Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/326131343a3763323a3a2f33322d3438203d3e203531333936.roa
File:                     326131343a3763323a3a2f33322d3438203d3e203531333936.roa (raw, json)
Hash identifier:          ro2tiIb0y98ci2Mvd7MRFv2Axe3lU6c0dN5tM94DBRk=
Subject key identifier:   8A:94:0E:4A:9B:D3:66:39:6E:95:1F:82:CC:BA:75:DF:1A:77:F7:8D
Certificate issuer:       /CN=74442e33a8f61580b6b4dfc4828d95e07891f4bc
Certificate serial:       6759108F8C4EF73E570A8DE048C7C5EA58D896C7
Authority key identifier: 74:44:2E:33:A8:F6:15:80:B6:B4:DF:C4:82:8D:95:E0:78:91:F4:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEQuM6j2FYC2tN_Ego2V4HiR9Lw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/326131343a3763323a3a2f33322d3438203d3e203531333936.roa
Signing time:             Sat 02 Mar 2024 10:27:35 +0000
ROA not before:           Sat 02 Mar 2024 10:22:35 +0000
ROA not after:            Sat 01 Mar 2025 10:27:35 +0000
asID:                     51396
IP address blocks:        2a14:7c2::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/74442E33A8F61580B6B4DFC4828D95E07891F4BC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/74442E33A8F61580B6B4DFC4828D95E07891F4BC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dEQuM6j2FYC2tN_Ego2V4HiR9Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:59:10:8f:8c:4e:f7:3e:57:0a:8d:e0:48:c7:c5:ea:58:d8:96:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74442e33a8f61580b6b4dfc4828d95e07891f4bc
        Validity
            Not Before: Mar  2 10:22:35 2024 GMT
            Not After : Mar  1 10:27:35 2025 GMT
        Subject: CN=8A940E4A9BD366396E951F82CCBA75DF1A77F78D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:85:fc:fc:fc:f2:e7:7c:ef:62:5f:a2:b0:
                    16:ee:3a:cb:f3:34:fc:87:3a:b9:ff:ba:bd:3b:54:
                    2e:82:56:1d:d5:26:7a:46:5f:70:76:9f:c3:76:8e:
                    c4:95:5a:1f:21:9b:33:56:92:43:4e:6f:ab:32:f4:
                    26:45:ef:fa:40:d3:b3:de:4a:fc:cc:a1:07:c2:81:
                    3b:ab:bc:d3:96:f8:8e:d5:8b:12:76:28:35:63:c1:
                    6c:2c:1e:f3:a3:89:4d:c8:94:0c:0e:9c:26:51:98:
                    88:b3:aa:38:e4:e8:01:44:eb:62:39:b7:20:60:42:
                    4a:fd:f0:3d:95:f3:7e:bd:fd:04:dc:16:ba:9a:f5:
                    6c:c2:1f:98:74:5b:d8:a0:f6:5e:5a:fa:78:3a:c7:
                    c0:23:c7:26:72:eb:29:68:80:79:46:0a:d5:75:5b:
                    08:23:f2:95:fd:ae:0e:30:a0:05:7b:cb:fe:38:00:
                    b7:d6:48:26:a2:36:dd:de:78:ad:49:8d:86:b0:67:
                    c0:5a:92:d4:aa:18:da:02:61:53:55:c0:4e:a2:c3:
                    a8:64:d9:73:57:54:ae:15:5a:a5:d4:14:38:bf:6f:
                    02:a9:cc:2c:c6:b3:22:26:f9:10:99:d9:c1:65:3b:
                    2d:5c:92:da:77:8b:78:fb:5b:fc:e6:fb:ed:b5:6f:
                    f6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:94:0E:4A:9B:D3:66:39:6E:95:1F:82:CC:BA:75:DF:1A:77:F7:8D
            X509v3 Authority Key Identifier:
                keyid:74:44:2E:33:A8:F6:15:80:B6:B4:DF:C4:82:8D:95:E0:78:91:F4:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/74442E33A8F61580B6B4DFC4828D95E07891F4BC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEQuM6j2FYC2tN_Ego2V4HiR9Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/326131343a3763323a3a2f33322d3438203d3e203531333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:0b:a8:1b:84:62:21:fc:8c:ac:5c:bf:cc:2d:a8:e3:04:e9:
         dd:93:b6:3f:7a:f0:bf:e3:7f:c4:91:00:67:3f:b6:ce:80:c4:
         eb:a8:85:b5:59:4b:ff:e8:b7:48:38:d2:dc:86:f8:c2:5a:94:
         6f:46:0b:9d:32:1f:04:9d:d3:f1:3c:e2:3a:33:af:83:42:58:
         95:6e:f3:cd:1d:f5:cd:1a:74:7d:03:9f:8b:ff:26:12:a1:9f:
         67:d1:3a:0e:61:5a:46:4b:44:55:1d:7d:da:5e:79:37:6c:18:
         9e:29:6d:ac:6a:07:21:14:07:05:9f:95:dd:e5:bb:93:21:e5:
         97:12:ee:49:71:50:e3:75:dc:3e:d6:fb:f4:6e:f9:e5:41:e5:
         38:ea:9c:a6:3d:87:a3:95:5a:43:91:9f:21:47:88:db:51:64:
         2a:e5:86:c5:f6:19:9d:e1:67:6e:28:5d:30:cb:1b:ff:19:b8:
         89:bc:fa:2b:d6:d2:ce:41:57:58:31:75:a5:c8:2e:6f:f5:b3:
         44:7f:06:5e:e3:69:db:2d:f5:51:57:c7:1d:8a:16:76:d6:45:
         d5:b2:cc:f9:df:cf:18:24:b3:08:48:4e:f7:fb:73:13:b7:a9:
         2a:28:5e:75:bc:08:29:c3:71:0d:9e:e6:d7:bc:49:82:e9:39:
         a8:0f:55:b1
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUZ1kQj4xO9z5XCo3gSMfF6ljYlscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzQ0NDJlMzNhOGY2MTU4MGI2YjRkZmM0ODI4ZDk1ZTA3
ODkxZjRiYzAeFw0yNDAzMDIxMDIyMzVaFw0yNTAzMDExMDI3MzVaMDMxMTAvBgNV
BAMTKDhBOTQwRTRBOUJEMzY2Mzk2RTk1MUY4MkNDQkE3NURGMUE3N0Y3OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzAYX8/Pzy53zvYl+isBbuOsvz
NPyHOrn/ur07VC6CVh3VJnpGX3B2n8N2jsSVWh8hmzNWkkNOb6sy9CZF7/pA07Pe
SvzMoQfCgTurvNOW+I7VixJ2KDVjwWwsHvOjiU3IlAwOnCZRmIizqjjk6AFE62I5
tyBgQkr98D2V8369/QTcFrqa9WzCH5h0W9ig9l5a+ng6x8AjxyZy6ylogHlGCtV1
Wwgj8pX9rg4woAV7y/44ALfWSCaiNt3eeK1JjYawZ8BaktSqGNoCYVNVwE6iw6hk
2XNXVK4VWqXUFDi/bwKpzCzGsyIm+RCZ2cFlOy1cktp3i3j7W/zm++21b/bPAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUipQOSpvTZjlulR+CzLp13xp3940wHwYDVR0j
BBgwFoAUdEQuM6j2FYC2tN/Ego2V4HiR9LwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWQ5OTgwODItYTE3ZS00NmMxLWE1YTgtN2QxOTdjOTU4
NjM5LzAvNzQ0NDJFMzNBOEY2MTU4MEI2QjRERkM0ODI4RDk1RTA3ODkxRjRCQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RFUXVNNmoyRllDMnROX0VnbzJWNEhp
UjlMdy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWQ5OTgwODIt
YTE3ZS00NmMxLWE1YTgtN2QxOTdjOTU4NjM5LzAvMzI2MTMxMzQzYTM3NjMzMjNh
M2EyZjMzMzIyZDM0MzgyMDNkM2UyMDM1MzEzMzM5MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqFAfC
MA0GCSqGSIb3DQEBCwUAA4IBAQCLC6gbhGIh/IysXL/MLajjBOndk7Y/evC/43/E
kQBnP7bOgMTrqIW1WUv/6LdIONLchvjCWpRvRgudMh8EndPxPOI6M6+DQliVbvPN
HfXNGnR9A5+L/yYSoZ9n0ToOYVpGS0RVHX3aXnk3bBieKW2sagchFAcFn5Xd5buT
IeWXEu5JcVDjddw+1vv0bvnlQeU46pymPYejlVpDkZ8hR4jbUWQq5YbF9hmd4Wdu
KF0wyxv/GbiJvPor1tLOQVdYMXWlyC5v9bNEfwZe42nbLfVRV8cdihZ21kXVssz5
388YJLMISE73+3MTt6kqKF51vAgpw3ENnubXvEmC6TmoD1Wx
-----END CERTIFICATE-----