Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/G-IyOfxP0oIKcgqsyvK7PQysJI4.roa
File:                     G-IyOfxP0oIKcgqsyvK7PQysJI4.roa (raw, json)
Hash identifier:          J12Xsn1iPdPrEhwd+oE2AQU+Dv20weYAXKmMI/VZwUY=
Subject key identifier:   1B:E2:32:39:FC:4F:D2:82:0A:72:0A:AC:CA:F2:BB:3D:0C:AC:24:8E
Certificate issuer:       /CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
Certificate serial:       01941FFA95DBD940DCE2149F1FDDE04D1903
Authority key identifier: 6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/G-IyOfxP0oIKcgqsyvK7PQysJI4.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213708
IP address blocks:        2a14:9400::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:95:db:d9:40:dc:e2:14:9f:1f:dd:e0:4d:19:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1be23239fc4fd2820a720aaccaf2bb3d0cac248e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f0:21:f7:fd:50:2f:5a:a3:46:b1:e3:cf:32:
                    b5:5f:52:1f:ab:65:84:d5:73:ff:e9:6f:b6:08:6d:
                    14:40:0d:c2:85:11:5e:35:11:34:af:09:9c:6e:72:
                    81:87:96:29:6f:69:f5:e8:6c:9d:a9:23:d6:88:5d:
                    0c:76:03:1d:58:df:92:02:10:74:f8:f3:35:04:77:
                    63:56:5b:e1:c6:54:b8:29:69:17:14:d1:70:33:bd:
                    17:9b:95:e4:3b:4b:6a:e7:40:00:1f:f7:13:00:8b:
                    39:18:18:1f:22:d3:14:90:6e:85:1c:42:e8:87:cb:
                    04:ae:63:7b:7d:da:76:20:56:39:61:91:4a:86:a9:
                    f9:7a:9e:3b:2a:76:0e:49:6d:ff:62:2a:83:79:04:
                    7e:5e:eb:a8:50:ec:15:a0:52:5a:27:3e:7d:6a:4a:
                    83:00:30:d3:3d:57:d6:4a:26:b1:7f:b7:c8:0b:09:
                    1f:5d:af:9d:8a:f3:69:72:36:9a:d4:5b:ab:0d:ce:
                    10:ff:c7:18:16:e7:2f:34:b5:eb:e6:08:33:b9:f5:
                    f6:97:3f:24:d6:70:11:6e:18:2c:eb:ff:01:11:19:
                    0b:f5:cc:3d:f3:33:28:1e:db:31:02:73:10:77:1f:
                    e1:06:99:ed:19:1e:99:bc:4c:cb:93:5e:a4:fc:62:
                    14:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E2:32:39:FC:4F:D2:82:0A:72:0A:AC:CA:F2:BB:3D:0C:AC:24:8E
            X509v3 Authority Key Identifier:
                keyid:6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/G-IyOfxP0oIKcgqsyvK7PQysJI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9400::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:64:fc:bb:48:0f:7f:9e:2c:15:a0:c7:2d:5c:27:e0:af:63:
         2f:a1:66:55:b9:cc:dd:fe:d7:80:c2:c6:0d:2d:df:13:78:fd:
         b1:ef:f0:c4:e4:f9:1e:9d:d5:82:bc:84:f2:a2:58:7f:7f:0d:
         f1:22:79:48:be:1a:71:75:ca:c3:91:61:ec:19:44:96:ad:24:
         c1:0f:d2:c4:68:41:2b:c6:13:17:d5:5a:f9:d3:ed:44:b7:2b:
         93:aa:47:7a:08:95:f0:f1:bf:11:a7:08:28:91:07:5f:5e:75:
         27:7c:75:a7:55:06:ae:9c:0e:d7:03:38:c6:93:f7:4a:c1:fb:
         48:b9:57:59:31:1f:c1:06:fb:fa:39:e0:2b:2e:94:f1:3e:92:
         08:16:f7:bf:35:6d:69:f3:b2:e1:32:cc:1a:68:f4:09:f8:14:
         3b:21:c9:06:f6:97:3f:1c:66:5a:23:13:50:09:e9:01:48:19:
         50:91:17:06:a6:61:75:31:01:21:b1:ab:dc:30:22:8c:c1:78:
         5f:43:a8:84:70:02:99:56:1a:bc:db:58:74:e1:eb:24:a7:ab:
         eb:d2:ff:10:67:28:c8:db:df:0e:d9:42:b2:d9:c8:15:5f:5b:
         ef:2d:2f:3c:30:76:8d:8c:ae:fe:6d:48:17:3c:3e:42:7d:8c:
         52:32:32:38
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQf+pXb2UDc4hSfH93gTRkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTY0YTY0N2JkMmE1NTU3ZjcwZjY3NmFkY2M3NjkwNGZi
ODcyYWIwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmUyMzIzOWZjNGZkMjgyMGE3MjBhYWNjYWYyYmIzZDBjYWMyNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPAh9/1QL1qjRrHjzzK1X1Ifq2WE
1XP/6W+2CG0UQA3ChRFeNRE0rwmcbnKBh5Ypb2n16GydqSPWiF0MdgMdWN+SAhB0
+PM1BHdjVlvhxlS4KWkXFNFwM70Xm5XkO0tq50AAH/cTAIs5GBgfItMUkG6FHELo
h8sErmN7fdp2IFY5YZFKhqn5ep47KnYOSW3/YiqDeQR+XuuoUOwVoFJaJz59akqD
ADDTPVfWSiaxf7fICwkfXa+divNpcjaa1FurDc4Q/8cYFucvNLXr5ggzufX2lz8k
1nARbhgs6/8BERkL9cw98zMoHtsxAnMQdx/hBpntGR6ZvEzLk16k/GIUZwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBviMjn8T9KCCnIKrMryuz0MrCSOMB8GA1UdIwQY
MBaAFG+mSmR70qVVf3D2dq3MdpBPuHKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQt
ZTkxYjNhYmQxZmU4LzEvRy1JeU9meFAwb0lLY2dxc3l2SzdQUXlzSkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQtZTkxYjNhYmQxZmU4
LzEvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhSUAAAw
DQYJKoZIhvcNAQELBQADggEBAIxk/LtID3+eLBWgxy1cJ+CvYy+hZlW5zN3+14DC
xg0t3xN4/bHv8MTk+R6d1YK8hPKiWH9/DfEieUi+GnF1ysORYewZRJatJMEP0sRo
QSvGExfVWvnT7US3K5OqR3oIlfDxvxGnCCiRB19edSd8dadVBq6cDtcDOMaT90rB
+0i5V1kxH8EG+/o54CsulPE+kggW9781bWnzsuEyzBpo9An4FDshyQb2lz8cZloj
E1AJ6QFIGVCRFwamYXUxASGxq9wwIozBeF9DqIRwAplWGrzbWHTh6ySnq+vS/xBn
KMjb3w7ZQrLZyBVfW+8tLzwwdo2Mrv5tSBc8PkJ9jFIyMjg=
-----END CERTIFICATE-----