Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/y_rN8oL-RF7aZSsz7rxD37SpvBo.roa
File:                     y_rN8oL-RF7aZSsz7rxD37SpvBo.roa (raw, json)
Hash identifier:          yyU/YNo1lmYSBaoqFl+UlGtfTAugNwlOOszdcCNx0xI=
Subject key identifier:   CB:FA:CD:F2:82:FE:44:5E:DA:65:2B:33:EE:BC:43:DF:B4:A9:BC:1A
Certificate issuer:       /CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
Certificate serial:       01941FFA970DD01B8677724710B447FC997F
Authority key identifier: 6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/y_rN8oL-RF7aZSsz7rxD37SpvBo.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214466
IP address blocks:        2a14:9400::/29 maxlen: 29
                          2a14:9400:1337::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:97:0d:d0:1b:86:77:72:47:10:b4:47:fc:99:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbfacdf282fe445eda652b33eebc43dfb4a9bc1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:37:06:08:80:bd:dc:de:98:ea:1f:79:37:45:
                    39:11:af:1c:63:44:43:db:91:0d:16:05:56:9d:ae:
                    9c:e1:98:d4:f1:43:c7:c9:b3:22:f6:19:fb:98:4d:
                    d7:7b:93:d4:ad:5c:24:f0:bd:4f:62:31:4d:cb:ed:
                    a3:31:b0:67:d1:ab:60:7f:00:40:4e:1d:c6:f5:27:
                    c4:c7:1b:ef:05:59:83:86:55:a3:5b:ec:c6:df:21:
                    39:7f:e2:b5:90:d9:cf:5c:83:91:c5:42:aa:b3:db:
                    c2:0d:e4:43:e6:70:97:4b:a5:24:2b:9f:0f:78:c6:
                    d5:ed:52:fa:bb:06:9f:ad:85:f4:54:1c:9c:00:79:
                    e0:05:19:d4:ce:27:34:72:6b:e2:85:ec:ad:26:7e:
                    24:93:b4:30:fb:71:52:66:4a:1c:85:6d:17:3e:75:
                    44:be:68:b6:84:ab:c4:79:33:57:38:99:87:3c:c6:
                    8d:d1:80:62:3e:e9:ab:f1:a2:e6:ad:ba:b8:e7:79:
                    a0:fb:78:7d:10:62:54:09:cc:f8:58:00:d9:78:f7:
                    1a:d7:39:c2:ee:28:84:d9:52:ef:45:a0:10:58:6c:
                    3a:b8:76:db:14:6f:dd:7e:3c:ba:6f:15:ef:3a:db:
                    ef:79:79:6d:af:e4:e7:07:3d:89:b8:56:e3:7c:47:
                    71:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:FA:CD:F2:82:FE:44:5E:DA:65:2B:33:EE:BC:43:DF:B4:A9:BC:1A
            X509v3 Authority Key Identifier:
                keyid:6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/y_rN8oL-RF7aZSsz7rxD37SpvBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9400::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:85:87:d0:7f:78:8e:a2:c8:6f:48:b4:7d:d9:60:d0:8e:25:
         af:b2:a7:a7:fd:6a:80:93:b9:f2:42:07:89:76:09:40:11:06:
         2f:21:20:d1:a8:f2:1e:79:6f:00:93:d9:9b:1a:ef:22:05:ee:
         d0:84:a5:75:b4:ce:ac:61:38:65:15:9d:f8:df:c4:fb:3f:cd:
         df:c9:5e:9d:02:9a:3e:42:90:d5:20:37:4c:ca:65:d5:d8:f1:
         68:e2:a5:56:90:31:15:5c:ed:17:f4:31:e8:eb:3a:cb:5d:a3:
         1e:7b:38:6b:f5:53:9f:3d:80:67:d1:85:fd:7f:64:df:68:46:
         86:b9:ed:37:c0:10:1b:25:4f:08:01:72:2f:d1:08:8d:ac:ce:
         fd:31:86:9f:cc:27:5d:57:94:3c:17:5b:67:d1:92:2c:92:95:
         c7:97:22:45:64:d8:62:76:06:79:29:56:6e:8b:5f:3f:81:2a:
         77:9b:b0:29:cc:21:7e:33:40:27:2c:26:47:31:a5:8f:60:a1:
         3b:60:d6:14:9b:09:93:0e:fa:50:d0:1e:82:f5:03:8e:d4:7d:
         d5:c6:09:79:7a:45:2e:5f:5f:37:9b:85:a7:17:ca:88:03:d8:
         7c:75:68:24:83:16:bb:d3:d9:d4:f9:0b:eb:6e:c4:32:a4:c2:
         1e:67:69:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+pcN0BuGd3JHELRH/Jl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTY0YTY0N2JkMmE1NTU3ZjcwZjY3NmFkY2M3NjkwNGZi
ODcyYWIwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmZhY2RmMjgyZmU0NDVlZGE2NTJiMzNlZWJjNDNkZmI0YTliYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zcGCIC93N6Y6h95N0U5Ea8cY0RD
25ENFgVWna6c4ZjU8UPHybMi9hn7mE3Xe5PUrVwk8L1PYjFNy+2jMbBn0atgfwBA
Th3G9SfExxvvBVmDhlWjW+zG3yE5f+K1kNnPXIORxUKqs9vCDeRD5nCXS6UkK58P
eMbV7VL6uwafrYX0VBycAHngBRnUzic0cmviheytJn4kk7Qw+3FSZkochW0XPnVE
vmi2hKvEeTNXOJmHPMaN0YBiPumr8aLmrbq453mg+3h9EGJUCcz4WADZePca1znC
7iiE2VLvRaAQWGw6uHbbFG/dfjy6bxXvOtvveXltr+TnBz2JuFbjfEdx7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMv6zfKC/kRe2mUrM+68Q9+0qbwaMB8GA1UdIwQY
MBaAFG+mSmR70qVVf3D2dq3MdpBPuHKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQt
ZTkxYjNhYmQxZmU4LzEveV9yTjhvTC1SRjdhWlNzejdyeEQzN1NwdkJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQtZTkxYjNhYmQxZmU4
LzEvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSUADAN
BgkqhkiG9w0BAQsFAAOCAQEAX4WH0H94jqLIb0i0fdlg0I4lr7Knp/1qgJO58kIH
iXYJQBEGLyEg0ajyHnlvAJPZmxrvIgXu0ISldbTOrGE4ZRWd+N/E+z/N38lenQKa
PkKQ1SA3TMpl1djxaOKlVpAxFVztF/Qx6Os6y12jHns4a/VTnz2AZ9GF/X9k32hG
hrntN8AQGyVPCAFyL9EIjazO/TGGn8wnXVeUPBdbZ9GSLJKVx5ciRWTYYnYGeSlW
botfP4Eqd5uwKcwhfjNAJywmRzGlj2ChO2DWFJsJkw76UNAegvUDjtR91cYJeXpF
Ll9fN5uFpxfKiAPYfHVoJIMWu9PZ1PkL627EMqTCHmdpiw==
-----END CERTIFICATE-----