Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/u5oXJBiErb0H-45NwK1Xh6rTOxQ.roa
File:                     u5oXJBiErb0H-45NwK1Xh6rTOxQ.roa (raw, json)
Hash identifier:          PLpVf4KF0AN40Y8g0XBInIOsp1w5SI9VRTI7mA3QYNg=
Subject key identifier:   BB:9A:17:24:18:84:AD:BD:07:FB:8E:4D:C0:AD:57:87:AA:D3:3B:14
Certificate issuer:       /CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
Certificate serial:       019748E8601E416BE96C26B725C2DA9A5626
Authority key identifier: F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/u5oXJBiErb0H-45NwK1Xh6rTOxQ.roa
Signing time:             Sat 07 Jun 2025 05:41:17 +0000
ROA not before:           Sat 07 Jun 2025 05:41:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213811
IP address blocks:        2a14:b000::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:48:e8:60:1e:41:6b:e9:6c:26:b7:25:c2:da:9a:56:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
        Validity
            Not Before: Jun  7 05:41:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb9a17241884adbd07fb8e4dc0ad5787aad33b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:14:11:4d:cf:63:02:50:fa:ad:b5:68:30:87:
                    9d:e5:23:e9:64:44:94:5a:5b:76:e8:c5:31:17:55:
                    75:81:95:17:f3:b9:73:48:d8:c0:2c:5c:98:46:45:
                    2e:4c:ac:ef:01:6f:7a:98:29:77:16:33:41:d3:95:
                    dc:76:1f:20:85:e5:79:63:29:ce:61:16:e5:04:d0:
                    2e:f3:9b:ef:09:4a:40:49:72:67:b9:de:98:99:37:
                    02:49:18:dc:00:ef:31:61:bf:a7:84:e8:01:c2:de:
                    66:c4:0f:b7:e7:9a:77:fa:88:5b:f1:a2:b4:30:85:
                    54:0f:8b:a7:36:17:ea:ad:d9:f7:00:75:b4:0c:ea:
                    30:f3:bc:7d:61:24:d5:9d:b3:f8:7f:48:13:7d:1a:
                    38:4c:ee:f9:b5:d1:f8:55:2b:52:49:fb:5b:47:ac:
                    45:98:99:c2:16:c9:80:4e:b1:91:be:df:e0:6b:70:
                    36:2c:d2:4a:c2:3a:0f:5c:30:b8:5f:7a:9e:0f:b3:
                    a1:35:80:c2:f0:c8:c5:f1:8c:db:ee:0d:60:ab:9b:
                    43:04:e7:94:92:49:aa:39:86:72:cd:b6:7f:73:c9:
                    ec:08:48:73:36:f8:12:44:35:bd:e7:7c:20:36:c1:
                    a1:d0:88:85:33:58:62:4d:51:09:de:a9:57:bd:8c:
                    e4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:9A:17:24:18:84:AD:BD:07:FB:8E:4D:C0:AD:57:87:AA:D3:3B:14
            X509v3 Authority Key Identifier:
                keyid:F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/u5oXJBiErb0H-45NwK1Xh6rTOxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b000::/29

    Signature Algorithm: sha256WithRSAEncryption
         e7:14:ef:a2:69:be:81:76:da:5d:81:22:66:3a:54:e2:d6:fc:
         61:c5:d1:8d:39:63:6f:82:a1:11:3e:a6:51:47:18:52:93:bc:
         67:a1:be:dd:5e:ff:b0:b5:06:04:9c:d9:0f:a4:96:56:1a:48:
         ce:43:15:c0:72:15:3a:8c:ca:90:cd:78:36:4e:06:a6:30:7b:
         d2:e7:ae:53:64:e3:6c:b8:28:16:a1:d4:bd:db:82:ee:c5:24:
         76:24:cb:c0:08:e4:05:e8:d9:52:8a:c8:e5:27:9b:e4:95:bb:
         d4:18:ce:d2:78:87:81:6b:6c:8a:26:b8:1f:a3:6b:15:40:15:
         56:ae:bd:8b:78:b2:53:f3:ce:84:41:f6:7e:52:e6:25:af:54:
         24:67:83:96:bf:43:75:74:30:c4:34:45:90:ed:dd:f7:a5:48:
         60:c3:96:ff:f0:63:de:f0:66:53:04:db:dd:d8:9b:8e:0e:8b:
         44:4e:9b:50:56:a2:b2:ae:d0:04:72:b2:2a:20:18:ff:60:5e:
         f7:49:11:34:55:26:6f:8c:a3:60:08:88:3a:0f:f4:0c:94:5b:
         23:1f:c7:64:c9:19:46:b8:8a:e0:79:c7:0b:2a:97:56:c8:08:
         b7:b7:97:f3:20:e2:40:2d:e7:b6:2e:d6:4d:41:b6:76:3a:58:
         da:6e:c6:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdI6GAeQWvpbCa3JcLamlYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGUwYzNiOTMzM2NiNmZkNDEzOWU0NTVhNWFiYmFmZDU2
OTUzMmEwHhcNMjUwNjA3MDU0MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjlhMTcyNDE4ODRhZGJkMDdmYjhlNGRjMGFkNTc4N2FhZDMzYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6RQRTc9jAlD6rbVoMIed5SPpZESU
Wlt26MUxF1V1gZUX87lzSNjALFyYRkUuTKzvAW96mCl3FjNB05Xcdh8gheV5YynO
YRblBNAu85vvCUpASXJnud6YmTcCSRjcAO8xYb+nhOgBwt5mxA+355p3+ohb8aK0
MIVUD4unNhfqrdn3AHW0DOow87x9YSTVnbP4f0gTfRo4TO75tdH4VStSSftbR6xF
mJnCFsmATrGRvt/ga3A2LNJKwjoPXDC4X3qeD7OhNYDC8MjF8Yzb7g1gq5tDBOeU
kkmqOYZyzbZ/c8nsCEhzNvgSRDW953wgNsGh0IiFM1hiTVEJ3qlXvYzkuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLuaFyQYhK29B/uOTcCtV4eq0zsUMB8GA1UdIwQY
MBaAFPWODDuTM8tv1BOeRVpau6/VaVMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQt
MmJjMWFlM2RiZGJlLzEvdTVvWEpCaUVyYjBILTQ1TndLMVhoNnJUT3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQtMmJjMWFlM2RiZGJl
LzEvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSwADAN
BgkqhkiG9w0BAQsFAAOCAQEA5xTvomm+gXbaXYEiZjpU4tb8YcXRjTljb4KhET6m
UUcYUpO8Z6G+3V7/sLUGBJzZD6SWVhpIzkMVwHIVOozKkM14Nk4GpjB70ueuU2Tj
bLgoFqHUvduC7sUkdiTLwAjkBejZUorI5Seb5JW71BjO0niHgWtsiia4H6NrFUAV
Vq69i3iyU/POhEH2flLmJa9UJGeDlr9DdXQwxDRFkO3d96VIYMOW//Bj3vBmUwTb
3dibjg6LRE6bUFaisq7QBHKyKiAY/2Be90kRNFUmb4yjYAiIOg/0DJRbIx/HZMkZ
RriK4HnHCyqXVsgIt7eX8yDiQC3nti7WTUG2djpY2m7GiQ==
-----END CERTIFICATE-----