Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/Q1E30Sp-PHTn2Qe5dVfmq-XnmuA.roa
File:                     Q1E30Sp-PHTn2Qe5dVfmq-XnmuA.roa (raw, json)
Hash identifier:          /kTd2sdECiCHgJc5kND1g2NcuDfNlYyHa1czHHdeMe4=
Subject key identifier:   43:51:37:D1:2A:7E:3C:74:E7:D9:07:B9:75:57:E6:AB:E5:E7:9A:E0
Certificate issuer:       /CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
Certificate serial:       018CC5013388CA2CB4A074BE95A0AB2CA91C
Authority key identifier: FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/Q1E30Sp-PHTn2Qe5dVfmq-XnmuA.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        2a14:b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:33:88:ca:2c:b4:a0:74:be:95:a0:ab:2c:a9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=435137d12a7e3c74e7d907b97557e6abe5e79ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0b:50:6d:22:f5:a5:09:4e:26:c5:ae:f3:4a:
                    dc:f7:a1:0e:e8:2d:ef:04:63:4a:bd:8c:bf:52:5b:
                    cb:17:2e:99:8d:d0:3d:51:e9:ea:35:97:82:6c:e4:
                    89:57:7d:35:65:c3:30:b4:ad:27:88:b7:4f:d3:3f:
                    cd:47:c9:99:aa:f0:44:6f:e1:eb:2f:4a:16:0f:43:
                    e6:f9:d1:25:97:2f:80:5a:c7:67:c2:00:0c:4c:5e:
                    53:a6:ba:c4:06:a5:fd:fb:99:17:9f:d4:0c:9c:84:
                    ea:b2:ac:51:71:87:dc:b5:9d:31:bc:09:58:0e:4b:
                    33:60:bd:86:a7:87:92:3e:97:39:6a:68:a6:07:02:
                    42:3e:17:25:8e:34:1e:b7:43:3b:eb:92:c5:a0:f4:
                    b0:ab:7c:7e:a6:01:c7:e8:a4:9b:e7:0d:50:b6:42:
                    b7:47:ef:90:e1:1a:40:a4:0c:5b:f9:46:42:45:97:
                    81:33:f3:6d:cd:71:d6:1b:25:d7:bc:0b:09:e3:8c:
                    9e:97:59:4f:c9:89:05:82:66:c3:97:ec:ed:f2:12:
                    b7:42:36:2e:59:c8:3e:e4:9c:3b:58:c0:c2:af:e8:
                    03:47:26:62:ba:c9:ac:5b:98:cf:88:7e:35:82:bc:
                    14:8c:45:e9:aa:55:3e:14:41:f2:89:76:1b:55:28:
                    9b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:51:37:D1:2A:7E:3C:74:E7:D9:07:B9:75:57:E6:AB:E5:E7:9A:E0
            X509v3 Authority Key Identifier:
                keyid:FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/Q1E30Sp-PHTn2Qe5dVfmq-XnmuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:c4:1b:39:ee:ac:d4:4e:aa:89:a3:7a:49:82:de:4f:78:93:
         d0:3b:32:fe:3b:c4:e4:41:e0:15:3e:51:16:c1:d8:29:65:08:
         09:a9:1d:bc:ff:dc:a0:40:4c:5e:49:0b:7e:b5:91:a3:ed:ae:
         a8:43:9f:87:78:a3:8a:c5:41:d5:6c:83:2e:e6:8f:c9:80:34:
         51:fd:a7:04:80:3d:ff:6e:4d:bd:a3:7d:bd:93:29:60:33:04:
         8e:f6:0f:3a:5a:ef:76:09:b9:25:a6:e8:cd:a5:1d:bc:5e:93:
         99:b2:35:fc:d6:92:9d:f1:c8:3a:13:a3:44:a4:e1:dc:58:8c:
         83:23:40:72:47:f3:9f:e2:7a:17:27:a5:18:3b:13:71:8d:6d:
         3e:39:02:f1:42:e9:15:29:92:6c:c8:50:16:a8:36:fc:4e:55:
         4e:68:8a:04:98:83:15:ba:46:88:8e:05:75:22:f1:4b:69:94:
         1a:9e:d3:c3:44:17:f9:21:12:64:1d:64:a6:76:21:c3:7d:d6:
         e1:70:eb:5f:9d:38:c7:79:29:2b:10:2c:e1:e6:24:43:a2:4d:
         81:a9:ab:59:84:34:c8:91:5d:ef:20:b6:16:a4:01:27:2d:ab:
         f0:dd:5b:37:d1:fc:a0:43:74:dd:23:0a:f9:9c:cf:be:90:5e:
         a1:25:d5:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFATOIyiy0oHS+laCrLKkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjM2FiNTVkNTc1MDljYmZhZTc5OGJkNzFhYWEyM2IzNDQ0
ZDhlNWEwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzUxMzdkMTJhN2UzYzc0ZTdkOTA3Yjk3NTU3ZTZhYmU1ZTc5YWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwtQbSL1pQlOJsWu80rc96EO6C3v
BGNKvYy/UlvLFy6ZjdA9UenqNZeCbOSJV301ZcMwtK0niLdP0z/NR8mZqvBEb+Hr
L0oWD0Pm+dElly+AWsdnwgAMTF5TprrEBqX9+5kXn9QMnITqsqxRcYfctZ0xvAlY
DkszYL2Gp4eSPpc5amimBwJCPhcljjQet0M765LFoPSwq3x+pgHH6KSb5w1QtkK3
R++Q4RpApAxb+UZCRZeBM/NtzXHWGyXXvAsJ44yel1lPyYkFgmbDl+zt8hK3QjYu
Wcg+5Jw7WMDCr+gDRyZiusmsW5jPiH41grwUjEXpqlU+FEHyiXYbVSib4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFENRN9Eqfjx059kHuXVX5qvl55rgMB8GA1UdIwQY
MBaAFPw6tV1XUJy/rnmL1xqqI7NETY5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYt
MGM0NTIxOGU3OTgxLzEvUTFFMzBTcC1QSFRuMlFlNWRWZm1xLVhubXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYtMGM0NTIxOGU3OTgx
LzEvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhQLgDAN
BgkqhkiG9w0BAQsFAAOCAQEAB8QbOe6s1E6qiaN6SYLeT3iT0Dsy/jvE5EHgFT5R
FsHYKWUICakdvP/coEBMXkkLfrWRo+2uqEOfh3ijisVB1WyDLuaPyYA0Uf2nBIA9
/25NvaN9vZMpYDMEjvYPOlrvdgm5JabozaUdvF6TmbI1/NaSnfHIOhOjRKTh3FiM
gyNAckfzn+J6FyelGDsTcY1tPjkC8ULpFSmSbMhQFqg2/E5VTmiKBJiDFbpGiI4F
dSLxS2mUGp7Tw0QX+SESZB1kpnYhw33W4XDrX504x3kpKxAs4eYkQ6JNgamrWYQ0
yJFd7yC2FqQBJy2r8N1bN9H8oEN03SMK+ZzPvpBeoSXVPQ==
-----END CERTIFICATE-----