Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GyJOpYQb50uJILEoQy0f-MlpWH4.roa
File:                     GyJOpYQb50uJILEoQy0f-MlpWH4.roa (raw, json)
Hash identifier:          5I4tcH5eb5pT6pf4hijC1qYV/roUsA5u9GcsfOUZE/U=
Subject key identifier:   1B:22:4E:A5:84:1B:E7:4B:89:20:B1:28:43:2D:1F:F8:C9:69:58:7E
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197371F74BD9A8D421C854D1E560853EDC4
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GyJOpYQb50uJILEoQy0f-MlpWH4.roa
Signing time:             Tue 03 Jun 2025 18:48:17 +0000
ROA not before:           Tue 03 Jun 2025 18:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41171
IP address blocks:        2a14:6ac4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:1f:74:bd:9a:8d:42:1c:85:4d:1e:56:08:53:ed:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun  3 18:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b224ea5841be74b8920b128432d1ff8c969587e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1a:ad:9f:db:fd:06:cd:be:a4:d0:ac:f7:76:
                    2c:13:03:0f:7a:8e:3f:d3:c4:67:f4:68:9e:26:70:
                    c5:9f:17:7b:00:91:f3:b7:8b:da:8d:1a:9b:62:a3:
                    11:17:17:4c:4f:cb:17:78:72:df:d1:77:76:b0:84:
                    39:3b:34:4d:73:61:bc:a6:a5:f6:35:84:7a:aa:1e:
                    fd:e6:f9:21:c0:84:c4:4b:65:4a:52:3a:82:3b:ac:
                    18:14:c3:0c:39:71:8b:c0:d3:54:36:10:59:29:49:
                    89:f9:a9:a1:0e:fc:6b:20:d1:d9:b2:ae:94:2f:35:
                    c5:6d:3c:fe:eb:cc:06:3e:a9:35:38:a4:67:48:df:
                    fb:aa:8b:0f:8f:10:94:db:fa:09:83:58:8b:25:31:
                    27:c0:01:b1:cf:8a:2a:82:16:df:88:17:01:2d:c7:
                    30:9e:66:fc:b9:42:e2:af:be:d9:47:37:b0:c3:92:
                    4c:2c:7a:39:e9:4c:09:68:51:d3:cf:5b:b5:10:27:
                    1a:5c:81:55:a0:70:d7:6d:a5:bb:78:67:e6:8f:33:
                    29:28:3c:84:f2:22:87:7e:18:a3:35:6a:18:e7:de:
                    2f:7c:65:24:4f:92:bc:0b:3e:f0:00:c5:e6:7c:47:
                    3b:88:ac:d1:91:80:e4:c6:e5:55:c6:ec:8e:57:40:
                    d6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:22:4E:A5:84:1B:E7:4B:89:20:B1:28:43:2D:1F:F8:C9:69:58:7E
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GyJOpYQb50uJILEoQy0f-MlpWH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6ac4::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:c0:b5:89:b6:2c:4e:64:c4:46:ba:3a:c4:b1:3b:6f:bc:5a:
         fe:66:59:f9:d6:f0:af:45:ff:6c:58:e5:5f:c6:58:3d:e6:a4:
         47:c3:74:5b:d3:0c:63:40:20:32:f8:73:4e:b2:ee:54:14:b4:
         9c:91:57:ee:90:37:cf:a9:4d:c0:e1:01:46:e2:93:a9:60:49:
         04:ce:81:0e:89:62:27:0d:da:db:28:6e:5a:a9:aa:1d:88:9b:
         fc:ab:a8:31:a6:31:c8:44:38:a8:8c:3a:8c:e2:13:d7:46:c5:
         a7:2c:aa:d3:59:ba:79:72:72:d6:42:4f:1f:55:76:2c:65:e3:
         fc:84:9a:5e:06:2f:d7:0d:82:b0:65:eb:16:95:d8:10:88:4e:
         d3:c9:f2:5e:14:ea:30:9a:69:53:75:79:60:5e:bf:d5:21:78:
         d5:67:88:73:f3:6e:41:aa:50:e2:49:af:5f:8b:17:1f:47:5f:
         2e:f4:4f:a4:dc:dd:da:76:99:81:a7:bb:2a:45:3b:98:ce:42:
         69:24:5c:e2:7f:0c:d6:3b:c8:da:3d:60:fb:17:1f:69:72:41:
         39:01:eb:e1:da:b1:3d:93:d7:2a:35:bf:77:0a:0f:26:fa:97:
         72:f6:cf:1c:02:9a:db:7e:92:64:97:90:af:77:34:05:b5:65:
         d6:20:b3:22
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZc3H3S9mo1CHIVNHlYIU+3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjAzMTg0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjIyNGVhNTg0MWJlNzRiODkyMGIxMjg0MzJkMWZmOGM5Njk1ODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhqtn9v9Bs2+pNCs93YsEwMPeo4/
08Rn9GieJnDFnxd7AJHzt4vajRqbYqMRFxdMT8sXeHLf0Xd2sIQ5OzRNc2G8pqX2
NYR6qh795vkhwITES2VKUjqCO6wYFMMMOXGLwNNUNhBZKUmJ+amhDvxrINHZsq6U
LzXFbTz+68wGPqk1OKRnSN/7qosPjxCU2/oJg1iLJTEnwAGxz4oqghbfiBcBLccw
nmb8uULir77ZRzeww5JMLHo56UwJaFHTz1u1ECcaXIFVoHDXbaW7eGfmjzMpKDyE
8iKHfhijNWoY594vfGUkT5K8Cz7wAMXmfEc7iKzRkYDkxuVVxuyOV0DWRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBsiTqWEG+dLiSCxKEMtH/jJaVh+MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvR3lKT3BZUWI1MHVKSUxFb1F5MGYtTWxwV0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRqxDAN
BgkqhkiG9w0BAQsFAAOCAQEAkMC1ibYsTmTERro6xLE7b7xa/mZZ+dbwr0X/bFjl
X8ZYPeakR8N0W9MMY0AgMvhzTrLuVBS0nJFX7pA3z6lNwOEBRuKTqWBJBM6BDoli
Jw3a2yhuWqmqHYib/KuoMaYxyEQ4qIw6jOIT10bFpyyq01m6eXJy1kJPH1V2LGXj
/ISaXgYv1w2CsGXrFpXYEIhO08nyXhTqMJppU3V5YF6/1SF41WeIc/NuQapQ4kmv
X4sXH0dfLvRPpNzd2naZgae7KkU7mM5CaSRc4n8M1jvI2j1g+xcfaXJBOQHr4dqx
PZPXKjW/dwoPJvqXcvbPHAKa236SZJeQr3c0BbVl1iCzIg==
-----END CERTIFICATE-----