Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aFZSns_VcDbT2eX8ibXN_zXV3SY.roa
File:                     aFZSns_VcDbT2eX8ibXN_zXV3SY.roa (raw, json)
Hash identifier:          ZpnMvbE9sZQqj/KAis0FRzF1dodEH36KMxtN9Il5axU=
Subject key identifier:   68:56:52:9E:CF:D5:70:36:D3:D9:E5:FC:89:B5:CD:FF:35:D5:DD:26
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0197133BCB46767CDD24F6B1E5ED49B99BE4
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aFZSns_VcDbT2eX8ibXN_zXV3SY.roa
Signing time:             Tue 27 May 2025 19:32:55 +0000
ROA not before:           Tue 27 May 2025 19:32:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a14:7b81::/32 maxlen: 32
                          2a14:7b83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:3b:cb:46:76:7c:dd:24:f6:b1:e5:ed:49:b9:9b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May 27 19:32:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6856529ecfd57036d3d9e5fc89b5cdff35d5dd26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ae:35:70:44:e1:1b:d6:c7:37:d4:ff:95:f2:
                    55:ac:63:f8:f3:43:d1:c3:17:89:89:f9:07:2e:c4:
                    0f:cd:3a:43:8a:41:7c:5f:f6:4f:77:a4:d8:e4:a6:
                    9f:56:cb:87:fa:1c:76:f5:29:77:2a:96:5c:41:e3:
                    7f:69:af:8a:be:f8:55:d7:42:cd:ad:92:9c:df:13:
                    00:b7:77:30:53:7c:6b:2d:a3:0c:b7:0a:d5:90:44:
                    c4:14:79:a3:f4:c9:4e:0a:fc:b7:57:ef:ed:bb:26:
                    6d:00:ea:58:be:90:8d:f5:15:a4:01:81:0c:8e:30:
                    76:08:98:7d:11:29:52:c9:ab:eb:d6:30:58:5b:c0:
                    1b:b3:b3:ab:1c:64:7b:50:01:60:ca:51:ff:d3:b2:
                    d3:b3:83:1e:01:c7:b9:89:9a:4f:10:81:30:eb:d6:
                    98:f1:44:21:3e:af:59:34:37:b7:60:3e:a5:78:bc:
                    da:78:74:ff:a5:21:c2:4e:6a:90:40:51:3b:ee:fe:
                    1b:d1:ae:09:27:9a:d2:55:2e:2a:ac:cc:9f:68:4c:
                    e3:1f:23:ba:44:75:77:cc:42:9d:33:12:09:39:3e:
                    ae:3a:3d:d6:be:16:10:12:db:84:48:f8:d4:5c:4c:
                    b7:c6:71:05:f1:40:19:6e:f5:d6:fb:a9:a9:3b:a1:
                    3f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:56:52:9E:CF:D5:70:36:D3:D9:E5:FC:89:B5:CD:FF:35:D5:DD:26
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aFZSns_VcDbT2eX8ibXN_zXV3SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7b81::/32
                  2a14:7b83::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:b2:90:b7:91:14:2e:53:7c:a0:90:2d:41:88:95:c8:20:48:
         8e:41:8d:55:a5:5f:dd:fe:e9:66:59:36:c1:9e:03:f6:dc:67:
         c0:04:14:5c:4e:81:eb:62:85:c8:62:b5:63:49:73:c3:0d:0d:
         6d:fc:11:b4:63:6e:0f:0d:3d:86:dd:e5:00:96:91:dc:d7:cb:
         63:32:16:d1:47:68:db:7c:50:2d:71:35:94:be:38:da:4f:60:
         09:21:ed:33:ac:c0:c8:85:2f:35:5b:7b:a8:e3:bc:62:44:a0:
         c9:1c:5a:47:e6:19:d4:c5:2a:72:ae:5f:66:ba:e3:b1:af:92:
         47:2a:a9:09:4c:b8:e0:9c:db:4e:d0:40:ff:fc:b6:27:2d:a3:
         e3:20:9b:e2:48:f1:56:d0:0e:16:e8:4c:38:89:0b:78:4f:3e:
         dd:38:48:53:5e:98:56:ae:3f:35:ce:33:ef:c9:38:82:cc:b0:
         8d:8e:cd:23:19:5e:48:17:87:00:d3:84:93:0b:f8:6c:1b:1b:
         8c:6e:24:0f:61:e4:55:73:a2:91:23:aa:fb:14:21:44:67:dc:
         25:77:00:bb:c3:2d:61:2b:a8:ed:8b:ae:35:65:85:e6:94:27:
         01:57:0d:54:15:3c:23:07:e9:20:91:f6:ab:a8:0d:c8:14:2c:
         9b:d0:76:20
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcTO8tGdnzdJPax5e1JuZvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNTI3MTkzMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODU2NTI5ZWNmZDU3MDM2ZDNkOWU1ZmM4OWI1Y2RmZjM1ZDVkZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs641cEThG9bHN9T/lfJVrGP480PR
wxeJifkHLsQPzTpDikF8X/ZPd6TY5KafVsuH+hx29Sl3KpZcQeN/aa+KvvhV10LN
rZKc3xMAt3cwU3xrLaMMtwrVkETEFHmj9MlOCvy3V+/tuyZtAOpYvpCN9RWkAYEM
jjB2CJh9ESlSyavr1jBYW8Abs7OrHGR7UAFgylH/07LTs4MeAce5iZpPEIEw69aY
8UQhPq9ZNDe3YD6leLzaeHT/pSHCTmqQQFE77v4b0a4JJ5rSVS4qrMyfaEzjHyO6
RHV3zEKdMxIJOT6uOj3WvhYQEtuESPjUXEy3xnEF8UAZbvXW+6mpO6E/gwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGhWUp7P1XA209nl/Im1zf811d0mMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYUZaU25zX1ZjRGJUMmVYOGliWE5felhWM1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhR7gQMF
ACoUe4MwDQYJKoZIhvcNAQELBQADggEBADaykLeRFC5TfKCQLUGIlcggSI5BjVWl
X93+6WZZNsGeA/bcZ8AEFFxOgetihchitWNJc8MNDW38EbRjbg8NPYbd5QCWkdzX
y2MyFtFHaNt8UC1xNZS+ONpPYAkh7TOswMiFLzVbe6jjvGJEoMkcWkfmGdTFKnKu
X2a647GvkkcqqQlMuOCc207QQP/8ticto+Mgm+JI8VbQDhboTDiJC3hPPt04SFNe
mFauPzXOM+/JOILMsI2OzSMZXkgXhwDThJML+GwbG4xuJA9h5FVzopEjqvsUIURn
3CV3ALvDLWErqO2LrjVlheaUJwFXDVQVPCMH6SCR9quoDcgULJvQdiA=
-----END CERTIFICATE-----