Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/BCpGmAAybEKlV3wOuVSBe587d6A.roa
File:                     BCpGmAAybEKlV3wOuVSBe587d6A.roa (raw, json)
Hash identifier:          OMYJrykGqoEHSJmtTAAKG/WGPSWVW40cgEc5tVnY4H8=
Subject key identifier:   04:2A:46:98:00:32:6C:42:A5:57:7C:0E:B9:54:81:7B:9F:3B:77:A0
Certificate issuer:       /CN=1ccf33cf78477313c7382e89b17573ed68588b93
Certificate serial:       019421443897C8BCFC325024265DA337C06A
Authority key identifier: 1C:CF:33:CF:78:47:73:13:C7:38:2E:89:B1:75:73:ED:68:58:8B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/BCpGmAAybEKlV3wOuVSBe587d6A.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213953
IP address blocks:        2a14:ec00:3::/48 maxlen: 48
                          2a14:ec00:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:38:97:c8:bc:fc:32:50:24:26:5d:a3:37:c0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ccf33cf78477313c7382e89b17573ed68588b93
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=042a469800326c42a5577c0eb954817b9f3b77a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:85:fe:64:1a:b7:34:87:ae:df:7f:08:d4:34:
                    b9:c5:1b:fe:15:5d:6f:8f:a6:d1:eb:99:28:53:ed:
                    6d:73:15:3b:9a:31:4e:f0:78:91:f5:40:7d:1f:7f:
                    b2:73:59:09:c0:53:a7:95:88:a4:a1:16:ea:5f:d0:
                    d9:cb:57:6a:f5:63:bb:41:2a:e1:46:1e:41:6a:9f:
                    13:7d:4a:42:72:58:5d:fc:97:17:3f:d3:53:8f:84:
                    ad:cc:67:51:cd:9f:2b:c0:89:a6:f7:aa:a1:e0:ba:
                    7a:bb:cc:ac:8c:71:73:51:a9:01:15:d4:69:41:88:
                    d4:39:1b:0c:d0:0e:eb:f3:7b:a8:57:ab:e0:41:0e:
                    9f:f7:ac:0a:bb:41:03:75:c7:c9:a1:fd:bd:02:91:
                    f3:71:a3:9b:9e:19:a2:4a:6b:7c:34:2c:f5:51:f6:
                    13:f0:07:16:9e:8f:be:5d:ac:50:13:03:a1:44:e0:
                    75:fa:2f:d6:b8:84:0a:03:aa:ea:03:ac:45:b9:b1:
                    90:14:8a:58:51:e4:c3:73:2f:45:e4:1c:a4:bf:45:
                    31:d8:e4:67:40:f1:59:b6:42:a8:01:56:9b:64:1f:
                    ea:08:ab:3a:07:f0:40:73:d3:d6:ec:cf:36:2e:91:
                    85:21:9a:6e:01:ca:4b:41:f9:d8:ff:79:d5:ca:aa:
                    34:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:2A:46:98:00:32:6C:42:A5:57:7C:0E:B9:54:81:7B:9F:3B:77:A0
            X509v3 Authority Key Identifier:
                keyid:1C:CF:33:CF:78:47:73:13:C7:38:2E:89:B1:75:73:ED:68:58:8B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/BCpGmAAybEKlV3wOuVSBe587d6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ec00:3::-2a14:ec00:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         47:c5:8b:3c:6f:03:f0:05:ba:36:2e:ef:a0:0a:72:0c:93:fd:
         a3:6c:9c:7a:89:b9:99:6d:6e:42:65:04:03:65:fd:3b:1c:48:
         26:35:03:a7:57:1a:2c:f4:af:0b:a1:d6:48:23:ba:74:4b:91:
         b4:c7:3d:84:5a:cc:c8:31:a1:13:49:5d:e6:67:48:d1:41:ba:
         f3:7d:e4:e9:8e:18:e4:91:fa:2f:30:d5:4c:1d:aa:f5:39:62:
         3e:3e:d0:66:fe:c6:07:4c:ee:31:7e:0f:7b:86:2a:ee:57:70:
         39:31:7f:51:f0:22:0b:0a:c8:f4:ac:3f:55:42:23:0e:a0:60:
         f6:18:56:b4:1d:38:c8:cc:65:d0:4c:6e:55:09:1c:29:62:c6:
         ae:b5:03:a4:1d:d1:92:73:33:26:65:6b:45:74:28:28:6e:7b:
         96:98:2f:84:51:c0:5a:3e:1a:65:69:5f:3e:90:68:e0:3b:86:
         8f:21:57:59:cd:c3:24:b2:2f:6f:f4:4a:8f:e3:2a:ba:67:18:
         35:ce:c7:94:5c:22:9d:41:ca:cc:bb:05:45:3e:da:6a:2f:85:
         0e:8b:9e:d0:9b:a7:12:86:ea:9a:97:e8:f2:05:7e:c4:2f:96:
         1d:ba:72:33:69:a2:cc:69:30:63:5f:71:b0:be:e2:17:5d:0e:
         03:28:ab:36
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhRDiXyLz8MlAkJl2jN8BqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjY2YzM2NmNzg0NzczMTNjNzM4MmU4OWIxNzU3M2VkNjg1
ODhiOTMwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDJhNDY5ODAwMzI2YzQyYTU1NzdjMGViOTU0ODE3YjlmM2I3N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4X+ZBq3NIeu338I1DS5xRv+FV1v
j6bR65koU+1tcxU7mjFO8HiR9UB9H3+yc1kJwFOnlYikoRbqX9DZy1dq9WO7QSrh
Rh5Bap8TfUpCclhd/JcXP9NTj4StzGdRzZ8rwImm96qh4Lp6u8ysjHFzUakBFdRp
QYjUORsM0A7r83uoV6vgQQ6f96wKu0EDdcfJof29ApHzcaObnhmiSmt8NCz1UfYT
8AcWno++XaxQEwOhROB1+i/WuIQKA6rqA6xFubGQFIpYUeTDcy9F5Bykv0Ux2ORn
QPFZtkKoAVabZB/qCKs6B/BAc9PW7M82LpGFIZpuAcpLQfnY/3nVyqo0RwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAQqRpgAMmxCpVd8DrlUgXufO3egMB8GA1UdIwQY
MBaAFBzPM894R3MTxzguibF1c+1oWIuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE04enozaEhjeFBIT0M2SnNYVno3V2hZaTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jZWYyN2UtOTkwMy00YzNmLTgwN2Mt
MTI4ZTAwNTNkY2NmLzEvQkNwR21BQXliRUtsVjN3T3VWU0JlNTg3ZDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jZWYyN2UtOTkwMy00YzNmLTgwN2MtMTI4ZTAwNTNkY2Nm
LzEvSE04enozaEhjeFBIT0M2SnNYVno3V2hZaTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqFOwA
AAMDBwAqFOwAAAQwDQYJKoZIhvcNAQELBQADggEBAEfFizxvA/AFujYu76AKcgyT
/aNsnHqJuZltbkJlBANl/TscSCY1A6dXGiz0rwuh1kgjunRLkbTHPYRazMgxoRNJ
XeZnSNFBuvN95OmOGOSR+i8w1UwdqvU5Yj4+0Gb+xgdM7jF+D3uGKu5XcDkxf1Hw
IgsKyPSsP1VCIw6gYPYYVrQdOMjMZdBMblUJHClixq61A6Qd0ZJzMyZla0V0KChu
e5aYL4RRwFo+GmVpXz6QaOA7ho8hV1nNwySyL2/0So/jKrpnGDXOx5RcIp1Bysy7
BUU+2movhQ6LntCbpxKG6pqX6PIFfsQvlh26cjNposxpMGNfcbC+4hddDgMoqzY=
-----END CERTIFICATE-----