Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/ded70c-1059-4345-b459-4ae5ff9f4fc6/1/AIqZOuJk6FdX-ARR52-tZ3pV5L8.roa
File:                     AIqZOuJk6FdX-ARR52-tZ3pV5L8.roa (raw, json)
Hash identifier:          UtG/CvZxoKdSqsgWu/Ntn0zvOecwyIkuE2hEquBOnL4=
Subject key identifier:   00:8A:99:3A:E2:64:E8:57:57:F8:04:51:E7:6F:AD:67:7A:55:E4:BF
Certificate issuer:       /CN=72cae9657c2d84d101ad8500d5d236ea8eb85481
Certificate serial:       01942747B40868A2E2681DF764B37D05B582
Authority key identifier: 72:CA:E9:65:7C:2D:84:D1:01:AD:85:00:D5:D2:36:EA:8E:B8:54:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csrpZXwthNEBrYUA1dI26o64VIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/ded70c-1059-4345-b459-4ae5ff9f4fc6/1/AIqZOuJk6FdX-ARR52-tZ3pV5L8.roa
Signing time:             Thu 02 Jan 2025 13:49:58 +0000
ROA not before:           Thu 02 Jan 2025 13:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        2a14:5240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/ded70c-1059-4345-b459-4ae5ff9f4fc6/1/csrpZXwthNEBrYUA1dI26o64VIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/ded70c-1059-4345-b459-4ae5ff9f4fc6/1/csrpZXwthNEBrYUA1dI26o64VIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csrpZXwthNEBrYUA1dI26o64VIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b4:08:68:a2:e2:68:1d:f7:64:b3:7d:05:b5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72cae9657c2d84d101ad8500d5d236ea8eb85481
        Validity
            Not Before: Jan  2 13:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=008a993ae264e85757f80451e76fad677a55e4bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:07:e2:fe:c6:6c:79:f7:a1:78:d7:00:ea:80:
                    26:85:6d:eb:da:8a:47:f8:69:d9:58:af:7e:fe:9b:
                    1a:49:0e:ff:eb:67:19:ab:8e:79:04:91:30:df:8c:
                    dd:38:78:f5:98:b7:d3:52:dc:cf:1f:f0:85:d8:0a:
                    e0:6d:75:3d:12:3d:1b:cf:62:a9:a3:dd:16:56:62:
                    56:ec:23:bf:00:91:4b:35:b7:25:3a:12:96:32:a8:
                    d7:b7:04:f8:e6:2c:db:a6:4f:5b:d4:82:b2:d3:4a:
                    37:ef:04:aa:72:36:34:cc:4a:ef:dd:06:f5:6b:0c:
                    27:e7:99:b2:86:8b:87:86:2d:6a:5d:b9:48:18:9d:
                    7f:64:8f:74:38:b1:62:da:aa:01:bc:aa:73:ad:b0:
                    39:9e:7c:75:cf:3f:96:8b:19:7b:3a:22:3c:29:76:
                    b4:98:81:e5:46:d7:8f:22:87:35:3f:95:e4:8e:47:
                    91:a4:25:8a:c0:99:18:b6:6d:bb:92:fc:d9:79:c2:
                    88:e2:db:15:96:89:f7:9e:df:62:a6:af:50:c3:34:
                    f4:73:b2:2d:83:94:df:89:56:24:d0:8a:c8:36:61:
                    35:aa:c5:a5:d4:48:9c:92:de:29:ed:b5:3c:dd:b6:
                    34:d7:5a:85:b8:f4:c8:a6:88:4a:fa:5c:96:0c:35:
                    ba:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:8A:99:3A:E2:64:E8:57:57:F8:04:51:E7:6F:AD:67:7A:55:E4:BF
            X509v3 Authority Key Identifier:
                keyid:72:CA:E9:65:7C:2D:84:D1:01:AD:85:00:D5:D2:36:EA:8E:B8:54:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csrpZXwthNEBrYUA1dI26o64VIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ded70c-1059-4345-b459-4ae5ff9f4fc6/1/AIqZOuJk6FdX-ARR52-tZ3pV5L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ded70c-1059-4345-b459-4ae5ff9f4fc6/1/csrpZXwthNEBrYUA1dI26o64VIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5240::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:cd:19:8b:c0:f1:32:c7:ea:97:4a:60:6c:61:1e:3f:0d:88:
         f5:5b:c8:c1:b1:e9:3f:a8:4e:5e:5b:2d:46:05:9e:ea:88:7f:
         f0:67:0e:69:86:ef:82:7d:31:4c:30:f4:33:c6:08:6b:27:6c:
         cb:be:75:ae:dc:85:4c:8f:0c:ba:09:d1:e7:d8:17:52:70:55:
         ba:6c:54:db:18:75:53:df:25:88:20:71:8c:ec:d7:d1:82:10:
         bb:63:3c:03:35:6f:67:a9:43:76:54:f7:41:a7:2a:64:f7:8d:
         92:37:cd:a5:a3:a0:13:e1:80:ac:5b:5c:41:55:5e:d5:71:bb:
         fa:56:dd:5b:69:8c:8d:22:25:29:ef:9c:07:2b:9b:da:22:0d:
         12:ad:3c:31:68:4c:8e:cd:34:9d:15:41:55:b7:c3:a4:17:4a:
         18:8f:41:29:5a:a3:c3:60:b9:9b:ae:62:a4:6a:78:f0:6d:c8:
         1c:b4:cc:57:18:a6:ff:6c:77:bd:2a:57:8b:6e:07:40:22:04:
         e9:7c:ff:ba:aa:d9:62:73:7f:6b:ac:c9:ff:a1:e0:15:f9:46:
         bd:4c:a7:8f:e5:b3:38:89:94:b6:44:dc:8e:49:30:52:93:e5:
         e2:d9:81:f1:b1:8f:11:fe:04:f5:3d:fa:3a:23:62:5c:6f:43:
         05:b4:32:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR7QIaKLiaB33ZLN9BbWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2FlOTY1N2MyZDg0ZDEwMWFkODUwMGQ1ZDIzNmVhOGVi
ODU0ODEwHhcNMjUwMTAyMTM0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDhhOTkzYWUyNjRlODU3NTdmODA0NTFlNzZmYWQ2NzdhNTVlNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAfi/sZsefeheNcA6oAmhW3r2opH
+GnZWK9+/psaSQ7/62cZq455BJEw34zdOHj1mLfTUtzPH/CF2ArgbXU9Ej0bz2Kp
o90WVmJW7CO/AJFLNbclOhKWMqjXtwT45izbpk9b1IKy00o37wSqcjY0zErv3Qb1
awwn55myhouHhi1qXblIGJ1/ZI90OLFi2qoBvKpzrbA5nnx1zz+Wixl7OiI8KXa0
mIHlRtePIoc1P5XkjkeRpCWKwJkYtm27kvzZecKI4tsVlon3nt9ipq9QwzT0c7It
g5TfiVYk0IrINmE1qsWl1Eickt4p7bU83bY011qFuPTIpohK+lyWDDW6dwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFACKmTriZOhXV/gEUedvrWd6VeS/MB8GA1UdIwQY
MBaAFHLK6WV8LYTRAa2FANXSNuqOuFSBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NycFpYd3RoTkVCcllVQTFkSTI2bzY0VklFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9kZWQ3MGMtMTA1OS00MzQ1LWI0NTkt
NGFlNWZmOWY0ZmM2LzEvQUlxWk91Sms2RmRYLUFSUjUyLXRaM3BWNUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9kZWQ3MGMtMTA1OS00MzQ1LWI0NTktNGFlNWZmOWY0ZmM2
LzEvY3NycFpYd3RoTkVCcllVQTFkSTI2bzY0VklFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRSQDAN
BgkqhkiG9w0BAQsFAAOCAQEACc0Zi8DxMsfql0pgbGEePw2I9VvIwbHpP6hOXlst
RgWe6oh/8GcOaYbvgn0xTDD0M8YIaydsy751rtyFTI8MugnR59gXUnBVumxU2xh1
U98liCBxjOzX0YIQu2M8AzVvZ6lDdlT3QacqZPeNkjfNpaOgE+GArFtcQVVe1XG7
+lbdW2mMjSIlKe+cByub2iINEq08MWhMjs00nRVBVbfDpBdKGI9BKVqjw2C5m65i
pGp48G3IHLTMVxim/2x3vSpXi24HQCIE6Xz/uqrZYnN/a6zJ/6HgFflGvUynj+Wz
OImUtkTcjkkwUpPl4tmB8bGPEf4E9T36OiNiXG9DBbQyQQ==
-----END CERTIFICATE-----