Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/XayvmfzLwFIrnB6YR1N8a3QlP3g.roa
File:                     XayvmfzLwFIrnB6YR1N8a3QlP3g.roa (raw, json)
Hash identifier:          yW+e4Wc1yic51HqaRnNHy8V0Min8R+kpxRu8CLP1al8=
Subject key identifier:   5D:AC:AF:99:FC:CB:C0:52:2B:9C:1E:98:47:53:7C:6B:74:25:3F:78
Certificate issuer:       /CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
Certificate serial:       01941FFA967CD0F71EE1E0034118866A00B5
Authority key identifier: 6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/XayvmfzLwFIrnB6YR1N8a3QlP3g.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213751
IP address blocks:        2a14:9400:666::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:96:7c:d0:f7:1e:e1:e0:03:41:18:86:6a:00:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dacaf99fccbc0522b9c1e9847537c6b74253f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:98:9d:1b:56:98:30:a0:f5:ba:c2:99:74:88:
                    18:6f:62:d1:bc:c4:0f:a9:cc:4a:c5:74:98:c1:41:
                    68:5f:be:20:09:55:6a:af:7b:28:9e:0b:7b:99:ee:
                    4d:f2:68:de:fe:29:6e:e6:21:c2:b7:53:06:28:9c:
                    08:c8:a2:27:9f:62:b2:c1:17:b2:d0:e0:4e:5c:da:
                    c7:31:ed:95:fd:74:60:98:26:f1:6b:aa:99:84:5a:
                    9c:b7:03:e9:04:58:87:b2:ed:c2:93:e6:72:1c:e2:
                    a8:d9:06:87:8b:8b:9a:7b:56:54:09:7a:cb:6b:f8:
                    33:97:bb:53:28:a9:ec:ea:e5:b0:aa:8b:5a:31:ac:
                    c1:85:31:3e:1d:9c:4b:b0:0d:7b:40:74:a5:28:40:
                    c6:8e:e4:e9:eb:14:fc:0b:91:47:2b:b2:c3:3a:85:
                    0f:5f:41:8d:31:7d:1b:e3:77:f9:4f:96:9f:41:a6:
                    68:14:93:ea:de:f2:42:24:fb:55:de:88:7d:be:77:
                    37:28:9f:63:c9:75:cc:10:02:bc:f8:d1:cd:82:69:
                    65:9c:7e:87:e6:02:0d:dd:a5:92:19:89:99:5d:24:
                    3e:f5:6c:b2:71:85:58:ec:95:85:59:b7:ff:6b:42:
                    47:d8:5e:57:fa:b8:2d:ff:f5:f4:93:9e:a3:ae:03:
                    7e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:AC:AF:99:FC:CB:C0:52:2B:9C:1E:98:47:53:7C:6B:74:25:3F:78
            X509v3 Authority Key Identifier:
                keyid:6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/XayvmfzLwFIrnB6YR1N8a3QlP3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9400:666::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:4a:55:06:f7:c7:47:cc:4d:48:4d:3f:70:8e:9f:d8:91:24:
         59:2e:76:cd:a6:4b:01:a6:cf:7c:4c:83:36:1b:fd:46:59:c4:
         67:a8:4b:98:e9:1d:9b:dd:8d:05:d5:24:70:1c:0e:65:6f:3d:
         71:39:1d:13:7c:ef:d0:80:4f:2a:aa:2a:f7:dd:00:7a:db:0d:
         1a:bb:1a:4a:51:cd:b2:98:42:04:d5:19:3e:61:d2:55:a4:de:
         f5:1b:3f:38:21:f6:8f:4e:c0:82:69:ed:e3:f5:0d:4c:69:a6:
         83:56:69:bc:62:0a:74:42:77:70:c8:5a:2d:95:8b:c9:4b:44:
         ae:97:ac:4a:3f:77:ad:8f:a7:36:9e:d1:89:7a:fd:2a:70:4f:
         ca:0d:55:4e:a7:88:85:b3:bc:7e:b5:13:85:58:84:81:9b:80:
         78:33:34:fb:8c:c6:23:38:40:c6:cc:23:73:a1:cb:0b:a6:66:
         a4:7c:c2:cf:dc:76:06:6d:75:de:cb:19:b5:0e:31:0c:ac:22:
         24:13:9a:16:59:25:d8:bf:4e:cc:aa:c5:b9:6b:18:ce:fd:e4:
         db:89:f8:cd:a3:0f:72:12:19:6e:5e:96:eb:79:fe:8f:57:98:
         bc:43:86:bd:fd:73:fa:73:62:1f:28:98:b4:15:e2:96:22:ee:
         f3:29:93:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+pZ80Pce4eADQRiGagC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTY0YTY0N2JkMmE1NTU3ZjcwZjY3NmFkY2M3NjkwNGZi
ODcyYWIwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGFjYWY5OWZjY2JjMDUyMmI5YzFlOTg0NzUzN2M2Yjc0MjUzZjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZidG1aYMKD1usKZdIgYb2LRvMQP
qcxKxXSYwUFoX74gCVVqr3songt7me5N8mje/ilu5iHCt1MGKJwIyKInn2KywRey
0OBOXNrHMe2V/XRgmCbxa6qZhFqctwPpBFiHsu3Ck+ZyHOKo2QaHi4uae1ZUCXrL
a/gzl7tTKKns6uWwqotaMazBhTE+HZxLsA17QHSlKEDGjuTp6xT8C5FHK7LDOoUP
X0GNMX0b43f5T5afQaZoFJPq3vJCJPtV3oh9vnc3KJ9jyXXMEAK8+NHNgmllnH6H
5gIN3aWSGYmZXSQ+9WyycYVY7JWFWbf/a0JH2F5X+rgt//X0k56jrgN+bQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF2sr5n8y8BSK5wemEdTfGt0JT94MB8GA1UdIwQY
MBaAFG+mSmR70qVVf3D2dq3MdpBPuHKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQt
ZTkxYjNhYmQxZmU4LzEvWGF5dm1mekx3RklybkI2WVIxTjhhM1FsUDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQtZTkxYjNhYmQxZmU4
LzEvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSUAAZm
MA0GCSqGSIb3DQEBCwUAA4IBAQA/SlUG98dHzE1ITT9wjp/YkSRZLnbNpksBps98
TIM2G/1GWcRnqEuY6R2b3Y0F1SRwHA5lbz1xOR0TfO/QgE8qqir33QB62w0auxpK
Uc2ymEIE1Rk+YdJVpN71Gz84IfaPTsCCae3j9Q1MaaaDVmm8Ygp0QndwyFotlYvJ
S0Sul6xKP3etj6c2ntGJev0qcE/KDVVOp4iFs7x+tROFWISBm4B4MzT7jMYjOEDG
zCNzocsLpmakfMLP3HYGbXXeyxm1DjEMrCIkE5oWWSXYv07MqsW5axjO/eTbifjN
ow9yEhluXpbref6PV5i8Q4a9/XP6c2IfKJi0FeKWIu7zKZNq
-----END CERTIFICATE-----