Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/FQG0ejLSzUt4iA-ikpx0cAR2OKU.roa
File:                     FQG0ejLSzUt4iA-ikpx0cAR2OKU.roa (raw, json)
Hash identifier:          kXmpv8tYACCxfjQibnimCHCR1m+/Ufm2bbWZrvhXv8Y=
Subject key identifier:   15:01:B4:7A:32:D2:CD:4B:78:88:0F:A2:92:9C:74:70:04:76:38:A5
Certificate issuer:       /CN=4367547d851e3cd776cd33290b2454acc0e851bb
Certificate serial:       01942369DBAB0FC25FA82B01F16EF248A308
Authority key identifier: 43:67:54:7D:85:1E:3C:D7:76:CD:33:29:0B:24:54:AC:C0:E8:51:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/FQG0ejLSzUt4iA-ikpx0cAR2OKU.roa
Signing time:             Wed 01 Jan 2025 19:48:47 +0000
ROA not before:           Wed 01 Jan 2025 19:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214844
IP address blocks:        2a14:56c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:db:ab:0f:c2:5f:a8:2b:01:f1:6e:f2:48:a3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4367547d851e3cd776cd33290b2454acc0e851bb
        Validity
            Not Before: Jan  1 19:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1501b47a32d2cd4b78880fa2929c7470047638a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:19:4a:71:77:6a:aa:dd:69:70:73:d9:21:87:
                    6e:01:f2:1c:d8:74:89:d6:04:9d:b0:23:d8:31:c6:
                    5b:a5:1a:3a:1c:c2:91:8b:22:24:3f:bd:24:4f:41:
                    03:f6:c6:60:ef:f6:fe:25:7c:25:00:42:cc:0a:b9:
                    01:d7:eb:ce:68:95:55:a7:fc:72:ab:11:84:e9:79:
                    0c:2f:b7:01:0f:51:2d:7e:3e:40:ae:31:1c:0a:8c:
                    1f:eb:d2:f3:a2:8f:7b:29:e9:a1:01:14:8b:d8:11:
                    69:c2:9e:0d:72:4c:cc:f9:b2:23:6f:07:60:ab:3b:
                    e2:bc:f5:57:e4:18:12:53:14:6a:c0:a9:7b:d3:a9:
                    35:69:6b:11:86:ec:f6:2e:f0:5a:b4:6a:86:1d:6f:
                    89:e6:13:9f:d0:a9:de:bf:04:e2:eb:dd:49:95:2b:
                    09:27:44:f0:a9:d4:a5:3d:b7:9d:28:8c:f0:ed:16:
                    93:46:b3:03:11:24:f4:65:d4:7d:af:2a:4a:87:70:
                    31:c4:ed:c3:3e:98:2f:2e:6a:f3:f4:5b:1f:d5:7e:
                    7b:2c:cb:af:b0:52:aa:67:f8:35:84:c2:89:56:d1:
                    d4:20:14:75:28:28:96:63:19:11:61:ec:6f:b2:f6:
                    1f:49:1f:1b:fc:c7:6e:a8:03:67:b7:85:2b:76:96:
                    e3:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:01:B4:7A:32:D2:CD:4B:78:88:0F:A2:92:9C:74:70:04:76:38:A5
            X509v3 Authority Key Identifier:
                keyid:43:67:54:7D:85:1E:3C:D7:76:CD:33:29:0B:24:54:AC:C0:E8:51:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/FQG0ejLSzUt4iA-ikpx0cAR2OKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:56c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:93:9f:9d:d9:4d:b3:77:4c:e4:5c:79:0b:8d:a8:80:34:b3:
         46:5a:82:c0:68:c3:8d:12:7a:35:1e:3f:0f:4c:a7:62:89:b1:
         b1:ed:37:fa:19:1f:b7:4b:43:eb:c2:29:12:1d:3d:25:93:9f:
         04:3c:72:7e:0f:5f:1d:fc:86:0a:97:5b:67:72:ad:16:36:f9:
         28:eb:3b:62:51:db:cf:b9:cc:42:93:f7:f6:4e:b5:48:1c:8f:
         4d:be:60:7a:0d:49:1f:70:4b:c5:29:9c:6b:0b:21:2a:97:82:
         16:3e:12:fb:5e:58:04:42:bc:e0:5f:65:27:4a:9f:66:8b:24:
         ed:80:af:ea:c4:84:81:49:d6:43:4b:b4:b2:f3:54:07:59:60:
         56:84:38:f9:62:cb:ba:55:21:43:09:2a:1d:36:21:b7:ac:6c:
         aa:fe:a4:b6:44:ec:a8:f9:bc:49:1b:c5:e0:69:11:9b:77:98:
         ee:97:bf:4b:bb:ad:fe:6b:f2:e7:fd:3e:43:26:f2:42:cf:24:
         e7:2d:a3:a6:d9:fa:8f:6b:92:e8:35:bd:b4:77:e8:d5:06:69:
         d8:11:16:9f:3a:e9:d6:9f:7c:5f:76:e4:9a:83:27:65:56:ab:
         02:a2:f1:ff:60:5a:b0:bc:b7:df:c1:ba:f8:51:e1:cc:47:c4:
         0d:cc:5f:74
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjadurD8JfqCsB8W7ySKMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjc1NDdkODUxZTNjZDc3NmNkMzMyOTBiMjQ1NGFjYzBl
ODUxYmIwHhcNMjUwMTAxMTk0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTAxYjQ3YTMyZDJjZDRiNzg4ODBmYTI5MjljNzQ3MDA0NzYzOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRlKcXdqqt1pcHPZIYduAfIc2HSJ
1gSdsCPYMcZbpRo6HMKRiyIkP70kT0ED9sZg7/b+JXwlAELMCrkB1+vOaJVVp/xy
qxGE6XkML7cBD1Etfj5ArjEcCowf69Lzoo97KemhARSL2BFpwp4NckzM+bIjbwdg
qzvivPVX5BgSUxRqwKl706k1aWsRhuz2LvBatGqGHW+J5hOf0KnevwTi691JlSsJ
J0TwqdSlPbedKIzw7RaTRrMDEST0ZdR9rypKh3AxxO3DPpgvLmrz9Fsf1X57LMuv
sFKqZ/g1hMKJVtHUIBR1KCiWYxkRYexvsvYfSR8b/MduqANnt4UrdpbjRwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBUBtHoy0s1LeIgPopKcdHAEdjilMB8GA1UdIwQY
MBaAFENnVH2FHjzXds0zKQskVKzA6FG7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJkVWZZVWVQTmQyelRNcEN5UlVyTURvVWJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84NzRjODUtOWU3ZC00YWNlLTk1OGYt
ZGFiN2YwYzhkMjQwLzEvRlFHMGVqTFN6VXQ0aUEtaWtweDBjQVIyT0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84NzRjODUtOWU3ZC00YWNlLTk1OGYtZGFiN2YwYzhkMjQw
LzEvUTJkVWZZVWVQTmQyelRNcEN5UlVyTURvVWJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRWwDAN
BgkqhkiG9w0BAQsFAAOCAQEATpOfndlNs3dM5Fx5C42ogDSzRlqCwGjDjRJ6NR4/
D0ynYomxse03+hkft0tD68IpEh09JZOfBDxyfg9fHfyGCpdbZ3KtFjb5KOs7YlHb
z7nMQpP39k61SByPTb5geg1JH3BLxSmcawshKpeCFj4S+15YBEK84F9lJ0qfZosk
7YCv6sSEgUnWQ0u0svNUB1lgVoQ4+WLLulUhQwkqHTYht6xsqv6ktkTsqPm8SRvF
4GkRm3eY7pe/S7ut/mvy5/0+QybyQs8k5y2jptn6j2uS6DW9tHfo1QZp2BEWnzrp
1p98X3bkmoMnZVarAqLx/2BasLy338G6+FHhzEfEDcxfdA==
-----END CERTIFICATE-----