Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/TCiOUS2lOe-d-inEeAtaNF22X3k.roa
File:                     TCiOUS2lOe-d-inEeAtaNF22X3k.roa (raw, json)
Hash identifier:          H5jxU1+mIYAsjzlbjYeTvSFiOWLCAxpo86ZAHMuzEhY=
Subject key identifier:   4C:28:8E:51:2D:A5:39:EF:9D:FA:29:C4:78:0B:5A:34:5D:B6:5F:79
Certificate issuer:       /CN=a685f1914ceb19221c563193027d45345033ad5f
Certificate serial:       019421B2012CC924993B3C806BED8EEAEDD0
Authority key identifier: A6:85:F1:91:4C:EB:19:22:1C:56:31:93:02:7D:45:34:50:33:AD:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/poXxkUzrGSIcVjGTAn1FNFAzrV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/TCiOUS2lOe-d-inEeAtaNF22X3k.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213685
IP address blocks:        2a14:ca00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/poXxkUzrGSIcVjGTAn1FNFAzrV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/poXxkUzrGSIcVjGTAn1FNFAzrV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/poXxkUzrGSIcVjGTAn1FNFAzrV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:01:2c:c9:24:99:3b:3c:80:6b:ed:8e:ea:ed:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a685f1914ceb19221c563193027d45345033ad5f
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c288e512da539ef9dfa29c4780b5a345db65f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1a:34:d1:d2:59:12:22:e3:5e:21:89:81:ae:
                    37:d6:91:be:56:6a:49:72:3b:f0:9c:ce:03:6f:e8:
                    4d:02:ce:67:99:4e:c7:dd:7f:3e:57:3f:28:e8:7c:
                    d2:9b:36:9d:9a:95:80:b6:57:dc:e4:e1:1e:5e:88:
                    eb:08:c3:c8:a2:94:b3:fa:54:6a:83:90:09:ea:48:
                    5c:30:a1:f9:54:07:7a:d4:bb:b4:1d:bb:dd:55:62:
                    5b:a8:6b:21:10:92:a9:25:51:6e:9d:9b:ef:87:57:
                    73:01:5b:3d:f9:08:b4:9b:05:60:77:a0:d0:15:a9:
                    ff:b4:73:5b:18:32:c1:68:0e:1b:0a:16:88:8e:46:
                    36:2c:43:a2:74:55:61:3f:34:6d:ec:ba:23:b3:21:
                    31:37:00:ae:c7:f5:e8:73:5d:8e:7a:cb:58:3e:93:
                    b0:1f:6a:2f:ed:42:e0:dc:96:f4:d7:9c:04:83:c1:
                    0b:38:56:3a:1e:78:75:64:b4:86:b7:03:83:9b:08:
                    9c:ef:42:76:69:3a:13:2e:4f:88:0a:36:6a:eb:de:
                    46:29:62:cc:f6:cc:20:12:ea:c9:2c:a3:eb:4e:d8:
                    6d:4e:1b:dc:ec:0b:72:32:ae:bd:33:1a:7e:12:37:
                    3a:aa:db:da:78:12:4d:cc:0a:67:99:2d:3e:f5:2b:
                    0c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:28:8E:51:2D:A5:39:EF:9D:FA:29:C4:78:0B:5A:34:5D:B6:5F:79
            X509v3 Authority Key Identifier:
                keyid:A6:85:F1:91:4C:EB:19:22:1C:56:31:93:02:7D:45:34:50:33:AD:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/poXxkUzrGSIcVjGTAn1FNFAzrV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/TCiOUS2lOe-d-inEeAtaNF22X3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/19862c-f7d4-4f4f-a8dd-1ebc50dced49/1/poXxkUzrGSIcVjGTAn1FNFAzrV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ca00::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:e5:ce:b8:3c:24:fe:dc:2e:b8:42:e0:46:de:b0:77:71:ee:
         2b:8c:81:7c:fa:f1:a6:9b:41:06:1b:f5:75:1d:e9:fa:a7:9a:
         50:fc:43:53:5a:f1:da:1e:67:53:ba:d4:ac:72:fc:dd:13:a8:
         c0:40:82:d3:e9:fb:cf:46:94:c6:08:a2:fa:59:b5:72:e3:ba:
         55:2d:0c:0a:ed:04:54:d1:fe:7b:85:91:be:73:da:5e:49:ae:
         3c:ee:dc:2a:5d:e5:5e:e1:08:dd:60:05:3d:ca:b8:b3:a1:0b:
         bd:57:21:62:09:41:43:0b:71:25:b6:87:17:cb:03:3e:85:d3:
         66:d9:23:6f:8a:31:cb:18:42:09:19:3b:92:cb:e9:a5:c7:3f:
         08:d6:98:9e:a0:74:c1:61:d0:51:3c:cb:39:34:09:e8:f2:37:
         eb:74:32:15:2b:34:40:7f:90:2e:e6:14:bf:f3:b5:ab:78:a2:
         89:7b:bd:30:89:ee:09:0a:74:d0:03:94:b3:18:8a:e5:ed:f8:
         9a:19:35:d0:47:36:0b:8a:83:a6:c9:a8:85:09:1c:d6:3c:f3:
         b2:e6:a9:c2:3d:dc:c6:d3:8e:20:68:b8:80:5d:f5:a6:0a:42:
         ce:ed:dd:77:40:3e:06:f9:2c:94:7b:8f:9f:49:25:62:9f:62:
         03:a6:76:5d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsgEsySSZOzyAa+2O6u3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2ODVmMTkxNGNlYjE5MjIxYzU2MzE5MzAyN2Q0NTM0NTAz
M2FkNWYwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzI4OGU1MTJkYTUzOWVmOWRmYTI5YzQ3ODBiNWEzNDVkYjY1Zjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxo00dJZEiLjXiGJga431pG+VmpJ
cjvwnM4Db+hNAs5nmU7H3X8+Vz8o6HzSmzadmpWAtlfc5OEeXojrCMPIopSz+lRq
g5AJ6khcMKH5VAd61Lu0HbvdVWJbqGshEJKpJVFunZvvh1dzAVs9+Qi0mwVgd6DQ
Fan/tHNbGDLBaA4bChaIjkY2LEOidFVhPzRt7LojsyExNwCux/Xoc12OestYPpOw
H2ov7ULg3Jb015wEg8ELOFY6Hnh1ZLSGtwODmwic70J2aToTLk+ICjZq695GKWLM
9swgEurJLKPrTthtThvc7AtyMq69Mxp+Ejc6qtvaeBJNzApnmS0+9SsMFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEwojlEtpTnvnfopxHgLWjRdtl95MB8GA1UdIwQY
MBaAFKaF8ZFM6xkiHFYxkwJ9RTRQM61fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG9YeGtVenJHU0ljVmpHVEFuMUZORkF6clY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xOTg2MmMtZjdkNC00ZjRmLWE4ZGQt
MWViYzUwZGNlZDQ5LzEvVENpT1VTMmxPZS1kLWluRWVBdGFORjIyWDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xOTg2MmMtZjdkNC00ZjRmLWE4ZGQtMWViYzUwZGNlZDQ5
LzEvcG9YeGtVenJHU0ljVmpHVEFuMUZORkF6clY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTKADAN
BgkqhkiG9w0BAQsFAAOCAQEAJ+XOuDwk/twuuELgRt6wd3HuK4yBfPrxpptBBhv1
dR3p+qeaUPxDU1rx2h5nU7rUrHL83ROowECC0+n7z0aUxgii+lm1cuO6VS0MCu0E
VNH+e4WRvnPaXkmuPO7cKl3lXuEI3WAFPcq4s6ELvVchYglBQwtxJbaHF8sDPoXT
Ztkjb4oxyxhCCRk7ksvppcc/CNaYnqB0wWHQUTzLOTQJ6PI363QyFSs0QH+QLuYU
v/O1q3iiiXu9MInuCQp00AOUsxiK5e34mhk10Ec2C4qDpsmohQkc1jzzsuapwj3c
xtOOIGi4gF31pgpCzu3dd0A+BvkslHuPn0klYp9iA6Z2XQ==
-----END CERTIFICATE-----