Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/zx5oIGQrEHv9J1zJn6EJymvmEUg.roa
File:                     zx5oIGQrEHv9J1zJn6EJymvmEUg.roa (raw, json)
Hash identifier:          coYA5lF4ZkHZzi2SpC6YHuzHIjdXi3lTTu4MIli9GNA=
Subject key identifier:   CF:1E:68:20:64:2B:10:7B:FD:27:5C:C9:9F:A1:09:CA:6B:E6:11:48
Certificate issuer:       /CN=a122d6d21bd04c46224653a49be029e3c024b846
Certificate serial:       019461452EBE1E89282F3BF5211150834665
Authority key identifier: A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/zx5oIGQrEHv9J1zJn6EJymvmEUg.roa
Signing time:             Mon 13 Jan 2025 20:05:11 +0000
ROA not before:           Mon 13 Jan 2025 20:05:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19281
IP address blocks:        2a14:af00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:61:45:2e:be:1e:89:28:2f:3b:f5:21:11:50:83:46:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a122d6d21bd04c46224653a49be029e3c024b846
        Validity
            Not Before: Jan 13 20:05:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf1e6820642b107bfd275cc99fa109ca6be61148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d6:37:8c:b2:c8:e5:34:5e:5b:88:84:d4:b5:
                    f5:8a:4b:60:ee:db:b4:42:8f:56:4a:87:45:03:27:
                    c1:67:87:42:30:54:f3:32:b6:0d:c1:ec:a5:6c:6f:
                    2e:28:cb:49:17:85:1e:36:82:70:d5:e2:92:5d:e2:
                    80:59:8c:53:82:77:39:0b:be:41:05:73:0a:bc:a2:
                    70:ad:52:1d:2a:ef:6d:8a:00:20:b4:26:8f:eb:26:
                    17:d4:3d:0e:b1:69:4c:9a:df:ef:30:a7:c6:1c:b4:
                    1a:c1:a8:ac:98:26:71:40:4a:8b:96:f7:b1:81:97:
                    65:18:9b:e6:ea:f3:78:f5:c8:01:83:64:95:a1:9d:
                    19:46:c4:4a:d7:06:09:82:fb:e4:5e:2e:30:89:28:
                    ac:af:82:8f:95:ea:20:5e:aa:89:c8:62:32:35:30:
                    5c:0c:7e:5d:ab:3a:c0:8c:6d:83:5a:b1:bf:e4:32:
                    a8:ba:04:3e:2c:ec:37:a5:c3:56:3e:03:09:ec:98:
                    dc:cc:10:66:f0:3b:18:f3:eb:8d:7f:f2:55:e7:7f:
                    e9:dc:bf:59:88:15:51:b2:3b:f5:6a:44:dd:4a:f8:
                    03:97:3e:3f:fd:f6:5d:f9:3e:5b:07:4f:ee:4a:ac:
                    0f:48:f1:c8:be:04:31:7e:a5:cb:09:26:f4:77:53:
                    7c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:1E:68:20:64:2B:10:7B:FD:27:5C:C9:9F:A1:09:CA:6B:E6:11:48
            X509v3 Authority Key Identifier:
                keyid:A1:22:D6:D2:1B:D0:4C:46:22:46:53:A4:9B:E0:29:E3:C0:24:B8:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSLW0hvQTEYiRlOkm-Ap48AkuEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/zx5oIGQrEHv9J1zJn6EJymvmEUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/048afc-d2cc-4e33-8607-5f251a03fa2b/1/oSLW0hvQTEYiRlOkm-Ap48AkuEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:43:34:fd:de:e5:61:95:79:d3:70:be:2a:b0:9d:71:24:10:
         55:9f:ae:26:1f:d6:8e:32:48:35:35:fb:a7:f5:c4:e2:bc:2d:
         af:9d:00:f0:0c:ab:7a:6f:4f:55:14:7a:31:ba:30:33:65:82:
         8a:f1:0b:29:69:eb:1c:3a:da:de:fc:22:54:24:9f:5c:5d:3b:
         34:9d:5f:b6:37:ec:73:12:a7:f7:f4:40:26:a5:f6:4c:60:b8:
         a1:6e:7b:27:be:56:7b:a7:da:50:a1:bb:c8:8e:60:8f:b5:55:
         b5:36:2e:5d:25:b3:a0:4d:a7:61:c9:be:43:13:ac:1b:16:b5:
         51:22:e8:c6:bd:ca:74:3c:20:98:6a:b3:80:1b:99:6e:3a:73:
         ae:75:a3:1d:9f:ec:ec:5a:26:f1:57:ea:63:9a:1e:b0:1a:2c:
         12:0c:8a:cf:ea:7e:80:7f:03:15:df:6c:44:87:29:43:2c:1c:
         d6:42:22:cd:06:6d:43:bf:12:e8:f7:c9:19:83:53:d7:2e:d9:
         12:b3:84:ac:9a:ff:75:a2:33:b6:11:76:3b:b0:ba:c2:01:02:
         8b:bd:c3:32:39:42:ac:c8:aa:17:3c:4d:b7:13:a6:75:1f:91:
         ed:28:f6:16:70:34:af:cb:4c:0e:b6:cc:92:89:bc:04:9d:7a:
         a9:91:a2:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRhRS6+HokoLzv1IRFQg0ZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjJkNmQyMWJkMDRjNDYyMjQ2NTNhNDliZTAyOWUzYzAy
NGI4NDYwHhcNMjUwMTEzMjAwNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjFlNjgyMDY0MmIxMDdiZmQyNzVjYzk5ZmExMDljYTZiZTYxMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNY3jLLI5TReW4iE1LX1iktg7tu0
Qo9WSodFAyfBZ4dCMFTzMrYNweylbG8uKMtJF4UeNoJw1eKSXeKAWYxTgnc5C75B
BXMKvKJwrVIdKu9tigAgtCaP6yYX1D0OsWlMmt/vMKfGHLQawaismCZxQEqLlvex
gZdlGJvm6vN49cgBg2SVoZ0ZRsRK1wYJgvvkXi4wiSisr4KPleogXqqJyGIyNTBc
DH5dqzrAjG2DWrG/5DKougQ+LOw3pcNWPgMJ7JjczBBm8DsY8+uNf/JV53/p3L9Z
iBVRsjv1akTdSvgDlz4//fZd+T5bB0/uSqwPSPHIvgQxfqXLCSb0d1N87QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM8eaCBkKxB7/SdcyZ+hCcpr5hFIMB8GA1UdIwQY
MBaAFKEi1tIb0ExGIkZTpJvgKePAJLhGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDct
NWYyNTFhMDNmYTJiLzEveng1b0lHUXJFSHY5SjF6Sm42RUp5bXZtRVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wNDhhZmMtZDJjYy00ZTMzLTg2MDctNWYyNTFhMDNmYTJi
LzEvb1NMVzBodlFURVlpUmxPa20tQXA0OEFrdUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSvADAN
BgkqhkiG9w0BAQsFAAOCAQEAdUM0/d7lYZV503C+KrCdcSQQVZ+uJh/WjjJINTX7
p/XE4rwtr50A8Ayrem9PVRR6MbowM2WCivELKWnrHDra3vwiVCSfXF07NJ1ftjfs
cxKn9/RAJqX2TGC4oW57J75We6faUKG7yI5gj7VVtTYuXSWzoE2nYcm+QxOsGxa1
USLoxr3KdDwgmGqzgBuZbjpzrnWjHZ/s7Fom8VfqY5oesBosEgyKz+p+gH8DFd9s
RIcpQywc1kIizQZtQ78S6PfJGYNT1y7ZErOErJr/daIzthF2O7C6wgECi73DMjlC
rMiqFzxNtxOmdR+R7Sj2FnA0r8tMDrbMkom8BJ16qZGiCA==
-----END CERTIFICATE-----