Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/wBXvBP-sIHkTwmZUmnZjwsOY0so.roa
File:                     wBXvBP-sIHkTwmZUmnZjwsOY0so.roa (raw, json)
Hash identifier:          sf9c/AK0uTzIyNN2fC+2QGD8WVkysi/YAMOyb/8pxmk=
Subject key identifier:   C0:15:EF:04:FF:AC:20:79:13:C2:66:54:9A:76:63:C2:C3:98:D2:CA
Certificate issuer:       /CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
Certificate serial:       0196BEBB085BAAD35BB070914CE539847AEB
Authority key identifier: 8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/wBXvBP-sIHkTwmZUmnZjwsOY0so.roa
Signing time:             Sun 11 May 2025 09:44:10 +0000
ROA not before:           Sun 11 May 2025 09:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215655
IP address blocks:        2a14:1600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:be:bb:08:5b:aa:d3:5b:b0:70:91:4c:e5:39:84:7a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
        Validity
            Not Before: May 11 09:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c015ef04ffac207913c266549a7663c2c398d2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:55:4b:68:0e:75:36:e6:7b:c8:50:b8:49:53:
                    fa:57:fe:71:95:d1:4d:df:b6:d8:e1:5d:1e:98:9f:
                    0b:e7:bb:a0:37:38:15:45:33:8c:27:66:fe:20:da:
                    50:69:ea:4f:17:17:f3:e4:3c:bd:6f:43:17:f2:c7:
                    7d:6f:aa:10:4a:a8:e7:fd:54:24:a4:35:c5:08:a6:
                    2a:50:8e:88:29:86:64:ee:eb:ad:27:88:bd:00:7c:
                    48:0a:31:f7:bb:68:09:3a:8c:1a:04:18:b8:f0:2c:
                    5d:2b:95:a7:7d:5c:b0:3f:ac:29:e6:5f:2a:f5:fc:
                    dd:9c:d4:3b:56:ca:ea:d1:ba:a3:10:31:e0:82:b5:
                    13:e3:f6:67:91:be:ce:a4:6f:ab:5d:e2:86:81:41:
                    8d:5a:eb:1c:20:38:12:fe:66:d9:1e:cb:e4:f0:0f:
                    0b:72:e0:13:1d:70:66:32:48:e6:46:2a:8c:c3:3c:
                    25:fb:8e:7a:a4:a6:b3:0a:1b:41:40:0c:22:a3:bc:
                    7d:91:8d:6c:d0:4b:0e:2a:11:27:d9:10:b5:2f:c0:
                    95:df:6c:9b:d0:67:1b:5a:a4:16:38:7c:89:fb:c0:
                    4f:6a:48:ee:60:65:d1:64:0e:6e:b7:22:da:9b:66:
                    e9:81:a6:2f:f2:3f:b2:3a:ff:2b:00:e7:61:0b:a8:
                    32:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:15:EF:04:FF:AC:20:79:13:C2:66:54:9A:76:63:C2:C3:98:D2:CA
            X509v3 Authority Key Identifier:
                keyid:8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/wBXvBP-sIHkTwmZUmnZjwsOY0so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1600::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:06:8d:d6:18:e3:05:0c:31:ce:38:c2:2a:30:51:08:0c:a1:
         ac:99:27:20:8d:ec:86:73:41:f6:bd:08:14:f6:ac:31:bb:23:
         af:9b:4b:2c:01:d7:f1:20:12:22:ca:2a:2f:0c:99:28:32:c1:
         37:fc:dc:fb:34:02:b2:14:88:d0:fe:2c:48:2e:fc:60:75:01:
         13:e4:cf:9f:ee:f7:8c:ca:cf:e9:1f:6c:1e:aa:0d:c7:4c:fc:
         5c:43:78:9d:d2:b7:47:50:48:b1:15:06:fa:47:2c:3f:9a:2d:
         91:90:a3:92:3d:d5:02:3c:99:85:91:b7:c2:da:e1:09:4c:f4:
         31:05:24:b4:c2:c5:56:d4:94:f3:4c:6a:91:a7:2c:77:24:0f:
         ae:e2:c7:75:df:0a:a3:0b:ed:44:9d:39:31:51:ce:d7:41:07:
         b9:76:f5:36:97:ae:e4:b9:e5:9a:a7:51:79:0e:9c:78:2b:91:
         59:4e:2f:a3:19:0a:fc:3d:59:94:3d:f1:37:6d:93:9d:6a:f2:
         fb:c9:9d:b5:a8:40:95:82:be:1d:7e:88:4c:ee:bc:15:25:0f:
         36:60:ee:10:77:af:1b:ff:8a:cd:b0:e9:40:cf:e1:a8:4b:56:
         25:e3:4f:64:02:4a:4c:71:6e:c4:b3:e0:ca:af:38:ee:3e:c3:
         a5:b5:ff:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZa+uwhbqtNbsHCRTOU5hHrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYTI2YjQ1OGFkNDFkNDdkMjYxYTc2ZDhjNWRjMGZjOGQx
YTllMmMwHhcNMjUwNTExMDk0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDE1ZWYwNGZmYWMyMDc5MTNjMjY2NTQ5YTc2NjNjMmMzOThkMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lVLaA51NuZ7yFC4SVP6V/5xldFN
37bY4V0emJ8L57ugNzgVRTOMJ2b+INpQaepPFxfz5Dy9b0MX8sd9b6oQSqjn/VQk
pDXFCKYqUI6IKYZk7uutJ4i9AHxICjH3u2gJOowaBBi48CxdK5WnfVywP6wp5l8q
9fzdnNQ7Vsrq0bqjEDHggrUT4/Znkb7OpG+rXeKGgUGNWuscIDgS/mbZHsvk8A8L
cuATHXBmMkjmRiqMwzwl+456pKazChtBQAwio7x9kY1s0EsOKhEn2RC1L8CV32yb
0GcbWqQWOHyJ+8BPakjuYGXRZA5utyLam2bpgaYv8j+yOv8rAOdhC6gy6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMAV7wT/rCB5E8JmVJp2Y8LDmNLKMB8GA1UdIwQY
MBaAFI6ia0WK1B1H0mGnbYxdwPyNGp4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYt
Mjg5MDA1NTkxNGM1LzEvd0JYdkJQLXNJSGtUd21aVW1uWmp3c09ZMHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYtMjg5MDA1NTkxNGM1
LzEvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQWADAN
BgkqhkiG9w0BAQsFAAOCAQEALwaN1hjjBQwxzjjCKjBRCAyhrJknII3shnNB9r0I
FPasMbsjr5tLLAHX8SASIsoqLwyZKDLBN/zc+zQCshSI0P4sSC78YHUBE+TPn+73
jMrP6R9sHqoNx0z8XEN4ndK3R1BIsRUG+kcsP5otkZCjkj3VAjyZhZG3wtrhCUz0
MQUktMLFVtSU80xqkacsdyQPruLHdd8KowvtRJ05MVHO10EHuXb1Npeu5LnlmqdR
eQ6ceCuRWU4voxkK/D1ZlD3xN22TnWry+8mdtahAlYK+HX6ITO68FSUPNmDuEHev
G/+KzbDpQM/hqEtWJeNPZAJKTHFuxLPgyq847j7DpbX/KA==
-----END CERTIFICATE-----