Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/5h88FMdyJ4BKxPsdcgHQyCeiggw.roa
File:                     5h88FMdyJ4BKxPsdcgHQyCeiggw.roa (raw, json)
Hash identifier:          Owv+GMEcs1uONJHFnOZ4mKs3NxskXYOAjZpyCXtz47Y=
Subject key identifier:   E6:1F:3C:14:C7:72:27:80:4A:C4:FB:1D:72:01:D0:C8:27:A2:82:0C
Certificate issuer:       /CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
Certificate serial:       019600DE49EA8D10BE111924A96482618F8B
Authority key identifier: 29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/5h88FMdyJ4BKxPsdcgHQyCeiggw.roa
Signing time:             Fri 04 Apr 2025 12:54:49 +0000
ROA not before:           Fri 04 Apr 2025 12:54:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205659
IP address blocks:        2a14:c881:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:de:49:ea:8d:10:be:11:19:24:a9:64:82:61:8f:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
        Validity
            Not Before: Apr  4 12:54:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e61f3c14c77227804ac4fb1d7201d0c827a2820c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2a:3b:f4:a9:d9:f4:3b:3a:f3:cd:a6:99:fe:
                    b4:50:db:03:b3:e4:ef:de:13:24:e1:da:23:75:43:
                    96:b2:e1:93:4e:f5:ef:1e:7c:fd:3e:63:70:8e:a9:
                    40:b0:f2:4d:06:35:d2:9b:64:f0:69:a0:48:6e:af:
                    44:cb:64:0e:f4:2d:38:f5:8b:6c:2f:4b:9e:14:26:
                    d3:c1:95:ad:52:b9:fe:de:6e:2e:ad:30:79:6f:72:
                    f4:6c:ee:a6:17:3d:e0:fc:b1:99:6c:ef:6a:d0:e4:
                    af:7b:7a:60:97:ea:ae:42:b7:c7:64:74:f6:32:c6:
                    86:1d:db:c4:2d:58:65:6b:e9:64:4c:6d:c5:5b:f3:
                    1d:68:2d:6d:17:5e:e7:a7:f1:f1:e2:fe:e7:a3:f7:
                    c5:48:55:a6:e3:2f:e2:37:a4:01:b2:2c:64:7c:a4:
                    91:84:d3:83:e1:d2:c5:3d:98:32:b5:9d:1e:96:a9:
                    1e:a5:95:9a:b5:15:fa:7e:2a:4e:84:4d:a5:65:2b:
                    90:f8:ee:ce:a9:63:d4:63:ea:26:87:59:15:ce:9f:
                    fb:6f:8a:e9:bb:86:20:de:93:d1:5b:02:4f:a6:28:
                    99:b8:ea:a2:6c:ae:c2:05:bb:41:cd:95:da:f8:3d:
                    47:99:61:e7:e0:41:7b:dd:1d:e4:1e:91:36:19:47:
                    60:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1F:3C:14:C7:72:27:80:4A:C4:FB:1D:72:01:D0:C8:27:A2:82:0C
            X509v3 Authority Key Identifier:
                keyid:29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/5h88FMdyJ4BKxPsdcgHQyCeiggw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c881:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         a8:a2:45:48:98:8b:f8:e5:eb:c9:3d:ae:2a:a1:41:cc:7c:58:
         06:af:32:36:36:ec:1d:91:94:f0:99:4f:4b:81:66:06:ce:26:
         f1:8b:98:48:c4:77:27:ba:47:79:9b:17:98:8c:77:a6:cc:36:
         9a:56:5f:c3:dc:d1:16:41:bf:53:d2:56:41:30:fa:ee:9a:6d:
         71:88:1f:d4:30:17:ab:71:92:26:43:f7:f8:5d:0e:85:34:72:
         1e:be:81:11:9d:f9:7b:7f:ab:85:7c:87:04:a5:23:c2:86:62:
         f3:31:71:08:2a:f1:d6:ba:aa:a1:ad:3d:e4:9c:62:5e:db:e4:
         9e:b7:e9:69:ed:db:29:58:3f:d7:fa:21:6d:a4:4b:db:a1:6f:
         ec:70:c2:9d:9c:be:2b:7c:0c:cd:d1:eb:26:6f:42:98:a7:1e:
         c5:d9:0f:69:bd:04:aa:1b:fc:d1:31:e9:1a:33:3b:54:53:d0:
         ae:8a:f9:63:1e:32:c6:66:75:86:6a:1a:cc:1a:55:48:f2:99:
         ee:f7:74:29:1f:1c:98:ec:3f:02:db:34:3f:c1:f8:e0:3b:e2:
         6a:59:b4:dd:44:b2:31:67:62:35:b2:d5:2a:c4:d3:42:0f:31:
         be:30:1e:00:a4:0e:ed:68:e9:37:94:4d:0b:6a:a0:29:61:bb:
         5a:6c:4c:4d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYA3knqjRC+ERkkqWSCYY+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmE3ZGQ2M2YyZTJkODdiNWY3ODUwMDkzYzc0M2JiZmJl
MTRlNDQwHhcNMjUwNDA0MTI1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFmM2MxNGM3NzIyNzgwNGFjNGZiMWQ3MjAxZDBjODI3YTI4MjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2io79KnZ9Ds6882mmf60UNsDs+Tv
3hMk4dojdUOWsuGTTvXvHnz9PmNwjqlAsPJNBjXSm2TwaaBIbq9Ey2QO9C049Yts
L0ueFCbTwZWtUrn+3m4urTB5b3L0bO6mFz3g/LGZbO9q0OSve3pgl+quQrfHZHT2
MsaGHdvELVhla+lkTG3FW/MdaC1tF17np/Hx4v7no/fFSFWm4y/iN6QBsixkfKSR
hNOD4dLFPZgytZ0elqkepZWatRX6fipOhE2lZSuQ+O7OqWPUY+omh1kVzp/7b4rp
u4Yg3pPRWwJPpiiZuOqibK7CBbtBzZXa+D1HmWHn4EF73R3kHpE2GUdg6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOYfPBTHcieASsT7HXIB0MgnooIMMB8GA1UdIwQY
MBaAFCn6fdY/Li2HtfeFAJPHQ7v74U5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUt
NzlmN2I2ZWE3YzE0LzEvNWg4OEZNZHlKNEJLeFBzZGNnSFF5Q2VpZ2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUtNzlmN2I2ZWE3YzE0
LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhTIgYAw
DQYJKoZIhvcNAQELBQADggEBAKiiRUiYi/jl68k9riqhQcx8WAavMjY27B2RlPCZ
T0uBZgbOJvGLmEjEdye6R3mbF5iMd6bMNppWX8Pc0RZBv1PSVkEw+u6abXGIH9Qw
F6txkiZD9/hdDoU0ch6+gRGd+Xt/q4V8hwSlI8KGYvMxcQgq8da6qqGtPeScYl7b
5J636Wnt2ylYP9f6IW2kS9uhb+xwwp2cvit8DM3R6yZvQpinHsXZD2m9BKob/NEx
6RozO1RT0K6K+WMeMsZmdYZqGswaVUjyme73dCkfHJjsPwLbND/B+OA74mpZtN1E
sjFnYjWy1SrE00IPMb4wHgCkDu1o6TeUTQtqoClhu1psTE0=
-----END CERTIFICATE-----