Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/sQVxZ_lbDcaGAO6GQ4Uax3TrnbA.roa
File:                     sQVxZ_lbDcaGAO6GQ4Uax3TrnbA.roa (raw, json)
Hash identifier:          NBxjFtKEwZR8bN/MCO3rMHIc0Pkb+5FRotafl/NdAVw=
Subject key identifier:   B1:05:71:67:F9:5B:0D:C6:86:00:EE:86:43:85:1A:C7:74:EB:9D:B0
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       01946017105C008BA920F6EBDF18071A53A0
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/sQVxZ_lbDcaGAO6GQ4Uax3TrnbA.roa
Signing time:             Mon 13 Jan 2025 14:35:11 +0000
ROA not before:           Mon 13 Jan 2025 14:35:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207754
IP address blocks:        2a14:a900::/29 maxlen: 32
                          2a14:a900::/32 maxlen: 32
                          2a14:a900::/48 maxlen: 48
                          2a14:a900:fffe::/48 maxlen: 48
                          2a14:a900:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:17:10:5c:00:8b:a9:20:f6:eb:df:18:07:1a:53:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Jan 13 14:35:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1057167f95b0dc68600ee8643851ac774eb9db0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5c:4e:8d:41:14:da:fa:33:8d:fd:7d:d8:ad:
                    2e:4a:28:77:83:ca:70:d5:0f:bb:39:6f:09:bf:5c:
                    03:36:85:44:aa:5d:d6:b1:2a:d8:45:87:ea:d1:82:
                    2e:41:fd:cb:01:48:01:c9:18:00:56:b6:e0:d8:d2:
                    2a:43:f3:51:3e:d9:e1:68:2d:e1:b4:df:b8:a3:b8:
                    8d:3e:61:45:3b:f6:50:d8:0f:ba:80:42:e3:27:d7:
                    3f:2c:ef:a6:56:c9:35:2a:ce:9b:aa:1c:f3:f6:a9:
                    2e:00:fe:6f:a1:74:f9:f8:00:61:06:5a:d1:4b:95:
                    58:dd:1b:78:bd:38:27:1d:17:1e:17:18:22:4c:a5:
                    9c:03:ea:73:a6:72:01:89:4b:ba:c4:1d:0a:67:b0:
                    65:bf:75:be:ee:65:72:b3:02:1b:b5:57:c7:54:58:
                    9c:c9:8d:07:4d:5b:d3:92:14:ae:d1:a0:8e:70:d9:
                    e6:6d:eb:8a:eb:42:ec:0b:49:19:3a:bc:27:96:ca:
                    b7:ef:17:73:3c:e4:9e:67:fe:80:33:d3:70:95:ce:
                    74:af:87:1a:38:f5:14:2d:39:e6:d7:01:4d:20:2e:
                    6d:a6:6e:88:ec:ae:77:36:fd:38:1c:15:d6:07:61:
                    5c:b4:f1:0c:d0:72:9c:a0:bd:44:73:10:fd:c2:24:
                    ac:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:05:71:67:F9:5B:0D:C6:86:00:EE:86:43:85:1A:C7:74:EB:9D:B0
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/sQVxZ_lbDcaGAO6GQ4Uax3TrnbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a900::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:54:42:3a:0e:11:4c:bd:f6:2b:e5:be:47:82:e2:7e:7e:6a:
         00:9f:8a:ed:c8:36:17:66:24:d9:3d:e0:35:bd:ed:0e:4a:91:
         e1:8b:b2:a5:60:30:a7:fe:9c:89:e9:5b:50:d6:14:9c:66:97:
         07:7e:1e:d5:2d:54:a7:50:e0:40:b2:e6:f4:ef:c3:67:fb:cd:
         32:bf:32:2a:ad:a1:d9:fc:5a:57:fc:18:70:08:fa:bc:d3:cb:
         75:88:bc:65:66:7d:c3:c0:90:c2:be:ba:30:ec:5e:f9:c7:30:
         f7:5c:e9:2b:c2:cc:7f:2a:45:4f:61:ff:a3:7e:4b:aa:46:a5:
         aa:27:07:93:0b:35:a8:e7:d8:b9:c4:ec:f0:38:01:92:be:fb:
         60:25:e8:e7:3d:3c:9b:5f:ad:d1:74:06:3f:b6:18:55:c6:87:
         04:ad:50:a4:ab:0e:06:00:ca:46:41:a0:2d:b6:d2:c2:a2:96:
         87:15:d1:76:a7:16:ee:f3:eb:8a:5c:30:ac:e7:8e:f3:31:46:
         2e:cc:e5:ed:1e:27:e1:61:d0:7f:52:97:96:11:a5:e7:1d:5e:
         e6:a6:bf:b9:91:18:00:c7:5e:a3:23:c3:c6:fa:e6:46:2a:4a:
         0b:54:31:c5:aa:28:90:15:48:34:02:bf:41:44:f1:22:b7:f9:
         c3:f1:5a:61
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRgFxBcAIupIPbr3xgHGlOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjUwMTEzMTQzNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTA1NzE2N2Y5NWIwZGM2ODYwMGVlODY0Mzg1MWFjNzc0ZWI5ZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFxOjUEU2vozjf192K0uSih3g8pw
1Q+7OW8Jv1wDNoVEql3WsSrYRYfq0YIuQf3LAUgByRgAVrbg2NIqQ/NRPtnhaC3h
tN+4o7iNPmFFO/ZQ2A+6gELjJ9c/LO+mVsk1Ks6bqhzz9qkuAP5voXT5+ABhBlrR
S5VY3Rt4vTgnHRceFxgiTKWcA+pzpnIBiUu6xB0KZ7Blv3W+7mVyswIbtVfHVFic
yY0HTVvTkhSu0aCOcNnmbeuK60LsC0kZOrwnlsq37xdzPOSeZ/6AM9Nwlc50r4ca
OPUULTnm1wFNIC5tpm6I7K53Nv04HBXWB2FctPEM0HKcoL1EcxD9wiSs9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLEFcWf5Ww3GhgDuhkOFGsd0652wMB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEvc1FWeFpfbGJEY2FHQU82R1E0VWF4M1RybmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSpADAN
BgkqhkiG9w0BAQsFAAOCAQEAdFRCOg4RTL32K+W+R4Lifn5qAJ+K7cg2F2Yk2T3g
Nb3tDkqR4YuypWAwp/6cielbUNYUnGaXB34e1S1Up1DgQLLm9O/DZ/vNMr8yKq2h
2fxaV/wYcAj6vNPLdYi8ZWZ9w8CQwr66MOxe+ccw91zpK8LMfypFT2H/o35Lqkal
qicHkws1qOfYucTs8DgBkr77YCXo5z08m1+t0XQGP7YYVcaHBK1QpKsOBgDKRkGg
LbbSwqKWhxXRdqcW7vPrilwwrOeO8zFGLszl7R4n4WHQf1KXlhGl5x1e5qa/uZEY
AMdeoyPDxvrmRipKC1QxxaookBVINAK/QUTxIrf5w/FaYQ==
-----END CERTIFICATE-----