Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/U_B2xWBhou3uIdWLQ3WIdVwRoI0.roa
File:                     U_B2xWBhou3uIdWLQ3WIdVwRoI0.roa (raw, json)
Hash identifier:          OIXHna+Q/eccDeY8gf7RJ+eCf3MyZwUAnoNbj6G/+UU=
Subject key identifier:   53:F0:76:C5:60:61:A2:ED:EE:21:D5:8B:43:75:88:75:5C:11:A0:8D
Certificate issuer:       /CN=a3ca7b1c13a7d7b31231412b8fb6947a1747db9d
Certificate serial:       0190BB1E9F287807DF812141F06AF9E4047F
Authority key identifier: A3:CA:7B:1C:13:A7:D7:B3:12:31:41:2B:8F:B6:94:7A:17:47:DB:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/U_B2xWBhou3uIdWLQ3WIdVwRoI0.roa
Signing time:             Tue 16 Jul 2024 10:37:44 +0000
ROA not before:           Tue 16 Jul 2024 10:37:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:1c40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bb:1e:9f:28:78:07:df:81:21:41:f0:6a:f9:e4:04:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ca7b1c13a7d7b31231412b8fb6947a1747db9d
        Validity
            Not Before: Jul 16 10:37:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53f076c56061a2edee21d58b437588755c11a08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:0a:82:10:ae:79:20:b9:0f:22:89:9a:60:c2:
                    85:f6:56:0a:89:b3:bf:66:82:ca:d3:2e:c3:c7:2e:
                    13:62:42:f6:fb:7e:5f:9d:e7:e5:28:b1:49:cf:c2:
                    3d:bf:49:98:0b:9c:fb:64:84:b0:eb:8d:16:fa:d8:
                    3c:5d:62:03:6c:90:47:d4:79:7c:d6:ae:a6:b5:61:
                    28:88:e6:22:e3:57:79:76:83:fd:75:0a:51:a1:dd:
                    ba:a2:20:62:f8:10:d9:5e:3e:76:c0:09:d7:ec:b0:
                    a3:68:bc:df:9a:ac:6b:44:13:69:0e:ea:e5:6c:a9:
                    89:62:bc:59:6b:16:78:83:e8:66:4f:2b:d1:c6:41:
                    f1:e9:cf:a1:40:67:1f:12:31:94:95:b9:00:8d:48:
                    09:b6:fc:c0:bc:d7:4c:5f:9d:fa:78:de:e3:e4:42:
                    de:e5:f5:df:01:02:b0:dd:2f:52:68:cd:88:24:5e:
                    29:b0:a2:88:7d:1a:34:21:d1:0b:33:12:1a:8a:7a:
                    91:9e:27:fa:8d:e7:ea:97:55:e1:c0:78:6c:b1:ae:
                    4c:37:d4:e5:c0:43:c4:95:11:79:23:bd:da:b1:9f:
                    6e:0f:20:33:72:5a:f9:6f:b9:d3:a1:18:db:6a:61:
                    8a:a8:d7:08:c6:56:60:c0:06:ed:a0:a6:46:75:06:
                    cb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F0:76:C5:60:61:A2:ED:EE:21:D5:8B:43:75:88:75:5C:11:A0:8D
            X509v3 Authority Key Identifier:
                keyid:A3:CA:7B:1C:13:A7:D7:B3:12:31:41:2B:8F:B6:94:7A:17:47:DB:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/U_B2xWBhou3uIdWLQ3WIdVwRoI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:a0:cc:c4:92:81:12:fb:33:75:da:ef:dc:e2:43:e1:f8:22:
         16:32:f9:9d:1f:88:f6:d6:94:d5:fd:5f:05:cf:be:13:8e:8c:
         95:69:a0:13:ff:92:b4:e5:e1:68:f3:17:72:01:21:ec:57:16:
         7e:67:b6:f5:a0:29:0b:5c:86:4d:ba:9b:7e:ec:58:be:20:9d:
         63:9d:fc:3c:46:dd:44:a2:03:42:01:86:c4:fe:da:70:da:dd:
         79:dc:e7:40:fa:7c:a6:a6:44:7c:f1:8d:ee:9e:c9:0e:3e:2c:
         87:10:d5:63:80:d9:f7:3f:d4:94:68:d6:4d:b5:2e:ba:3a:62:
         db:c8:01:5b:78:73:0e:e2:75:7f:db:26:a6:fc:64:e5:14:31:
         bc:e7:a7:79:02:c5:4e:31:f7:b4:9b:95:a9:a4:a3:84:ff:c8:
         ba:f2:a4:88:ee:b8:f2:b1:dd:2c:da:f9:77:3f:48:fc:86:6e:
         72:22:86:0a:c1:fa:97:87:a5:9b:91:ca:af:5a:01:e5:68:77:
         67:fa:13:27:f1:c8:91:cd:46:a6:7f:4d:9a:87:2e:fa:19:33:
         95:15:4e:a3:6c:0e:0f:9c:5f:a6:76:8f:84:6d:5a:5a:80:99:
         e2:a8:7e:07:56:a2:f6:31:0c:bb:0a:86:71:ea:17:19:0f:78:
         ce:94:77:14
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZC7Hp8oeAffgSFB8Gr55AR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzY2E3YjFjMTNhN2Q3YjMxMjMxNDEyYjhmYjY5NDdhMTc0
N2RiOWQwHhcNMjQwNzE2MTAzNzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2YwNzZjNTYwNjFhMmVkZWUyMWQ1OGI0Mzc1ODg3NTVjMTFhMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AqCEK55ILkPIomaYMKF9lYKibO/
ZoLK0y7Dxy4TYkL2+35fneflKLFJz8I9v0mYC5z7ZISw640W+tg8XWIDbJBH1Hl8
1q6mtWEoiOYi41d5doP9dQpRod26oiBi+BDZXj52wAnX7LCjaLzfmqxrRBNpDurl
bKmJYrxZaxZ4g+hmTyvRxkHx6c+hQGcfEjGUlbkAjUgJtvzAvNdMX536eN7j5ELe
5fXfAQKw3S9SaM2IJF4psKKIfRo0IdELMxIainqRnif6jefql1XhwHhssa5MN9Tl
wEPElRF5I73asZ9uDyAzclr5b7nToRjbamGKqNcIxlZgwAbtoKZGdQbLswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFPwdsVgYaLt7iHVi0N1iHVcEaCNMB8GA1UdIwQY
MBaAFKPKexwTp9ezEjFBK4+2lHoXR9udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhwN0hCT24xN01TTVVFcmo3YVVlaGRIMjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iY2RjY2EtZjA2Yi00MGNmLThlMjEt
MjE0NTIyMDk5NGNlLzEvVV9CMnhXQmhvdTN1SWRXTFEzV0lkVndSb0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iY2RjY2EtZjA2Yi00MGNmLThlMjEtMjE0NTIyMDk5NGNl
LzEvbzhwN0hCT24xN01TTVVFcmo3YVVlaGRIMjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQcQDAN
BgkqhkiG9w0BAQsFAAOCAQEAaKDMxJKBEvszddrv3OJD4fgiFjL5nR+I9taU1f1f
Bc++E46MlWmgE/+StOXhaPMXcgEh7FcWfme29aApC1yGTbqbfuxYviCdY538PEbd
RKIDQgGGxP7acNrdedznQPp8pqZEfPGN7p7JDj4shxDVY4DZ9z/UlGjWTbUuujpi
28gBW3hzDuJ1f9smpvxk5RQxvOeneQLFTjH3tJuVqaSjhP/IuvKkiO648rHdLNr5
dz9I/IZuciKGCsH6l4elm5HKr1oB5Wh3Z/oTJ/HIkc1Gpn9Nmocu+hkzlRVOo2wO
D5xfpnaPhG1aWoCZ4qh+B1ai9jEMuwqGceoXGQ94zpR3FA==
-----END CERTIFICATE-----