Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/9qqMkqBIjABklRo0TcvZzdRORAI.roa
File:                     9qqMkqBIjABklRo0TcvZzdRORAI.roa (raw, json)
Hash identifier:          2MCPGhcnLXE4oMEI7o6/tc2uu9oOZ9cwxOU5/mzOPUI=
Subject key identifier:   F6:AA:8C:92:A0:48:8C:00:64:95:1A:34:4D:CB:D9:CD:D4:4E:44:02
Certificate issuer:       /CN=603b31bc6e7f42f6303870f0234b40def71fa03d
Certificate serial:       0194BCDAD9AFCE2881CA0D56793F92A44EDA
Authority key identifier: 60:3B:31:BC:6E:7F:42:F6:30:38:70:F0:23:4B:40:DE:F7:1F:A0:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDsxvG5_QvYwOHDwI0tA3vcfoD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/9qqMkqBIjABklRo0TcvZzdRORAI.roa
Signing time:             Fri 31 Jan 2025 14:54:06 +0000
ROA not before:           Fri 31 Jan 2025 14:54:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214588
IP address blocks:        2a14:37c0:d000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/YDsxvG5_QvYwOHDwI0tA3vcfoD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/YDsxvG5_QvYwOHDwI0tA3vcfoD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDsxvG5_QvYwOHDwI0tA3vcfoD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 20:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bc:da:d9:af:ce:28:81:ca:0d:56:79:3f:92:a4:4e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=603b31bc6e7f42f6303870f0234b40def71fa03d
        Validity
            Not Before: Jan 31 14:54:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6aa8c92a0488c0064951a344dcbd9cdd44e4402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b6:bc:3e:39:50:0d:be:df:8a:2f:b5:9e:a1:
                    9a:82:b3:36:5c:f5:4d:7b:da:00:01:5f:3b:00:d3:
                    25:af:ef:0d:ac:69:2b:18:bd:a4:de:6c:67:8f:9e:
                    43:a4:3b:ff:21:1c:43:0c:45:f7:34:41:05:66:86:
                    96:45:22:c5:17:6c:e3:6e:3a:55:1f:93:80:60:a3:
                    33:be:98:9f:c9:3c:0b:d6:3a:0d:e5:1b:60:b9:46:
                    28:cf:2e:20:1b:84:97:3b:a9:27:6d:e1:59:8e:a6:
                    3a:71:2a:9a:42:41:7e:2a:18:d7:1f:45:14:f5:15:
                    d4:b8:20:8e:84:46:9f:b0:7a:58:1d:a1:af:0f:c7:
                    3e:9c:74:ef:2f:3a:6d:12:0f:aa:ec:fa:14:4b:ef:
                    96:a6:0a:79:68:e9:e2:a9:73:01:9c:b2:0b:12:56:
                    97:a6:3e:e0:3f:d2:6f:9b:bd:0b:cf:e1:b6:c5:6d:
                    d3:17:c4:09:0f:68:09:7d:d5:f0:eb:7e:2c:66:5f:
                    fb:c0:1d:dd:cb:28:ed:9c:a3:48:54:ce:ef:0d:b5:
                    ed:e0:92:37:d8:da:7b:c8:13:19:c6:b6:46:c0:b4:
                    22:85:d3:85:88:3c:2e:ce:29:e4:05:24:07:e8:98:
                    28:b6:ed:22:1f:67:a6:58:2c:27:9b:ee:9e:37:60:
                    c3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:AA:8C:92:A0:48:8C:00:64:95:1A:34:4D:CB:D9:CD:D4:4E:44:02
            X509v3 Authority Key Identifier:
                keyid:60:3B:31:BC:6E:7F:42:F6:30:38:70:F0:23:4B:40:DE:F7:1F:A0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDsxvG5_QvYwOHDwI0tA3vcfoD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/9qqMkqBIjABklRo0TcvZzdRORAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0f2266-b4f1-48fc-b293-67932656e594/1/YDsxvG5_QvYwOHDwI0tA3vcfoD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:37c0:d000::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:60:4b:51:3f:10:9a:0a:c9:81:51:a5:a2:9a:c7:f8:52:57:
         30:00:36:66:ae:8c:f4:13:73:c3:d0:8b:fa:16:df:49:59:18:
         87:63:d2:c2:88:75:d6:3f:04:e7:e6:0b:71:9e:a5:25:49:88:
         40:b8:a1:0a:ff:4b:3a:e4:00:91:f7:a3:95:13:cf:bd:6d:d6:
         aa:d2:db:b5:0c:7a:0d:cb:98:53:92:4e:55:33:85:1c:54:1e:
         bc:2f:4e:bd:c5:f1:36:d6:1c:e0:06:e7:1f:8f:85:e7:8a:33:
         5a:13:91:62:b6:68:1b:fd:8d:6b:a0:59:3b:25:98:68:7c:63:
         92:97:24:ee:e0:61:22:5f:4e:87:24:ed:f1:90:6e:88:f1:f0:
         d3:f2:60:e3:46:8a:5d:c0:24:35:17:54:83:06:26:c5:c4:5a:
         3b:c3:a6:fb:26:4e:10:3f:ca:d8:4f:2a:ca:9a:63:a8:92:12:
         09:5e:56:87:06:e1:d6:48:b9:5f:a7:bf:3f:ee:a1:36:ab:d1:
         aa:e4:c7:89:0a:82:42:82:1e:28:e0:ab:33:4e:12:b6:fa:fe:
         2f:00:01:de:4a:2c:bb:21:fb:1b:17:0c:06:fd:41:7c:e1:1f:
         6f:c4:6c:f7:13:20:a8:f0:36:f8:ea:3f:0f:10:59:1c:a9:3e:
         d9:98:b9:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZS82tmvziiByg1WeT+SpE7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwM2IzMWJjNmU3ZjQyZjYzMDM4NzBmMDIzNGI0MGRlZjcx
ZmEwM2QwHhcNMjUwMTMxMTQ1NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmFhOGM5MmEwNDg4YzAwNjQ5NTFhMzQ0ZGNiZDljZGQ0NGU0NDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxba8PjlQDb7fii+1nqGagrM2XPVN
e9oAAV87ANMlr+8NrGkrGL2k3mxnj55DpDv/IRxDDEX3NEEFZoaWRSLFF2zjbjpV
H5OAYKMzvpifyTwL1joN5RtguUYozy4gG4SXO6knbeFZjqY6cSqaQkF+KhjXH0UU
9RXUuCCOhEafsHpYHaGvD8c+nHTvLzptEg+q7PoUS++Wpgp5aOniqXMBnLILElaX
pj7gP9Jvm70Lz+G2xW3TF8QJD2gJfdXw634sZl/7wB3dyyjtnKNIVM7vDbXt4JI3
2Np7yBMZxrZGwLQihdOFiDwuzinkBSQH6Jgotu0iH2emWCwnm+6eN2DDxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPaqjJKgSIwAZJUaNE3L2c3UTkQCMB8GA1UdIwQY
MBaAFGA7Mbxuf0L2MDhw8CNLQN73H6A9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURzeHZHNV9Rdll3T0hEd0kwdEEzdmNmb0QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wZjIyNjYtYjRmMS00OGZjLWIyOTMt
Njc5MzI2NTZlNTk0LzEvOXFxTWtxQklqQUJrbFJvMFRjdlp6ZFJPUkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wZjIyNjYtYjRmMS00OGZjLWIyOTMtNjc5MzI2NTZlNTk0
LzEvWURzeHZHNV9Rdll3T0hEd0kwdEEzdmNmb0QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQ3wNAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCNYEtRPxCaCsmBUaWimsf4UlcwADZmroz0E3PD
0Iv6Ft9JWRiHY9LCiHXWPwTn5gtxnqUlSYhAuKEK/0s65ACR96OVE8+9bdaq0tu1
DHoNy5hTkk5VM4UcVB68L069xfE21hzgBucfj4XnijNaE5Fitmgb/Y1roFk7JZho
fGOSlyTu4GEiX06HJO3xkG6I8fDT8mDjRopdwCQ1F1SDBibFxFo7w6b7Jk4QP8rY
TyrKmmOokhIJXlaHBuHWSLlfp78/7qE2q9Gq5MeJCoJCgh4o4KszThK2+v4vAAHe
Siy7IfsbFwwG/UF84R9vxGz3EyCo8Db46j8PEFkcqT7ZmLl3
-----END CERTIFICATE-----