Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/UPRGjZp7r-Trx1VtxCWb4_GYSXQ.roa
File:                     UPRGjZp7r-Trx1VtxCWb4_GYSXQ.roa (raw, json)
Hash identifier:          zTMCntn9K7TnO5RQp+jUm5Q2J8lZDYuJ8diNFgjPr6A=
Subject key identifier:   50:F4:46:8D:9A:7B:AF:E4:EB:C7:55:6D:C4:25:9B:E3:F1:98:49:74
Certificate issuer:       /CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Certificate serial:       018F0FCD60020D53023302B9D59BC3D5634D
Authority key identifier: 53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/UPRGjZp7r-Trx1VtxCWb4_GYSXQ.roa
Signing time:             Wed 24 Apr 2024 11:11:08 +0000
ROA not before:           Wed 24 Apr 2024 11:11:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31490
IP address blocks:        2a14:44c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:cd:60:02:0d:53:02:33:02:b9:d5:9b:c3:d5:63:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
        Validity
            Not Before: Apr 24 11:11:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50f4468d9a7bafe4ebc7556dc4259be3f1984974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:28:b5:79:d1:f7:44:71:e2:36:c4:8c:04:ce:
                    7a:77:e0:cb:c8:31:ac:4b:df:8b:c5:71:9e:44:bb:
                    32:6b:b1:c0:6f:34:e0:63:69:91:e5:44:8d:41:be:
                    9b:64:21:d4:fb:8f:53:1f:68:4c:cd:b0:2d:e5:70:
                    50:a8:a4:e5:05:98:e6:f7:1c:97:e3:f5:e6:a2:63:
                    74:a4:c6:fa:52:24:06:0b:ac:7a:d6:9b:ac:5a:7b:
                    0e:bc:ed:69:fa:67:a3:2b:e3:a8:3d:cb:bf:2b:71:
                    31:90:93:e9:3e:05:a8:1a:ca:22:6a:60:07:9d:79:
                    ab:ff:32:3a:f3:eb:09:fc:c7:9c:ca:7e:64:ac:03:
                    44:a4:0b:01:8f:a9:1b:c6:1a:a8:e2:4e:fa:bd:84:
                    d4:1e:98:48:41:de:ad:a6:6b:6d:c3:f1:da:23:57:
                    93:1e:f0:4a:3e:49:26:9a:d1:2f:8b:14:5c:8a:b9:
                    1e:ac:9d:c5:f0:25:54:2f:c3:72:a3:f5:76:32:ef:
                    2f:2d:5f:33:a1:8f:af:cb:50:13:1f:79:99:68:34:
                    0c:ee:35:4a:46:65:19:22:31:06:00:5f:69:0b:25:
                    43:6d:e9:89:2b:5d:65:a8:42:4b:a0:5d:9f:c2:b2:
                    3d:98:4b:a1:11:59:25:d5:eb:f8:43:80:d9:2c:a3:
                    3e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F4:46:8D:9A:7B:AF:E4:EB:C7:55:6D:C4:25:9B:E3:F1:98:49:74
            X509v3 Authority Key Identifier:
                keyid:53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/UPRGjZp7r-Trx1VtxCWb4_GYSXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:44c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:b9:60:0c:91:d5:af:16:02:5c:4b:61:ff:d5:0d:4a:70:15:
         a6:aa:f3:b8:20:f4:6c:bf:2c:ac:6c:e3:e0:0d:ed:04:ce:44:
         94:51:4d:99:78:a6:a3:7b:04:b8:df:a5:35:45:f5:f0:04:7d:
         c6:7d:9a:de:1f:4e:e8:7a:c6:5c:9a:b7:01:3d:86:f3:35:bc:
         1c:45:25:e1:97:34:b5:8f:86:1a:8a:54:22:88:0a:f6:ed:38:
         71:77:ee:91:93:c8:bf:f1:63:e3:84:f0:d0:8b:23:d2:97:96:
         04:ef:07:0b:1d:05:79:d4:e2:14:d2:5d:37:12:c8:c0:97:55:
         d0:6e:55:eb:ff:39:82:45:39:7c:a6:64:89:55:b7:16:e7:22:
         26:c4:25:13:47:36:e8:f3:ae:de:fa:ff:7a:c7:88:f9:69:3c:
         28:4e:6b:91:fb:73:26:0d:4a:50:35:7b:aa:9e:50:8b:0b:d6:
         02:60:90:89:15:0c:19:da:a1:3a:e2:92:a5:37:05:45:e2:95:
         8e:d8:be:ba:24:cf:de:bd:7d:b7:2d:a0:f1:f9:71:ef:0d:9c:
         a8:7e:ba:ec:c4:b3:63:a2:76:6c:95:96:6d:49:5c:97:f6:cf:
         87:24:e0:f8:3b:c4:67:71:98:ef:8d:cf:d2:b8:f7:bf:eb:1a:
         0c:b9:dc:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8PzWACDVMCMwK51ZvD1WNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzN2Y5YmY4NGI2OWEwOTA0MjQzMmRhZTgzNzdlZTBhYzhm
ZjFjNjEwHhcNMjQwNDI0MTExMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGY0NDY4ZDlhN2JhZmU0ZWJjNzU1NmRjNDI1OWJlM2YxOTg0OTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSi1edH3RHHiNsSMBM56d+DLyDGs
S9+LxXGeRLsya7HAbzTgY2mR5USNQb6bZCHU+49TH2hMzbAt5XBQqKTlBZjm9xyX
4/XmomN0pMb6UiQGC6x61pusWnsOvO1p+mejK+OoPcu/K3ExkJPpPgWoGsoiamAH
nXmr/zI68+sJ/Mecyn5krANEpAsBj6kbxhqo4k76vYTUHphIQd6tpmttw/HaI1eT
HvBKPkkmmtEvixRcirkerJ3F8CVUL8Nyo/V2Mu8vLV8zoY+vy1ATH3mZaDQM7jVK
RmUZIjEGAF9pCyVDbemJK11lqEJLoF2fwrI9mEuhEVkl1ev4Q4DZLKM+dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFD0Ro2ae6/k68dVbcQlm+PxmEl0MB8GA1UdIwQY
MBaAFFN/m/hLaaCQQkMtroN37grI/xxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUt
ODkyZWM2ZmY0NzcxLzEvVVBSR2pacDdyLVRyeDFWdHhDV2I0X0dZU1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUtODkyZWM2ZmY0Nzcx
LzEvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhREwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAzuWAMkdWvFgJcS2H/1Q1KcBWmqvO4IPRsvyys
bOPgDe0EzkSUUU2ZeKajewS436U1RfXwBH3GfZreH07oesZcmrcBPYbzNbwcRSXh
lzS1j4YailQiiAr27Thxd+6Rk8i/8WPjhPDQiyPSl5YE7wcLHQV51OIU0l03EsjA
l1XQblXr/zmCRTl8pmSJVbcW5yImxCUTRzbo867e+v96x4j5aTwoTmuR+3MmDUpQ
NXuqnlCLC9YCYJCJFQwZ2qE64pKlNwVF4pWO2L66JM/evX23LaDx+XHvDZyofrrs
xLNjonZslZZtSVyX9s+HJOD4O8RncZjvjc/SuPe/6xoMudxW
-----END CERTIFICATE-----