Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/GHoYC29SdZ8JHtSYpKsW5kablNc.roa
File:                     GHoYC29SdZ8JHtSYpKsW5kablNc.roa (raw, json)
Hash identifier:          Ggk2bB2uCoFFVfvkzavwaobQUbDhv+a9KTxQ1jDSQZ0=
Subject key identifier:   18:7A:18:0B:6F:52:75:9F:09:1E:D4:98:A4:AB:16:E6:46:9B:94:D7
Certificate issuer:       /CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
Certificate serial:       019436022981DAD11F9329A2957FC5F3544B
Authority key identifier: 3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/GHoYC29SdZ8JHtSYpKsW5kablNc.roa
Signing time:             Sun 05 Jan 2025 10:28:18 +0000
ROA not before:           Sun 05 Jan 2025 10:28:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214178
IP address blocks:        2a14:4b41:1201::/48 maxlen: 48
                          2a14:4b41:1203::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:36:02:29:81:da:d1:1f:93:29:a2:95:7f:c5:f3:54:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
        Validity
            Not Before: Jan  5 10:28:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=187a180b6f52759f091ed498a4ab16e6469b94d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c3:d4:c3:2a:30:4c:44:3c:47:d7:4a:1b:14:
                    5d:f8:f1:20:fd:01:08:81:3e:25:75:4a:46:85:76:
                    15:fb:51:03:ea:b1:f8:4e:9a:f3:c6:46:8e:d4:af:
                    b3:ed:da:4e:ce:d9:f1:8f:5d:20:64:55:92:b6:20:
                    6e:dc:05:16:fa:54:83:df:3a:1e:d8:4d:5b:0c:72:
                    04:d9:b2:11:21:8b:b4:ab:c4:4a:6c:6d:3e:34:42:
                    91:12:d3:5e:64:0f:9c:70:d3:f8:25:ca:dc:1a:c9:
                    52:ae:80:b2:8b:87:8c:8a:dc:2b:c1:09:64:d1:c3:
                    dd:f0:f3:1b:2f:71:7d:2a:79:2c:01:e7:64:f1:ba:
                    90:8f:78:2c:65:b3:a5:48:cb:0a:d1:9b:40:85:49:
                    12:6e:c4:94:6c:1a:04:96:e7:2b:b5:13:9e:25:d7:
                    f4:52:ef:f3:02:c4:cc:61:08:ad:4a:58:68:8f:23:
                    89:cc:7c:9f:95:4f:0d:58:ce:26:2e:99:d4:d0:be:
                    db:6a:16:17:85:79:4b:7f:10:7d:f4:62:b6:38:35:
                    c4:74:ea:7f:59:17:ba:d8:66:6e:56:0e:07:56:73:
                    7b:90:c2:bc:ee:1b:44:61:db:98:7e:d5:a9:3c:58:
                    25:f2:97:71:d7:c3:55:6b:a4:7e:ed:e5:06:36:9b:
                    49:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:7A:18:0B:6F:52:75:9F:09:1E:D4:98:A4:AB:16:E6:46:9B:94:D7
            X509v3 Authority Key Identifier:
                keyid:3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/GHoYC29SdZ8JHtSYpKsW5kablNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b41:1201::/48
                  2a14:4b41:1203::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:28:dc:1c:99:17:d6:e0:39:e7:e9:a0:27:45:59:31:81:15:
         a3:48:01:e0:35:b7:2f:34:a4:3d:11:35:8f:3f:b6:49:99:36:
         85:47:be:c8:68:46:69:83:f4:57:e1:54:e5:49:3b:f5:e7:b5:
         d5:44:e2:1e:e6:13:14:31:be:29:4a:34:e7:5a:1f:0f:95:48:
         d5:9b:0a:46:fa:34:e1:57:1a:60:6e:38:a0:96:a9:48:5c:43:
         0b:62:dc:b9:f4:24:2f:44:73:39:c4:a1:a9:ba:0a:13:0b:15:
         59:95:a3:1f:03:33:aa:33:4a:57:03:b5:f7:a1:00:ae:59:75:
         1b:4e:26:d9:bb:0e:63:46:f8:ca:4c:57:89:b2:4e:3f:32:12:
         26:ba:64:86:aa:d6:e9:2b:69:a1:db:b1:39:82:ca:aa:86:06:
         2e:bd:c2:f9:92:41:16:f6:c8:93:bb:4f:84:bd:a7:24:fc:30:
         ac:77:d9:f8:82:bc:f3:09:e1:b5:23:d1:7f:81:ed:ac:fb:b5:
         c2:de:b1:53:6e:0d:da:46:b2:c4:4a:14:b2:f6:1a:f9:a2:3a:
         f1:b7:0b:61:a5:e7:52:f4:37:da:d9:26:f7:51:f0:b4:af:f1:
         43:08:57:f2:e4:d7:06:ce:5d:e8:05:3f:17:7f:b7:4c:53:6d:
         30:67:be:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQ2AimB2tEfkymilX/F81RLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2VhMzNhZWE4YjM4NDI3ZjJiY2VmNWVkNGMyMTQyM2Ey
YTlkNjQwHhcNMjUwMTA1MTAyODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODdhMTgwYjZmNTI3NTlmMDkxZWQ0OThhNGFiMTZlNjQ2OWI5NGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMPUwyowTEQ8R9dKGxRd+PEg/QEI
gT4ldUpGhXYV+1ED6rH4TprzxkaO1K+z7dpOztnxj10gZFWStiBu3AUW+lSD3zoe
2E1bDHIE2bIRIYu0q8RKbG0+NEKREtNeZA+ccNP4JcrcGslSroCyi4eMitwrwQlk
0cPd8PMbL3F9KnksAedk8bqQj3gsZbOlSMsK0ZtAhUkSbsSUbBoElucrtROeJdf0
Uu/zAsTMYQitSlhojyOJzHyflU8NWM4mLpnU0L7bahYXhXlLfxB99GK2ODXEdOp/
WRe62GZuVg4HVnN7kMK87htEYduYftWpPFgl8pdx18NVa6R+7eUGNptJLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBh6GAtvUnWfCR7UmKSrFuZGm5TXMB8GA1UdIwQY
MBaAFDo+ozrqizhCfyvO9e1MIUI6Kp1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYt
MWQ2N2MzMjQ1MDFmLzEvR0hvWUMyOVNkWjhKSHRTWXBLc1c1a2FibE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYtMWQ2N2MzMjQ1MDFm
LzEvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhRLQRIB
AwcAKhRLQRIDMA0GCSqGSIb3DQEBCwUAA4IBAQAIKNwcmRfW4Dnn6aAnRVkxgRWj
SAHgNbcvNKQ9ETWPP7ZJmTaFR77IaEZpg/RX4VTlSTv157XVROIe5hMUMb4pSjTn
Wh8PlUjVmwpG+jThVxpgbjiglqlIXEMLYty59CQvRHM5xKGpugoTCxVZlaMfAzOq
M0pXA7X3oQCuWXUbTibZuw5jRvjKTFeJsk4/MhImumSGqtbpK2mh27E5gsqqhgYu
vcL5kkEW9siTu0+Evack/DCsd9n4grzzCeG1I9F/ge2s+7XC3rFTbg3aRrLEShSy
9hr5ojrxtwthpedS9Dfa2Sb3UfC0r/FDCFfy5NcGzl3oBT8Xf7dMU20wZ76I
-----END CERTIFICATE-----