Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/d6d569-f491-43f1-94f2-0656d0b34b24/1/GFCwLYZ1iVeKH5Z8sR6pOUA3Lm8.roa
File:                     GFCwLYZ1iVeKH5Z8sR6pOUA3Lm8.roa (raw, json)
Hash identifier:          cER4WH5eXS4Lm/LZABdPjot9dROZgtRCRJnalyX5t/M=
Subject key identifier:   18:50:B0:2D:86:75:89:57:8A:1F:96:7C:B1:1E:A9:39:40:37:2E:6F
Certificate issuer:       /CN=6454903ab485b16cca862d15e6d93fba0e4dde01
Certificate serial:       01954654937FB9218A42C725273FA395710D
Authority key identifier: 64:54:90:3A:B4:85:B1:6C:CA:86:2D:15:E6:D9:3F:BA:0E:4D:DE:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZFSQOrSFsWzKhi0V5tk_ug5N3gE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/d6d569-f491-43f1-94f2-0656d0b34b24/1/GFCwLYZ1iVeKH5Z8sR6pOUA3Lm8.roa
Signing time:             Thu 27 Feb 2025 07:35:02 +0000
ROA not before:           Thu 27 Feb 2025 07:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        2a14:8d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/d6d569-f491-43f1-94f2-0656d0b34b24/1/ZFSQOrSFsWzKhi0V5tk_ug5N3gE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/d6d569-f491-43f1-94f2-0656d0b34b24/1/ZFSQOrSFsWzKhi0V5tk_ug5N3gE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZFSQOrSFsWzKhi0V5tk_ug5N3gE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 04:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:46:54:93:7f:b9:21:8a:42:c7:25:27:3f:a3:95:71:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6454903ab485b16cca862d15e6d93fba0e4dde01
        Validity
            Not Before: Feb 27 07:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1850b02d867589578a1f967cb11ea93940372e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b4:46:69:af:ac:24:b4:92:52:bd:b0:49:28:
                    e6:f0:e6:4c:8d:8f:e6:3e:8d:12:f9:c0:d5:f1:7c:
                    ce:8c:04:45:a4:09:e9:a8:c6:21:d2:ca:23:93:8b:
                    6e:c7:10:db:c3:7d:0c:79:50:07:47:8f:61:70:7f:
                    f1:81:d9:f5:ff:d4:f1:ce:33:66:11:6c:30:c2:ea:
                    9b:9c:e9:d0:f6:97:7c:d9:bd:6c:75:03:05:0e:e5:
                    80:33:aa:da:66:08:60:ea:8d:63:3c:1d:a1:59:24:
                    c1:2a:8b:b6:ef:bf:1d:31:e4:1a:8a:3d:7b:84:8b:
                    2a:9a:12:6c:6f:a4:cc:ff:91:dc:83:a8:22:9f:2d:
                    1c:d3:ea:1d:7d:0f:30:3c:67:1b:84:49:b9:90:55:
                    74:2a:4f:8a:86:b4:c4:0a:ed:4b:8a:a3:c0:41:69:
                    af:01:7d:34:31:bd:ec:65:b8:b8:a7:5a:93:d6:85:
                    b3:6d:83:13:15:be:ea:78:c8:bb:87:ea:e5:cf:03:
                    1d:60:eb:17:f1:a0:de:e1:c8:96:97:fa:3b:b9:74:
                    d6:11:31:0e:0e:e4:d1:7b:67:7f:9a:60:0e:f0:13:
                    a2:2b:76:f0:a1:bf:f0:88:3d:ee:50:e2:1b:ef:f2:
                    a7:bd:97:5f:1b:de:68:16:e0:c5:5e:85:cd:2d:d1:
                    e8:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:50:B0:2D:86:75:89:57:8A:1F:96:7C:B1:1E:A9:39:40:37:2E:6F
            X509v3 Authority Key Identifier:
                keyid:64:54:90:3A:B4:85:B1:6C:CA:86:2D:15:E6:D9:3F:BA:0E:4D:DE:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZFSQOrSFsWzKhi0V5tk_ug5N3gE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/d6d569-f491-43f1-94f2-0656d0b34b24/1/GFCwLYZ1iVeKH5Z8sR6pOUA3Lm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/d6d569-f491-43f1-94f2-0656d0b34b24/1/ZFSQOrSFsWzKhi0V5tk_ug5N3gE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:8d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:8c:8d:9d:51:ad:cf:c6:5b:dc:94:cf:08:46:ba:c0:7f:b6:
         5f:aa:e8:31:ae:e1:b5:a1:94:f8:d2:9e:00:05:80:a0:f0:d6:
         ed:f7:12:ef:ae:ff:9d:1b:63:d4:0e:3d:8f:2f:2f:ef:a0:06:
         15:d0:7d:f9:26:29:89:a6:07:08:70:4e:0b:62:0f:7c:88:7b:
         69:38:9b:66:99:37:b4:9c:83:0e:8d:3a:42:eb:02:00:2c:54:
         30:ee:8b:7e:e6:e6:6f:82:33:7a:f3:08:24:14:87:99:d9:df:
         87:3f:f6:93:f9:e1:4a:db:5a:ea:92:e3:24:ef:36:9f:45:ca:
         41:c8:6f:c1:3b:f2:88:51:bb:98:22:10:5f:25:d5:f3:e6:ab:
         e0:0f:4d:ec:68:a8:f3:6c:aa:ae:fb:0f:a6:40:16:33:b1:e6:
         bd:60:80:1c:af:9c:ab:65:97:75:2c:d7:c8:80:d5:33:63:80:
         23:15:77:99:70:27:fb:75:fd:d4:00:e1:72:ba:f8:2b:a8:97:
         a2:1f:e8:d0:f4:5b:8d:9b:b5:cc:ae:c7:dc:de:ca:a6:e6:9d:
         84:7f:7a:e1:c8:b3:e4:a0:1a:b8:94:0c:e1:5f:88:49:89:36:
         64:5d:af:30:c0:9e:16:cb:6b:0b:f4:73:d7:7c:61:56:9e:22:
         00:c5:30:46
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVGVJN/uSGKQsclJz+jlXENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NTQ5MDNhYjQ4NWIxNmNjYTg2MmQxNWU2ZDkzZmJhMGU0
ZGRlMDEwHhcNMjUwMjI3MDczNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODUwYjAyZDg2NzU4OTU3OGExZjk2N2NiMTFlYTkzOTQwMzcyZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbRGaa+sJLSSUr2wSSjm8OZMjY/m
Po0S+cDV8XzOjARFpAnpqMYh0sojk4tuxxDbw30MeVAHR49hcH/xgdn1/9TxzjNm
EWwwwuqbnOnQ9pd82b1sdQMFDuWAM6raZghg6o1jPB2hWSTBKou2778dMeQaij17
hIsqmhJsb6TM/5Hcg6giny0c0+odfQ8wPGcbhEm5kFV0Kk+KhrTECu1LiqPAQWmv
AX00Mb3sZbi4p1qT1oWzbYMTFb7qeMi7h+rlzwMdYOsX8aDe4ciWl/o7uXTWETEO
DuTRe2d/mmAO8BOiK3bwob/wiD3uUOIb7/KnvZdfG95oFuDFXoXNLdHowwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBhQsC2GdYlXih+WfLEeqTlANy5vMB8GA1UdIwQY
MBaAFGRUkDq0hbFsyoYtFebZP7oOTd4BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkZTUU9yU0ZzV3pLaGkwVjV0a191ZzVOM2dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9kNmQ1NjktZjQ5MS00M2YxLTk0ZjIt
MDY1NmQwYjM0YjI0LzEvR0ZDd0xZWjFpVmVLSDVaOHNSNnBPVUEzTG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9kNmQ1NjktZjQ5MS00M2YxLTk0ZjItMDY1NmQwYjM0YjI0
LzEvWkZTUU9yU0ZzV3pLaGkwVjV0a191ZzVOM2dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSNgDAN
BgkqhkiG9w0BAQsFAAOCAQEAYIyNnVGtz8Zb3JTPCEa6wH+2X6roMa7htaGU+NKe
AAWAoPDW7fcS767/nRtj1A49jy8v76AGFdB9+SYpiaYHCHBOC2IPfIh7aTibZpk3
tJyDDo06QusCACxUMO6Lfubmb4IzevMIJBSHmdnfhz/2k/nhStta6pLjJO82n0XK
QchvwTvyiFG7mCIQXyXV8+ar4A9N7Gio82yqrvsPpkAWM7HmvWCAHK+cq2WXdSzX
yIDVM2OAIxV3mXAn+3X91ADhcrr4K6iXoh/o0PRbjZu1zK7H3N7KpuadhH964ciz
5KAauJQM4V+ISYk2ZF2vMMCeFstrC/Rz13xhVp4iAMUwRg==
-----END CERTIFICATE-----