Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/fclhLZaCZsD4mZ3Ux8ve5zcOTYg.roa
File:                     fclhLZaCZsD4mZ3Ux8ve5zcOTYg.roa (raw, json)
Hash identifier:          g0cDDvJ4XF055K+oEX9g59XfHmQcvBLdWm7+xMxjyb0=
Subject key identifier:   7D:C9:61:2D:96:82:66:C0:F8:99:9D:D4:C7:CB:DE:E7:37:0E:4D:88
Certificate issuer:       /CN=6a9c1faa9783dfab2b7a53da3fb0fdef4ccfeae5
Certificate serial:       019635CC6AA9547770407E32BFD872F72398
Authority key identifier: 6A:9C:1F:AA:97:83:DF:AB:2B:7A:53:DA:3F:B0:FD:EF:4C:CF:EA:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/apwfqpeD36srelPaP7D970zP6uU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/fclhLZaCZsD4mZ3Ux8ve5zcOTYg.roa
Signing time:             Mon 14 Apr 2025 19:35:11 +0000
ROA not before:           Mon 14 Apr 2025 19:35:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210503
IP address blocks:        2a14:ec80::/29 maxlen: 29
                          2a14:ec80::/48 maxlen: 48
                          2a14:ec80:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/apwfqpeD36srelPaP7D970zP6uU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/apwfqpeD36srelPaP7D970zP6uU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/apwfqpeD36srelPaP7D970zP6uU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:35:cc:6a:a9:54:77:70:40:7e:32:bf:d8:72:f7:23:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a9c1faa9783dfab2b7a53da3fb0fdef4ccfeae5
        Validity
            Not Before: Apr 14 19:35:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dc9612d968266c0f8999dd4c7cbdee7370e4d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c6:ec:f9:10:b7:21:70:cc:43:28:3b:30:31:
                    d9:bb:a0:b5:ad:cb:2d:25:69:64:25:a3:ab:f3:3b:
                    7f:ea:74:c9:43:48:bd:af:3e:71:79:be:3d:55:5a:
                    45:b2:ae:b1:23:0c:07:8a:73:d0:70:d9:5b:e0:6b:
                    de:af:2d:20:2f:43:be:5c:9b:ec:99:8b:32:3e:06:
                    de:d7:8c:26:37:b3:12:f4:a2:66:ad:b9:48:67:15:
                    6b:72:70:cd:a0:d6:46:1e:86:ab:27:83:c6:d5:83:
                    13:29:d3:e6:e2:ec:5e:e3:4d:b0:8a:ae:82:bf:d3:
                    31:c3:fc:0e:fd:8f:14:d2:53:4b:03:91:0f:b1:c5:
                    fd:5f:29:6e:e3:0a:99:83:18:9f:09:1a:6a:8d:55:
                    b1:2c:a1:2b:0b:2e:ce:9f:52:f8:b7:86:3f:38:37:
                    17:6d:f1:f9:9d:15:4c:20:75:c5:a8:69:8f:31:1e:
                    3d:ac:d9:e0:1d:82:d8:0b:c6:fd:84:28:2b:09:79:
                    0b:37:51:84:16:44:c1:66:5a:fa:3c:0b:02:89:be:
                    5c:4d:a7:95:11:97:9c:43:89:69:79:fa:c4:6e:fa:
                    fb:5b:d2:21:67:c2:77:7b:72:bf:28:6c:f8:bb:20:
                    ed:35:18:be:39:92:31:88:00:cb:42:37:d0:b4:51:
                    a6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C9:61:2D:96:82:66:C0:F8:99:9D:D4:C7:CB:DE:E7:37:0E:4D:88
            X509v3 Authority Key Identifier:
                keyid:6A:9C:1F:AA:97:83:DF:AB:2B:7A:53:DA:3F:B0:FD:EF:4C:CF:EA:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/apwfqpeD36srelPaP7D970zP6uU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/fclhLZaCZsD4mZ3Ux8ve5zcOTYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/apwfqpeD36srelPaP7D970zP6uU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ec80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:82:e9:60:bb:bc:bc:15:e7:2f:c0:ed:e3:55:9a:ad:77:08:
         43:91:7e:c7:d9:6d:1f:a6:ed:54:a9:18:e9:37:be:81:d3:91:
         6d:30:08:ae:60:d6:2a:ac:d3:49:05:2e:9c:04:f3:2d:fc:25:
         a1:7a:89:10:35:ca:af:74:68:69:15:df:0f:42:0a:c4:49:7e:
         19:46:cf:67:d9:25:31:4a:9c:b3:5e:90:a6:5e:3a:59:7a:68:
         65:69:5f:80:ec:8d:99:08:7b:a5:85:c4:80:19:f9:3e:80:81:
         50:b3:fd:c1:3a:f0:e1:a8:01:a2:06:03:8a:ec:4b:ed:ad:0d:
         eb:b3:d1:86:55:5d:1a:ce:69:5d:fe:80:88:ed:56:b9:6b:5a:
         f7:0e:a6:a0:a9:71:bd:9b:5c:22:22:57:34:e3:a2:d2:90:58:
         f5:9f:bb:0f:88:3d:99:87:f1:5c:d1:0f:a4:69:1d:b9:47:f7:
         f4:3f:e0:e2:30:3e:07:71:67:42:63:f6:8f:2f:60:1b:c1:7d:
         50:d8:a9:0f:a1:ae:46:7d:c0:cf:2d:a9:dd:e9:c6:0d:d0:70:
         ae:61:0c:0a:88:ae:10:8d:3d:60:29:b4:ff:71:0e:c7:af:7e:
         5c:d2:98:5e:8f:9e:23:dd:05:a7:bb:2f:16:09:45:b1:34:fb:
         70:20:3b:3b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZY1zGqpVHdwQH4yv9hy9yOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOWMxZmFhOTc4M2RmYWIyYjdhNTNkYTNmYjBmZGVmNGNj
ZmVhZTUwHhcNMjUwNDE0MTkzNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGM5NjEyZDk2ODI2NmMwZjg5OTlkZDRjN2NiZGVlNzM3MGU0ZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cbs+RC3IXDMQyg7MDHZu6C1rcst
JWlkJaOr8zt/6nTJQ0i9rz5xeb49VVpFsq6xIwwHinPQcNlb4Gvery0gL0O+XJvs
mYsyPgbe14wmN7MS9KJmrblIZxVrcnDNoNZGHoarJ4PG1YMTKdPm4uxe402wiq6C
v9Mxw/wO/Y8U0lNLA5EPscX9Xylu4wqZgxifCRpqjVWxLKErCy7On1L4t4Y/ODcX
bfH5nRVMIHXFqGmPMR49rNngHYLYC8b9hCgrCXkLN1GEFkTBZlr6PAsCib5cTaeV
EZecQ4lpefrEbvr7W9IhZ8J3e3K/KGz4uyDtNRi+OZIxiADLQjfQtFGmJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH3JYS2WgmbA+Jmd1MfL3uc3Dk2IMB8GA1UdIwQY
MBaAFGqcH6qXg9+rK3pT2j+w/e9Mz+rlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXB3ZnFwZUQzNnNyZWxQYVA3RDk3MHpQNnVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zZmQ0YjYtYjQxNC00OTAyLTg5MWYt
ZDJiYjdjNzk1YTg2LzEvZmNsaExaYUNac0Q0bVozVXg4dmU1emNPVFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zZmQ0YjYtYjQxNC00OTAyLTg5MWYtZDJiYjdjNzk1YTg2
LzEvYXB3ZnFwZUQzNnNyZWxQYVA3RDk3MHpQNnVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTsgDAN
BgkqhkiG9w0BAQsFAAOCAQEAK4LpYLu8vBXnL8Dt41WarXcIQ5F+x9ltH6btVKkY
6Te+gdORbTAIrmDWKqzTSQUunATzLfwloXqJEDXKr3RoaRXfD0IKxEl+GUbPZ9kl
MUqcs16Qpl46WXpoZWlfgOyNmQh7pYXEgBn5PoCBULP9wTrw4agBogYDiuxL7a0N
67PRhlVdGs5pXf6AiO1WuWta9w6moKlxvZtcIiJXNOOi0pBY9Z+7D4g9mYfxXNEP
pGkduUf39D/g4jA+B3FnQmP2jy9gG8F9UNipD6GuRn3Azy2p3enGDdBwrmEMCoiu
EI09YCm0/3EOx69+XNKYXo+eI90Fp7svFglFsTT7cCA7Ow==
-----END CERTIFICATE-----