Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/O7dEuQCjSO8z6ONj5fHjP6nhUXE.roa
File:                     O7dEuQCjSO8z6ONj5fHjP6nhUXE.roa (raw, json)
Hash identifier:          uHw+P79UCgqlSxBDAzyTEVikBPvI0LRf7VeAKKpBa/o=
Subject key identifier:   3B:B7:44:B9:00:A3:48:EF:33:E8:E3:63:E5:F1:E3:3F:A9:E1:51:71
Certificate issuer:       /CN=a122d6d21bd04c46224653a49be029e3c024b846
Certificate serial:       019461452F856E9707E189F21114F989B3AF
Authority key identifier: A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/O7dEuQCjSO8z6ONj5fHjP6nhUXE.roa
Signing time:             Mon 13 Jan 2025 20:05:11 +0000
ROA not before:           Mon 13 Jan 2025 20:05:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398891
IP address blocks:        2a14:af00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:61:45:2f:85:6e:97:07:e1:89:f2:11:14:f9:89:b3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a122d6d21bd04c46224653a49be029e3c024b846
        Validity
            Not Before: Jan 13 20:05:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bb744b900a348ef33e8e363e5f1e33fa9e15171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ef:b4:7a:9b:9d:69:57:77:15:9c:b1:b1:8e:
                    78:df:4f:95:b7:2b:bb:fc:04:1f:6f:20:2d:04:31:
                    26:b8:09:9e:a4:31:ab:05:d2:7e:5f:34:53:3c:b6:
                    2c:9d:9d:8f:25:03:80:7a:09:8e:70:d6:d7:d1:fd:
                    5c:48:62:29:c1:07:c3:1c:f9:cf:fd:e1:54:90:42:
                    2a:f0:e8:ca:5e:80:bd:2a:a9:5c:94:d3:f1:0f:92:
                    cc:45:25:f4:93:34:33:92:1d:e2:d0:01:03:ca:8e:
                    8a:51:77:b1:68:0a:0b:11:08:6f:a7:4e:18:ad:44:
                    5c:46:aa:27:a2:27:e4:70:01:75:72:54:9c:30:a1:
                    59:39:fe:f8:b3:dc:98:e5:2e:14:56:3f:38:09:28:
                    75:fb:06:84:d8:76:6b:6b:93:5b:0d:6f:4b:0a:93:
                    2b:54:8d:45:27:1a:ac:2d:25:59:0b:83:01:ae:82:
                    cc:f7:4f:88:42:ff:6a:da:77:33:81:f6:62:82:97:
                    dd:f3:b2:5a:c4:b0:bc:99:63:b6:d1:57:22:3d:54:
                    04:67:2a:5d:b6:73:c2:bb:61:04:53:73:56:a0:c5:
                    ef:d9:25:b2:57:a5:c1:8c:21:b4:81:c7:25:20:d0:
                    47:57:78:61:e6:7a:d0:bd:e6:cb:9c:c1:15:97:d8:
                    84:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B7:44:B9:00:A3:48:EF:33:E8:E3:63:E5:F1:E3:3F:A9:E1:51:71
            X509v3 Authority Key Identifier:
                keyid:A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/O7dEuQCjSO8z6ONj5fHjP6nhUXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:b8:a1:1c:1c:99:7d:9f:4b:53:e7:dc:00:ca:0d:62:15:70:
         50:05:46:2d:f4:67:c4:61:78:ca:18:44:ea:b1:f2:93:00:1c:
         f2:ce:94:db:5f:50:be:04:3c:d6:4c:f5:0d:55:06:1b:d1:60:
         2a:ef:b4:fc:ab:15:ce:ed:b0:46:6f:5a:97:2b:92:f1:5d:bb:
         ca:0a:3e:62:91:75:60:d3:a4:5b:c6:0a:78:9f:6a:b3:8b:ff:
         d4:ea:2a:b2:b3:56:32:e3:cd:91:d1:56:f5:e3:ee:e8:0c:05:
         e4:ec:c4:15:83:77:b6:d2:71:42:e9:61:53:14:31:45:4f:4b:
         ab:46:16:70:85:60:e7:87:f3:aa:52:4e:3c:ba:a1:ba:6b:21:
         54:8b:04:ee:22:43:b4:78:3e:e5:f8:49:fd:9d:ea:5f:70:0d:
         15:e8:d2:4d:5e:70:35:ff:03:14:a0:d5:0a:d0:53:a5:cd:db:
         ea:0f:2c:aa:5b:32:e0:4a:a5:13:cf:dd:79:b1:f6:99:81:2e:
         27:35:e1:81:38:1d:c0:75:3e:26:94:3d:e9:d9:db:0a:45:43:
         f1:46:be:2d:67:95:67:b2:9e:f3:06:d8:f9:fa:65:d6:53:ff:
         5c:39:59:9c:75:72:b9:ce:f2:3c:43:a0:5c:f2:96:9e:a9:41:
         3e:64:5c:07
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRhRS+FbpcH4YnyERT5ibOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjJkNmQyMWJkMDRjNDYyMjQ2NTNhNDliZTAyOWUzYzAy
NGI4NDYwHhcNMjUwMTEzMjAwNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmI3NDRiOTAwYTM0OGVmMzNlOGUzNjNlNWYxZTMzZmE5ZTE1MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw++0epudaVd3FZyxsY5430+Vtyu7
/AQfbyAtBDEmuAmepDGrBdJ+XzRTPLYsnZ2PJQOAegmOcNbX0f1cSGIpwQfDHPnP
/eFUkEIq8OjKXoC9KqlclNPxD5LMRSX0kzQzkh3i0AEDyo6KUXexaAoLEQhvp04Y
rURcRqonoifkcAF1clScMKFZOf74s9yY5S4UVj84CSh1+waE2HZra5NbDW9LCpMr
VI1FJxqsLSVZC4MBroLM90+IQv9q2nczgfZigpfd87JaxLC8mWO20VciPVQEZypd
tnPCu2EEU3NWoMXv2SWyV6XBjCG0gcclINBHV3hh5nrQvebLnMEVl9iEawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDu3RLkAo0jvM+jjY+Xx4z+p4VFxMB8GA1UdIwQY
MBaAFKEi1tIb0ExGIkZTpJvgKePAJLhGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDct
NWYyNTFhMDNmYTJiLzEvTzdkRXVRQ2pTTzh6Nk9OajVmSGpQNm5oVVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDctNWYyNTFhMDNmYTJi
LzEvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSvADAN
BgkqhkiG9w0BAQsFAAOCAQEAVrihHByZfZ9LU+fcAMoNYhVwUAVGLfRnxGF4yhhE
6rHykwAc8s6U219QvgQ81kz1DVUGG9FgKu+0/KsVzu2wRm9alyuS8V27ygo+YpF1
YNOkW8YKeJ9qs4v/1OoqsrNWMuPNkdFW9ePu6AwF5OzEFYN3ttJxQulhUxQxRU9L
q0YWcIVg54fzqlJOPLqhumshVIsE7iJDtHg+5fhJ/Z3qX3ANFejSTV5wNf8DFKDV
CtBTpc3b6g8sqlsy4EqlE8/debH2mYEuJzXhgTgdwHU+JpQ96dnbCkVD8Ua+LWeV
Z7Ke8wbY+fpl1lP/XDlZnHVyuc7yPEOgXPKWnqlBPmRcBw==
-----END CERTIFICATE-----