Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/S0pNJSWXYYXq-25eb1GwpN3HQK0.roa
File:                     S0pNJSWXYYXq-25eb1GwpN3HQK0.roa (raw, json)
Hash identifier:          m9B8zg7UBpImnvUAy09vDVUi2G4915DaZZi26V5t6xo=
Subject key identifier:   4B:4A:4D:25:25:97:61:85:EA:FB:6E:5E:6F:51:B0:A4:DD:C7:40:AD
Certificate issuer:       /CN=665e4d7ea8a3470c9703ee7551481c36f774febb
Certificate serial:       01942143C82D3C030D90C73FDC029D838BE0
Authority key identifier: 66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/S0pNJSWXYYXq-25eb1GwpN3HQK0.roa
Signing time:             Wed 01 Jan 2025 09:47:57 +0000
ROA not before:           Wed 01 Jan 2025 09:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215338
IP address blocks:        2a0e:6a87::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Feb 2025 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c8:2d:3c:03:0d:90:c7:3f:dc:02:9d:83:8b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665e4d7ea8a3470c9703ee7551481c36f774febb
        Validity
            Not Before: Jan  1 09:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b4a4d2525976185eafb6e5e6f51b0a4ddc740ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4b:b5:b0:6a:d1:11:8a:85:c4:74:eb:6a:7b:
                    10:15:72:6d:df:ee:3c:73:8e:8d:51:e9:9b:df:80:
                    88:22:4e:31:e7:7d:4b:ca:5e:8f:2e:13:ad:91:de:
                    c8:99:6a:d2:1d:64:55:6c:2d:18:9a:c3:29:d2:5e:
                    17:de:f6:51:6a:86:e7:6e:3e:de:41:5c:9a:37:91:
                    ab:99:9e:13:22:ad:5a:f1:2a:fe:4a:b1:89:e5:1f:
                    9c:14:3b:85:08:1a:81:f7:7f:51:45:f7:4d:a0:ad:
                    b9:0b:4f:cb:31:95:2e:27:0a:e8:f4:65:bb:c2:ea:
                    db:93:59:c7:4a:8d:63:1e:42:d8:24:e4:3c:33:dd:
                    2e:b8:da:e7:c5:8a:5c:b5:8f:ca:28:37:95:c8:48:
                    6d:c8:f9:a3:c2:e9:92:e4:cb:9b:12:8d:17:84:f9:
                    38:09:23:99:60:ad:4b:f6:b6:45:28:64:2e:55:b4:
                    fc:99:36:df:13:8b:a5:ee:0f:fd:77:b3:14:06:e7:
                    48:48:2d:ea:d2:1e:85:18:e5:d2:ac:54:92:68:01:
                    e9:33:81:df:46:92:6e:97:e9:ad:08:5c:ec:37:8e:
                    b1:a6:59:d4:8d:6f:10:f8:f5:d7:b1:0a:8c:ab:ae:
                    4c:3c:5b:5c:a7:41:f8:d5:e8:39:7f:9b:c5:17:d5:
                    d8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4A:4D:25:25:97:61:85:EA:FB:6E:5E:6F:51:B0:A4:DD:C7:40:AD
            X509v3 Authority Key Identifier:
                keyid:66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/S0pNJSWXYYXq-25eb1GwpN3HQK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6a87::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:ae:dc:07:98:17:d3:00:ba:c4:aa:3e:97:2c:da:e5:25:27:
         39:59:31:cc:59:08:92:7e:a3:49:78:78:41:2e:78:f5:3c:56:
         7e:8c:c4:2f:bc:03:21:01:c7:67:19:dd:ba:db:d2:fa:75:34:
         f8:a8:fd:c2:35:10:3d:c6:dc:2e:0f:c6:82:f0:c8:0b:9c:35:
         0a:a6:58:d3:5b:9b:3e:d7:c8:56:96:a6:fe:ef:ae:14:02:4c:
         ce:d0:ad:4d:f7:6e:79:b3:d2:1d:45:30:4d:64:e3:51:34:c0:
         c7:0b:a0:6a:9e:96:75:c1:bf:5c:64:39:73:c2:2e:92:20:80:
         93:09:d7:30:c7:36:b4:15:8c:2c:8c:3c:08:29:c3:24:64:bc:
         d4:19:df:6a:9d:ad:2a:3c:ab:fb:50:07:b0:c8:ce:5d:a1:be:
         6f:e6:29:18:c3:4f:c3:90:3f:7b:62:e7:b0:21:0f:5e:ce:83:
         e2:2a:00:3e:da:60:46:68:3f:ca:9f:a7:20:74:c0:03:6a:b1:
         ae:c9:2e:6f:cd:00:0f:16:ed:0e:e8:4f:c9:fd:3f:56:85:de:
         87:17:0e:c9:04:4d:b3:47:b7:ff:ab:d0:94:83:3c:a4:3d:d1:
         8e:d7:b9:14:20:48:75:d3:db:bb:30:c3:c5:71:ac:7b:c3:20:
         f9:cc:c1:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhQ8gtPAMNkMc/3AKdg4vgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWU0ZDdlYThhMzQ3MGM5NzAzZWU3NTUxNDgxYzM2Zjc3
NGZlYmIwHhcNMjUwMTAxMDk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjRhNGQyNTI1OTc2MTg1ZWFmYjZlNWU2ZjUxYjBhNGRkYzc0MGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEu1sGrREYqFxHTransQFXJt3+48
c46NUemb34CIIk4x531Lyl6PLhOtkd7ImWrSHWRVbC0YmsMp0l4X3vZRaobnbj7e
QVyaN5GrmZ4TIq1a8Sr+SrGJ5R+cFDuFCBqB939RRfdNoK25C0/LMZUuJwro9GW7
wurbk1nHSo1jHkLYJOQ8M90uuNrnxYpctY/KKDeVyEhtyPmjwumS5MubEo0XhPk4
CSOZYK1L9rZFKGQuVbT8mTbfE4ul7g/9d7MUBudISC3q0h6FGOXSrFSSaAHpM4Hf
RpJul+mtCFzsN46xplnUjW8Q+PXXsQqMq65MPFtcp0H41eg5f5vFF9XYTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEtKTSUll2GF6vtuXm9RsKTdx0CtMB8GA1UdIwQY
MBaAFGZeTX6oo0cMlwPudVFIHDb3dP67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmIt
MTYyZWQ2MjRlMjgyLzEvUzBwTkpTV1hZWVhxLTI1ZWIxR3dwTjNIUUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmItMTYyZWQ2MjRlMjgy
LzEvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5qhzAN
BgkqhkiG9w0BAQsFAAOCAQEAvq7cB5gX0wC6xKo+lyza5SUnOVkxzFkIkn6jSXh4
QS549TxWfozEL7wDIQHHZxndutvS+nU0+Kj9wjUQPcbcLg/GgvDIC5w1CqZY01ub
PtfIVpam/u+uFAJMztCtTfduebPSHUUwTWTjUTTAxwugap6WdcG/XGQ5c8IukiCA
kwnXMMc2tBWMLIw8CCnDJGS81Bnfap2tKjyr+1AHsMjOXaG+b+YpGMNPw5A/e2Ln
sCEPXs6D4ioAPtpgRmg/yp+nIHTAA2qxrskub80ADxbtDuhPyf0/VoXehxcOyQRN
s0e3/6vQlIM8pD3Rjte5FCBIddPbuzDDxXGse8Mg+czBqg==
-----END CERTIFICATE-----