Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/73l6mao4jRS_RJRUh0ajw125Q_Y.roa
File:                     73l6mao4jRS_RJRUh0ajw125Q_Y.roa (raw, json)
Hash identifier:          +O0mgrDDfqxs0iz8xR/eYRDp4FK45YfRNKPU5QYOCJM=
Subject key identifier:   EF:79:7A:99:AA:38:8D:14:BF:44:94:54:87:46:A3:C3:5D:B9:43:F6
Certificate issuer:       /CN=a122d6d21bd04c46224653a49be029e3c024b846
Certificate serial:       019461452F08965339F43ABACE30E499784F
Authority key identifier: A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/73l6mao4jRS_RJRUh0ajw125Q_Y.roa
Signing time:             Mon 13 Jan 2025 20:05:11 +0000
ROA not before:           Mon 13 Jan 2025 20:05:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213597
IP address blocks:        2a14:af00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:61:45:2f:08:96:53:39:f4:3a:ba:ce:30:e4:99:78:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a122d6d21bd04c46224653a49be029e3c024b846
        Validity
            Not Before: Jan 13 20:05:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef797a99aa388d14bf4494548746a3c35db943f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:21:56:bf:f8:dc:de:6e:7e:9e:71:12:f3:2d:
                    86:c1:bf:60:68:4b:13:24:13:d8:5e:d8:34:0c:f1:
                    13:b2:b1:32:9f:55:36:1e:50:a2:e6:ab:31:32:f1:
                    c4:83:ed:06:11:e1:bb:03:88:13:ff:ae:0f:7a:bc:
                    36:6c:dd:a2:a9:60:6d:99:32:02:08:a8:18:83:83:
                    1e:1c:b9:31:48:bc:9f:72:2f:22:e5:a0:5d:c3:b3:
                    b7:6d:92:ce:6f:f3:3f:40:26:dc:f8:92:dc:2d:ab:
                    80:e8:8f:15:b3:ab:ce:28:d0:5d:1a:63:d2:7e:d4:
                    ff:69:e1:28:8a:6a:ab:85:8c:da:a6:cb:b5:6d:e3:
                    e9:f6:65:09:65:28:00:2d:aa:5a:17:dc:99:e2:bc:
                    b3:42:4a:c9:38:52:67:6f:37:ec:eb:05:1d:f7:eb:
                    dc:a1:ee:d7:d3:83:6c:4d:67:49:8e:e6:7f:e2:b4:
                    d4:48:23:16:6a:16:df:22:b3:f1:89:5a:20:5f:40:
                    79:6a:ce:26:8b:59:94:24:b2:4c:4a:46:87:87:d9:
                    4b:d0:4f:a9:36:13:02:67:10:80:55:7f:a7:dc:11:
                    47:b8:59:6b:9c:95:74:c0:c3:58:71:12:0a:4b:bb:
                    6d:8b:ec:85:0a:0a:5e:e4:aa:8b:83:14:90:ce:ff:
                    2e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:79:7A:99:AA:38:8D:14:BF:44:94:54:87:46:A3:C3:5D:B9:43:F6
            X509v3 Authority Key Identifier:
                keyid:A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/73l6mao4jRS_RJRUh0ajw125Q_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:7f:a9:cc:4e:77:78:0c:8a:e6:bf:85:6e:d5:9e:29:8f:18:
         92:ae:ac:0c:95:29:a1:33:bf:12:92:c1:df:cf:30:fa:b3:e6:
         26:73:8d:48:85:43:12:81:c2:4d:00:9d:23:ce:2d:07:74:2d:
         a9:be:c9:77:fe:c3:2c:76:47:7d:93:97:fa:f4:82:66:45:2e:
         ad:be:f8:df:c5:2f:13:b8:a6:27:9b:19:b3:96:61:33:27:f6:
         11:4b:cf:d0:84:bb:6c:84:c4:ef:11:c2:5b:ba:48:85:41:86:
         ea:7e:e7:00:ff:46:0e:d7:ad:bb:a4:36:47:9a:81:e1:80:1f:
         4e:eb:aa:2b:7e:ca:fd:85:b5:ca:bb:5c:f7:2a:ca:72:ba:5e:
         2b:ac:08:d7:0c:ef:70:d8:b3:53:12:d7:b3:4b:38:0f:e1:26:
         9f:41:5a:66:8c:53:70:06:81:20:d8:7f:28:87:33:ae:f3:41:
         22:51:33:5f:b9:8f:0a:45:83:bb:85:87:7d:6a:46:58:50:de:
         65:89:cf:2a:6e:55:1c:64:a2:de:98:b0:7e:b6:03:3d:62:eb:
         71:17:8a:e4:88:17:dc:e8:a6:d8:ce:7f:92:84:08:7b:1f:27:
         6d:29:ac:bc:86:65:30:68:e8:c2:63:da:a1:bc:8e:f9:d1:64:
         a1:93:38:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRhRS8IllM59Dq6zjDkmXhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjJkNmQyMWJkMDRjNDYyMjQ2NTNhNDliZTAyOWUzYzAy
NGI4NDYwHhcNMjUwMTEzMjAwNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjc5N2E5OWFhMzg4ZDE0YmY0NDk0NTQ4NzQ2YTNjMzVkYjk0M2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCFWv/jc3m5+nnES8y2Gwb9gaEsT
JBPYXtg0DPETsrEyn1U2HlCi5qsxMvHEg+0GEeG7A4gT/64Perw2bN2iqWBtmTIC
CKgYg4MeHLkxSLyfci8i5aBdw7O3bZLOb/M/QCbc+JLcLauA6I8Vs6vOKNBdGmPS
ftT/aeEoimqrhYzapsu1bePp9mUJZSgALapaF9yZ4ryzQkrJOFJnbzfs6wUd9+vc
oe7X04NsTWdJjuZ/4rTUSCMWahbfIrPxiVogX0B5as4mi1mUJLJMSkaHh9lL0E+p
NhMCZxCAVX+n3BFHuFlrnJV0wMNYcRIKS7tti+yFCgpe5KqLgxSQzv8uhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO95epmqOI0Uv0SUVIdGo8NduUP2MB8GA1UdIwQY
MBaAFKEi1tIb0ExGIkZTpJvgKePAJLhGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDct
NWYyNTFhMDNmYTJiLzEvNzNsNm1hbzRqUlNfUkpSVWgwYWp3MTI1UV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDctNWYyNTFhMDNmYTJi
LzEvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSvADAN
BgkqhkiG9w0BAQsFAAOCAQEAf3+pzE53eAyK5r+FbtWeKY8Ykq6sDJUpoTO/EpLB
388w+rPmJnONSIVDEoHCTQCdI84tB3Qtqb7Jd/7DLHZHfZOX+vSCZkUurb7438Uv
E7imJ5sZs5ZhMyf2EUvP0IS7bITE7xHCW7pIhUGG6n7nAP9GDtetu6Q2R5qB4YAf
TuuqK37K/YW1yrtc9yrKcrpeK6wI1wzvcNizUxLXs0s4D+Emn0FaZoxTcAaBINh/
KIczrvNBIlEzX7mPCkWDu4WHfWpGWFDeZYnPKm5VHGSi3piwfrYDPWLrcReK5IgX
3Oim2M5/koQIex8nbSmsvIZlMGjowmPaobyO+dFkoZM4uQ==
-----END CERTIFICATE-----