Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/900cef-6481-4ff8-8e04-3cb8d817e027/1/U15Qt1jB_OrSJnk2-GsuZxl_HGg.roa
File:                     U15Qt1jB_OrSJnk2-GsuZxl_HGg.roa (raw, json)
Hash identifier:          ViBEGhLSRDySzjvRDBVQx2K1SB4Zl4Aix1chhJ6C9AM=
Subject key identifier:   53:5E:50:B7:58:C1:FC:EA:D2:26:79:36:F8:6B:2E:67:19:7F:1C:68
Certificate issuer:       /CN=80ffd9df456adbe3b1e661ee15626865fe1688c8
Certificate serial:       0196388B8868027EAE7B67ADE832BB87237C
Authority key identifier: 80:FF:D9:DF:45:6A:DB:E3:B1:E6:61:EE:15:62:68:65:FE:16:88:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gP_Z30Vq2-Ox5mHuFWJoZf4WiMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/900cef-6481-4ff8-8e04-3cb8d817e027/1/U15Qt1jB_OrSJnk2-GsuZxl_HGg.roa
Signing time:             Tue 15 Apr 2025 08:23:10 +0000
ROA not before:           Tue 15 Apr 2025 08:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61992
IP address blocks:        2a14:e900::/29 maxlen: 48
                          2a14:e900:1000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/900cef-6481-4ff8-8e04-3cb8d817e027/1/gP_Z30Vq2-Ox5mHuFWJoZf4WiMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/900cef-6481-4ff8-8e04-3cb8d817e027/1/gP_Z30Vq2-Ox5mHuFWJoZf4WiMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gP_Z30Vq2-Ox5mHuFWJoZf4WiMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:8b:88:68:02:7e:ae:7b:67:ad:e8:32:bb:87:23:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ffd9df456adbe3b1e661ee15626865fe1688c8
        Validity
            Not Before: Apr 15 08:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=535e50b758c1fcead2267936f86b2e67197f1c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9a:e9:b3:12:da:f6:21:3d:e6:a3:69:ab:d8:
                    09:5c:ba:50:16:44:de:35:c6:99:99:c3:49:c9:d2:
                    6c:2d:15:09:d4:6b:b6:d4:93:d0:fd:fb:29:ea:c6:
                    e6:4d:f6:e6:15:4f:11:51:bf:dd:ae:49:d4:0a:5b:
                    5f:ec:ee:6b:cc:a8:36:bc:e8:41:1f:c2:31:cb:ef:
                    f7:11:43:a6:6e:8a:fc:aa:ac:3e:c6:7c:7d:a2:34:
                    cd:a2:f8:0d:bb:5a:63:e6:6f:56:b7:c1:0b:c8:7c:
                    47:1e:91:b5:93:cc:1a:55:83:10:57:36:d1:4e:e4:
                    a0:11:ba:95:40:33:8d:14:6a:b0:87:d0:68:93:22:
                    52:5f:2b:74:c7:de:99:0e:af:14:02:19:e8:34:02:
                    1d:72:1d:88:5f:ce:c1:0a:13:d9:39:5e:67:b2:40:
                    a1:d9:d0:0f:dc:4b:9d:a2:57:f8:02:5f:73:9a:44:
                    0d:99:f4:68:58:30:d4:dd:67:de:e4:7b:58:e3:e8:
                    5f:92:f4:0d:bf:b4:fe:8c:04:7c:01:6a:c0:c1:47:
                    8d:64:03:43:3b:ec:dc:5e:2f:50:d5:95:a9:ed:9f:
                    00:3c:a6:d5:2f:0c:ad:f7:9e:70:42:de:85:81:f1:
                    54:4e:14:ca:c8:2d:9f:d8:c8:20:f6:30:7b:77:50:
                    68:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:5E:50:B7:58:C1:FC:EA:D2:26:79:36:F8:6B:2E:67:19:7F:1C:68
            X509v3 Authority Key Identifier:
                keyid:80:FF:D9:DF:45:6A:DB:E3:B1:E6:61:EE:15:62:68:65:FE:16:88:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gP_Z30Vq2-Ox5mHuFWJoZf4WiMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/900cef-6481-4ff8-8e04-3cb8d817e027/1/U15Qt1jB_OrSJnk2-GsuZxl_HGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/900cef-6481-4ff8-8e04-3cb8d817e027/1/gP_Z30Vq2-Ox5mHuFWJoZf4WiMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e900::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:30:55:12:af:64:66:50:31:7d:3e:74:47:cd:0f:63:1a:21:
         81:1b:53:57:27:52:f3:22:a1:37:e5:f6:0b:4d:26:96:8f:70:
         f3:b4:f2:3c:1a:7a:c6:0c:9c:65:eb:b6:2f:ea:2c:89:77:a6:
         d7:94:d0:0e:89:32:11:eb:8e:41:29:f6:6a:6e:96:f4:50:73:
         ab:0b:d2:8c:f1:fa:64:14:4e:27:f1:10:17:b4:f1:54:69:08:
         2e:45:19:75:52:35:cf:36:b7:61:42:da:b2:5f:15:52:7c:57:
         5b:e2:d6:ea:be:26:7c:bc:71:2c:8b:21:b1:bb:bb:1c:72:68:
         8f:b9:43:11:d9:f0:c8:34:8a:b2:1f:76:90:f3:ca:98:7d:c9:
         6d:5e:d5:0c:ec:a4:cf:62:b8:64:21:be:2f:bd:41:ea:ef:55:
         22:83:c3:4b:6e:04:f7:0f:58:ca:b5:75:65:e6:a1:5d:4f:40:
         a9:75:59:a6:a4:0f:16:c3:3b:4c:81:e2:8a:22:54:bd:46:76:
         f3:72:d2:08:9f:82:68:ed:b5:16:7c:45:10:e0:ee:c1:db:23:
         0f:4c:45:70:5f:18:e9:12:a7:bb:3a:c4:46:b7:65:fb:2f:0a:
         55:2e:16:eb:fe:6b:93:93:28:a5:62:72:de:3e:9d:ee:93:6c:
         5d:24:f1:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZY4i4hoAn6ue2et6DK7hyN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZmZkOWRmNDU2YWRiZTNiMWU2NjFlZTE1NjI2ODY1ZmUx
Njg4YzgwHhcNMjUwNDE1MDgyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzVlNTBiNzU4YzFmY2VhZDIyNjc5MzZmODZiMmU2NzE5N2YxYzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnprpsxLa9iE95qNpq9gJXLpQFkTe
NcaZmcNJydJsLRUJ1Gu21JPQ/fsp6sbmTfbmFU8RUb/drknUCltf7O5rzKg2vOhB
H8Ixy+/3EUOmbor8qqw+xnx9ojTNovgNu1pj5m9Wt8ELyHxHHpG1k8waVYMQVzbR
TuSgEbqVQDONFGqwh9BokyJSXyt0x96ZDq8UAhnoNAIdch2IX87BChPZOV5nskCh
2dAP3Eudolf4Al9zmkQNmfRoWDDU3Wfe5HtY4+hfkvQNv7T+jAR8AWrAwUeNZAND
O+zcXi9Q1ZWp7Z8APKbVLwyt955wQt6FgfFUThTKyC2f2Mgg9jB7d1BokwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFNeULdYwfzq0iZ5NvhrLmcZfxxoMB8GA1UdIwQY
MBaAFID/2d9FatvjseZh7hViaGX+FojIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BfWjMwVnEyLU94NW1IdUZXSm9aZjRXaU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi85MDBjZWYtNjQ4MS00ZmY4LThlMDQt
M2NiOGQ4MTdlMDI3LzEvVTE1UXQxakJfT3JTSm5rMi1Hc3VaeGxfSEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi85MDBjZWYtNjQ4MS00ZmY4LThlMDQtM2NiOGQ4MTdlMDI3
LzEvZ1BfWjMwVnEyLU94NW1IdUZXSm9aZjRXaU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTpADAN
BgkqhkiG9w0BAQsFAAOCAQEAmzBVEq9kZlAxfT50R80PYxohgRtTVydS8yKhN+X2
C00mlo9w87TyPBp6xgycZeu2L+osiXem15TQDokyEeuOQSn2am6W9FBzqwvSjPH6
ZBROJ/EQF7TxVGkILkUZdVI1zza3YULasl8VUnxXW+LW6r4mfLxxLIshsbu7HHJo
j7lDEdnwyDSKsh92kPPKmH3JbV7VDOykz2K4ZCG+L71B6u9VIoPDS24E9w9YyrV1
ZeahXU9AqXVZpqQPFsM7TIHiiiJUvUZ283LSCJ+CaO21FnxFEODuwdsjD0xFcF8Y
6RKnuzrERrdl+y8KVS4W6/5rk5MopWJy3j6d7pNsXSTxMg==
-----END CERTIFICATE-----