YUM1qGFY
0+Z6YWofzK4A16ZHqxZYLwzV/fQRb1ZVxeWkFE3GnyXD2idr
-----END CERTIFICATE-----