Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/7OOt-MnHsX07hiPdKHIMZaJ8wrg.roa
File:                     7OOt-MnHsX07hiPdKHIMZaJ8wrg.roa (raw, json)
Hash identifier:          7nZ90mtRGZWhPbm1Puw7IzZkWIgR1R3W35D51WFY05w=
Subject key identifier:   EC:E3:AD:F8:C9:C7:B1:7D:3B:86:23:DD:28:72:0C:65:A2:7C:C2:B8
Certificate issuer:       /CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
Certificate serial:       019600DF331B1DBAD4A716EF8D9F26BE406A
Authority key identifier: 29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/7OOt-MnHsX07hiPdKHIMZaJ8wrg.roa
Signing time:             Fri 04 Apr 2025 12:55:49 +0000
ROA not before:           Fri 04 Apr 2025 12:55:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149428
IP address blocks:        2a14:c882:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:df:33:1b:1d:ba:d4:a7:16:ef:8d:9f:26:be:40:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
        Validity
            Not Before: Apr  4 12:55:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ece3adf8c9c7b17d3b8623dd28720c65a27cc2b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:db:46:7e:08:c8:23:55:ee:3a:af:14:4a:cb:
                    6c:6d:b7:94:2d:53:cf:77:ee:e0:ef:da:92:93:1d:
                    82:77:f5:2e:13:45:44:8d:90:04:e9:c9:04:a2:19:
                    e0:2f:1b:d4:00:59:cd:00:85:b6:29:82:e0:7e:40:
                    83:9b:32:4f:e6:78:db:c4:7d:92:c7:df:08:4d:c5:
                    bf:e3:17:a7:8c:27:d4:1c:b8:da:a2:88:ac:27:3f:
                    f7:35:ae:0d:2b:70:0a:07:e0:b9:2a:f6:9b:ce:14:
                    e2:22:27:10:ef:e5:fe:5b:da:db:de:a0:56:27:47:
                    57:a8:3b:7e:2e:3b:32:9b:04:72:bf:4a:28:12:df:
                    19:f5:07:98:8c:dc:29:f7:3c:e0:9f:42:b7:f2:35:
                    d4:a2:50:bd:3e:28:2f:bb:45:e5:12:81:c2:89:48:
                    31:ed:b2:a4:dc:51:81:df:33:ac:c7:cd:f0:66:af:
                    3a:25:0f:21:23:59:aa:52:c4:2b:19:fd:9b:87:e8:
                    80:eb:94:19:a6:8d:6e:36:c3:c5:78:b9:d1:19:f5:
                    8e:21:c8:b6:58:8b:d0:64:e2:0e:4c:89:cc:a8:52:
                    b4:36:cf:3d:19:b9:72:e0:41:6f:70:d5:09:51:13:
                    c0:e1:41:16:73:32:e1:76:be:e7:bc:d1:19:7c:18:
                    ee:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E3:AD:F8:C9:C7:B1:7D:3B:86:23:DD:28:72:0C:65:A2:7C:C2:B8
            X509v3 Authority Key Identifier:
                keyid:29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/7OOt-MnHsX07hiPdKHIMZaJ8wrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c882:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         89:bf:c5:bf:35:18:db:f1:3a:40:40:ab:20:84:c7:3c:7d:3d:
         8c:28:18:53:22:ab:c0:f0:cf:04:dc:35:d1:2a:43:e2:81:5d:
         86:ea:9f:98:91:33:44:46:45:f4:a7:ca:b5:15:62:95:a1:89:
         6b:2e:3e:fe:9d:43:d7:61:47:2c:ec:ef:9d:de:45:32:c0:8c:
         72:ce:bf:5f:61:bb:32:21:b9:00:9b:71:33:d0:1c:44:c8:05:
         34:f9:30:fe:73:dc:eb:13:9d:30:5f:24:cb:76:26:06:fd:01:
         07:de:5d:73:94:44:04:15:14:a7:b0:c9:e8:b6:4b:c5:5c:2c:
         03:bd:55:6d:11:ed:fa:9a:78:5c:66:88:d7:dc:77:db:45:f3:
         8a:9c:83:c9:82:b9:94:ce:41:ac:f3:ae:96:e0:ba:da:c9:a6:
         c3:3b:84:ce:70:a5:a3:dd:b1:05:87:7c:bf:72:48:9d:6a:db:
         24:a4:f4:36:d6:96:a1:a3:fb:ea:59:ae:fa:cd:e4:0d:8f:e3:
         0a:76:35:c8:d7:97:08:a3:97:08:22:31:9f:ec:b8:c1:bd:96:
         7e:b5:69:3e:04:57:5a:87:88:ee:5a:4c:8f:db:03:d3:1c:0c:
         a2:27:19:87:83:6a:9c:9d:e8:f2:3a:a8:8f:12:f9:dd:d9:4c:
         cb:db:6b:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYA3zMbHbrUpxbvjZ8mvkBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmE3ZGQ2M2YyZTJkODdiNWY3ODUwMDkzYzc0M2JiZmJl
MTRlNDQwHhcNMjUwNDA0MTI1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2UzYWRmOGM5YzdiMTdkM2I4NjIzZGQyODcyMGM2NWEyN2NjMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwttGfgjII1XuOq8USstsbbeULVPP
d+7g79qSkx2Cd/UuE0VEjZAE6ckEohngLxvUAFnNAIW2KYLgfkCDmzJP5njbxH2S
x98ITcW/4xenjCfUHLjaooisJz/3Na4NK3AKB+C5KvabzhTiIicQ7+X+W9rb3qBW
J0dXqDt+LjsymwRyv0ooEt8Z9QeYjNwp9zzgn0K38jXUolC9Pigvu0XlEoHCiUgx
7bKk3FGB3zOsx83wZq86JQ8hI1mqUsQrGf2bh+iA65QZpo1uNsPFeLnRGfWOIci2
WIvQZOIOTInMqFK0Ns89Gbly4EFvcNUJURPA4UEWczLhdr7nvNEZfBju7wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOzjrfjJx7F9O4Yj3ShyDGWifMK4MB8GA1UdIwQY
MBaAFCn6fdY/Li2HtfeFAJPHQ7v74U5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUt
NzlmN2I2ZWE3YzE0LzEvN09PdC1NbkhzWDA3aGlQZEtISU1aYUo4d3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUtNzlmN2I2ZWE3YzE0
LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhTIgoAw
DQYJKoZIhvcNAQELBQADggEBAIm/xb81GNvxOkBAqyCExzx9PYwoGFMiq8DwzwTc
NdEqQ+KBXYbqn5iRM0RGRfSnyrUVYpWhiWsuPv6dQ9dhRyzs753eRTLAjHLOv19h
uzIhuQCbcTPQHETIBTT5MP5z3OsTnTBfJMt2Jgb9AQfeXXOURAQVFKewyei2S8Vc
LAO9VW0R7fqaeFxmiNfcd9tF84qcg8mCuZTOQazzrpbgutrJpsM7hM5wpaPdsQWH
fL9ySJ1q2ySk9DbWlqGj++pZrvrN5A2P4wp2NcjXlwijlwgiMZ/suMG9ln61aT4E
V1qHiO5aTI/bA9McDKInGYeDapyd6PI6qI8S+d3ZTMvba6c=
-----END CERTIFICATE-----