Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/OWBphSnGzM3NfjUoWcPjDVRSYgc.roa
File:                     OWBphSnGzM3NfjUoWcPjDVRSYgc.roa (raw, json)
Hash identifier:          Z7ei4v1I8GPTdYYpZ1qHi9JiBDA34PMAtoRsAnkH2B0=
Subject key identifier:   39:60:69:85:29:C6:CC:CD:CD:7E:35:28:59:C3:E3:0D:54:52:62:07
Certificate issuer:       /CN=d716209d7def98a2bb34977f65009b3520da256e
Certificate serial:       019425FC2B0D2FC0E85198D9D3C16B3FC399
Authority key identifier: D7:16:20:9D:7D:EF:98:A2:BB:34:97:7F:65:00:9B:35:20:DA:25:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/OWBphSnGzM3NfjUoWcPjDVRSYgc.roa
Signing time:             Thu 02 Jan 2025 07:47:50 +0000
ROA not before:           Thu 02 Jan 2025 07:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        2a14:1bc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:2b:0d:2f:c0:e8:51:98:d9:d3:c1:6b:3f:c3:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d716209d7def98a2bb34977f65009b3520da256e
        Validity
            Not Before: Jan  2 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3960698529c6cccdcd7e352859c3e30d54526207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:04:3a:1e:8f:59:41:83:5e:59:48:36:69:86:
                    0b:fa:8e:fa:ea:57:f1:2c:3c:45:0d:8a:fc:8f:0a:
                    30:dd:e7:89:3f:26:ec:37:8d:3c:3b:ed:3b:8c:f9:
                    60:5c:fd:78:9f:e9:a1:02:0c:81:1f:2d:67:be:64:
                    44:9e:d5:d9:7e:f7:75:1c:b2:70:d0:5f:a3:7d:67:
                    e8:92:be:74:c8:24:bd:55:a9:0d:8c:71:e1:e3:e2:
                    44:cc:e6:34:c5:8e:af:96:ec:eb:c8:ff:54:b9:25:
                    bb:9c:8b:9c:bc:10:12:e8:89:16:0d:4d:7b:85:e8:
                    5d:a3:eb:e3:f7:20:21:1a:fe:ba:94:c5:74:f4:dd:
                    9a:30:8d:38:75:05:7b:7c:9f:87:38:fb:95:af:0f:
                    81:61:d5:b2:b3:c0:52:6f:91:6a:1e:a9:a8:bd:ef:
                    fe:9e:1b:8a:e2:bc:85:4b:55:a9:72:63:bc:85:83:
                    f5:f8:62:b4:dd:53:ed:11:a6:71:0a:8a:06:7b:55:
                    a6:33:8b:7f:ac:ae:e8:87:5b:f6:6c:92:60:05:fd:
                    ae:3e:14:0a:99:6f:95:ab:1c:90:d9:43:c4:13:42:
                    1e:08:73:a2:3a:b0:df:d2:c3:26:a3:41:f8:d1:42:
                    63:b7:79:c8:b7:b9:dd:a0:2a:5b:4b:6d:37:ac:67:
                    28:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:60:69:85:29:C6:CC:CD:CD:7E:35:28:59:C3:E3:0D:54:52:62:07
            X509v3 Authority Key Identifier:
                keyid:D7:16:20:9D:7D:EF:98:A2:BB:34:97:7F:65:00:9B:35:20:DA:25:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/OWBphSnGzM3NfjUoWcPjDVRSYgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:7c:15:36:18:f1:bf:77:a1:03:71:3f:f5:47:ae:0a:5c:99:
         99:4a:8a:71:20:a0:59:88:5b:7c:11:54:3d:4b:a1:90:1b:37:
         fe:2c:89:fd:e2:47:df:9c:6c:cc:2e:3b:7c:db:5e:f3:9c:d8:
         14:ec:d8:a8:cd:d8:81:da:ab:9f:16:40:29:de:e9:bd:02:e1:
         82:52:30:8a:35:72:b7:08:ce:6c:b1:11:fb:2d:72:89:d5:b7:
         d6:9b:fd:df:b7:8b:08:d8:36:45:a5:85:40:c0:72:c9:48:62:
         7f:29:a2:fb:f1:f1:ba:08:0b:22:27:90:94:3e:e7:ec:ee:f5:
         1b:1d:ee:1c:26:5b:15:9a:e5:8c:0d:10:2a:a9:7d:65:6a:8c:
         5b:c3:46:9e:46:85:50:5e:56:c8:c7:79:7d:65:34:23:c1:ac:
         35:3f:d2:91:12:c9:24:1a:a9:4a:7e:bc:34:dc:bd:d5:50:7d:
         b1:1b:07:c1:88:20:ef:03:69:e4:0e:eb:bf:07:6b:e4:33:77:
         1f:a7:6e:a7:0c:59:d9:e9:e6:3f:d9:48:ae:be:3c:6b:ff:84:
         45:8b:3a:8b:b0:21:d9:32:de:c8:19:b4:38:da:10:ea:2c:39:
         f7:0d:b0:ed:99:52:18:c5:fd:f9:64:66:5f:85:2e:9b:3c:64:
         85:95:71:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/CsNL8DoUZjZ08FrP8OZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MTYyMDlkN2RlZjk4YTJiYjM0OTc3ZjY1MDA5YjM1MjBk
YTI1NmUwHhcNMjUwMTAyMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTYwNjk4NTI5YzZjY2NkY2Q3ZTM1Mjg1OWMzZTMwZDU0NTI2MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wQ6Ho9ZQYNeWUg2aYYL+o766lfx
LDxFDYr8jwow3eeJPybsN408O+07jPlgXP14n+mhAgyBHy1nvmREntXZfvd1HLJw
0F+jfWfokr50yCS9VakNjHHh4+JEzOY0xY6vluzryP9UuSW7nIucvBAS6IkWDU17
hehdo+vj9yAhGv66lMV09N2aMI04dQV7fJ+HOPuVrw+BYdWys8BSb5FqHqmove/+
nhuK4ryFS1WpcmO8hYP1+GK03VPtEaZxCooGe1WmM4t/rK7oh1v2bJJgBf2uPhQK
mW+VqxyQ2UPEE0IeCHOiOrDf0sMmo0H40UJjt3nIt7ndoCpbS203rGcoXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDlgaYUpxszNzX41KFnD4w1UUmIHMB8GA1UdIwQY
MBaAFNcWIJ1975iiuzSXf2UAmzUg2iVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXhZZ25YM3ZtS0s3TkpkX1pRQ2JOU0RhSlc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iNTJlMDItM2FmOC00ZWJiLTk5ZDMt
ODUxZDljMDQ0ZTcwLzEvT1dCcGhTbkd6TTNOZmpVb1djUGpEVlJTWWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iNTJlMDItM2FmOC00ZWJiLTk5ZDMtODUxZDljMDQ0ZTcw
LzEvMXhZZ25YM3ZtS0s3TkpkX1pRQ2JOU0RhSlc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQbwDAN
BgkqhkiG9w0BAQsFAAOCAQEAfnwVNhjxv3ehA3E/9UeuClyZmUqKcSCgWYhbfBFU
PUuhkBs3/iyJ/eJH35xszC47fNte85zYFOzYqM3YgdqrnxZAKd7pvQLhglIwijVy
twjObLER+y1yidW31pv937eLCNg2RaWFQMByyUhifymi+/HxuggLIieQlD7n7O71
Gx3uHCZbFZrljA0QKql9ZWqMW8NGnkaFUF5WyMd5fWU0I8GsNT/SkRLJJBqpSn68
NNy91VB9sRsHwYgg7wNp5A7rvwdr5DN3H6dupwxZ2enmP9lIrr48a/+ERYs6i7Ah
2TLeyBm0ONoQ6iw59w2w7ZlSGMX9+WRmX4UumzxkhZVxrQ==
-----END CERTIFICATE-----