Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/5fbTeiQF9DYc_ur50LWCniwJkMU.roa
File:                     5fbTeiQF9DYc_ur50LWCniwJkMU.roa (raw, json)
Hash identifier:          igu7/G6Y/PKDH8ZMqg9MVt9oXE/ltXGAZOtx9sQtnMg=
Subject key identifier:   E5:F6:D3:7A:24:05:F4:36:1C:FE:EA:F9:D0:B5:82:9E:2C:09:90:C5
Certificate issuer:       /CN=07077969a8b6a55c461adde106c006486a26359f
Certificate serial:       0194C1132B6EA55E701955E5E4298EE1C8EC
Authority key identifier: 07:07:79:69:A8:B6:A5:5C:46:1A:DD:E1:06:C0:06:48:6A:26:35:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bwd5aai2pVxGGt3hBsAGSGomNZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/5fbTeiQF9DYc_ur50LWCniwJkMU.roa
Signing time:             Sat 01 Feb 2025 10:34:06 +0000
ROA not before:           Sat 01 Feb 2025 10:34:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215679
IP address blocks:        2a14:7780::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/Bwd5aai2pVxGGt3hBsAGSGomNZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/Bwd5aai2pVxGGt3hBsAGSGomNZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bwd5aai2pVxGGt3hBsAGSGomNZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c1:13:2b:6e:a5:5e:70:19:55:e5:e4:29:8e:e1:c8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07077969a8b6a55c461adde106c006486a26359f
        Validity
            Not Before: Feb  1 10:34:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5f6d37a2405f4361cfeeaf9d0b5829e2c0990c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:51:ca:12:b5:c4:fd:60:13:9a:66:d3:99:
                    4f:ed:3a:b3:8f:31:ea:bd:63:2e:43:63:76:24:61:
                    05:d4:3d:27:4d:54:58:bf:b6:49:d9:3b:ec:ea:8d:
                    25:ba:6b:9f:75:f9:d0:39:94:b5:d0:5f:4b:bd:af:
                    c2:1e:89:fb:ab:f9:63:b5:8e:f5:54:d9:d7:d1:72:
                    89:c8:ca:74:01:c2:af:a4:21:12:0e:5b:ad:9f:cf:
                    ad:c5:1f:ee:4c:c9:5e:eb:d4:49:5d:95:94:4d:f0:
                    f9:3f:e9:ff:2c:d0:f4:43:50:97:ab:60:e0:b0:52:
                    d1:6d:5f:db:2c:34:c2:09:c1:40:a4:27:eb:a1:03:
                    77:f3:7a:31:34:0b:15:f6:2c:27:d0:65:70:73:07:
                    2c:4d:f4:59:e0:21:b5:b8:6f:45:51:be:36:f8:29:
                    8a:c6:b2:b8:51:40:4d:7b:f0:0e:fe:97:7c:5d:11:
                    66:e9:ef:1e:85:53:bb:6a:b3:1e:d6:d2:dd:53:cf:
                    0b:6f:6e:2a:8b:2b:f9:61:a7:7f:47:26:87:1b:11:
                    c6:ca:8d:ea:d6:c1:16:df:99:9c:6f:2e:6e:10:92:
                    12:74:f4:16:66:db:f6:10:55:40:12:7d:fe:eb:40:
                    75:69:e4:a6:af:98:c4:38:b4:9b:96:1c:30:e5:ac:
                    e1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F6:D3:7A:24:05:F4:36:1C:FE:EA:F9:D0:B5:82:9E:2C:09:90:C5
            X509v3 Authority Key Identifier:
                keyid:07:07:79:69:A8:B6:A5:5C:46:1A:DD:E1:06:C0:06:48:6A:26:35:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bwd5aai2pVxGGt3hBsAGSGomNZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/5fbTeiQF9DYc_ur50LWCniwJkMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/232047-b2e8-4fba-bdd5-c3fec45ed056/1/Bwd5aai2pVxGGt3hBsAGSGomNZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7780::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:a0:5b:43:51:c9:97:6c:e8:d8:01:24:90:84:08:94:b6:65:
         f6:2a:de:c9:03:59:8e:e1:76:0d:15:58:d5:84:a8:07:7b:38:
         7c:7f:3f:89:0a:21:2c:f5:f3:28:4a:69:aa:99:b4:4d:62:51:
         e6:10:dc:f9:e5:33:49:86:ad:55:0c:fe:7c:5a:88:70:e4:32:
         03:ea:ca:54:ef:60:b8:4e:1a:5b:e2:0a:d1:dc:58:83:07:b7:
         7d:d9:2e:97:52:3d:6d:d2:5c:eb:11:36:e3:59:a5:fe:42:0a:
         40:7a:56:fb:06:bf:16:18:e5:ac:24:5b:28:30:70:84:69:06:
         79:13:a4:45:64:63:5b:26:be:34:c0:62:45:ba:f0:7d:a3:70:
         0c:98:a3:cf:57:6c:66:c1:7a:74:7e:a4:f2:9e:aa:03:9a:36:
         ad:f4:2b:50:e1:47:de:62:8f:8f:15:47:88:08:99:42:f3:ea:
         99:5a:93:07:b3:81:9e:22:80:9f:59:ec:60:6b:63:03:3f:04:
         5e:13:2e:fa:0a:2f:d4:24:1d:61:2e:d1:23:0e:b4:ad:7e:91:
         f2:fb:d3:13:ad:3a:d9:72:58:f3:ef:93:0b:40:23:37:8d:8a:
         97:66:6b:b7:e4:29:10:e5:16:f3:82:26:0e:a7:89:19:40:c4:
         1b:aa:41:b0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZTBEytupV5wGVXl5CmO4cjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDc3OTY5YThiNmE1NWM0NjFhZGRlMTA2YzAwNjQ4NmEy
NjM1OWYwHhcNMjUwMjAxMTAzNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWY2ZDM3YTI0MDVmNDM2MWNmZWVhZjlkMGI1ODI5ZTJjMDk5MGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoihRyhK1xP1gE5pm05lP7TqzjzHq
vWMuQ2N2JGEF1D0nTVRYv7ZJ2Tvs6o0lumufdfnQOZS10F9Lva/CHon7q/ljtY71
VNnX0XKJyMp0AcKvpCESDlutn8+txR/uTMle69RJXZWUTfD5P+n/LND0Q1CXq2Dg
sFLRbV/bLDTCCcFApCfroQN383oxNAsV9iwn0GVwcwcsTfRZ4CG1uG9FUb42+CmK
xrK4UUBNe/AO/pd8XRFm6e8ehVO7arMe1tLdU88Lb24qiyv5Yad/RyaHGxHGyo3q
1sEW35mcby5uEJISdPQWZtv2EFVAEn3+60B1aeSmr5jEOLSblhww5azhUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOX203okBfQ2HP7q+dC1gp4sCZDFMB8GA1UdIwQY
MBaAFAcHeWmotqVcRhrd4QbABkhqJjWfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndkNWFhaTJwVnhHR3QzaEJzQUdTR29tTlo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yMzIwNDctYjJlOC00ZmJhLWJkZDUt
YzNmZWM0NWVkMDU2LzEvNWZiVGVpUUY5RFljX3VyNTBMV0NuaXdKa01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yMzIwNDctYjJlOC00ZmJhLWJkZDUtYzNmZWM0NWVkMDU2
LzEvQndkNWFhaTJwVnhHR3QzaEJzQUdTR29tTlo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhR3gDAN
BgkqhkiG9w0BAQsFAAOCAQEAa6BbQ1HJl2zo2AEkkIQIlLZl9ireyQNZjuF2DRVY
1YSoB3s4fH8/iQohLPXzKEppqpm0TWJR5hDc+eUzSYatVQz+fFqIcOQyA+rKVO9g
uE4aW+IK0dxYgwe3fdkul1I9bdJc6xE241ml/kIKQHpW+wa/FhjlrCRbKDBwhGkG
eROkRWRjWya+NMBiRbrwfaNwDJijz1dsZsF6dH6k8p6qA5o2rfQrUOFH3mKPjxVH
iAiZQvPqmVqTB7OBniKAn1nsYGtjAz8EXhMu+gov1CQdYS7RIw60rX6R8vvTE606
2XJY8++TC0AjN42Kl2Zrt+QpEOUW84ImDqeJGUDEG6pBsA==
-----END CERTIFICATE-----