Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/NndyVqvy3vcxCnZsIK2_Uyxv0lk.roa
File:                     NndyVqvy3vcxCnZsIK2_Uyxv0lk.roa (raw, json)
Hash identifier:          cAwKtSP7N0kxacGJxtWaLz9RZYIS8hQUwg7TB0bpnnY=
Subject key identifier:   36:77:72:56:AB:F2:DE:F7:31:0A:76:6C:20:AD:BF:53:2C:6F:D2:59
Certificate issuer:       /CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
Certificate serial:       0194266C3C616388E0D4309FDD123A446E74
Authority key identifier: FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/NndyVqvy3vcxCnZsIK2_Uyxv0lk.roa
Signing time:             Thu 02 Jan 2025 09:50:14 +0000
ROA not before:           Thu 02 Jan 2025 09:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        2a14:b80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:3c:61:63:88:e0:d4:30:9f:dd:12:3a:44:6e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
        Validity
            Not Before: Jan  2 09:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36777256abf2def7310a766c20adbf532c6fd259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9e:b8:e6:a8:27:5c:19:8f:4c:5c:31:c1:f7:
                    2a:bd:f8:7b:38:cc:3d:63:85:c6:17:2e:3a:4d:25:
                    0e:9a:5b:b1:0f:58:ed:c5:d6:3c:bc:84:20:d8:d0:
                    2d:c7:1a:fe:50:f5:b4:a7:67:2b:e5:f5:d6:9b:b1:
                    2b:88:71:7d:5d:02:17:5b:10:b9:a5:76:d4:f2:e1:
                    3c:02:54:96:be:55:9b:3a:0c:22:19:3e:1b:1a:c6:
                    89:5c:87:d3:f9:7b:c1:a0:f9:a7:2c:b4:8a:d8:f8:
                    4c:a3:91:67:2c:6e:2c:bc:05:84:9c:a8:56:00:d8:
                    bd:bd:8e:4f:56:dc:07:3c:9a:dd:ea:b4:c9:e0:81:
                    3d:86:5f:53:25:a6:b7:b7:c1:43:89:2d:5e:6a:85:
                    c2:78:f7:a4:34:c2:d6:e9:13:79:c5:78:27:8d:3e:
                    c0:0e:ac:ac:e7:6c:2c:11:a0:07:fc:d3:b8:7e:d9:
                    09:17:54:b9:cb:b6:5c:7d:22:3f:91:44:58:32:50:
                    78:6f:d1:c8:85:c3:73:a5:5f:50:d3:3b:04:f4:63:
                    63:66:e8:d9:10:47:bc:29:ad:c2:7d:32:4f:e7:ca:
                    5a:ab:89:4f:b9:59:8c:8f:34:28:72:b4:a9:9a:60:
                    e7:42:39:df:43:51:86:75:d9:d4:23:f8:12:cd:e7:
                    46:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:77:72:56:AB:F2:DE:F7:31:0A:76:6C:20:AD:BF:53:2C:6F:D2:59
            X509v3 Authority Key Identifier:
                keyid:FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/NndyVqvy3vcxCnZsIK2_Uyxv0lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:01:71:dd:d9:a4:83:ca:57:c4:cc:77:4b:60:20:0c:17:61:
         3a:0e:b5:f4:86:bf:48:e1:1f:ce:77:ac:b4:4a:49:52:b9:c6:
         68:dd:50:7b:3d:60:58:b6:b1:e0:32:65:50:40:cc:33:e9:fa:
         32:76:03:61:04:cc:0f:82:f3:89:34:c6:85:a8:ea:30:07:06:
         b9:26:78:83:4b:ac:4e:07:40:c2:82:9a:fc:27:09:2a:d6:c1:
         b3:ed:62:49:6b:54:d1:f8:01:0f:8b:7b:81:e8:ab:06:88:76:
         2d:bd:8f:67:b8:13:a7:fa:22:cb:cf:5a:29:a6:bb:a8:fc:d2:
         23:f7:c5:f9:b1:a4:cf:65:29:5c:1a:6f:c0:30:19:7e:57:e5:
         fd:f7:51:72:1b:b1:a0:b9:0f:05:45:8b:77:b7:3f:6c:0e:78:
         2a:51:1e:6d:b6:6c:96:a9:85:3e:ac:a0:ac:38:4d:7f:c7:5c:
         dc:ec:6d:65:d5:50:ae:9c:ce:5f:0c:6f:ec:0c:cf:06:e2:73:
         23:de:36:70:9f:e3:59:25:bd:0f:31:ca:f8:77:41:21:2f:f2:
         e1:3e:c7:71:af:ba:5e:5f:85:8a:91:6e:f7:ba:30:14:e2:a0:
         44:03:36:ef:e9:54:4f:f0:7e:4a:0e:48:8d:00:90:ef:d1:13:
         f5:15:83:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmbDxhY4jg1DCf3RI6RG50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjM2FiNTVkNTc1MDljYmZhZTc5OGJkNzFhYWEyM2IzNDQ0
ZDhlNWEwHhcNMjUwMTAyMDk1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjc3NzI1NmFiZjJkZWY3MzEwYTc2NmMyMGFkYmY1MzJjNmZkMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp645qgnXBmPTFwxwfcqvfh7OMw9
Y4XGFy46TSUOmluxD1jtxdY8vIQg2NAtxxr+UPW0p2cr5fXWm7EriHF9XQIXWxC5
pXbU8uE8AlSWvlWbOgwiGT4bGsaJXIfT+XvBoPmnLLSK2PhMo5FnLG4svAWEnKhW
ANi9vY5PVtwHPJrd6rTJ4IE9hl9TJaa3t8FDiS1eaoXCePekNMLW6RN5xXgnjT7A
Dqys52wsEaAH/NO4ftkJF1S5y7ZcfSI/kURYMlB4b9HIhcNzpV9Q0zsE9GNjZujZ
EEe8Ka3CfTJP58paq4lPuVmMjzQocrSpmmDnQjnfQ1GGddnUI/gSzedGIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDZ3clar8t73MQp2bCCtv1Msb9JZMB8GA1UdIwQY
MBaAFPw6tV1XUJy/rnmL1xqqI7NETY5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYt
MGM0NTIxOGU3OTgxLzEvTm5keVZxdnkzdmN4Q25ac0lLMl9VeXh2MGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYtMGM0NTIxOGU3OTgx
LzEvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQLgDAN
BgkqhkiG9w0BAQsFAAOCAQEAewFx3dmkg8pXxMx3S2AgDBdhOg619Ia/SOEfznes
tEpJUrnGaN1Qez1gWLax4DJlUEDMM+n6MnYDYQTMD4LziTTGhajqMAcGuSZ4g0us
TgdAwoKa/CcJKtbBs+1iSWtU0fgBD4t7geirBoh2Lb2PZ7gTp/oiy89aKaa7qPzS
I/fF+bGkz2UpXBpvwDAZflfl/fdRchuxoLkPBUWLd7c/bA54KlEebbZslqmFPqyg
rDhNf8dc3OxtZdVQrpzOXwxv7AzPBuJzI942cJ/jWSW9DzHK+HdBIS/y4T7Hca+6
Xl+FipFu97owFOKgRAM27+lUT/B+Sg5IjQCQ79ET9RWDlw==
-----END CERTIFICATE-----