Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/rYLcFx5z6G3F0c8E2CLYI2ft2xQ.roa
File:                     rYLcFx5z6G3F0c8E2CLYI2ft2xQ.roa (raw, json)
Hash identifier:          v8HpMK/XYo2dITbm51u44Lg6YUMfXWJ1/7II3z+WDLc=
Subject key identifier:   AD:82:DC:17:1E:73:E8:6D:C5:D1:CF:04:D8:22:D8:23:67:ED:DB:14
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369FF60B79695BCC78342E942231A08
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/rYLcFx5z6G3F0c8E2CLYI2ft2xQ.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216213
IP address blocks:        2a14:17c0::/29 maxlen: 29
                          2a14:1840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ff:60:b7:96:95:bc:c7:83:42:e9:42:23:1a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad82dc171e73e86dc5d1cf04d822d82367eddb14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d5:97:ac:9e:64:d6:c0:1a:a6:dc:f1:bc:ee:
                    d6:5b:03:e1:50:76:cd:f0:3e:33:1f:7a:af:08:a3:
                    33:dd:fd:70:ce:09:5e:04:4d:a9:92:fd:bd:ad:84:
                    c3:15:79:73:ef:3f:fb:42:c5:11:a5:73:6b:ff:12:
                    47:c6:b0:e3:23:c2:02:c5:69:cb:e5:05:37:77:e6:
                    34:12:84:3a:a3:ad:b7:b3:37:22:c4:60:59:f0:35:
                    9a:29:2c:c5:ba:2b:9a:92:23:ee:f5:57:33:a1:31:
                    b3:42:de:c2:db:d8:23:7d:d8:5d:39:f9:89:a8:68:
                    f5:30:97:a8:26:60:50:4e:c5:db:ab:11:a3:af:48:
                    a1:6d:39:ec:18:d2:f9:fa:a0:09:ca:be:c0:86:bc:
                    e8:60:f2:6d:e2:93:14:1b:d0:e9:7d:44:5b:a8:2f:
                    35:ed:46:6a:fe:73:a5:4d:a6:82:71:dd:2a:fc:4f:
                    96:fc:a5:81:57:73:bf:24:f0:b5:c9:a0:2c:04:45:
                    63:cf:6a:ec:23:0f:b1:ce:98:5c:ff:55:6f:bf:e0:
                    dc:99:94:21:2d:a0:72:08:5d:8d:92:07:5d:40:27:
                    3f:54:81:67:f2:1f:2c:3f:5d:f2:bc:f2:f0:ca:fa:
                    a8:c8:8a:12:7e:44:3f:50:1a:e7:a9:4c:c8:f8:34:
                    c9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:82:DC:17:1E:73:E8:6D:C5:D1:CF:04:D8:22:D8:23:67:ED:DB:14
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/rYLcFx5z6G3F0c8E2CLYI2ft2xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:17c0::/29
                  2a14:1840::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:5b:92:0a:f8:17:2c:9d:73:70:61:08:31:35:85:af:ad:0c:
         97:98:78:ea:73:90:b9:9c:b9:14:4e:78:e9:a6:86:01:14:ab:
         b8:9b:d4:a5:17:25:f6:7a:98:45:ac:4f:ab:73:4d:67:17:18:
         df:93:bf:34:c0:45:c1:8d:bf:43:f4:72:b8:a1:74:9d:e8:7a:
         a2:23:2d:3c:2c:92:cb:6e:c7:70:e0:44:ac:2e:37:62:e8:4c:
         66:31:f5:09:e5:fa:cf:6b:66:27:fe:81:d1:84:40:16:94:90:
         de:3d:29:53:7b:d7:21:cb:a2:d9:02:90:b3:da:be:c4:a7:26:
         bf:a4:10:cd:b0:73:ce:f6:b7:56:90:50:83:87:b4:fc:01:8b:
         2d:fb:72:42:ae:7a:05:22:25:1b:32:0f:f1:37:6f:4c:05:54:
         c2:b5:9a:bc:a1:7b:3a:ad:e4:38:20:f0:f1:a5:bd:e1:ff:d3:
         7b:e4:c9:64:88:11:d6:ab:d5:3b:13:c5:e5:13:58:dd:9b:1c:
         88:2e:32:c4:86:8e:da:9a:fd:f8:29:82:c7:13:e2:07:83:e7:
         6e:64:45:50:ed:b6:59:3e:62:b3:f8:cf:9e:36:68:99:2b:5f:
         a4:58:19:09:98:e1:35:3c:f7:7d:4f:e9:15:4c:dc:ee:4c:b8:
         bb:c7:ff:81
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQjaf9gt5aVvMeDQulCIxoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDgyZGMxNzFlNzNlODZkYzVkMWNmMDRkODIyZDgyMzY3ZWRkYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdWXrJ5k1sAaptzxvO7WWwPhUHbN
8D4zH3qvCKMz3f1wzgleBE2pkv29rYTDFXlz7z/7QsURpXNr/xJHxrDjI8ICxWnL
5QU3d+Y0EoQ6o623szcixGBZ8DWaKSzFuiuakiPu9VczoTGzQt7C29gjfdhdOfmJ
qGj1MJeoJmBQTsXbqxGjr0ihbTnsGNL5+qAJyr7AhrzoYPJt4pMUG9DpfURbqC81
7UZq/nOlTaaCcd0q/E+W/KWBV3O/JPC1yaAsBEVjz2rsIw+xzphc/1Vvv+DcmZQh
LaByCF2NkgddQCc/VIFn8h8sP13yvPLwyvqoyIoSfkQ/UBrnqUzI+DTJrwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK2C3Bcec+htxdHPBNgi2CNn7dsUMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcllMY0Z4NXo2RzNGMGM4RTJDTFlJMmZ0MnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhQXwAMF
AyoUGEAwDQYJKoZIhvcNAQELBQADggEBALRbkgr4Fyydc3BhCDE1ha+tDJeYeOpz
kLmcuRROeOmmhgEUq7ib1KUXJfZ6mEWsT6tzTWcXGN+TvzTARcGNv0P0crihdJ3o
eqIjLTwskstux3DgRKwuN2LoTGYx9Qnl+s9rZif+gdGEQBaUkN49KVN71yHLotkC
kLPavsSnJr+kEM2wc872t1aQUIOHtPwBiy37ckKuegUiJRsyD/E3b0wFVMK1mryh
ezqt5Dgg8PGlveH/03vkyWSIEdar1TsTxeUTWN2bHIguMsSGjtqa/fgpgscT4geD
525kRVDttlk+YrP4z542aJkrX6RYGQmY4TU8931P6RVM3O5MuLvH/4E=
-----END CERTIFICATE-----