Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/326131343a3763333a3a2f33322d3332203d3e203531333936.roa
File:                     326131343a3763333a3a2f33322d3332203d3e203531333936.roa (raw, json)
Hash identifier:          swEmOtRBANSURUkC8oP18rU+bEaeNqiLke2+k10HScI=
Subject key identifier:   4E:34:6B:81:3B:2F:58:F9:B7:F2:53:C2:25:76:7A:76:AC:C5:50:0B
Certificate issuer:       /CN=74442e33a8f61580b6b4dfc4828d95e07891f4bc
Certificate serial:       0886AC53FE6F7AA7EE2245FF0957A6F7CA703882
Authority key identifier: 74:44:2E:33:A8:F6:15:80:B6:B4:DF:C4:82:8D:95:E0:78:91:F4:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dEQuM6j2FYC2tN_Ego2V4HiR9Lw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/326131343a3763333a3a2f33322d3332203d3e203531333936.roa
Signing time:             Wed 13 Mar 2024 18:12:12 +0000
ROA not before:           Wed 13 Mar 2024 18:07:12 +0000
ROA not after:            Wed 12 Mar 2025 18:12:12 +0000
asID:                     51396
IP address blocks:        2a14:7c3::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/74442E33A8F61580B6B4DFC4828D95E07891F4BC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/74442E33A8F61580B6B4DFC4828D95E07891F4BC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dEQuM6j2FYC2tN_Ego2V4HiR9Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:86:ac:53:fe:6f:7a:a7:ee:22:45:ff:09:57:a6:f7:ca:70:38:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74442e33a8f61580b6b4dfc4828d95e07891f4bc
        Validity
            Not Before: Mar 13 18:07:12 2024 GMT
            Not After : Mar 12 18:12:12 2025 GMT
        Subject: CN=4E346B813B2F58F9B7F253C225767A76ACC5500B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:da:34:8b:dd:8d:77:e1:18:c1:18:89:54:ce:
                    ab:30:33:32:5e:24:99:cc:51:29:15:6d:68:e7:61:
                    98:0e:ed:34:22:e4:e5:29:9c:e0:3d:47:9e:21:46:
                    e5:ec:24:95:98:0a:3b:21:16:42:24:6f:3a:74:e1:
                    8e:6c:a6:f0:76:1c:5d:16:aa:4b:b8:31:c8:b5:85:
                    0f:b6:7c:cc:77:62:f4:74:50:b2:18:fe:5d:23:ba:
                    02:2e:ea:75:6e:e4:0b:06:45:1f:75:72:d0:0a:be:
                    21:20:fd:f1:e5:bf:d2:29:c7:82:d0:b2:39:93:7b:
                    db:38:c8:8e:0e:35:a2:a7:9b:69:4c:d9:a5:ad:24:
                    da:b0:ea:8d:59:8a:47:69:89:1f:f1:1b:9d:98:44:
                    be:91:d4:54:cc:12:f9:29:66:11:7f:20:36:23:ce:
                    34:06:f3:e8:64:13:78:39:bb:24:ed:1f:a9:96:95:
                    1c:09:a2:7f:aa:e3:46:ec:d2:83:4f:fd:fa:4f:64:
                    26:2f:4c:28:10:22:cf:33:e3:1e:14:04:89:f1:7f:
                    b9:82:a1:a0:cd:68:34:6c:b8:dc:ed:66:31:e2:c8:
                    92:ab:23:a3:5d:26:24:af:44:36:19:9f:23:2a:b1:
                    f8:cf:13:db:63:cb:37:31:c5:c5:77:23:bd:1d:c2:
                    d7:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:34:6B:81:3B:2F:58:F9:B7:F2:53:C2:25:76:7A:76:AC:C5:50:0B
            X509v3 Authority Key Identifier:
                keyid:74:44:2E:33:A8:F6:15:80:B6:B4:DF:C4:82:8D:95:E0:78:91:F4:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/74442E33A8F61580B6B4DFC4828D95E07891F4BC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dEQuM6j2FYC2tN_Ego2V4HiR9Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ed998082-a17e-46c1-a5a8-7d197c958639/0/326131343a3763333a3a2f33322d3332203d3e203531333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:d1:0d:38:11:15:7c:16:cf:91:b5:6d:a1:43:62:8a:0b:db:
         3d:b8:d0:40:25:10:b8:78:22:c9:ea:8e:57:9a:b8:65:76:77:
         5d:70:76:9c:44:20:e7:3a:ed:65:e3:8c:f4:bd:9e:9e:27:02:
         4e:fd:52:bb:2e:d0:b4:e9:3f:e7:c8:53:6c:37:88:b2:da:50:
         a4:37:77:00:ee:b1:2a:e2:b3:39:be:fc:5d:ed:b3:8e:71:50:
         9d:94:13:31:14:d2:4d:0d:d1:bf:99:fc:bf:01:55:91:1a:1a:
         e9:4a:84:40:90:75:92:f3:e7:e8:53:d4:f2:8b:26:44:6d:65:
         a1:d9:67:3e:c4:40:e1:ed:d5:f3:9c:25:ad:71:a7:0f:8d:dc:
         3a:52:bc:3b:36:da:07:24:23:84:3c:9d:c1:fb:86:64:ee:9c:
         27:e1:9e:d9:6d:fa:24:1e:64:89:16:2f:52:2a:2c:e5:0d:77:
         1e:c3:28:34:a8:d9:88:31:02:eb:db:e5:35:1b:9e:f0:ad:c5:
         3d:35:8b:a5:7d:4f:57:fb:60:1c:fd:9f:7b:20:a0:24:64:43:
         57:f3:20:71:45:f7:bd:9d:c4:30:7e:6a:23:2d:a5:ae:3c:75:
         fb:f0:a0:1e:37:b8:04:f2:a0:d1:08:2c:12:0d:d1:66:2f:cc:
         2f:b3:ab:4f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUCIasU/5veqfuIkX/CVem98pwOIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzQ0NDJlMzNhOGY2MTU4MGI2YjRkZmM0ODI4ZDk1ZTA3
ODkxZjRiYzAeFw0yNDAzMTMxODA3MTJaFw0yNTAzMTIxODEyMTJaMDMxMTAvBgNV
BAMTKDRFMzQ2QjgxM0IyRjU4RjlCN0YyNTNDMjI1NzY3QTc2QUNDNTUwMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH2jSL3Y134RjBGIlUzqswMzJe
JJnMUSkVbWjnYZgO7TQi5OUpnOA9R54hRuXsJJWYCjshFkIkbzp04Y5spvB2HF0W
qku4Mci1hQ+2fMx3YvR0ULIY/l0jugIu6nVu5AsGRR91ctAKviEg/fHlv9Ipx4LQ
sjmTe9s4yI4ONaKnm2lM2aWtJNqw6o1ZikdpiR/xG52YRL6R1FTMEvkpZhF/IDYj
zjQG8+hkE3g5uyTtH6mWlRwJon+q40bs0oNP/fpPZCYvTCgQIs8z4x4UBInxf7mC
oaDNaDRsuNztZjHiyJKrI6NdJiSvRDYZnyMqsfjPE9tjyzcxxcV3I70dwtclAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUTjRrgTsvWPm38lPCJXZ6dqzFUAswHwYDVR0j
BBgwFoAUdEQuM6j2FYC2tN/Ego2V4HiR9LwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWQ5OTgwODItYTE3ZS00NmMxLWE1YTgtN2QxOTdjOTU4
NjM5LzAvNzQ0NDJFMzNBOEY2MTU4MEI2QjRERkM0ODI4RDk1RTA3ODkxRjRCQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RFUXVNNmoyRllDMnROX0VnbzJWNEhp
UjlMdy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWQ5OTgwODIt
YTE3ZS00NmMxLWE1YTgtN2QxOTdjOTU4NjM5LzAvMzI2MTMxMzQzYTM3NjMzMzNh
M2EyZjMzMzIyZDMzMzIyMDNkM2UyMDM1MzEzMzM5MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqFAfD
MA0GCSqGSIb3DQEBCwUAA4IBAQC00Q04ERV8Fs+RtW2hQ2KKC9s9uNBAJRC4eCLJ
6o5XmrhldnddcHacRCDnOu1l44z0vZ6eJwJO/VK7LtC06T/nyFNsN4iy2lCkN3cA
7rEq4rM5vvxd7bOOcVCdlBMxFNJNDdG/mfy/AVWRGhrpSoRAkHWS8+foU9TyiyZE
bWWh2Wc+xEDh7dXznCWtcacPjdw6Urw7NtoHJCOEPJ3B+4Zk7pwn4Z7ZbfokHmSJ
Fi9SKizlDXcewyg0qNmIMQLr2+U1G57wrcU9NYulfU9X+2Ac/Z97IKAkZENX8yBx
Rfe9ncQwfmojLaWuPHX78KAeN7gE8qDRCCwSDdFmL8wvs6tP
-----END CERTIFICATE-----