Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/sRNeT65rt6woLISuiM8vg1rgfeg.roa
File:                     sRNeT65rt6woLISuiM8vg1rgfeg.roa (raw, json)
Hash identifier:          U0++MMBJLtG7d5c7Me3am120THV8UBDE/53t4i8cpqM=
Subject key identifier:   B1:13:5E:4F:AE:6B:B7:AC:28:2C:84:AE:88:CF:2F:83:5A:E0:7D:E8
Certificate issuer:       /CN=0a69b39b08f3f62ce3e083bbc8aeeceadc498b69
Certificate serial:       0194252185742103DEF35F1B45F01157763E
Authority key identifier: 0A:69:B3:9B:08:F3:F6:2C:E3:E0:83:BB:C8:AE:EC:EA:DC:49:8B:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cmmzmwjz9izj4IO7yK7s6txJi2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/sRNeT65rt6woLISuiM8vg1rgfeg.roa
Signing time:             Thu 02 Jan 2025 03:49:01 +0000
ROA not before:           Thu 02 Jan 2025 03:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214895
IP address blocks:        2a0a:14c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/Cmmzmwjz9izj4IO7yK7s6txJi2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/Cmmzmwjz9izj4IO7yK7s6txJi2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cmmzmwjz9izj4IO7yK7s6txJi2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:85:74:21:03:de:f3:5f:1b:45:f0:11:57:76:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a69b39b08f3f62ce3e083bbc8aeeceadc498b69
        Validity
            Not Before: Jan  2 03:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1135e4fae6bb7ac282c84ae88cf2f835ae07de8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cd:3d:b5:fa:5c:40:83:ba:b1:97:84:f3:64:
                    d1:76:b4:80:96:05:29:f0:d4:db:78:be:73:2e:ab:
                    d2:e2:5d:25:0f:ad:24:80:4a:c0:ae:ea:08:81:09:
                    3a:9e:c9:a2:a5:d0:b6:dd:2a:28:6b:03:c3:a2:be:
                    5a:58:9e:7b:2e:dd:17:56:dc:c5:fa:97:62:d3:42:
                    c0:b7:3b:63:74:5d:1a:8d:fb:9a:9b:28:f5:3a:24:
                    4d:c8:2c:ad:3b:73:1c:fd:1a:e3:74:cb:3f:ed:a0:
                    ec:5f:fc:0a:59:f4:50:2d:0c:6d:7f:1e:f2:de:5d:
                    07:72:0c:7c:80:b9:ab:4e:84:54:61:e6:ef:f5:84:
                    ff:64:a2:c7:01:b1:51:c5:61:70:01:cd:d8:55:01:
                    f7:0c:21:b6:2d:3a:41:a1:09:0e:80:31:9c:09:d1:
                    ad:43:9a:e8:be:f5:a2:6b:f9:b3:b9:77:5c:bf:49:
                    d1:be:10:97:24:7d:34:ec:4c:46:b0:64:55:83:c5:
                    ee:03:90:d9:c6:60:61:3e:72:d1:08:5d:1a:51:d4:
                    1e:b6:f2:0b:dd:55:ff:6a:1b:e0:70:27:70:e7:4f:
                    bd:35:93:3a:89:16:4d:23:b2:47:5c:fc:35:b6:33:
                    e7:63:8f:b2:f5:e0:1f:cd:cb:c7:69:0b:3c:30:24:
                    3b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:13:5E:4F:AE:6B:B7:AC:28:2C:84:AE:88:CF:2F:83:5A:E0:7D:E8
            X509v3 Authority Key Identifier:
                keyid:0A:69:B3:9B:08:F3:F6:2C:E3:E0:83:BB:C8:AE:EC:EA:DC:49:8B:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cmmzmwjz9izj4IO7yK7s6txJi2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/sRNeT65rt6woLISuiM8vg1rgfeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/2f3245-2b36-4cf5-9e60-c09afa00cb84/1/Cmmzmwjz9izj4IO7yK7s6txJi2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:14c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:0e:73:0e:10:6a:a7:90:9b:f7:24:0e:1b:95:72:a1:2c:da:
         7e:4b:86:05:4b:86:9b:8f:d4:8a:3f:4f:f5:95:ec:13:2f:81:
         d5:0b:ef:04:c6:5d:0c:8a:57:9e:67:ac:63:96:c1:d3:a4:e0:
         94:4d:bf:22:3f:1d:78:8a:27:d1:94:03:33:29:91:ca:8e:18:
         65:5c:97:d3:1b:2f:c1:63:8d:40:d9:99:68:9f:bf:03:64:92:
         65:53:88:9c:0f:fd:18:bd:47:f6:bd:49:2d:9b:ce:e9:70:69:
         39:63:93:15:59:13:73:27:79:cd:e3:b3:27:1e:6c:c1:33:3b:
         4e:92:b1:06:fb:01:af:e8:2b:b1:a9:02:27:a7:4a:3b:02:de:
         12:03:c0:85:e6:3f:36:78:9d:15:0d:03:80:d3:b9:0d:99:63:
         90:ce:d7:5d:28:11:99:ca:60:89:da:0f:c2:03:ee:5c:ef:05:
         f9:9f:c3:2a:d4:34:fc:b5:6f:cb:b1:fc:d4:a3:15:53:4f:db:
         38:b0:bd:99:b1:b8:ef:ad:b2:05:5c:7c:d0:87:b8:3e:fb:6d:
         ac:8f:3e:d3:d5:9b:31:ee:75:81:f7:c9:95:9d:8d:89:a7:db:
         f8:44:73:41:1e:64:0d:ec:97:27:01:f5:b5:c6:93:46:b6:cd:
         2f:3c:19:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlIYV0IQPe818bRfARV3Y+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNjliMzliMDhmM2Y2MmNlM2UwODNiYmM4YWVlY2VhZGM0
OThiNjkwHhcNMjUwMTAyMDM0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTEzNWU0ZmFlNmJiN2FjMjgyYzg0YWU4OGNmMmY4MzVhZTA3ZGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3s09tfpcQIO6sZeE82TRdrSAlgUp
8NTbeL5zLqvS4l0lD60kgErAruoIgQk6nsmipdC23SooawPDor5aWJ57Lt0XVtzF
+pdi00LAtztjdF0ajfuamyj1OiRNyCytO3Mc/RrjdMs/7aDsX/wKWfRQLQxtfx7y
3l0Hcgx8gLmrToRUYebv9YT/ZKLHAbFRxWFwAc3YVQH3DCG2LTpBoQkOgDGcCdGt
Q5rovvWia/mzuXdcv0nRvhCXJH007ExGsGRVg8XuA5DZxmBhPnLRCF0aUdQetvIL
3VX/ahvgcCdw50+9NZM6iRZNI7JHXPw1tjPnY4+y9eAfzcvHaQs8MCQ7iwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLETXk+ua7esKCyErojPL4Na4H3oMB8GA1UdIwQY
MBaAFApps5sI8/Ys4+CDu8iu7OrcSYtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ21tem13ano5aXpqNElPN3lLN3M2dHhKaTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8yZjMyNDUtMmIzNi00Y2Y1LTllNjAt
YzA5YWZhMDBjYjg0LzEvc1JOZVQ2NXJ0NndvTElTdWlNOHZnMXJnZmVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8yZjMyNDUtMmIzNi00Y2Y1LTllNjAtYzA5YWZhMDBjYjg0
LzEvQ21tem13ano5aXpqNElPN3lLN3M2dHhKaTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgoUwDAN
BgkqhkiG9w0BAQsFAAOCAQEADw5zDhBqp5Cb9yQOG5VyoSzafkuGBUuGm4/Uij9P
9ZXsEy+B1QvvBMZdDIpXnmesY5bB06TglE2/Ij8deIon0ZQDMymRyo4YZVyX0xsv
wWONQNmZaJ+/A2SSZVOInA/9GL1H9r1JLZvO6XBpOWOTFVkTcyd5zeOzJx5swTM7
TpKxBvsBr+grsakCJ6dKOwLeEgPAheY/NnidFQ0DgNO5DZljkM7XXSgRmcpgidoP
wgPuXO8F+Z/DKtQ0/LVvy7H81KMVU0/bOLC9mbG4762yBVx80Ie4PvttrI8+09Wb
Me51gffJlZ2Niafb+ERzQR5kDeyXJwH1tcaTRrbNLzwZ0w==
-----END CERTIFICATE-----