Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa
File:                     326131343a366634353a3a2f33362d3438203d3e203530323234.roa (raw, json)
Hash identifier:          mvEo9ltQv4jrZCOh4EYz0yzaY9D43IlA4B9MK3lgwdw=
Subject key identifier:   7A:73:59:2F:EA:14:9C:26:FE:54:4A:C9:CE:D5:A9:C6:4C:61:EA:08
Certificate issuer:       /CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
Certificate serial:       1811533A96BBC07B7ACF1C275BBFF8DF36D92D3E
Authority key identifier: 3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa
Signing time:             Fri 16 Aug 2024 16:54:55 +0000
ROA not before:           Fri 16 Aug 2024 16:49:55 +0000
ROA not after:            Fri 15 Aug 2025 16:54:55 +0000
asID:                     50224
IP address blocks:        2a14:6f45::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:11:53:3a:96:bb:c0:7b:7a:cf:1c:27:5b:bf:f8:df:36:d9:2d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
        Validity
            Not Before: Aug 16 16:49:55 2024 GMT
            Not After : Aug 15 16:54:55 2025 GMT
        Subject: CN=7A73592FEA149C26FE544AC9CED5A9C64C61EA08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b2:bd:37:c8:35:7f:34:5c:4f:f0:25:bb:6f:
                    cc:81:54:5c:4e:ec:a8:6f:65:75:a0:ad:3c:ce:36:
                    18:ac:7f:2c:74:c1:ca:33:40:53:16:e0:16:e2:53:
                    f3:c5:ed:fe:c8:fb:30:37:a8:a4:91:77:eb:3d:f6:
                    b9:7c:5a:ab:6c:4e:45:a3:0a:fb:fb:4d:4b:8a:99:
                    18:1d:8e:3d:66:65:ed:2b:01:fe:08:7f:11:4a:39:
                    d6:98:01:06:ed:81:d6:cf:10:b1:ea:49:c8:8f:ff:
                    13:13:ff:33:83:64:29:9e:ad:45:98:a1:a3:07:9c:
                    b5:59:2b:b6:da:89:60:18:c6:17:38:d1:a6:a5:1b:
                    fe:cd:45:ae:87:62:ec:10:9b:5f:f9:5f:b1:82:ae:
                    eb:53:ea:00:84:bc:8b:40:9b:17:dd:48:ab:1a:f8:
                    e2:5b:e3:05:a3:b5:26:da:ed:d9:31:05:cd:5c:be:
                    09:ea:18:92:19:07:5c:92:7d:9d:bc:5f:c4:6f:b9:
                    04:8a:00:38:3e:93:e1:01:2a:cd:1b:d2:72:d0:5c:
                    a0:c7:6a:e3:43:65:32:ac:14:b4:39:fe:27:78:6b:
                    2b:fb:41:6b:be:27:bd:21:83:8d:e1:e2:4a:f5:dd:
                    f9:75:36:41:cb:e5:eb:98:38:6e:65:98:d9:e8:96:
                    19:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:73:59:2F:EA:14:9C:26:FE:54:4A:C9:CE:D5:A9:C6:4C:61:EA:08
            X509v3 Authority Key Identifier:
                keyid:3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6f45::/36

    Signature Algorithm: sha256WithRSAEncryption
         1a:87:d6:6e:c0:a7:7d:f0:e3:51:ac:26:57:5e:66:03:74:86:
         fe:e9:2d:1f:85:3d:66:1f:b2:14:a3:4a:b2:ee:64:42:5c:c9:
         62:e9:a3:a9:9b:c0:11:99:c2:12:d2:39:f0:f2:5f:16:65:41:
         da:ae:11:2b:64:ba:77:c4:4f:d1:bd:6d:36:66:39:3e:69:fa:
         3a:81:a5:b3:60:d6:fa:e3:61:74:ca:10:c0:11:19:aa:ad:79:
         b3:6a:b7:5f:81:11:df:41:9b:b6:66:25:ec:e0:e0:ea:9d:a5:
         2a:f7:b5:1c:cc:25:38:df:7f:20:ff:67:37:2d:90:b8:5b:03:
         f9:30:db:39:1f:bf:77:87:d3:6c:6a:78:c3:d9:1b:9e:66:9b:
         b0:05:8b:5d:53:e5:22:c5:80:e7:a5:f4:51:c0:a5:2f:da:6a:
         8f:2a:9d:bd:df:08:46:e9:82:1f:1c:76:38:69:ac:41:12:44:
         10:12:f8:1e:48:7a:12:26:ff:ed:cd:61:d9:32:a2:7c:85:9d:
         bc:e6:2c:66:9c:e9:2f:b7:f4:1b:a3:63:e1:7e:7c:44:ac:94:
         b3:9e:c2:80:c6:13:0d:30:ad:6e:1f:46:5d:ca:de:ca:96:cb:
         45:c8:a5:d8:b9:e2:48:79:bb:7c:d4:a3:84:b1:04:8c:ce:9a:
         b0:e2:e7:0f
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUGBFTOpa7wHt6zxwnW7/43zbZLT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2VlZWJiOTQ2YThkMjFkNDA4M2M5M2RjMDljZWU1NTdi
YjJhYzMyZTAeFw0yNDA4MTYxNjQ5NTVaFw0yNTA4MTUxNjU0NTVaMDMxMTAvBgNV
BAMTKDdBNzM1OTJGRUExNDlDMjZGRTU0NEFDOUNFRDVBOUM2NEM2MUVBMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYsr03yDV/NFxP8CW7b8yBVFxO
7KhvZXWgrTzONhisfyx0wcozQFMW4BbiU/PF7f7I+zA3qKSRd+s99rl8WqtsTkWj
Cvv7TUuKmRgdjj1mZe0rAf4IfxFKOdaYAQbtgdbPELHqSciP/xMT/zODZCmerUWY
oaMHnLVZK7baiWAYxhc40aalG/7NRa6HYuwQm1/5X7GCrutT6gCEvItAmxfdSKsa
+OJb4wWjtSba7dkxBc1cvgnqGJIZB1ySfZ28X8RvuQSKADg+k+EBKs0b0nLQXKDH
auNDZTKsFLQ5/id4ayv7QWu+J70hg43h4kr13fl1NkHL5euYOG5lmNnolhnXAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQUenNZL+oUnCb+VErJztWpxkxh6ggwHwYDVR0j
BBgwFoAUPu67lGqNIdQIPJPcCc7lV7sqwy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmZmN2E5ODktZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5
YjNkLzQvM0VFRUJCOTQ2QThEMjFENDA4M0M5M0RDMDlDRUU1NTdCQjJBQzMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1B1NjdsR3FOSWRRSVBKUGNDYzdsVjdz
cXd5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmZmN2E5ODkt
ZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5YjNkLzQvMzI2MTMxMzQzYTM2NjYzNDM1
M2EzYTJmMzMzNjJkMzQzODIwM2QzZTIwMzUzMDMyMzIzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoU
b0UAMA0GCSqGSIb3DQEBCwUAA4IBAQAah9ZuwKd98ONRrCZXXmYDdIb+6S0fhT1m
H7IUo0qy7mRCXMli6aOpm8ARmcIS0jnw8l8WZUHarhErZLp3xE/RvW02Zjk+afo6
gaWzYNb642F0yhDAERmqrXmzardfgRHfQZu2ZiXs4ODqnaUq97UczCU4338g/2c3
LZC4WwP5MNs5H793h9NsanjD2RueZpuwBYtdU+UixYDnpfRRwKUv2mqPKp293whG
6YIfHHY4aaxBEkQQEvgeSHoSJv/tzWHZMqJ8hZ285ixmnOkvt/Qbo2PhfnxErJSz
nsKAxhMNMK1uH0Zdyt7KlstFyKXYueJIebt81KOEsQSMzpqw4ucP
-----END CERTIFICATE-----