Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/G8N3qTa4VczFzinJ5WzomATxm3g.roa
File:                     G8N3qTa4VczFzinJ5WzomATxm3g.roa (raw, json)
Hash identifier:          9nI91Hj8CyleS8L7CFcjCsRKa59524cSRX5eWMKZBYE=
Subject key identifier:   1B:C3:77:A9:36:B8:55:CC:C5:CE:29:C9:E5:6C:E8:98:04:F1:9B:78
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       0194D074DAD4E31D3806D98D7F48F4EFF484
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/G8N3qTa4VczFzinJ5WzomATxm3g.roa
Signing time:             Tue 04 Feb 2025 10:15:06 +0000
ROA not before:           Tue 04 Feb 2025 10:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213565
IP address blocks:        2a14:a900:bad0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d0:74:da:d4:e3:1d:38:06:d9:8d:7f:48:f4:ef:f4:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Feb  4 10:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bc377a936b855ccc5ce29c9e56ce89804f19b78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:11:43:f5:5c:67:7c:20:bf:1c:09:3e:a6:b4:
                    13:d0:f1:73:1a:10:b5:c5:37:0b:e0:83:e0:ab:06:
                    cd:b1:8a:ca:44:c0:fa:f0:a1:67:68:b9:02:07:26:
                    68:53:26:36:01:ac:7e:bf:9f:7b:9b:9e:1e:88:44:
                    be:9e:94:01:19:4e:54:97:71:f0:6e:80:e2:bc:04:
                    ba:01:cd:40:57:11:65:3a:f4:b2:72:5b:1a:95:26:
                    94:e4:db:be:4a:25:f3:42:09:f1:37:53:1f:40:02:
                    b8:97:a6:74:71:27:5b:dc:ee:38:a2:40:a4:77:2a:
                    de:4c:bb:1b:56:70:c1:db:48:89:aa:4e:fd:1b:62:
                    78:9a:2d:70:fd:76:bd:c1:0f:9b:0e:30:cc:de:1f:
                    1f:16:ef:c2:11:eb:bc:85:fa:56:aa:71:cc:67:09:
                    fc:dd:d7:7b:a8:41:f4:f8:96:05:93:50:c5:7d:bd:
                    52:62:cf:0b:25:4b:d8:c4:34:e0:94:cd:61:91:c0:
                    d1:a1:7d:5d:d9:69:fb:43:e5:79:9b:c9:4d:47:01:
                    2f:a0:56:12:d7:44:6a:25:33:98:5e:2b:b5:77:b8:
                    b1:97:0a:48:de:1e:24:1b:39:40:5c:a7:ce:82:b6:
                    0f:d8:e6:1e:7f:e3:72:1d:ea:fd:24:3c:8f:e3:dc:
                    4c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C3:77:A9:36:B8:55:CC:C5:CE:29:C9:E5:6C:E8:98:04:F1:9B:78
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/G8N3qTa4VczFzinJ5WzomATxm3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a900:bad0::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:74:f9:f2:43:1f:44:53:e1:bb:f7:61:6e:cc:24:c8:e1:ce:
         c0:d1:e8:e1:1d:8f:b1:95:be:4f:f1:5e:b9:42:f3:b7:7b:7c:
         29:29:e2:42:28:d8:4d:c2:f9:bb:e3:5f:42:c9:49:e6:ff:07:
         61:44:65:55:37:06:b6:46:81:9a:5f:32:e7:c7:10:86:58:20:
         cf:5a:20:1c:11:2a:ab:ab:f6:5d:b2:c7:4f:e3:08:21:c8:b1:
         f3:e9:df:07:8f:16:a0:18:54:4f:3c:df:5a:c8:7f:50:1e:de:
         96:ce:96:fe:00:95:10:78:f6:ad:ff:3b:a3:f9:18:a6:9c:b8:
         d9:65:2f:60:a2:29:91:a4:3a:3e:a5:1d:69:05:d1:52:55:30:
         12:2e:53:e3:67:dc:30:e7:ee:8d:af:ad:02:76:0a:39:33:2a:
         5a:6b:f7:84:41:b2:14:9c:0a:a2:ff:99:1c:01:7d:17:70:f6:
         ad:91:4a:04:42:36:d4:d5:3a:09:16:a0:41:5f:92:b1:c2:2c:
         e0:d7:ef:4e:13:65:91:7d:e4:df:42:c7:59:bb:bd:71:4f:4e:
         23:31:9d:a6:9a:a1:02:e7:61:de:e4:b4:84:1b:73:86:f5:05:
         70:59:52:f6:75:0a:f4:ad:53:60:3d:1c:92:55:a6:f6:71:65:
         60:88:70:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZTQdNrU4x04BtmNf0j07/SEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjUwMjA0MTAxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmMzNzdhOTM2Yjg1NWNjYzVjZTI5YzllNTZjZTg5ODA0ZjE5Yjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBFD9VxnfCC/HAk+prQT0PFzGhC1
xTcL4IPgqwbNsYrKRMD68KFnaLkCByZoUyY2Aax+v597m54eiES+npQBGU5Ul3Hw
boDivAS6Ac1AVxFlOvSyclsalSaU5Nu+SiXzQgnxN1MfQAK4l6Z0cSdb3O44okCk
dyreTLsbVnDB20iJqk79G2J4mi1w/Xa9wQ+bDjDM3h8fFu/CEeu8hfpWqnHMZwn8
3dd7qEH0+JYFk1DFfb1SYs8LJUvYxDTglM1hkcDRoX1d2Wn7Q+V5m8lNRwEvoFYS
10RqJTOYXiu1d7ixlwpI3h4kGzlAXKfOgrYP2OYef+NyHer9JDyP49xMdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBvDd6k2uFXMxc4pyeVs6JgE8Zt4MB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEvRzhOM3FUYTRWY3pGemluSjVXem9tQVR4bTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSpALrQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB3dPnyQx9EU+G792FuzCTI4c7A0ejhHY+xlb5P
8V65QvO3e3wpKeJCKNhNwvm7419CyUnm/wdhRGVVNwa2RoGaXzLnxxCGWCDPWiAc
ESqrq/ZdssdP4wghyLHz6d8HjxagGFRPPN9ayH9QHt6Wzpb+AJUQePat/zuj+Rim
nLjZZS9goimRpDo+pR1pBdFSVTASLlPjZ9ww5+6Nr60Cdgo5Mypaa/eEQbIUnAqi
/5kcAX0XcPatkUoEQjbU1ToJFqBBX5Kxwizg1+9OE2WRfeTfQsdZu71xT04jMZ2m
mqEC52He5LSEG3OG9QVwWVL2dQr0rVNgPRySVab2cWVgiHAh
-----END CERTIFICATE-----