Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/RsSPCx3GMtqPPzxEwcyT1lRmluY.roa
File:                     RsSPCx3GMtqPPzxEwcyT1lRmluY.roa (raw, json)
Hash identifier:          PO/h5oCE5kCSeUNJkiejhLoSJZUa28uBwGq2bLn4yZM=
Subject key identifier:   46:C4:8F:0B:1D:C6:32:DA:8F:3F:3C:44:C1:CC:93:D6:54:66:96:E6
Certificate issuer:       /CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
Certificate serial:       01926B859FAAC441D72C4DE6D6179FB2834F
Authority key identifier: 3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/RsSPCx3GMtqPPzxEwcyT1lRmluY.roa
Signing time:             Tue 08 Oct 2024 09:46:12 +0000
ROA not before:           Tue 08 Oct 2024 09:46:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215958
IP address blocks:        2a14:4900:5900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6b:85:9f:aa:c4:41:d7:2c:4d:e6:d6:17:9f:b2:83:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
        Validity
            Not Before: Oct  8 09:46:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46c48f0b1dc632da8f3f3c44c1cc93d6546696e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:91:a5:9d:cf:dc:10:83:31:b9:a4:70:05:49:
                    43:17:ce:9c:64:29:66:e4:db:70:bb:64:47:ba:7d:
                    5c:50:9e:82:24:e8:30:b0:b7:24:b4:fd:06:56:85:
                    28:1e:87:6d:81:b8:3b:7a:a5:01:fc:6a:cd:14:5d:
                    1f:e3:cd:ae:87:a3:9d:47:cb:33:e6:cf:ee:be:8a:
                    83:2b:06:ea:ef:56:f4:bc:e4:56:06:87:09:ba:ef:
                    b5:2f:da:70:96:91:a4:92:af:a3:21:be:a7:b0:6a:
                    90:ed:0a:14:77:d6:8a:d2:b6:96:66:2e:37:85:a1:
                    68:2f:e9:76:fe:0d:d3:2b:b4:65:02:a6:33:cb:7f:
                    04:29:bb:06:78:df:86:a1:4e:5e:a2:41:e2:8f:55:
                    f4:8d:7f:21:29:eb:3a:52:9c:23:39:22:05:6d:88:
                    c5:3f:44:44:38:75:1b:a1:6a:ed:9f:e9:9a:ca:a6:
                    67:2c:a2:f2:ab:33:9a:72:e5:a6:29:07:10:c0:ca:
                    ec:6a:54:50:4c:50:f7:13:4f:31:60:13:b2:19:8b:
                    a0:db:2f:22:aa:0b:28:f2:36:3e:a7:0e:10:e2:f5:
                    6c:a8:65:a5:ae:d1:de:4c:51:32:af:cb:86:b0:8f:
                    a8:68:23:f2:ee:7f:3c:1f:8b:ad:39:77:3c:9f:60:
                    98:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C4:8F:0B:1D:C6:32:DA:8F:3F:3C:44:C1:CC:93:D6:54:66:96:E6
            X509v3 Authority Key Identifier:
                keyid:3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/RsSPCx3GMtqPPzxEwcyT1lRmluY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4900:5900::/40

    Signature Algorithm: sha256WithRSAEncryption
         3e:4b:dc:e5:b5:36:f7:d8:44:aa:a5:c0:20:bb:de:b2:4a:86:
         30:40:46:8c:21:d4:7f:f0:0a:64:0b:03:aa:ae:e2:66:de:8f:
         61:21:15:47:75:f8:e8:c3:4e:55:28:ab:23:fb:2d:fd:b1:a7:
         86:d2:11:72:3f:dd:64:19:01:d5:75:07:9c:e2:be:93:b0:18:
         2f:a9:1c:16:51:c5:3c:21:e4:de:55:24:ec:74:96:06:bc:67:
         23:15:21:48:17:12:89:b5:de:36:22:bc:7b:1d:31:e8:61:49:
         1e:84:08:89:01:e2:46:cc:19:07:28:eb:4b:7d:14:0e:21:b1:
         57:a1:e7:71:c8:42:cf:79:78:ca:61:f5:0e:b7:4d:75:b0:6b:
         31:0a:c5:76:a3:07:76:b3:d5:8a:15:fe:c2:c0:2e:e2:ba:c0:
         69:ca:9f:87:67:a6:e2:ae:3d:9c:37:0b:36:70:55:d0:5a:56:
         e2:d2:43:ee:ff:e1:0a:16:d5:3e:4a:96:32:63:60:02:80:01:
         dd:0e:51:b3:8d:f7:58:8d:cb:58:51:04:97:8d:d4:ee:c3:b2:
         1e:50:77:d1:4f:12:79:84:ee:20:c3:3b:5b:8b:c6:54:8b:5b:
         c9:74:17:fb:42:af:8e:06:02:13:42:1a:1d:8b:63:52:c4:ad:
         4a:03:e7:ca
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZJrhZ+qxEHXLE3m1hefsoNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMGJmMThkNmJiZGIzM2RhODJmZTYxYTI4NjI0YmE3MmUy
MzUwNDAwHhcNMjQxMDA4MDk0NjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmM0OGYwYjFkYzYzMmRhOGYzZjNjNDRjMWNjOTNkNjU0NjY5NmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5Glnc/cEIMxuaRwBUlDF86cZClm
5Ntwu2RHun1cUJ6CJOgwsLcktP0GVoUoHodtgbg7eqUB/GrNFF0f482uh6OdR8sz
5s/uvoqDKwbq71b0vORWBocJuu+1L9pwlpGkkq+jIb6nsGqQ7QoUd9aK0raWZi43
haFoL+l2/g3TK7RlAqYzy38EKbsGeN+GoU5eokHij1X0jX8hKes6UpwjOSIFbYjF
P0REOHUboWrtn+mayqZnLKLyqzOacuWmKQcQwMrsalRQTFD3E08xYBOyGYug2y8i
qgso8jY+pw4Q4vVsqGWlrtHeTFEyr8uGsI+oaCPy7n88H4utOXc8n2CYuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEbEjwsdxjLajz88RMHMk9ZUZpbmMB8GA1UdIwQY
MBaAFDsL8Y1rvbM9qC/mGihiS6cuI1BAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2Yjgt
ZDQ5OTE2YjVmMmI0LzEvUnNTUEN4M0dNdHFQUHp4RXdjeVQxbFJtbHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2YjgtZDQ5OTE2YjVmMmI0
LzEvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRJAFkw
DQYJKoZIhvcNAQELBQADggEBAD5L3OW1NvfYRKqlwCC73rJKhjBARowh1H/wCmQL
A6qu4mbej2EhFUd1+OjDTlUoqyP7Lf2xp4bSEXI/3WQZAdV1B5zivpOwGC+pHBZR
xTwh5N5VJOx0lga8ZyMVIUgXEom13jYivHsdMehhSR6ECIkB4kbMGQco60t9FA4h
sVeh53HIQs95eMph9Q63TXWwazEKxXajB3az1YoV/sLALuK6wGnKn4dnpuKuPZw3
CzZwVdBaVuLSQ+7/4QoW1T5KljJjYAKAAd0OUbON91iNy1hRBJeN1O7Dsh5Qd9FP
EnmE7iDDO1uLxlSLW8l0F/tCr44GAhNCGh2LY1LErUoD58o=
-----END CERTIFICATE-----