Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/c571ce-ef3a-4a28-b5b8-fea236f54034/1/nZAWWVMmtESroqhC0PS3Wx64m1g.roa
File:                     nZAWWVMmtESroqhC0PS3Wx64m1g.roa (raw, json)
Hash identifier:          qpLibwBGLw83uqsHA4XHZBFcLuSXya9DooLiBQa7gxM=
Subject key identifier:   9D:90:16:59:53:26:B4:44:AB:A2:A8:42:D0:F4:B7:5B:1E:B8:9B:58
Certificate issuer:       /CN=e3463594c377cd5887de9078b4b2e8cdc4d3ae5b
Certificate serial:       0197EE3A512A402C962CDB72F8ABFA9F931E
Authority key identifier: E3:46:35:94:C3:77:CD:58:87:DE:90:78:B4:B2:E8:CD:C4:D3:AE:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/40Y1lMN3zViH3pB4tLLozcTTrls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/c571ce-ef3a-4a28-b5b8-fea236f54034/1/nZAWWVMmtESroqhC0PS3Wx64m1g.roa
Signing time:             Wed 09 Jul 2025 08:08:08 +0000
ROA not before:           Wed 09 Jul 2025 08:08:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201647
IP address blocks:        2a14:5700::/29 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/c571ce-ef3a-4a28-b5b8-fea236f54034/1/40Y1lMN3zViH3pB4tLLozcTTrls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/c571ce-ef3a-4a28-b5b8-fea236f54034/1/40Y1lMN3zViH3pB4tLLozcTTrls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/40Y1lMN3zViH3pB4tLLozcTTrls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:3a:51:2a:40:2c:96:2c:db:72:f8:ab:fa:9f:93:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3463594c377cd5887de9078b4b2e8cdc4d3ae5b
        Validity
            Not Before: Jul  9 08:08:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d9016595326b444aba2a842d0f4b75b1eb89b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:43:e0:23:c7:63:db:36:a9:57:56:7d:f8:18:
                    74:12:a3:82:7b:52:fd:b0:0a:e1:f3:96:6e:24:1b:
                    65:28:df:8e:93:77:f8:02:82:a5:d2:e9:94:26:ea:
                    dc:d3:2e:9a:44:01:e8:a7:a1:70:78:aa:73:6a:d9:
                    4a:a1:1c:1b:be:6e:5e:cd:cf:78:89:4d:94:96:c5:
                    da:c5:36:1a:91:fc:a3:97:8e:62:b5:38:f1:9d:3d:
                    00:dc:7c:5f:1c:c0:4a:db:96:53:f4:89:0b:84:c5:
                    b6:f8:98:62:2a:46:3c:9c:5a:7c:a9:79:04:9f:d2:
                    2c:9d:96:09:f1:6e:2c:01:60:5b:84:aa:77:5e:cf:
                    3c:84:7a:db:e2:66:bf:4b:38:22:bf:94:03:e6:c7:
                    fa:ef:48:52:9b:b3:34:53:f7:f7:96:06:e1:4e:c1:
                    d2:98:0b:13:c7:15:4e:f7:2a:67:75:4d:64:91:22:
                    d9:ab:6d:ae:a8:6e:99:ce:f0:93:91:76:3d:c5:8c:
                    c7:fb:45:24:41:00:e3:09:6d:74:35:75:f0:0f:9c:
                    56:17:ab:3a:39:e6:d0:46:04:ab:62:e9:be:55:15:
                    1d:7d:a9:a6:d0:ce:25:1d:bc:39:64:6c:44:d6:44:
                    0e:82:39:28:8f:4f:82:5c:f5:46:e4:0e:b8:1e:3e:
                    e7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:90:16:59:53:26:B4:44:AB:A2:A8:42:D0:F4:B7:5B:1E:B8:9B:58
            X509v3 Authority Key Identifier:
                keyid:E3:46:35:94:C3:77:CD:58:87:DE:90:78:B4:B2:E8:CD:C4:D3:AE:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/40Y1lMN3zViH3pB4tLLozcTTrls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/c571ce-ef3a-4a28-b5b8-fea236f54034/1/nZAWWVMmtESroqhC0PS3Wx64m1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/c571ce-ef3a-4a28-b5b8-fea236f54034/1/40Y1lMN3zViH3pB4tLLozcTTrls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5700::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:94:3a:34:e1:f1:ee:e0:a6:93:8f:60:cc:6d:cd:aa:1a:5c:
         a1:12:06:c9:57:a3:36:43:1c:90:a3:96:a7:9e:ac:7e:64:14:
         ae:54:e8:58:9a:a7:2d:3a:81:9b:c8:44:4d:72:0a:7e:8a:dd:
         65:03:4c:cc:80:da:ba:cf:26:2c:86:a9:9f:34:f5:b4:33:b1:
         18:3e:fc:d3:2d:4b:d5:02:af:82:eb:27:2e:55:13:08:b7:95:
         62:fb:29:66:ed:12:58:c2:de:23:62:7c:76:de:c6:07:a2:28:
         75:8b:51:da:0c:96:9c:94:d2:a5:71:9d:aa:cd:ca:0f:cb:29:
         21:38:eb:98:06:31:36:8e:cd:4d:5e:81:5a:13:cb:6a:a8:ff:
         26:b8:73:d9:7f:0a:33:b8:a0:a4:15:b0:5f:23:6f:8b:1e:09:
         e1:7d:9f:18:8d:21:36:89:cd:f0:7e:ea:77:3f:90:58:d3:a7:
         2f:0c:06:6c:bd:44:3f:0d:31:53:cd:7d:0a:14:e9:cb:8a:c3:
         12:20:bd:af:ad:e4:d9:7b:5e:fc:4d:b8:80:dd:de:2e:4f:10:
         1b:9b:bc:b8:33:de:88:07:7f:3c:b5:8e:3c:7b:8c:45:6f:b1:
         5a:d3:2c:92:d2:cb:0d:cd:28:37:e9:0d:72:57:60:88:84:98:
         12:5d:db:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfuOlEqQCyWLNty+Kv6n5MeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNDYzNTk0YzM3N2NkNTg4N2RlOTA3OGI0YjJlOGNkYzRk
M2FlNWIwHhcNMjUwNzA5MDgwODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDkwMTY1OTUzMjZiNDQ0YWJhMmE4NDJkMGY0Yjc1YjFlYjg5YjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkPgI8dj2zapV1Z9+Bh0EqOCe1L9
sArh85ZuJBtlKN+Ok3f4AoKl0umUJurc0y6aRAHop6FweKpzatlKoRwbvm5ezc94
iU2UlsXaxTYakfyjl45itTjxnT0A3HxfHMBK25ZT9IkLhMW2+JhiKkY8nFp8qXkE
n9IsnZYJ8W4sAWBbhKp3Xs88hHrb4ma/Szgiv5QD5sf670hSm7M0U/f3lgbhTsHS
mAsTxxVO9ypndU1kkSLZq22uqG6ZzvCTkXY9xYzH+0UkQQDjCW10NXXwD5xWF6s6
OebQRgSrYum+VRUdfamm0M4lHbw5ZGxE1kQOgjkoj0+CXPVG5A64Hj7nZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ2QFllTJrREq6KoQtD0t1seuJtYMB8GA1UdIwQY
MBaAFONGNZTDd81Yh96QeLSy6M3E065bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDBZMWxNTjN6VmlIM3BCNHRMTG96Y1RUcmxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jNTcxY2UtZWYzYS00YTI4LWI1Yjgt
ZmVhMjM2ZjU0MDM0LzEvblpBV1dWTW10RVNyb3FoQzBQUzNXeDY0bTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jNTcxY2UtZWYzYS00YTI4LWI1YjgtZmVhMjM2ZjU0MDM0
LzEvNDBZMWxNTjN6VmlIM3BCNHRMTG96Y1RUcmxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRXADAN
BgkqhkiG9w0BAQsFAAOCAQEADZQ6NOHx7uCmk49gzG3NqhpcoRIGyVejNkMckKOW
p56sfmQUrlToWJqnLTqBm8hETXIKfordZQNMzIDaus8mLIapnzT1tDOxGD780y1L
1QKvgusnLlUTCLeVYvspZu0SWMLeI2J8dt7GB6IodYtR2gyWnJTSpXGdqs3KD8sp
ITjrmAYxNo7NTV6BWhPLaqj/Jrhz2X8KM7igpBWwXyNvix4J4X2fGI0hNonN8H7q
dz+QWNOnLwwGbL1EPw0xU819ChTpy4rDEiC9r63k2Xte/E24gN3eLk8QG5u8uDPe
iAd/PLWOPHuMRW+xWtMsktLLDc0oN+kNcldgiISYEl3bfg==
-----END CERTIFICATE-----