Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/WhSTApE7RFBAMmW_xVnPdgMAiWQ.roa
File:                     WhSTApE7RFBAMmW_xVnPdgMAiWQ.roa (raw, json)
Hash identifier:          Bd3C/960PK8QK60Tck52Vy8z1GDbIMwLZtVlP2UrssE=
Subject key identifier:   5A:14:93:02:91:3B:44:50:40:32:65:BF:C5:59:CF:76:03:00:89:64
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       0196F7C0E08231C6A8C42D828CA42542FB52
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/WhSTApE7RFBAMmW_xVnPdgMAiWQ.roa
Signing time:             Thu 22 May 2025 11:28:54 +0000
ROA not before:           Thu 22 May 2025 11:28:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208063
IP address blocks:        2a14:ae00:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 08:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:c0:e0:82:31:c6:a8:c4:2d:82:8c:a4:25:42:fb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: May 22 11:28:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a149302913b4450403265bfc559cf7603008964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e2:9b:c9:2e:8a:4c:2a:47:b6:16:2d:87:17:
                    b5:9f:e8:ae:a0:6e:7e:4f:72:8b:4c:74:47:39:c7:
                    f6:9f:dc:a3:0a:d0:e0:95:71:08:b5:5c:92:c7:8d:
                    84:94:43:77:17:18:dc:a0:39:2a:07:90:0a:e3:83:
                    af:72:04:08:99:00:c6:c7:ba:a6:87:b6:47:6d:e2:
                    92:b8:30:09:63:0e:89:6d:32:97:18:00:da:5b:53:
                    94:eb:70:45:40:7f:be:55:22:4a:53:e1:22:06:bb:
                    eb:ad:0e:7b:b5:26:4c:ab:b4:b7:49:74:9b:79:73:
                    5c:0f:b4:f4:e2:36:d4:43:c5:ac:34:3c:f4:23:b9:
                    87:81:9b:e8:ab:ba:61:3d:bb:7d:83:52:d0:8d:80:
                    8b:2a:90:ed:ae:95:e8:4f:75:75:3f:74:65:51:00:
                    2f:01:02:b0:7f:88:c7:74:b1:51:22:1d:2a:90:00:
                    fe:d6:c9:62:20:a3:ec:a1:f2:f0:9e:8a:7e:ed:02:
                    14:7f:da:54:21:da:dd:26:50:49:4e:be:46:65:34:
                    5c:07:e3:7e:a3:f1:41:4b:3e:f9:01:e7:19:bb:cd:
                    39:43:89:c3:86:a6:60:e9:dd:09:b8:d5:44:a9:43:
                    aa:06:55:07:af:d0:b6:79:3e:e8:f0:c6:e0:55:d9:
                    e2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:14:93:02:91:3B:44:50:40:32:65:BF:C5:59:CF:76:03:00:89:64
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/WhSTApE7RFBAMmW_xVnPdgMAiWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:26:03:fa:91:f3:66:bd:2e:22:05:b2:9a:c2:f3:73:68:c7:
         bc:e9:15:41:e7:d9:e0:d0:d2:ce:37:45:03:20:5f:3c:d5:6d:
         f1:69:10:f2:dc:22:79:b5:3c:9e:b8:26:be:54:95:f8:e4:d0:
         0d:08:a1:3b:56:5b:1d:e0:af:bf:b7:6b:48:e7:d3:49:f3:a1:
         49:e6:51:ac:3b:81:e8:11:66:14:a3:70:8b:db:3b:da:26:b4:
         3b:10:f5:fa:8c:99:34:6c:ff:0f:29:f5:56:18:c6:4a:10:10:
         a2:89:a5:ec:2e:07:2f:87:3e:7c:af:9a:c4:79:80:94:4b:4e:
         f9:34:8d:2e:e9:59:49:bd:13:bb:3a:0a:2e:83:02:22:c6:74:
         cf:44:f6:28:86:c7:62:8a:58:45:a7:b3:15:93:e3:f1:12:dc:
         5f:d4:99:87:4a:6c:e2:8f:5d:79:64:d2:81:03:9e:ae:4d:ff:
         1b:ac:65:ee:4f:41:ce:a4:b8:68:a6:88:1c:7d:a4:c3:25:b0:
         8d:27:3a:54:c5:3e:c0:48:6c:46:c0:d6:cc:6a:d0:0a:ae:5a:
         2f:2f:cf:66:30:f4:55:66:a3:1e:09:0d:14:8d:26:e5:2f:72:
         92:6e:93:c8:25:32:c6:78:08:dd:95:5f:9f:a5:5c:9e:22:9b:
         78:92:85:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZb3wOCCMcaoxC2CjKQlQvtSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjUwNTIyMTEyODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTE0OTMwMjkxM2I0NDUwNDAzMjY1YmZjNTU5Y2Y3NjAzMDA4OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOKbyS6KTCpHthYthxe1n+iuoG5+
T3KLTHRHOcf2n9yjCtDglXEItVySx42ElEN3FxjcoDkqB5AK44OvcgQImQDGx7qm
h7ZHbeKSuDAJYw6JbTKXGADaW1OU63BFQH++VSJKU+EiBrvrrQ57tSZMq7S3SXSb
eXNcD7T04jbUQ8WsNDz0I7mHgZvoq7phPbt9g1LQjYCLKpDtrpXoT3V1P3RlUQAv
AQKwf4jHdLFRIh0qkAD+1sliIKPsofLwnop+7QIUf9pUIdrdJlBJTr5GZTRcB+N+
o/FBSz75AecZu805Q4nDhqZg6d0JuNVEqUOqBlUHr9C2eT7o8MbgVdni0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFoUkwKRO0RQQDJlv8VZz3YDAIlkMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvV2hTVEFwRTdSRkJBTW1XX3hWblBkZ01BaVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCgJgP6kfNmvS4iBbKawvNzaMe86RVB59ng0NLO
N0UDIF881W3xaRDy3CJ5tTyeuCa+VJX45NANCKE7Vlsd4K+/t2tI59NJ86FJ5lGs
O4HoEWYUo3CL2zvaJrQ7EPX6jJk0bP8PKfVWGMZKEBCiiaXsLgcvhz58r5rEeYCU
S075NI0u6VlJvRO7OgougwIixnTPRPYohsdiilhFp7MVk+PxEtxf1JmHSmzij115
ZNKBA56uTf8brGXuT0HOpLhopogcfaTDJbCNJzpUxT7ASGxGwNbMatAKrlovL89m
MPRVZqMeCQ0UjSblL3KSbpPIJTLGeAjdlV+fpVyeIpt4koVD
-----END CERTIFICATE-----