Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/q9EscCe7t5gVibmBd58asAmZMUg.roa
File:                     q9EscCe7t5gVibmBd58asAmZMUg.roa (raw, json)
Hash identifier:          VIc3vlhk4rBIAMQ48+/9jl8SQU9fOCllGCJznJGDS5M=
Subject key identifier:   AB:D1:2C:70:27:BB:B7:98:15:89:B9:81:77:9F:1A:B0:09:99:31:48
Certificate issuer:       /CN=a19fd633a4d3d210decf7db57d122b648b98ed25
Certificate serial:       01945FE02286F9B4E348576A9754269CA8F5
Authority key identifier: A1:9F:D6:33:A4:D3:D2:10:DE:CF:7D:B5:7D:12:2B:64:8B:98:ED:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZ_WM6TT0hDez321fRIrZIuY7SU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/q9EscCe7t5gVibmBd58asAmZMUg.roa
Signing time:             Mon 13 Jan 2025 13:35:11 +0000
ROA not before:           Mon 13 Jan 2025 13:35:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213648
IP address blocks:        2a14:8700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/oZ_WM6TT0hDez321fRIrZIuY7SU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/oZ_WM6TT0hDez321fRIrZIuY7SU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZ_WM6TT0hDez321fRIrZIuY7SU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:e0:22:86:f9:b4:e3:48:57:6a:97:54:26:9c:a8:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19fd633a4d3d210decf7db57d122b648b98ed25
        Validity
            Not Before: Jan 13 13:35:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd12c7027bbb7981589b981779f1ab009993148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:48:2f:2d:5a:e1:fe:19:0e:3c:9f:b0:52:b2:
                    6f:1b:be:cb:93:52:68:ba:2b:ce:e4:85:cd:4a:2c:
                    69:26:5e:82:6e:cf:24:29:86:9d:ea:22:15:39:be:
                    60:4c:0d:70:ea:ac:7e:fe:4d:bc:b8:1f:41:ac:bd:
                    f1:f0:93:41:40:1d:fd:32:84:7a:62:dc:fc:16:ce:
                    89:07:12:10:dd:dd:5a:5e:85:2e:2e:c2:3f:a8:ef:
                    19:ac:72:70:d2:ba:30:7c:da:93:d0:22:0d:f9:43:
                    7a:81:8a:75:7f:78:f6:64:a8:78:f9:96:db:35:1c:
                    a7:2d:47:e0:e3:3a:46:39:85:d8:ca:be:cf:e4:07:
                    77:a4:95:0f:03:25:6d:45:6f:e8:f9:4f:8e:ec:c5:
                    39:7e:c7:70:24:da:54:14:7c:be:0e:d9:e5:45:ff:
                    17:a3:9f:62:9d:a4:a9:60:15:34:f7:cc:85:57:b7:
                    12:e7:1d:06:d8:b7:9c:e1:39:6f:c9:4b:b1:2e:d6:
                    c6:52:1d:3e:0c:c7:de:99:ef:e3:5d:6a:47:c7:f1:
                    8e:07:2f:bc:96:8b:24:6a:5f:56:4f:e4:6e:cb:a7:
                    2b:b5:42:50:e8:b5:b1:e1:ac:e4:67:aa:8e:79:be:
                    3a:a7:f7:8a:04:60:7e:d6:72:2d:10:3e:c5:dc:4b:
                    ee:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D1:2C:70:27:BB:B7:98:15:89:B9:81:77:9F:1A:B0:09:99:31:48
            X509v3 Authority Key Identifier:
                keyid:A1:9F:D6:33:A4:D3:D2:10:DE:CF:7D:B5:7D:12:2B:64:8B:98:ED:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZ_WM6TT0hDez321fRIrZIuY7SU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/q9EscCe7t5gVibmBd58asAmZMUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/7cabe0-6d84-47a7-acec-c7cad5020eef/1/oZ_WM6TT0hDez321fRIrZIuY7SU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:8700::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:50:a1:82:4a:d7:02:eb:99:c4:c6:94:32:70:d6:05:18:fd:
         dd:a8:e7:7d:ca:94:9e:ed:97:9d:ab:58:97:40:1f:80:ca:b7:
         45:b7:2a:09:36:de:c3:91:e2:22:3b:5c:9f:af:d2:3e:91:c0:
         ea:ca:1b:aa:38:6b:fd:b2:82:25:25:cb:64:63:5f:91:8b:cc:
         93:9e:4c:ed:98:81:10:13:6a:0b:24:7d:1a:a6:5e:b7:9b:d6:
         47:bc:7c:9d:9b:1f:8a:71:46:e1:2c:3d:3d:b6:5b:fd:75:82:
         d0:f9:aa:60:a6:b0:6b:a8:9c:88:fe:02:03:c9:59:be:0a:58:
         b6:7e:b8:f2:39:fa:ae:88:ab:7d:25:7c:cc:14:3c:ce:a3:bb:
         1d:ee:3c:8d:dd:3e:82:5f:ed:62:3a:ed:80:ca:c5:8d:5d:87:
         76:de:0e:e1:4a:3e:e2:46:7f:de:5e:34:ce:aa:65:39:fc:5b:
         13:3d:8d:55:95:7c:a7:27:ef:30:2f:36:64:fb:85:b1:01:40:
         f2:63:f5:83:cc:cc:12:27:d2:36:a5:c2:02:1d:84:d7:78:39:
         68:02:f0:4c:74:a5:d5:9d:5b:e1:a2:3c:77:4a:d2:ea:cb:65:
         47:b6:96:13:58:35:f5:66:02:a9:ef:0a:36:36:cd:83:20:13:
         61:8f:ef:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRf4CKG+bTjSFdql1QmnKj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOWZkNjMzYTRkM2QyMTBkZWNmN2RiNTdkMTIyYjY0OGI5
OGVkMjUwHhcNMjUwMTEzMTMzNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQxMmM3MDI3YmJiNzk4MTU4OWI5ODE3NzlmMWFiMDA5OTkzMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEgvLVrh/hkOPJ+wUrJvG77Lk1Jo
uivO5IXNSixpJl6Cbs8kKYad6iIVOb5gTA1w6qx+/k28uB9BrL3x8JNBQB39MoR6
Ytz8Fs6JBxIQ3d1aXoUuLsI/qO8ZrHJw0rowfNqT0CIN+UN6gYp1f3j2ZKh4+Zbb
NRynLUfg4zpGOYXYyr7P5Ad3pJUPAyVtRW/o+U+O7MU5fsdwJNpUFHy+DtnlRf8X
o59inaSpYBU098yFV7cS5x0G2Lec4TlvyUuxLtbGUh0+DMfeme/jXWpHx/GOBy+8
loskal9WT+Ruy6crtUJQ6LWx4azkZ6qOeb46p/eKBGB+1nItED7F3EvucQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKvRLHAnu7eYFYm5gXefGrAJmTFIMB8GA1UdIwQY
MBaAFKGf1jOk09IQ3s99tX0SK2SLmO0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1pfV002VFQwaERlejMyMWZSSXJaSXVZN1NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83Y2FiZTAtNmQ4NC00N2E3LWFjZWMt
YzdjYWQ1MDIwZWVmLzEvcTlFc2NDZTd0NWdWaWJtQmQ1OGFzQW1aTVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83Y2FiZTAtNmQ4NC00N2E3LWFjZWMtYzdjYWQ1MDIwZWVm
LzEvb1pfV002VFQwaERlejMyMWZSSXJaSXVZN1NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSHADAN
BgkqhkiG9w0BAQsFAAOCAQEADVChgkrXAuuZxMaUMnDWBRj93ajnfcqUnu2XnatY
l0AfgMq3RbcqCTbew5HiIjtcn6/SPpHA6sobqjhr/bKCJSXLZGNfkYvMk55M7ZiB
EBNqCyR9GqZet5vWR7x8nZsfinFG4Sw9PbZb/XWC0PmqYKawa6iciP4CA8lZvgpY
tn648jn6roirfSV8zBQ8zqO7He48jd0+gl/tYjrtgMrFjV2Hdt4O4Uo+4kZ/3l40
zqplOfxbEz2NVZV8pyfvMC82ZPuFsQFA8mP1g8zMEifSNqXCAh2E13g5aALwTHSl
1Z1b4aI8d0rS6stlR7aWE1g19WYCqe8KNjbNgyATYY/vVw==
-----END CERTIFICATE-----