Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/VwWAb3TR3jPZeJt0gXOhIX4KTwY.roa
File:                     VwWAb3TR3jPZeJt0gXOhIX4KTwY.roa (raw, json)
Hash identifier:          hs42MfqkXEwZnVCD/RkIzk0GG2n9xlhuPsiu8yzqn3g=
Subject key identifier:   57:05:80:6F:74:D1:DE:33:D9:78:9B:74:81:73:A1:21:7E:0A:4F:06
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       01970E09870ECE98485B1A6DCA95477A717C
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/VwWAb3TR3jPZeJt0gXOhIX4KTwY.roa
Signing time:             Mon 26 May 2025 19:19:54 +0000
ROA not before:           Mon 26 May 2025 19:19:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a14:e607::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 15:25:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0e:09:87:0e:ce:98:48:5b:1a:6d:ca:95:47:7a:71:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: May 26 19:19:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5705806f74d1de33d9789b748173a1217e0a4f06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0b:55:8a:ab:e2:b7:61:43:c3:b4:ed:71:7e:
                    29:14:4c:69:37:91:50:db:7e:93:37:6a:37:69:c1:
                    5a:1c:3e:5f:93:f6:f7:7b:8d:65:d6:46:91:57:73:
                    58:f2:41:60:da:d3:5b:b3:3b:2d:bc:45:cd:03:68:
                    f7:10:f5:b2:07:6c:cc:3d:4d:9c:66:c3:08:fa:23:
                    ae:26:1e:a6:1b:20:31:e8:dc:5f:b6:b9:86:dd:14:
                    1c:47:3c:fd:7f:9c:75:93:ce:ff:86:ee:16:5d:e0:
                    ba:1e:97:11:29:09:8a:03:d4:3f:ef:68:15:2e:37:
                    91:03:6e:63:2d:42:f2:1b:ea:42:3f:fc:b3:7f:21:
                    30:04:38:d9:23:41:8e:ee:a1:ea:a9:33:ee:2c:07:
                    eb:8d:80:13:f1:9a:58:34:f3:b4:b7:f3:79:37:10:
                    80:38:4f:1f:f6:f4:7e:31:88:f4:64:21:e7:04:fb:
                    a1:03:6c:32:a4:31:09:9b:44:83:1b:d8:06:d2:d9:
                    41:48:36:58:b8:55:22:40:92:28:cd:eb:fe:46:68:
                    15:15:35:ca:ae:f0:85:67:b0:b0:90:d0:83:a0:de:
                    98:c7:f4:b5:25:3e:09:c9:44:e0:b6:44:cd:29:b2:
                    0d:39:9c:69:00:94:85:38:ec:c6:2a:72:f9:5d:7d:
                    2c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:05:80:6F:74:D1:DE:33:D9:78:9B:74:81:73:A1:21:7E:0A:4F:06
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/VwWAb3TR3jPZeJt0gXOhIX4KTwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e607::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:68:99:5a:c4:fc:79:df:97:09:1b:01:3e:88:d2:a2:0b:ae:
         a3:96:7e:b9:f8:69:71:bb:5e:b2:01:36:4c:a1:a1:c0:95:de:
         99:92:0c:4e:e5:70:f0:8d:4d:d7:89:af:80:85:bb:26:48:d8:
         40:27:c0:7e:93:61:c3:6f:05:57:d7:05:04:16:0c:82:26:77:
         39:bd:2f:d1:25:41:ef:ad:f4:e4:94:98:3e:69:82:d2:4e:15:
         e2:a4:a2:22:28:b8:64:4e:74:00:80:0f:d0:40:e2:f8:f2:e0:
         9f:ad:62:4e:07:8e:89:27:1b:0a:a1:b8:75:2c:77:b4:14:81:
         5c:92:34:b8:db:b7:c4:1a:9c:7d:18:3f:ed:c9:cd:f1:45:96:
         ba:91:b7:03:1d:c4:d4:a2:16:12:92:87:34:c9:f2:c5:05:37:
         18:5e:8b:56:6e:07:9a:e8:08:08:dc:91:54:4d:42:cb:19:8c:
         ca:61:d0:9e:0d:12:99:60:c0:c9:02:b2:e8:8d:8e:e3:dc:18:
         eb:23:06:9c:3f:6a:92:0d:3e:5f:68:e5:cb:f5:7a:da:3e:f5:
         cf:ee:48:28:bd:87:e5:09:16:c2:1b:18:ea:99:39:75:1c:94:
         d3:88:35:8b:a7:d8:c0:f0:80:12:e9:5d:32:cd:bb:08:17:3a:
         79:a1:f2:6c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcOCYcOzphIWxptypVHenF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUwNTI2MTkxOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzA1ODA2Zjc0ZDFkZTMzZDk3ODliNzQ4MTczYTEyMTdlMGE0ZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gtViqvit2FDw7TtcX4pFExpN5FQ
236TN2o3acFaHD5fk/b3e41l1kaRV3NY8kFg2tNbszstvEXNA2j3EPWyB2zMPU2c
ZsMI+iOuJh6mGyAx6NxftrmG3RQcRzz9f5x1k87/hu4WXeC6HpcRKQmKA9Q/72gV
LjeRA25jLULyG+pCP/yzfyEwBDjZI0GO7qHqqTPuLAfrjYAT8ZpYNPO0t/N5NxCA
OE8f9vR+MYj0ZCHnBPuhA2wypDEJm0SDG9gG0tlBSDZYuFUiQJIozev+RmgVFTXK
rvCFZ7CwkNCDoN6Yx/S1JT4JyUTgtkTNKbINOZxpAJSFOOzGKnL5XX0shwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFcFgG900d4z2XibdIFzoSF+Ck8GMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvVndXQWIzVFIzalBaZUp0MGdYT2hJWDRLVHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhTmBzAN
BgkqhkiG9w0BAQsFAAOCAQEAEmiZWsT8ed+XCRsBPojSoguuo5Z+ufhpcbtesgE2
TKGhwJXemZIMTuVw8I1N14mvgIW7JkjYQCfAfpNhw28FV9cFBBYMgiZ3Ob0v0SVB
76305JSYPmmC0k4V4qSiIii4ZE50AIAP0EDi+PLgn61iTgeOiScbCqG4dSx3tBSB
XJI0uNu3xBqcfRg/7cnN8UWWupG3Ax3E1KIWEpKHNMnyxQU3GF6LVm4HmugICNyR
VE1CyxmMymHQng0SmWDAyQKy6I2O49wY6yMGnD9qkg0+X2jly/V62j71z+5IKL2H
5QkWwhsY6pk5dRyU04g1i6fYwPCAEuldMs27CBc6eaHybA==
-----END CERTIFICATE-----