Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/3HSmOb27A9jYqwiTq0Cm7Zx8Suc.roa
File:                     3HSmOb27A9jYqwiTq0Cm7Zx8Suc.roa (raw, json)
Hash identifier:          p7iRnUyIdymiYCTKZwVYZK/UrjvjaxDyHEVkDgTpuXI=
Subject key identifier:   DC:74:A6:39:BD:BB:03:D8:D8:AB:08:93:AB:40:A6:ED:9C:7C:4A:E7
Certificate issuer:       /CN=b22640351ab21a0dc7aaa15fab5b110977714a3c
Certificate serial:       0193221CC114FBB69E36706173FEE5252BD2
Authority key identifier: B2:26:40:35:1A:B2:1A:0D:C7:AA:A1:5F:AB:5B:11:09:77:71:4A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/siZANRqyGg3HqqFfq1sRCXdxSjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/3HSmOb27A9jYqwiTq0Cm7Zx8Suc.roa
Signing time:             Tue 12 Nov 2024 20:42:10 +0000
ROA not before:           Tue 12 Nov 2024 20:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        2a14:2ec0:586::/48 maxlen: 48
                          2a14:2ec0:edea::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/siZANRqyGg3HqqFfq1sRCXdxSjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/siZANRqyGg3HqqFfq1sRCXdxSjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/siZANRqyGg3HqqFfq1sRCXdxSjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:22:1c:c1:14:fb:b6:9e:36:70:61:73:fe:e5:25:2b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b22640351ab21a0dc7aaa15fab5b110977714a3c
        Validity
            Not Before: Nov 12 20:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc74a639bdbb03d8d8ab0893ab40a6ed9c7c4ae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:dc:23:3c:c7:12:fe:d6:43:af:41:83:40:
                    25:07:69:4c:f5:d7:d1:39:0f:63:c5:7d:cb:dc:aa:
                    bb:95:4e:93:1b:5d:f7:0c:44:bb:00:ec:f7:ad:aa:
                    90:e2:74:36:05:f1:d1:a1:f0:bd:4e:9a:67:01:68:
                    fe:12:6b:ea:72:48:91:37:f0:da:2d:a2:0c:94:44:
                    1f:76:f2:a4:73:4c:f4:2f:8f:da:1f:20:ec:08:68:
                    a9:02:a8:f6:27:fc:a3:5b:3e:1d:f7:2c:0e:e3:40:
                    9a:de:9a:c5:cd:e6:1a:e9:c8:80:2a:b4:0f:64:c3:
                    21:d6:09:81:d5:19:fb:7e:d2:39:16:a1:39:36:62:
                    e0:39:07:b1:02:5a:45:5d:3a:24:97:fb:c6:0f:8d:
                    90:81:fb:3b:75:72:56:db:74:a0:de:fc:3e:b6:f1:
                    bc:7b:6f:8b:cf:f7:37:73:54:e7:a5:4f:b6:b8:ca:
                    8c:fb:a6:fb:8c:2f:37:6b:bb:d1:fb:76:1e:8e:02:
                    a4:91:e3:48:95:21:f6:58:92:d9:b2:fa:8f:7c:bd:
                    00:74:b4:86:be:d9:e1:31:15:0f:f8:3f:9f:04:0f:
                    33:17:af:3c:5f:b3:f9:7d:b1:ee:30:78:4a:ba:64:
                    e0:0e:30:e9:eb:49:c7:47:dd:f6:b2:de:ab:47:3c:
                    ea:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:74:A6:39:BD:BB:03:D8:D8:AB:08:93:AB:40:A6:ED:9C:7C:4A:E7
            X509v3 Authority Key Identifier:
                keyid:B2:26:40:35:1A:B2:1A:0D:C7:AA:A1:5F:AB:5B:11:09:77:71:4A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/siZANRqyGg3HqqFfq1sRCXdxSjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/3HSmOb27A9jYqwiTq0Cm7Zx8Suc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e38ff0-469b-41e5-bbed-179e6e4290c0/1/siZANRqyGg3HqqFfq1sRCXdxSjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2ec0:586::/48
                  2a14:2ec0:edea::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:78:2e:f5:2b:6c:73:48:34:43:a2:fb:a4:c6:35:3d:83:0b:
         c3:2b:17:55:2d:0a:59:c5:70:81:98:80:1f:f2:90:4f:8e:4c:
         f7:6a:53:98:b5:4c:c6:23:d6:fe:eb:ef:8f:28:26:94:e4:72:
         5d:11:bb:3c:53:1d:f4:85:15:08:99:be:6f:51:1f:d4:58:32:
         d5:63:06:61:ff:b8:d4:b8:76:05:ce:05:2e:bb:7e:3e:bd:79:
         ed:e1:12:0b:5a:91:25:fe:db:5f:bb:d9:ea:bd:95:05:d1:b0:
         b6:2f:7d:20:bd:99:38:cc:da:15:af:ae:a7:07:9f:c0:72:1a:
         cd:99:53:80:7a:43:75:c1:15:24:c4:39:55:aa:b8:bc:ec:eb:
         9f:c2:4a:9f:0f:6e:a7:b3:d5:ae:c0:57:63:d1:44:e9:26:21:
         47:b1:d2:61:c1:1e:8c:fa:b0:a8:c6:65:c7:d2:0f:44:ef:56:
         c0:d6:b4:e2:2a:53:9d:7d:a7:97:ab:18:14:04:ca:f0:59:b5:
         3d:fa:53:03:5a:4e:68:51:a7:f6:af:d4:2c:c9:ef:1a:b2:86:
         0e:03:bb:79:cc:2e:b8:8f:81:18:4f:01:3d:39:54:82:3a:31:
         8e:e0:10:01:56:01:21:46:7e:5a:10:c6:5b:ce:e8:dc:b1:12:
         ed:66:a5:4c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMiHMEU+7aeNnBhc/7lJSvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMjY0MDM1MWFiMjFhMGRjN2FhYTE1ZmFiNWIxMTA5Nzc3
MTRhM2MwHhcNMjQxMTEyMjA0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc0YTYzOWJkYmIwM2Q4ZDhhYjA4OTNhYjQwYTZlZDljN2M0YWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRLcIzzHEv7WQ69Bg0AlB2lM9dfR
OQ9jxX3L3Kq7lU6TG133DES7AOz3raqQ4nQ2BfHRofC9TppnAWj+EmvqckiRN/Da
LaIMlEQfdvKkc0z0L4/aHyDsCGipAqj2J/yjWz4d9ywO40Ca3prFzeYa6ciAKrQP
ZMMh1gmB1Rn7ftI5FqE5NmLgOQexAlpFXTokl/vGD42Qgfs7dXJW23Sg3vw+tvG8
e2+Lz/c3c1TnpU+2uMqM+6b7jC83a7vR+3YejgKkkeNIlSH2WJLZsvqPfL0AdLSG
vtnhMRUP+D+fBA8zF688X7P5fbHuMHhKumTgDjDp60nHR932st6rRzzqKQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNx0pjm9uwPY2KsIk6tApu2cfErnMB8GA1UdIwQY
MBaAFLImQDUashoNx6qhX6tbEQl3cUo8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2laQU5ScXlHZzNIcXFGZnExc1JDWGR4U2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9lMzhmZjAtNDY5Yi00MWU1LWJiZWQt
MTc5ZTZlNDI5MGMwLzEvM0hTbU9iMjdBOWpZcXdpVHEwQ203Wng4U3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9lMzhmZjAtNDY5Yi00MWU1LWJiZWQtMTc5ZTZlNDI5MGMw
LzEvc2laQU5ScXlHZzNIcXFGZnExc1JDWGR4U2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhQuwAWG
AwcAKhQuwO3qMA0GCSqGSIb3DQEBCwUAA4IBAQAVeC71K2xzSDRDovukxjU9gwvD
KxdVLQpZxXCBmIAf8pBPjkz3alOYtUzGI9b+6++PKCaU5HJdEbs8Ux30hRUImb5v
UR/UWDLVYwZh/7jUuHYFzgUuu34+vXnt4RILWpEl/ttfu9nqvZUF0bC2L30gvZk4
zNoVr66nB5/AchrNmVOAekN1wRUkxDlVqri87OufwkqfD26ns9WuwFdj0UTpJiFH
sdJhwR6M+rCoxmXH0g9E71bA1rTiKlOdfaeXqxgUBMrwWbU9+lMDWk5oUaf2r9Qs
ye8asoYOA7t5zC64j4EYTwE9OVSCOjGO4BABVgEhRn5aEMZbzujcsRLtZqVM
-----END CERTIFICATE-----