Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4b9a4c-802d-4b1e-94fe-c8f56c122fec/1/b-r28Bu4MGj-UsbsE6JV2xkR_Kg.roa
File:                     b-r28Bu4MGj-UsbsE6JV2xkR_Kg.roa (raw, json)
Hash identifier:          CYtDxQh2JoY//+IHHkS7DA+4Jm80AdOA6Xho21YVow0=
Subject key identifier:   6F:EA:F6:F0:1B:B8:30:68:FE:52:C6:EC:13:A2:55:DB:19:11:FC:A8
Certificate issuer:       /CN=2384674ea007a12030ac8d2be560db21f4fc0b99
Certificate serial:       0195CDB4FAFCC253040A3D85B34C52736CB5
Authority key identifier: 23:84:67:4E:A0:07:A1:20:30:AC:8D:2B:E5:60:DB:21:F4:FC:0B:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I4RnTqAHoSAwrI0r5WDbIfT8C5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4b9a4c-802d-4b1e-94fe-c8f56c122fec/1/b-r28Bu4MGj-UsbsE6JV2xkR_Kg.roa
Signing time:             Tue 25 Mar 2025 14:29:04 +0000
ROA not before:           Tue 25 Mar 2025 14:29:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56821
IP address blocks:        2a14:9880::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4b9a4c-802d-4b1e-94fe-c8f56c122fec/1/I4RnTqAHoSAwrI0r5WDbIfT8C5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4b9a4c-802d-4b1e-94fe-c8f56c122fec/1/I4RnTqAHoSAwrI0r5WDbIfT8C5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I4RnTqAHoSAwrI0r5WDbIfT8C5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:b4:fa:fc:c2:53:04:0a:3d:85:b3:4c:52:73:6c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2384674ea007a12030ac8d2be560db21f4fc0b99
        Validity
            Not Before: Mar 25 14:29:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6feaf6f01bb83068fe52c6ec13a255db1911fca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:18:18:c8:c5:1a:08:84:fb:55:09:92:30:d0:
                    9c:7e:7f:1b:da:69:0a:a6:29:71:12:21:8c:5e:ea:
                    11:26:09:99:50:ce:70:1e:6f:21:9d:6e:8c:e1:f8:
                    c3:b2:26:34:b1:8b:63:92:c8:6b:bc:aa:48:b5:1b:
                    8c:e8:ee:99:c0:cb:14:0f:a2:73:1b:b1:d0:61:ca:
                    18:e6:12:7f:e8:35:60:5f:87:5c:b5:cb:d6:14:e2:
                    72:15:2a:77:c5:b9:8b:f8:9a:28:64:f1:71:36:7b:
                    0e:50:1c:fb:4c:7d:2b:8f:66:1f:d3:45:50:18:10:
                    68:d3:b6:5a:39:5a:45:c4:3e:3c:0c:0a:1a:c7:3b:
                    6f:ca:67:af:72:ec:d6:54:88:bd:f7:96:e5:cc:48:
                    b7:47:6b:d9:34:cf:58:45:95:d6:af:11:b5:7f:16:
                    4f:c6:19:52:41:29:28:d5:e5:09:8b:40:1a:7d:b1:
                    ef:9b:00:e9:d4:f2:ac:f4:77:74:b5:ba:31:d4:85:
                    a8:af:9c:08:64:7e:4b:37:e5:2e:34:17:f9:a2:72:
                    0c:e3:de:d6:a0:91:31:78:ff:24:fd:0b:75:9b:48:
                    bb:03:b9:8a:03:a1:37:7c:a7:75:6c:ee:8a:15:83:
                    8d:ef:54:41:f2:9b:e9:ba:cf:17:fa:db:08:d3:d3:
                    58:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:EA:F6:F0:1B:B8:30:68:FE:52:C6:EC:13:A2:55:DB:19:11:FC:A8
            X509v3 Authority Key Identifier:
                keyid:23:84:67:4E:A0:07:A1:20:30:AC:8D:2B:E5:60:DB:21:F4:FC:0B:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I4RnTqAHoSAwrI0r5WDbIfT8C5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4b9a4c-802d-4b1e-94fe-c8f56c122fec/1/b-r28Bu4MGj-UsbsE6JV2xkR_Kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4b9a4c-802d-4b1e-94fe-c8f56c122fec/1/I4RnTqAHoSAwrI0r5WDbIfT8C5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9880::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:dc:c5:2c:fd:e4:8c:f9:74:eb:19:b3:75:73:ad:56:72:0e:
         66:cd:a6:1a:53:29:e3:7c:4b:ec:fc:d3:d2:03:34:2b:e0:34:
         a2:ea:e3:f0:ce:f5:1d:45:35:fd:f7:e0:de:cc:e9:54:c3:32:
         f8:82:95:82:15:0f:c0:1d:e7:41:0b:fd:fe:c8:dc:ac:cc:81:
         5e:4a:5b:dc:16:37:97:e7:c0:49:a3:93:11:bd:48:8c:c8:b5:
         f4:75:6f:cb:75:61:37:16:9c:a5:8e:b1:7d:da:d7:33:0a:5d:
         05:54:01:89:9a:bc:bb:4c:cd:6d:8e:89:4b:7b:89:5a:58:67:
         3b:a9:6b:69:91:8f:5e:9a:cb:ed:ed:63:c4:a6:70:72:15:b0:
         3d:34:4f:61:fc:76:74:22:80:6e:e2:d1:a8:0c:2a:e2:88:55:
         c2:13:38:8b:d0:26:16:8a:ac:ea:8f:3b:4c:0a:53:a3:08:fb:
         79:7a:ae:e7:c9:24:a3:0e:f5:1f:c0:b4:24:83:a0:28:90:c0:
         f7:e5:2b:b9:13:9a:58:1e:60:85:6c:96:e0:32:2a:05:49:6e:
         a6:3e:0f:46:5f:19:fc:ef:62:3d:7a:e1:cd:bd:71:03:19:6d:
         12:18:4c:30:18:b7:3f:ce:f9:6f:72:b2:a1:e4:0c:98:2e:a1:
         67:bf:ca:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXNtPr8wlMECj2Fs0xSc2y1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzODQ2NzRlYTAwN2ExMjAzMGFjOGQyYmU1NjBkYjIxZjRm
YzBiOTkwHhcNMjUwMzI1MTQyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmVhZjZmMDFiYjgzMDY4ZmU1MmM2ZWMxM2EyNTVkYjE5MTFmY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRgYyMUaCIT7VQmSMNCcfn8b2mkK
pilxEiGMXuoRJgmZUM5wHm8hnW6M4fjDsiY0sYtjkshrvKpItRuM6O6ZwMsUD6Jz
G7HQYcoY5hJ/6DVgX4dctcvWFOJyFSp3xbmL+JooZPFxNnsOUBz7TH0rj2Yf00VQ
GBBo07ZaOVpFxD48DAoaxztvymevcuzWVIi995blzEi3R2vZNM9YRZXWrxG1fxZP
xhlSQSko1eUJi0AafbHvmwDp1PKs9Hd0tbox1IWor5wIZH5LN+UuNBf5onIM497W
oJExeP8k/Qt1m0i7A7mKA6E3fKd1bO6KFYON71RB8pvpus8X+tsI09NYzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG/q9vAbuDBo/lLG7BOiVdsZEfyoMB8GA1UdIwQY
MBaAFCOEZ06gB6EgMKyNK+Vg2yH0/AuZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTRSblRxQUhvU0F3ckkwcjVXRGJJZlQ4QzVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YjlhNGMtODAyZC00YjFlLTk0ZmUt
YzhmNTZjMTIyZmVjLzEvYi1yMjhCdTRNR2otVXNic0U2SlYyeGtSX0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YjlhNGMtODAyZC00YjFlLTk0ZmUtYzhmNTZjMTIyZmVj
LzEvSTRSblRxQUhvU0F3ckkwcjVXRGJJZlQ4QzVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSYgDAN
BgkqhkiG9w0BAQsFAAOCAQEASdzFLP3kjPl06xmzdXOtVnIOZs2mGlMp43xL7PzT
0gM0K+A0ourj8M71HUU1/ffg3szpVMMy+IKVghUPwB3nQQv9/sjcrMyBXkpb3BY3
l+fASaOTEb1IjMi19HVvy3VhNxacpY6xfdrXMwpdBVQBiZq8u0zNbY6JS3uJWlhn
O6lraZGPXprL7e1jxKZwchWwPTRPYfx2dCKAbuLRqAwq4ohVwhM4i9AmFoqs6o87
TApTowj7eXqu58kkow71H8C0JIOgKJDA9+UruROaWB5ghWyW4DIqBUlupj4PRl8Z
/O9iPXrhzb1xAxltEhhMMBi3P875b3KyoeQMmC6hZ7/Krg==
-----END CERTIFICATE-----