Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/3adLNlqIL-tlqsB0yqRE4WvJzic.roa
File:                     3adLNlqIL-tlqsB0yqRE4WvJzic.roa (raw, json)
Hash identifier:          LTg4cDHXq7yPujY6oW/OazQ6t1zEpLGzCQETHhqUIXs=
Subject key identifier:   DD:A7:4B:36:5A:88:2F:EB:65:AA:C0:74:CA:A4:44:E1:6B:C9:CE:27
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       0192D8F88049FE38556F182B88E35A607469
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/3adLNlqIL-tlqsB0yqRE4WvJzic.roa
Signing time:             Tue 29 Oct 2024 15:50:17 +0000
ROA not before:           Tue 29 Oct 2024 15:50:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214106
IP address blocks:        2a14:6780:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:f8:80:49:fe:38:55:6f:18:2b:88:e3:5a:60:74:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Oct 29 15:50:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dda74b365a882feb65aac074caa444e16bc9ce27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5b:78:92:2f:93:04:6d:ba:bd:23:a9:78:c1:
                    43:cd:42:1e:90:74:67:fd:c8:33:b2:26:bf:29:b6:
                    a5:b9:a8:85:74:dc:fd:80:68:69:ee:49:b3:57:82:
                    06:69:58:51:38:76:bd:62:22:78:65:ca:33:4d:c1:
                    7c:ad:7b:5a:83:7a:03:94:30:90:e1:75:6d:ed:50:
                    27:f5:ee:f7:0b:bb:6b:11:65:23:3c:c7:e9:ce:5c:
                    8e:21:ac:87:98:11:de:ad:95:53:0a:04:0d:ab:b1:
                    e8:b2:4e:6f:e4:57:91:37:e2:e0:e8:2c:64:45:51:
                    d7:1b:48:e5:41:bd:3f:45:f2:63:8e:dc:d3:9d:93:
                    1e:a4:37:a9:a8:85:a7:29:c3:94:48:54:f4:fc:07:
                    9e:8b:18:a6:68:db:5d:5f:23:2d:37:61:dd:df:d2:
                    1a:56:22:45:60:11:9e:23:dc:ae:2c:64:2a:1d:9f:
                    46:2e:21:75:dc:b7:6e:e3:a9:f8:30:25:84:f6:f5:
                    e4:ce:53:99:53:3b:24:e8:ab:98:59:5a:1d:cf:a2:
                    54:93:5d:57:04:47:b6:26:53:60:ab:8b:b5:b9:0e:
                    78:13:9b:df:6e:a3:d3:29:57:9a:47:bf:5e:e5:d1:
                    6b:2a:51:18:94:58:52:4c:2a:e5:5b:ab:da:a8:de:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A7:4B:36:5A:88:2F:EB:65:AA:C0:74:CA:A4:44:E1:6B:C9:CE:27
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/3adLNlqIL-tlqsB0yqRE4WvJzic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6780:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:52:79:07:b1:84:bb:e0:04:e0:d0:70:a7:f7:ca:05:7d:f5:
         f5:5a:a4:54:e9:68:25:ad:d6:5b:99:8c:5c:0d:29:8f:c7:f0:
         37:fa:0a:ef:34:2e:f4:64:19:4e:e3:ef:75:2a:55:00:48:4d:
         a4:84:80:ec:38:64:1d:c5:c4:f9:d6:6d:98:ab:ce:2b:ce:2d:
         bf:41:e8:51:a3:85:db:c3:c3:ea:1c:70:f8:52:59:83:84:d8:
         ab:11:62:84:4c:83:8b:dc:c9:47:26:fb:72:4f:b3:b4:c6:3c:
         9a:38:8e:85:ce:03:01:47:b7:10:d4:45:89:50:60:9d:01:23:
         a7:23:91:74:69:9d:3a:91:a0:d5:e7:4d:a4:11:3d:d7:b3:79:
         f6:08:f0:67:68:03:aa:05:70:41:b5:02:6a:a7:2a:4d:3f:cb:
         8d:c0:29:ce:0e:a9:47:6f:19:cc:91:b9:d7:99:57:6e:e4:92:
         de:cc:2c:cc:7c:52:99:4f:3e:72:43:3d:e9:ca:9d:69:96:d7:
         96:98:7f:66:cb:18:45:e4:10:6d:58:c6:62:fe:43:f1:ce:4c:
         b0:84:95:70:71:ae:d8:bc:ed:f5:05:d6:05:b3:4e:55:69:60:
         67:15:3e:b6:c2:48:9f:a2:e0:c7:7c:fc:82:8f:3a:6a:77:93:
         f5:fc:8b:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZLY+IBJ/jhVbxgriONaYHRpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQxMDI5MTU1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGE3NGIzNjVhODgyZmViNjVhYWMwNzRjYWE0NDRlMTZiYzljZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFt4ki+TBG26vSOpeMFDzUIekHRn
/cgzsia/KbaluaiFdNz9gGhp7kmzV4IGaVhROHa9YiJ4ZcozTcF8rXtag3oDlDCQ
4XVt7VAn9e73C7trEWUjPMfpzlyOIayHmBHerZVTCgQNq7Hosk5v5FeRN+Lg6Cxk
RVHXG0jlQb0/RfJjjtzTnZMepDepqIWnKcOUSFT0/AeeiximaNtdXyMtN2Hd39Ia
ViJFYBGeI9yuLGQqHZ9GLiF13Ldu46n4MCWE9vXkzlOZUzsk6KuYWVodz6JUk11X
BEe2JlNgq4u1uQ54E5vfbqPTKVeaR79e5dFrKlEYlFhSTCrlW6vaqN7v1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN2nSzZaiC/rZarAdMqkROFryc4nMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvM2FkTE5scUlMLXRscXNCMHlxUkU0V3ZKemljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRngAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQAhUnkHsYS74ATg0HCn98oFffX1WqRU6WglrdZb
mYxcDSmPx/A3+grvNC70ZBlO4+91KlUASE2khIDsOGQdxcT51m2Yq84rzi2/QehR
o4Xbw8PqHHD4UlmDhNirEWKETIOL3MlHJvtyT7O0xjyaOI6FzgMBR7cQ1EWJUGCd
ASOnI5F0aZ06kaDV502kET3Xs3n2CPBnaAOqBXBBtQJqpypNP8uNwCnODqlHbxnM
kbnXmVdu5JLezCzMfFKZTz5yQz3pyp1plteWmH9myxhF5BBtWMZi/kPxzkywhJVw
ca7YvO31BdYFs05VaWBnFT62wkifouDHfPyCjzpqd5P1/ItL
-----END CERTIFICATE-----