Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/KDytCj01Z8HV3jbDjoNUphJ9ZqE.roa
File:                     KDytCj01Z8HV3jbDjoNUphJ9ZqE.roa (raw, json)
Hash identifier:          tpuGPSXore2CO2e6MYBfrJ1Vug8cc9qaaZfG9lHKTHs=
Subject key identifier:   28:3C:AD:0A:3D:35:67:C1:D5:DE:36:C3:8E:83:54:A6:12:7D:66:A1
Certificate issuer:       /CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
Certificate serial:       0194221FD8B6C7A458AC270BB8E94CADEB70
Authority key identifier: 07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/KDytCj01Z8HV3jbDjoNUphJ9ZqE.roa
Signing time:             Wed 01 Jan 2025 13:48:19 +0000
ROA not before:           Wed 01 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a14:6:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d8:b6:c7:a4:58:ac:27:0b:b8:e9:4c:ad:eb:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
        Validity
            Not Before: Jan  1 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=283cad0a3d3567c1d5de36c38e8354a6127d66a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:90:12:8a:2e:2d:8b:1d:df:a8:af:2a:d2:6b:
                    16:af:45:f7:48:3d:d5:1e:28:8a:44:49:e3:6c:17:
                    08:1a:2e:88:d3:ae:50:de:ef:e8:35:4c:78:2a:e6:
                    61:95:61:76:72:3d:65:19:c8:05:3b:be:2d:0a:9b:
                    04:bc:bb:95:20:f5:43:fc:32:77:ce:ab:af:08:18:
                    fb:6d:45:ce:b9:29:4c:35:b1:08:91:ff:b0:74:d5:
                    21:47:d2:aa:35:ea:b2:e9:0b:bd:28:18:37:d7:3c:
                    d3:be:37:31:05:23:2b:70:74:41:5a:63:05:92:b0:
                    33:e5:42:b8:62:87:9f:ee:68:16:b3:1c:37:66:9c:
                    f9:d3:20:a3:11:31:ac:ec:3d:ea:3e:51:dc:9f:5c:
                    f3:15:ff:f3:e5:5f:5c:e3:d6:a5:69:82:fa:b7:11:
                    d4:f0:44:9f:23:e4:29:dc:52:a7:86:24:19:61:f4:
                    87:a5:03:d7:c0:e9:14:93:b1:af:2d:d0:df:4e:16:
                    61:af:c3:d3:61:fe:37:5c:fa:0f:c1:58:0a:e0:f4:
                    74:31:0a:67:20:8b:64:39:0d:a8:e8:d9:74:86:c7:
                    ee:7c:59:e6:bf:6d:12:0a:c8:9a:92:5a:92:8a:16:
                    c6:0b:3a:ab:d1:08:59:ae:32:e5:42:a3:f5:66:69:
                    a8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:3C:AD:0A:3D:35:67:C1:D5:DE:36:C3:8E:83:54:A6:12:7D:66:A1
            X509v3 Authority Key Identifier:
                keyid:07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/KDytCj01Z8HV3jbDjoNUphJ9ZqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:cd:7b:ce:0c:e6:5f:ac:4c:d1:16:4b:4b:28:4f:de:29:4d:
         64:cb:76:ef:f4:42:ed:0c:6b:42:df:fb:7e:6c:80:a2:de:6b:
         af:63:af:df:ee:f9:f2:73:d4:5d:92:ab:ba:54:0c:86:a0:e7:
         06:86:c8:ab:7f:e9:39:10:db:dc:17:18:ef:a2:fb:48:29:8b:
         bc:de:43:35:22:29:48:5d:0f:a3:a5:e5:f1:84:26:d8:8f:40:
         85:b8:ca:e7:05:ed:8e:8f:ea:e6:e8:c2:8d:11:9a:57:3f:23:
         42:27:52:42:22:13:83:83:8b:0e:c6:9b:9e:42:ba:17:84:84:
         3a:c8:11:14:3f:a3:4c:ad:14:15:b1:70:7e:7d:73:92:fb:ef:
         ee:9b:17:2a:69:ba:92:ba:41:17:21:14:7a:20:3b:40:43:83:
         51:5c:66:34:58:3f:f7:a6:c4:85:2a:9d:4e:43:70:eb:7e:24:
         ac:1a:f1:58:19:87:91:9f:7b:b4:57:1b:36:54:94:d6:b4:6e:
         4a:d7:4c:5d:3b:ec:73:15:29:fd:fd:67:cc:3f:7d:e5:3c:75:
         39:cf:ad:e3:4d:1c:cc:67:2b:a0:28:05:51:e7:c6:eb:87:ca:
         b1:eb:35:7e:4f:11:d3:ee:03:d0:41:f0:90:90:ef:b3:6d:25:
         bb:93:14:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH9i2x6RYrCcLuOlMretwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjBiYTU5YjFjNzZjZjIwZGM0MzgyZTVhMjg1NGQ3MTQy
YzI2YmEwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODNjYWQwYTNkMzU2N2MxZDVkZTM2YzM4ZTgzNTRhNjEyN2Q2NmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZASii4tix3fqK8q0msWr0X3SD3V
HiiKREnjbBcIGi6I065Q3u/oNUx4KuZhlWF2cj1lGcgFO74tCpsEvLuVIPVD/DJ3
zquvCBj7bUXOuSlMNbEIkf+wdNUhR9KqNeqy6Qu9KBg31zzTvjcxBSMrcHRBWmMF
krAz5UK4Yoef7mgWsxw3Zpz50yCjETGs7D3qPlHcn1zzFf/z5V9c49alaYL6txHU
8ESfI+Qp3FKnhiQZYfSHpQPXwOkUk7GvLdDfThZhr8PTYf43XPoPwVgK4PR0MQpn
IItkOQ2o6Nl0hsfufFnmv20SCsiaklqSihbGCzqr0QhZrjLlQqP1ZmmoowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCg8rQo9NWfB1d42w46DVKYSfWahMB8GA1UdIwQY
MBaAFAfwulmxx2zyDcQ4LlooVNcULCa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTkt
MjIwMGIzY2M1N2U2LzEvS0R5dENqMDFaOEhWM2piRGpvTlVwaEo5WnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTktMjIwMGIzY2M1N2U2
LzEvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQABgAR
MA0GCSqGSIb3DQEBCwUAA4IBAQAHzXvODOZfrEzRFktLKE/eKU1ky3bv9ELtDGtC
3/t+bICi3muvY6/f7vnyc9Rdkqu6VAyGoOcGhsirf+k5ENvcFxjvovtIKYu83kM1
IilIXQ+jpeXxhCbYj0CFuMrnBe2Oj+rm6MKNEZpXPyNCJ1JCIhODg4sOxpueQroX
hIQ6yBEUP6NMrRQVsXB+fXOS++/umxcqabqSukEXIRR6IDtAQ4NRXGY0WD/3psSF
Kp1OQ3DrfiSsGvFYGYeRn3u0Vxs2VJTWtG5K10xdO+xzFSn9/WfMP33lPHU5z63j
TRzMZyugKAVR58brh8qx6zV+TxHT7gPQQfCQkO+zbSW7kxSD
-----END CERTIFICATE-----