Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/USnMpU9A54VCZexRIP-q2Taydf0.roa
File:                     USnMpU9A54VCZexRIP-q2Taydf0.roa (raw, json)
Hash identifier:          nMMvBJO6mrh/O3kpbLpBlpZP2BFfmW/UM1VQycijcuY=
Subject key identifier:   51:29:CC:A5:4F:40:E7:85:42:65:EC:51:20:FF:AA:D9:36:B2:75:FD
Certificate issuer:       /CN=abc1918c1f45e6ec17daca67a7ad193caf04b7b2
Certificate serial:       018FC3B2BFE5C14A521AEC467E9242DF96FA
Authority key identifier: AB:C1:91:8C:1F:45:E6:EC:17:DA:CA:67:A7:AD:19:3C:AF:04:B7:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/USnMpU9A54VCZexRIP-q2Taydf0.roa
Signing time:             Wed 29 May 2024 09:33:42 +0000
ROA not before:           Wed 29 May 2024 09:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214857
IP address blocks:        2a14:52c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c3:b2:bf:e5:c1:4a:52:1a:ec:46:7e:92:42:df:96:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc1918c1f45e6ec17daca67a7ad193caf04b7b2
        Validity
            Not Before: May 29 09:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5129cca54f40e7854265ec5120ffaad936b275fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:69:fd:b3:2b:78:73:92:61:c9:d0:37:fd:ad:
                    ba:5c:cd:75:0f:be:95:bd:67:33:1d:7d:59:44:97:
                    f8:aa:8d:99:97:9c:b0:ab:d1:d0:70:e2:80:44:c1:
                    4c:31:db:b9:db:2e:2b:ce:c0:07:62:b2:15:23:a8:
                    7b:24:7d:d1:04:d6:b7:f8:54:05:c6:0a:a5:f7:6f:
                    e9:0f:8e:52:bf:5c:92:e7:0c:6c:f7:c4:cd:2a:45:
                    a4:75:19:97:cd:65:36:4e:ae:1c:32:96:77:7f:19:
                    81:2d:3c:d9:76:0f:8e:dd:06:71:65:6b:92:14:6c:
                    a6:e9:6f:c4:c7:6a:42:64:06:bd:c3:63:a5:30:1b:
                    42:4b:5c:b9:0a:01:09:aa:96:1b:4f:7f:6b:ed:b1:
                    9a:8c:b2:ae:6b:1c:df:fe:bb:b4:1f:fd:3e:80:91:
                    8e:f5:2c:66:80:77:16:38:15:f2:27:b8:5e:ee:15:
                    ed:61:53:f6:30:b0:a9:7d:b5:ff:2e:8c:a0:d1:8c:
                    17:64:4b:5c:65:ac:8b:6a:29:0d:62:27:23:a9:64:
                    c7:e6:45:53:62:b1:2a:f2:fa:d0:5b:7c:b4:64:71:
                    af:db:c1:bc:26:08:91:a3:d5:de:92:98:02:41:f7:
                    e6:96:f4:75:9f:f9:51:6b:15:2b:89:e6:85:08:c9:
                    cb:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:29:CC:A5:4F:40:E7:85:42:65:EC:51:20:FF:AA:D9:36:B2:75:FD
            X509v3 Authority Key Identifier:
                keyid:AB:C1:91:8C:1F:45:E6:EC:17:DA:CA:67:A7:AD:19:3C:AF:04:B7:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8GRjB9F5uwX2spnp60ZPK8Et7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/USnMpU9A54VCZexRIP-q2Taydf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8f88de-daed-48d2-b701-6bb5fe665750/1/q8GRjB9F5uwX2spnp60ZPK8Et7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:52c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:92:b6:6e:21:91:17:44:65:61:d7:29:eb:30:67:8c:df:9e:
         73:68:91:90:12:64:3b:98:4d:1c:4a:4b:c7:ef:2c:13:2e:7e:
         d8:f4:3d:89:a7:40:04:fa:9f:47:dd:2a:a3:c2:6a:5e:6f:51:
         fb:24:81:50:14:37:8a:b2:09:7a:50:a3:89:8b:60:07:c8:bd:
         c7:b8:18:76:d8:c4:b0:62:08:f5:3c:cf:14:5c:dc:66:76:9a:
         37:53:d2:4a:fd:0e:5f:9e:f1:2d:7d:c3:65:2d:f2:7e:27:03:
         19:f0:e8:96:b1:47:30:6f:77:16:4d:da:34:fe:d5:6b:4c:36:
         9c:bb:db:b3:cd:6b:e0:d9:4f:b6:22:8b:f1:c0:d5:2b:d3:1b:
         86:73:42:c3:97:86:24:e2:2a:dd:c7:46:42:32:b3:32:67:e9:
         c3:db:2f:b5:18:05:2a:23:75:11:66:10:55:88:18:1c:b5:0a:
         6a:03:b1:78:a6:c3:51:be:af:59:fc:1c:ba:3f:e9:74:0a:03:
         4e:42:2c:a9:75:2d:b0:00:23:31:ca:7f:b8:c9:d3:ac:88:11:
         5f:ae:1d:cd:03:0d:19:9a:76:8e:7b:d3:41:8c:f1:52:88:aa:
         22:16:99:05:38:40:af:10:dd:b4:08:ef:c3:6b:52:b1:35:b5:
         2a:7d:d0:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/Dsr/lwUpSGuxGfpJC35b6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzE5MThjMWY0NWU2ZWMxN2RhY2E2N2E3YWQxOTNjYWYw
NGI3YjIwHhcNMjQwNTI5MDkzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI5Y2NhNTRmNDBlNzg1NDI2NWVjNTEyMGZmYWFkOTM2YjI3NWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mn9syt4c5JhydA3/a26XM11D76V
vWczHX1ZRJf4qo2Zl5ywq9HQcOKARMFMMdu52y4rzsAHYrIVI6h7JH3RBNa3+FQF
xgql92/pD45Sv1yS5wxs98TNKkWkdRmXzWU2Tq4cMpZ3fxmBLTzZdg+O3QZxZWuS
FGym6W/Ex2pCZAa9w2OlMBtCS1y5CgEJqpYbT39r7bGajLKuaxzf/ru0H/0+gJGO
9SxmgHcWOBXyJ7he7hXtYVP2MLCpfbX/Loyg0YwXZEtcZayLaikNYicjqWTH5kVT
YrEq8vrQW3y0ZHGv28G8JgiRo9XekpgCQffmlvR1n/lRaxUrieaFCMnLtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFEpzKVPQOeFQmXsUSD/qtk2snX9MB8GA1UdIwQY
MBaAFKvBkYwfRebsF9rKZ6etGTyvBLeyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThHUmpCOUY1dXdYMnNwbnA2MFpQSzhFdDdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84Zjg4ZGUtZGFlZC00OGQyLWI3MDEt
NmJiNWZlNjY1NzUwLzEvVVNuTXBVOUE1NFZDWmV4UklQLXEyVGF5ZGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84Zjg4ZGUtZGFlZC00OGQyLWI3MDEtNmJiNWZlNjY1NzUw
LzEvcThHUmpCOUY1dXdYMnNwbnA2MFpQSzhFdDdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRSwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAKkrZuIZEXRGVh1ynrMGeM355zaJGQEmQ7mE0c
SkvH7ywTLn7Y9D2Jp0AE+p9H3Sqjwmpeb1H7JIFQFDeKsgl6UKOJi2AHyL3HuBh2
2MSwYgj1PM8UXNxmdpo3U9JK/Q5fnvEtfcNlLfJ+JwMZ8OiWsUcwb3cWTdo0/tVr
TDacu9uzzWvg2U+2IovxwNUr0xuGc0LDl4Yk4irdx0ZCMrMyZ+nD2y+1GAUqI3UR
ZhBViBgctQpqA7F4psNRvq9Z/By6P+l0CgNOQiypdS2wACMxyn+4ydOsiBFfrh3N
Aw0ZmnaOe9NBjPFSiKoiFpkFOECvEN20CO/Da1KxNbUqfdAZ
-----END CERTIFICATE-----