Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/eb6866-bb60-4c6f-a00d-c4a77c192af0/1/25_2qjUSRK1c7GdgIbhxfH_w-nI.roa
File:                     25_2qjUSRK1c7GdgIbhxfH_w-nI.roa (raw, json)
Hash identifier:          9bBYXql/TDjp1wmMm+lHEG5kMcML3ydVa9rdQ80jLdE=
Subject key identifier:   DB:9F:F6:AA:35:12:44:AD:5C:EC:67:60:21:B8:71:7C:7F:F0:FA:72
Certificate issuer:       /CN=f96a0902bc9853b75ed2db19683ee2f3a2261540
Certificate serial:       018CC4939293D1C6DD27E1A3161F6573B92B
Authority key identifier: F9:6A:09:02:BC:98:53:B7:5E:D2:DB:19:68:3E:E2:F3:A2:26:15:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-WoJAryYU7de0tsZaD7i86ImFUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/eb6866-bb60-4c6f-a00d-c4a77c192af0/1/25_2qjUSRK1c7GdgIbhxfH_w-nI.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210821
IP address blocks:        2a14:1900::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/eb6866-bb60-4c6f-a00d-c4a77c192af0/1/1-WoJAryYU7de0tsZaD7i86ImFUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/eb6866-bb60-4c6f-a00d-c4a77c192af0/1/1-WoJAryYU7de0tsZaD7i86ImFUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-WoJAryYU7de0tsZaD7i86ImFUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:92:93:d1:c6:dd:27:e1:a3:16:1f:65:73:b9:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f96a0902bc9853b75ed2db19683ee2f3a2261540
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db9ff6aa351244ad5cec676021b8717c7ff0fa72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4a:3e:65:4b:a3:03:61:a6:65:9a:67:60:b5:
                    29:c1:9e:9c:1c:08:81:62:80:9b:c3:d3:6e:2c:a7:
                    e5:d5:04:97:a8:25:f4:2e:fd:4a:a4:5c:c4:e7:c3:
                    59:1b:06:2d:e7:07:0b:3f:d3:3c:46:19:a6:c9:84:
                    ae:02:75:b8:19:21:c8:d3:cb:9e:c7:51:d4:d0:13:
                    38:71:11:c8:81:2e:57:16:fb:2d:84:aa:56:49:fe:
                    36:07:66:18:35:9c:2a:e4:f9:3d:7e:6c:45:60:70:
                    2b:39:35:88:43:e6:fc:e0:7b:a8:38:c0:c1:6b:15:
                    35:64:cc:3b:b9:e9:28:ce:45:e0:7f:56:36:75:2a:
                    81:e3:69:b8:f1:f3:b6:f8:34:3f:14:0a:a4:f9:4f:
                    5f:28:fd:bd:89:18:d0:d0:68:f5:52:66:49:76:97:
                    46:b9:04:f4:fb:3c:6a:b5:34:21:20:7a:8c:b4:fc:
                    27:87:40:0c:7a:bf:ab:81:3b:c1:ea:30:d7:a4:e6:
                    47:90:f1:9b:01:74:06:a8:36:c5:39:0d:5c:83:9e:
                    29:83:ed:20:94:e8:4a:91:1a:04:e2:2e:eb:4f:77:
                    4f:cf:67:63:f3:89:8a:62:69:ad:45:49:5f:9a:ac:
                    ee:d5:d3:56:bd:4a:7c:2e:9c:c3:37:13:bc:72:2f:
                    bb:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9F:F6:AA:35:12:44:AD:5C:EC:67:60:21:B8:71:7C:7F:F0:FA:72
            X509v3 Authority Key Identifier:
                keyid:F9:6A:09:02:BC:98:53:B7:5E:D2:DB:19:68:3E:E2:F3:A2:26:15:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WoJAryYU7de0tsZaD7i86ImFUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/eb6866-bb60-4c6f-a00d-c4a77c192af0/1/25_2qjUSRK1c7GdgIbhxfH_w-nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/eb6866-bb60-4c6f-a00d-c4a77c192af0/1/1-WoJAryYU7de0tsZaD7i86ImFUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1900::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:1f:6d:5f:06:1d:8b:4d:41:c7:df:cb:5c:a8:75:9c:ad:10:
         3d:0a:43:51:21:16:16:88:b7:64:8a:fc:7d:7c:d9:08:94:32:
         8d:6a:8a:01:65:4b:d6:f6:fb:33:69:2e:be:c8:83:f6:c4:41:
         4d:42:43:16:4d:1f:50:62:fc:e3:56:be:f6:c0:2c:e9:86:e6:
         ff:5f:d6:c8:2a:df:9a:06:55:3e:ad:d5:c0:af:6d:c8:1d:8d:
         24:fc:80:54:b2:d5:0c:23:0d:3a:0b:33:13:fd:81:44:2c:17:
         74:ca:dd:a8:c7:d6:4b:09:5d:81:85:cf:08:ad:6a:9e:a7:89:
         2c:03:59:47:b0:8e:04:f5:29:e9:68:74:c2:ba:9e:9a:d6:52:
         20:57:d0:b0:d0:9d:93:06:11:e6:63:94:a1:56:a3:40:24:c0:
         90:e7:ea:27:b4:d1:d7:18:a2:24:68:4f:68:c1:1f:74:5e:f0:
         cc:7e:93:3f:c9:eb:f2:77:38:8d:50:a0:ed:9e:aa:2e:77:2f:
         9c:20:58:71:fa:ee:e6:8c:c4:60:27:2d:93:91:59:95:62:02:
         72:54:55:3b:cb:30:01:b6:6c:d0:b5:62:2f:1e:3e:06:94:f0:
         b7:10:ad:82:09:40:cd:c2:ab:a9:ce:1e:f7:5a:ed:9d:df:ee:
         99:9d:47:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk5KT0cbdJ+GjFh9lc7krMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NmEwOTAyYmM5ODUzYjc1ZWQyZGIxOTY4M2VlMmYzYTIy
NjE1NDAwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjlmZjZhYTM1MTI0NGFkNWNlYzY3NjAyMWI4NzE3YzdmZjBmYTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0o+ZUujA2GmZZpnYLUpwZ6cHAiB
YoCbw9NuLKfl1QSXqCX0Lv1KpFzE58NZGwYt5wcLP9M8RhmmyYSuAnW4GSHI08ue
x1HU0BM4cRHIgS5XFvsthKpWSf42B2YYNZwq5Pk9fmxFYHArOTWIQ+b84HuoOMDB
axU1ZMw7uekozkXgf1Y2dSqB42m48fO2+DQ/FAqk+U9fKP29iRjQ0Gj1UmZJdpdG
uQT0+zxqtTQhIHqMtPwnh0AMer+rgTvB6jDXpOZHkPGbAXQGqDbFOQ1cg54pg+0g
lOhKkRoE4i7rT3dPz2dj84mKYmmtRUlfmqzu1dNWvUp8LpzDNxO8ci+7fQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuf9qo1EkStXOxnYCG4cXx/8PpyMB8GA1UdIwQY
MBaAFPlqCQK8mFO3XtLbGWg+4vOiJhVAMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Xb0pBcnlZVTdkZTB0c1phRDdpODZJbUZVQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvZWI2ODY2LWJiNjAtNGM2Zi1hMDBk
LWM0YTc3YzE5MmFmMC8xLzI1XzJxalVTUksxYzdHZGdJYmh4Zkhfdy1uSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvZWI2ODY2LWJiNjAtNGM2Zi1hMDBkLWM0YTc3YzE5MmFm
MC8xLzEtV29KQXJ5WVU3ZGUwdHNaYUQ3aTg2SW1GVUEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqFBkA
MA0GCSqGSIb3DQEBCwUAA4IBAQAkH21fBh2LTUHH38tcqHWcrRA9CkNRIRYWiLdk
ivx9fNkIlDKNaooBZUvW9vszaS6+yIP2xEFNQkMWTR9QYvzjVr72wCzphub/X9bI
Kt+aBlU+rdXAr23IHY0k/IBUstUMIw06CzMT/YFELBd0yt2ox9ZLCV2Bhc8IrWqe
p4ksA1lHsI4E9SnpaHTCup6a1lIgV9Cw0J2TBhHmY5ShVqNAJMCQ5+ontNHXGKIk
aE9owR90XvDMfpM/yevydziNUKDtnqoudy+cIFhx+u7mjMRgJy2TkVmVYgJyVFU7
yzABtmzQtWIvHj4GlPC3EK2CCUDNwqupzh73Wu2d3+6ZnUc4
-----END CERTIFICATE-----