Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/8a7QvqWuYfpeRX_CVUGf_e2nAzY.roa
File:                     8a7QvqWuYfpeRX_CVUGf_e2nAzY.roa (raw, json)
Hash identifier:          3J7rlngOTVRLtnDlkPx2aehn2r7bBgZaLbjOumlLVxc=
Subject key identifier:   F1:AE:D0:BE:A5:AE:61:FA:5E:45:7F:C2:55:41:9F:FD:ED:A7:03:36
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197418DD5DD7F6D17A43553D1E211586788
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/8a7QvqWuYfpeRX_CVUGf_e2nAzY.roa
Signing time:             Thu 05 Jun 2025 19:25:03 +0000
ROA not before:           Thu 05 Jun 2025 19:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149428
IP address blocks:        2a14:6ac7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:8d:d5:dd:7f:6d:17:a4:35:53:d1:e2:11:58:67:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun  5 19:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1aed0bea5ae61fa5e457fc255419ffdeda70336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:63:31:76:e4:1c:0a:2f:12:c9:a1:ae:1d:99:
                    fa:db:ca:93:9e:83:fc:72:70:74:0f:cb:99:b5:11:
                    b4:99:cf:c6:76:43:01:b3:01:f9:c8:1e:84:4a:9d:
                    b0:11:16:a2:0a:ff:99:dc:6d:0d:32:ac:d3:53:8a:
                    7f:6e:1f:65:4a:f7:7e:f6:c8:90:a5:01:8f:3c:3b:
                    51:3e:39:53:dc:3a:ca:62:a9:c1:8b:9c:8e:e7:8e:
                    6d:4c:b6:5b:82:87:4c:68:f7:ea:f5:6c:5d:7d:19:
                    7d:5f:d7:19:eb:87:05:d4:a1:02:0a:09:ba:e4:99:
                    ea:ac:d3:89:d3:53:56:a5:c4:3d:6d:5a:6b:f1:47:
                    bb:30:e2:13:32:1b:10:4c:19:16:d7:61:5d:51:55:
                    1c:ae:a1:c6:ad:f3:56:8a:0c:66:6f:07:c3:4a:2b:
                    07:69:8c:1c:f2:72:f2:bc:a8:f5:bc:c1:61:28:5a:
                    82:b1:bb:02:8d:4e:4e:44:6a:55:05:12:06:31:79:
                    04:49:18:e1:f2:c5:37:e7:8f:47:cd:08:63:f3:74:
                    39:d4:d0:e7:11:d4:4e:a4:31:7b:59:30:2a:1d:d1:
                    f2:be:2a:7b:10:2a:e7:99:2b:4f:45:ff:20:86:d6:
                    06:f6:3e:c6:29:da:52:9d:ee:e7:3d:86:82:94:00:
                    08:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AE:D0:BE:A5:AE:61:FA:5E:45:7F:C2:55:41:9F:FD:ED:A7:03:36
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/8a7QvqWuYfpeRX_CVUGf_e2nAzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6ac7::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:35:e0:e5:d3:c5:2c:34:7f:b5:46:24:e3:54:2c:f6:94:c1:
         f9:6c:8b:00:e4:91:2c:6c:87:e2:a1:6a:c6:cb:24:7e:11:d8:
         b2:d9:8a:95:21:18:ad:66:23:38:5e:d4:9c:f1:cc:23:05:85:
         af:e3:6e:c7:3a:0f:43:9f:ff:ad:f2:98:df:8d:1c:c1:30:4c:
         70:50:39:f4:b7:87:07:01:9f:0d:47:13:16:1c:e1:e4:19:89:
         4f:29:d3:87:dd:f1:41:a5:90:03:e4:d8:aa:eb:75:34:68:14:
         c0:ec:d8:79:e1:95:5c:23:58:48:54:c0:db:d0:3f:fb:b7:ec:
         5d:83:2c:9e:5b:01:d3:e0:80:a2:b8:39:e3:61:6a:b6:bb:9f:
         68:54:66:5b:92:24:9f:e1:f4:c3:08:02:c6:7d:ed:07:6f:8f:
         8a:77:26:ea:14:13:d4:99:7a:1e:d5:45:b7:7d:f6:10:73:8c:
         73:25:d9:3b:fb:03:23:bd:9c:2b:57:d2:a1:d1:56:56:14:64:
         02:79:09:0f:11:67:3f:07:bf:e2:a4:5f:93:88:29:e3:45:34:
         47:c5:23:eb:44:98:58:0a:9d:62:5f:9e:2a:31:37:b4:d8:84:
         f4:5f:6a:68:64:48:2d:54:bd:d6:37:e3:30:29:f5:ac:5b:01:
         3e:36:4e:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdBjdXdf20XpDVT0eIRWGeIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjA1MTkyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWFlZDBiZWE1YWU2MWZhNWU0NTdmYzI1NTQxOWZmZGVkYTcwMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WMxduQcCi8SyaGuHZn628qTnoP8
cnB0D8uZtRG0mc/GdkMBswH5yB6ESp2wERaiCv+Z3G0NMqzTU4p/bh9lSvd+9siQ
pQGPPDtRPjlT3DrKYqnBi5yO545tTLZbgodMaPfq9WxdfRl9X9cZ64cF1KECCgm6
5JnqrNOJ01NWpcQ9bVpr8Ue7MOITMhsQTBkW12FdUVUcrqHGrfNWigxmbwfDSisH
aYwc8nLyvKj1vMFhKFqCsbsCjU5ORGpVBRIGMXkESRjh8sU3549HzQhj83Q51NDn
EdROpDF7WTAqHdHyvip7ECrnmStPRf8ghtYG9j7GKdpSne7nPYaClAAIcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPGu0L6lrmH6XkV/wlVBn/3tpwM2MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvOGE3UXZxV3VZZnBlUlhfQ1ZVR2ZfZTJuQXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRqxzAN
BgkqhkiG9w0BAQsFAAOCAQEAIjXg5dPFLDR/tUYk41Qs9pTB+WyLAOSRLGyH4qFq
xsskfhHYstmKlSEYrWYjOF7UnPHMIwWFr+NuxzoPQ5//rfKY340cwTBMcFA59LeH
BwGfDUcTFhzh5BmJTynTh93xQaWQA+TYqut1NGgUwOzYeeGVXCNYSFTA29A/+7fs
XYMsnlsB0+CAorg542FqtrufaFRmW5Ikn+H0wwgCxn3tB2+Pincm6hQT1Jl6HtVF
t332EHOMcyXZO/sDI72cK1fSodFWVhRkAnkJDxFnPwe/4qRfk4gp40U0R8Uj60SY
WAqdYl+eKjE3tNiE9F9qaGRILVS91jfjMCn1rFsBPjZOUQ==
-----END CERTIFICATE-----