Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/c5ee7d-e544-421a-af47-f6395860fc98/1/mzLij97rDFnqDN0duCdCx-Rq3j8.roa
File:                     mzLij97rDFnqDN0duCdCx-Rq3j8.roa (raw, json)
Hash identifier:          P5wlmqQrgR6CiI5pzh35DLiXF58sMvrykYTh7m5zA7o=
Subject key identifier:   9B:32:E2:8F:DE:EB:0C:59:EA:0C:DD:1D:B8:27:42:C7:E4:6A:DE:3F
Certificate issuer:       /CN=6d579d1d5fa7fd2a445b5dd8ee8f2637b41f0d40
Certificate serial:       01941F8C1A471BBC469014A0EC16868496E0
Authority key identifier: 6D:57:9D:1D:5F:A7:FD:2A:44:5B:5D:D8:EE:8F:26:37:B4:1F:0D:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bVedHV-n_SpEW13Y7o8mN7QfDUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/c5ee7d-e544-421a-af47-f6395860fc98/1/mzLij97rDFnqDN0duCdCx-Rq3j8.roa
Signing time:             Wed 01 Jan 2025 01:47:43 +0000
ROA not before:           Wed 01 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49565
IP address blocks:        2a14:2180:1::/48 maxlen: 48
                          2a14:2180:2::/48 maxlen: 48
                          2a14:2180:3::/48 maxlen: 48
                          2a14:2180:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/c5ee7d-e544-421a-af47-f6395860fc98/1/bVedHV-n_SpEW13Y7o8mN7QfDUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/c5ee7d-e544-421a-af47-f6395860fc98/1/bVedHV-n_SpEW13Y7o8mN7QfDUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bVedHV-n_SpEW13Y7o8mN7QfDUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:1a:47:1b:bc:46:90:14:a0:ec:16:86:84:96:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d579d1d5fa7fd2a445b5dd8ee8f2637b41f0d40
        Validity
            Not Before: Jan  1 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b32e28fdeeb0c59ea0cdd1db82742c7e46ade3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d4:26:7e:5b:ab:bc:2c:cd:ef:82:1d:e5:c4:
                    4a:8a:56:d8:bc:35:c1:20:86:e8:65:4c:33:f6:62:
                    b5:ac:0f:57:2d:e6:76:5b:87:92:54:b7:83:c0:5c:
                    31:44:e8:47:0a:0a:7d:7c:50:a3:b3:99:2a:56:a1:
                    39:ef:26:34:48:4f:09:65:82:df:4f:fb:d6:80:11:
                    b6:87:a4:e1:29:cc:10:9d:4d:5b:8b:8a:c7:b7:ec:
                    fe:9a:f2:64:02:d0:8c:08:4f:2d:0f:83:9e:d9:97:
                    e6:ea:55:3b:e2:d7:de:55:bc:9c:5e:11:18:23:b6:
                    e5:31:1d:60:a8:48:fa:38:77:e1:3a:82:15:58:08:
                    88:3f:6f:38:79:32:7e:00:b2:59:1e:09:a6:39:b8:
                    a1:af:31:f1:a0:b4:46:b5:65:6a:68:ac:07:41:ca:
                    41:5d:41:7a:71:8c:33:ff:10:c2:62:c9:3a:04:57:
                    d5:be:27:00:51:61:c4:c5:b4:dd:f4:c9:70:35:df:
                    1a:61:7e:a9:e9:1e:a0:5f:53:6e:de:5b:e4:9a:17:
                    5d:88:b8:f5:87:4b:c1:b8:81:99:62:de:b7:a2:d5:
                    94:eb:28:9f:8b:21:bc:b4:cf:1f:da:cc:07:fc:d0:
                    87:d6:80:89:49:49:cf:7c:78:3d:0e:a9:dd:01:50:
                    76:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:32:E2:8F:DE:EB:0C:59:EA:0C:DD:1D:B8:27:42:C7:E4:6A:DE:3F
            X509v3 Authority Key Identifier:
                keyid:6D:57:9D:1D:5F:A7:FD:2A:44:5B:5D:D8:EE:8F:26:37:B4:1F:0D:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bVedHV-n_SpEW13Y7o8mN7QfDUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/c5ee7d-e544-421a-af47-f6395860fc98/1/mzLij97rDFnqDN0duCdCx-Rq3j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/c5ee7d-e544-421a-af47-f6395860fc98/1/bVedHV-n_SpEW13Y7o8mN7QfDUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2180:1::-2a14:2180:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         cf:af:2c:42:af:2c:1e:a1:4c:75:f6:2f:cb:2e:24:cd:cc:b3:
         52:a4:cb:ba:5d:a7:79:94:da:b2:00:e1:4e:3f:2a:15:7d:b6:
         17:0d:59:d8:71:9a:ab:bd:8d:f1:47:21:34:fc:a9:ee:fe:dd:
         1c:88:fe:2e:0d:35:64:c8:6d:c0:fd:9e:21:98:f1:9f:8d:b1:
         8c:1e:58:10:f0:96:0a:f8:e6:e9:ba:d0:8b:54:3d:c4:12:dd:
         4a:63:75:3e:ec:2c:16:0d:4f:c1:d7:01:35:0a:a4:b7:3f:43:
         0f:fa:40:b6:16:e9:e6:90:1e:e3:89:1e:a9:c0:43:b4:0b:f7:
         c1:85:07:78:d2:f9:01:70:00:bf:8a:b3:d9:b3:8a:08:b5:6a:
         50:dd:2a:40:18:c8:f0:92:11:c4:94:55:e4:2c:d0:c2:45:8e:
         84:7a:f5:c2:6a:b3:59:9e:e9:4b:4e:42:c1:74:c0:c8:f2:bb:
         e9:4d:9f:16:a0:bb:8d:74:4d:60:70:f3:6f:ab:d5:9c:b9:e4:
         72:c6:9c:9d:9d:e9:ca:b3:d2:6f:fe:13:c8:79:0a:8a:e8:78:
         52:7f:04:f0:5b:9e:27:ca:a4:bd:a4:9d:45:9e:08:1e:50:0f:
         6e:f1:ac:ed:0a:ec:17:50:0f:f2:ee:f6:d6:01:70:87:22:db:
         20:31:15:c6
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQfjBpHG7xGkBSg7BaGhJbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNTc5ZDFkNWZhN2ZkMmE0NDViNWRkOGVlOGYyNjM3YjQx
ZjBkNDAwHhcNMjUwMTAxMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjMyZTI4ZmRlZWIwYzU5ZWEwY2RkMWRiODI3NDJjN2U0NmFkZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9QmflurvCzN74Id5cRKilbYvDXB
IIboZUwz9mK1rA9XLeZ2W4eSVLeDwFwxROhHCgp9fFCjs5kqVqE57yY0SE8JZYLf
T/vWgBG2h6ThKcwQnU1bi4rHt+z+mvJkAtCMCE8tD4Oe2Zfm6lU74tfeVbycXhEY
I7blMR1gqEj6OHfhOoIVWAiIP284eTJ+ALJZHgmmObihrzHxoLRGtWVqaKwHQcpB
XUF6cYwz/xDCYsk6BFfVvicAUWHExbTd9MlwNd8aYX6p6R6gX1Nu3lvkmhddiLj1
h0vBuIGZYt63otWU6yifiyG8tM8f2swH/NCH1oCJSUnPfHg9DqndAVB2+wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJsy4o/e6wxZ6gzdHbgnQsfkat4/MB8GA1UdIwQY
MBaAFG1XnR1fp/0qRFtd2O6PJje0Hw1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlZlZEhWLW5fU3BFVzEzWTdvOG1ON1FmRFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9jNWVlN2QtZTU0NC00MjFhLWFmNDct
ZjYzOTU4NjBmYzk4LzEvbXpMaWo5N3JERm5xRE4wZHVDZEN4LVJxM2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9jNWVlN2QtZTU0NC00MjFhLWFmNDctZjYzOTU4NjBmYzk4
LzEvYlZlZEhWLW5fU3BFVzEzWTdvOG1ON1FmRFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqFCGA
AAEDBwAqFCGAAAQwDQYJKoZIhvcNAQELBQADggEBAM+vLEKvLB6hTHX2L8suJM3M
s1Kky7pdp3mU2rIA4U4/KhV9thcNWdhxmqu9jfFHITT8qe7+3RyI/i4NNWTIbcD9
niGY8Z+NsYweWBDwlgr45um60ItUPcQS3UpjdT7sLBYNT8HXATUKpLc/Qw/6QLYW
6eaQHuOJHqnAQ7QL98GFB3jS+QFwAL+Ks9mzigi1alDdKkAYyPCSEcSUVeQs0MJF
joR69cJqs1me6UtOQsF0wMjyu+lNnxagu410TWBw82+r1Zy55HLGnJ2d6cqz0m/+
E8h5CoroeFJ/BPBbnifKpL2knUWeCB5QD27xrO0K7BdQD/Lu9tYBcIci2yAxFcY=
-----END CERTIFICATE-----