Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/SqRs4UQ9PEabCyucMdXKHBaGrhE.roa
File:                     SqRs4UQ9PEabCyucMdXKHBaGrhE.roa (raw, json)
Hash identifier:          6yjAbn9xp4HJv+l72e4Z0Ab9oYU71vLb8nhLvtAsDHM=
Subject key identifier:   4A:A4:6C:E1:44:3D:3C:46:9B:0B:2B:9C:31:D5:CA:1C:16:86:AE:11
Certificate issuer:       /CN=2146e560a3f5cac7c64fe0f13be663d94c871453
Certificate serial:       019336802D67BC509D7484413816AB6DFD9C
Authority key identifier: 21:46:E5:60:A3:F5:CA:C7:C6:4F:E0:F1:3B:E6:63:D9:4C:87:14:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/SqRs4UQ9PEabCyucMdXKHBaGrhE.roa
Signing time:             Sat 16 Nov 2024 19:43:10 +0000
ROA not before:           Sat 16 Nov 2024 19:43:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216271
IP address blocks:        2a14:7380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:36:80:2d:67:bc:50:9d:74:84:41:38:16:ab:6d:fd:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2146e560a3f5cac7c64fe0f13be663d94c871453
        Validity
            Not Before: Nov 16 19:43:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4aa46ce1443d3c469b0b2b9c31d5ca1c1686ae11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3c:78:0e:b3:09:e1:67:c3:34:3d:5b:f4:6a:
                    73:6c:b7:9c:a3:13:8e:80:2b:3b:64:4a:a1:f2:d9:
                    69:af:2f:c8:79:00:5f:01:b3:a4:32:7e:de:66:f9:
                    e6:31:a7:91:10:da:bd:9a:8f:4d:d8:2a:0c:34:57:
                    65:15:fd:9e:2d:5b:fa:12:ea:85:06:22:fa:ee:32:
                    3a:42:c3:82:57:85:cd:61:ac:72:0f:a2:7b:97:a6:
                    56:a8:d9:6a:d2:49:24:f6:ed:70:f2:00:3c:4d:42:
                    94:3b:53:13:0b:15:b6:19:ea:88:58:03:93:0f:6f:
                    57:01:a6:60:e9:3d:65:e5:a9:15:a8:7a:4d:bf:5d:
                    61:e2:2b:52:6f:f0:7f:fa:c5:13:e6:de:72:25:4c:
                    d9:fe:31:c6:54:c7:8f:7b:b2:92:43:73:29:bf:ff:
                    73:0b:58:23:5c:b3:80:00:b5:3f:af:ce:4b:76:07:
                    0b:ef:6f:7b:f3:7d:29:2c:0a:6b:af:f7:4a:46:ef:
                    8f:ac:70:54:8d:2b:7b:ba:4c:4f:17:48:9e:80:6d:
                    2a:0a:80:7f:66:27:96:5b:d0:c6:78:d9:33:82:f0:
                    b8:64:bf:22:f4:be:dd:e7:77:62:25:05:71:f4:85:
                    c8:32:08:48:40:45:52:ce:af:18:ac:d7:2d:6b:39:
                    14:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A4:6C:E1:44:3D:3C:46:9B:0B:2B:9C:31:D5:CA:1C:16:86:AE:11
            X509v3 Authority Key Identifier:
                keyid:21:46:E5:60:A3:F5:CA:C7:C6:4F:E0:F1:3B:E6:63:D9:4C:87:14:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/SqRs4UQ9PEabCyucMdXKHBaGrhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7380::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:42:c8:30:ff:9d:7d:a5:4b:5c:fa:5f:99:e2:24:07:f3:fe:
         e3:4e:d0:01:b6:79:bb:1b:f4:5f:83:2f:20:38:b3:49:39:23:
         99:22:2d:f5:42:fe:84:de:4c:9f:ac:96:87:5a:9e:3a:43:37:
         9c:64:6a:5a:32:2b:d6:a5:e5:45:76:89:13:ee:bc:fe:26:0d:
         7d:5f:12:21:54:f3:20:36:62:33:38:e0:65:cb:b7:8e:b4:f4:
         85:f0:3c:1e:54:99:78:af:53:c6:e7:45:04:21:8e:88:51:51:
         c8:ec:c0:8d:d7:7e:b4:db:77:31:35:7f:12:79:d5:74:f1:8c:
         b3:30:db:f2:3c:b5:e3:58:c4:a5:cc:42:81:12:07:c5:7f:b0:
         a3:f7:e8:8d:24:c0:25:5d:60:65:67:43:29:11:d4:fd:39:6d:
         7a:82:10:84:62:b2:f7:ae:8e:7d:dc:21:b7:d0:e4:f1:9f:08:
         45:a7:49:fe:66:af:ab:0d:56:39:8d:ec:3b:31:65:b8:53:94:
         a4:13:0d:5b:47:2d:fd:31:49:06:64:cc:8e:88:13:78:a2:6e:
         a4:8a:d2:ae:9e:ba:a4:b0:ee:0e:c0:66:e5:dc:98:94:be:2e:
         a6:7e:73:3c:a8:2c:4d:5d:f0:7d:d4:86:16:84:d5:9d:2c:0c:
         ac:88:ae:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZM2gC1nvFCddIRBOBarbf2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNDZlNTYwYTNmNWNhYzdjNjRmZTBmMTNiZTY2M2Q5NGM4
NzE0NTMwHhcNMjQxMTE2MTk0MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWE0NmNlMTQ0M2QzYzQ2OWIwYjJiOWMzMWQ1Y2ExYzE2ODZhZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzx4DrMJ4WfDND1b9GpzbLecoxOO
gCs7ZEqh8tlpry/IeQBfAbOkMn7eZvnmMaeRENq9mo9N2CoMNFdlFf2eLVv6EuqF
BiL67jI6QsOCV4XNYaxyD6J7l6ZWqNlq0kkk9u1w8gA8TUKUO1MTCxW2GeqIWAOT
D29XAaZg6T1l5akVqHpNv11h4itSb/B/+sUT5t5yJUzZ/jHGVMePe7KSQ3Mpv/9z
C1gjXLOAALU/r85LdgcL7297830pLAprr/dKRu+PrHBUjSt7ukxPF0iegG0qCoB/
ZieWW9DGeNkzgvC4ZL8i9L7d53diJQVx9IXIMghIQEVSzq8YrNctazkUkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEqkbOFEPTxGmwsrnDHVyhwWhq4RMB8GA1UdIwQY
MBaAFCFG5WCj9crHxk/g8TvmY9lMhxRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVVibFlLUDF5c2ZHVC1EeE8tWmoyVXlIRkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iMjdlYWQtOTZiZi00NTM3LTlhOTkt
NWJlNDY3NGI0NjdjLzEvU3FSczRVUTlQRWFiQ3l1Y01kWEtIQmFHcmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iMjdlYWQtOTZiZi00NTM3LTlhOTktNWJlNDY3NGI0Njdj
LzEvSVVibFlLUDF5c2ZHVC1EeE8tWmoyVXlIRkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRzgDAN
BgkqhkiG9w0BAQsFAAOCAQEAgkLIMP+dfaVLXPpfmeIkB/P+407QAbZ5uxv0X4Mv
IDizSTkjmSIt9UL+hN5Mn6yWh1qeOkM3nGRqWjIr1qXlRXaJE+68/iYNfV8SIVTz
IDZiMzjgZcu3jrT0hfA8HlSZeK9TxudFBCGOiFFRyOzAjdd+tNt3MTV/EnnVdPGM
szDb8jy141jEpcxCgRIHxX+wo/fojSTAJV1gZWdDKRHU/TlteoIQhGKy966Ofdwh
t9Dk8Z8IRadJ/mavqw1WOY3sOzFluFOUpBMNW0ct/TFJBmTMjogTeKJupIrSrp66
pLDuDsBm5dyYlL4upn5zPKgsTV3wfdSGFoTVnSwMrIiuTw==
-----END CERTIFICATE-----