Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/05o0ilxpLPFj724SFa-brN8vzXk.roa
File:                     05o0ilxpLPFj724SFa-brN8vzXk.roa (raw, json)
Hash identifier:          CPN9MrS7MYDAN7zH2nr9vN3ZoOoKTAOXjde0z1Y3r4g=
Subject key identifier:   D3:9A:34:8A:5C:69:2C:F1:63:EF:6E:12:15:AF:9B:AC:DF:2F:CD:79
Certificate issuer:       /CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
Certificate serial:       019600DF3362B0876C4EE191E0B489657F7C
Authority key identifier: 29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/05o0ilxpLPFj724SFa-brN8vzXk.roa
Signing time:             Fri 04 Apr 2025 12:55:49 +0000
ROA not before:           Fri 04 Apr 2025 12:55:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201341
IP address blocks:        2a14:c883::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:df:33:62:b0:87:6c:4e:e1:91:e0:b4:89:65:7f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
        Validity
            Not Before: Apr  4 12:55:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d39a348a5c692cf163ef6e1215af9bacdf2fcd79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:54:fb:95:2f:16:d2:44:0b:33:15:70:2e:82:
                    1b:86:b8:9f:38:a7:ce:b5:5c:37:6e:91:bd:40:b2:
                    46:54:c2:0b:36:83:10:84:8e:38:47:4f:37:d1:11:
                    3c:50:4f:be:c1:ce:54:01:e0:42:30:cb:8a:8e:3b:
                    e8:dd:07:64:ba:96:06:68:ca:e5:5b:65:03:be:b7:
                    17:4e:2f:26:e5:d0:de:8d:f0:ec:34:58:7a:e6:06:
                    22:b7:23:8f:aa:e1:01:7e:f6:4a:f6:8d:39:0d:b7:
                    8f:82:78:55:83:3b:56:ad:c3:19:57:b3:2f:b4:2c:
                    0f:db:9a:4d:79:35:17:97:f1:77:9c:70:7f:3b:25:
                    9f:bb:e5:d0:76:2f:ab:3b:e9:41:23:4f:25:a0:b6:
                    93:30:40:d9:d8:f1:c0:da:32:24:a3:f8:7e:16:1b:
                    2f:6d:24:e5:52:88:d0:b5:f9:d4:29:b7:cb:6f:30:
                    87:28:f8:12:82:52:66:58:f4:09:32:ab:a7:bb:01:
                    bb:55:af:14:68:62:50:be:25:c1:c8:b8:59:60:f5:
                    b6:7d:fb:1a:a0:d9:cb:90:2a:44:2a:45:30:cc:10:
                    da:9a:6d:9e:2c:a4:72:50:25:3a:22:a3:c4:b2:45:
                    ca:63:cc:77:77:3a:c8:61:85:3e:84:fc:21:cf:eb:
                    58:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:9A:34:8A:5C:69:2C:F1:63:EF:6E:12:15:AF:9B:AC:DF:2F:CD:79
            X509v3 Authority Key Identifier:
                keyid:29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/05o0ilxpLPFj724SFa-brN8vzXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c883::/33

    Signature Algorithm: sha256WithRSAEncryption
         1e:20:c4:d6:0c:02:4a:20:66:7e:85:a4:ed:9c:0e:c5:61:7d:
         ba:06:f5:c9:f0:03:5b:8a:b2:1f:1a:a7:a4:0f:27:02:08:de:
         27:f6:e9:78:36:98:9b:fc:8b:42:25:de:ba:22:28:86:9f:ec:
         84:27:21:a6:f7:ee:44:d7:0a:aa:29:c0:67:e0:a1:01:1c:16:
         04:cd:b8:8b:c9:23:f5:0e:e8:8d:31:cb:8a:2a:e5:e6:c9:28:
         80:96:e6:f3:15:d1:68:60:bf:39:09:20:16:d8:b9:89:a8:14:
         57:19:33:d6:ca:23:7e:ba:e5:63:bd:48:3a:4b:db:87:18:8b:
         7c:8f:73:53:81:b9:c4:6a:e2:10:95:20:58:03:4f:40:7d:6c:
         e2:85:f3:ca:bf:e1:ba:e8:43:87:db:5f:f3:fc:c3:bb:2f:85:
         d0:cc:ed:c7:e2:ac:bf:98:bd:31:2c:85:19:74:51:43:6a:49:
         4a:34:c3:89:fa:aa:ed:3f:7f:03:29:a5:a2:95:aa:a7:93:de:
         fc:76:4d:2e:09:a8:26:42:f2:80:c1:b4:e1:8c:52:a4:0e:d4:
         a2:9a:40:fa:04:d7:34:a5:bb:49:8b:c8:05:79:29:8c:8c:25:
         73:42:07:d4:f9:ad:cf:4f:e5:c6:d4:a8:2d:ec:1b:de:9c:e0:
         d8:54:2f:26
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYA3zNisIdsTuGR4LSJZX98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmE3ZGQ2M2YyZTJkODdiNWY3ODUwMDkzYzc0M2JiZmJl
MTRlNDQwHhcNMjUwNDA0MTI1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzlhMzQ4YTVjNjkyY2YxNjNlZjZlMTIxNWFmOWJhY2RmMmZjZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVT7lS8W0kQLMxVwLoIbhrifOKfO
tVw3bpG9QLJGVMILNoMQhI44R0830RE8UE++wc5UAeBCMMuKjjvo3QdkupYGaMrl
W2UDvrcXTi8m5dDejfDsNFh65gYityOPquEBfvZK9o05DbePgnhVgztWrcMZV7Mv
tCwP25pNeTUXl/F3nHB/OyWfu+XQdi+rO+lBI08loLaTMEDZ2PHA2jIko/h+Fhsv
bSTlUojQtfnUKbfLbzCHKPgSglJmWPQJMqunuwG7Va8UaGJQviXByLhZYPW2ffsa
oNnLkCpEKkUwzBDamm2eLKRyUCU6IqPEskXKY8x3dzrIYYU+hPwhz+tYSwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNOaNIpcaSzxY+9uEhWvm6zfL815MB8GA1UdIwQY
MBaAFCn6fdY/Li2HtfeFAJPHQ7v74U5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUt
NzlmN2I2ZWE3YzE0LzEvMDVvMGlseHBMUEZqNzI0U0ZhLWJyTjh2elhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUtNzlmN2I2ZWE3YzE0
LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhTIgwAw
DQYJKoZIhvcNAQELBQADggEBAB4gxNYMAkogZn6FpO2cDsVhfboG9cnwA1uKsh8a
p6QPJwII3if26Xg2mJv8i0Il3roiKIaf7IQnIab37kTXCqopwGfgoQEcFgTNuIvJ
I/UO6I0xy4oq5ebJKICW5vMV0WhgvzkJIBbYuYmoFFcZM9bKI3665WO9SDpL24cY
i3yPc1OBucRq4hCVIFgDT0B9bOKF88q/4broQ4fbX/P8w7svhdDM7cfirL+YvTEs
hRl0UUNqSUo0w4n6qu0/fwMppaKVqqeT3vx2TS4JqCZC8oDBtOGMUqQO1KKaQPoE
1zSlu0mLyAV5KYyMJXNCB9T5rc9P5cbUqC3sG96c4NhULyY=
-----END CERTIFICATE-----