Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/Mo1KLijCjdKejveVvrm5xxbqdQs.roa
File:                     Mo1KLijCjdKejveVvrm5xxbqdQs.roa (raw, json)
Hash identifier:          leNTRPm65+UvZO2KDz9fYjRkuCupD94Um3Fgr0yh624=
Subject key identifier:   32:8D:4A:2E:28:C2:8D:D2:9E:8E:F7:95:BE:B9:B9:C7:16:EA:75:0B
Certificate issuer:       /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial:       0196A1ABB783B606CCF3A575535D8DAEF041
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/Mo1KLijCjdKejveVvrm5xxbqdQs.roa
Signing time:             Mon 05 May 2025 18:18:27 +0000
ROA not before:           Mon 05 May 2025 18:18:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a14:a401::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 14:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a1:ab:b7:83:b6:06:cc:f3:a5:75:53:5d:8d:ae:f0:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
        Validity
            Not Before: May  5 18:18:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=328d4a2e28c28dd29e8ef795beb9b9c716ea750b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:6c:93:62:30:eb:8f:c0:7f:ba:3d:26:dc:
                    3d:15:ae:a1:93:c7:e8:c4:45:4b:b9:61:47:a2:c2:
                    dc:75:28:2c:06:7a:c4:14:bf:f9:2b:1c:45:5a:1d:
                    04:61:c4:e7:29:33:27:85:f2:55:2a:38:c6:74:11:
                    c4:32:e8:02:08:e0:28:60:99:1a:51:61:d1:e8:85:
                    8f:7b:b5:e1:5e:64:27:7d:d9:27:9f:50:08:64:c3:
                    eb:04:46:b8:48:f6:19:3d:79:97:67:ce:e2:e3:bb:
                    a5:11:37:7f:c0:09:2a:1c:fa:37:38:7d:02:6e:d7:
                    30:cf:12:b2:84:0d:73:a0:6c:d7:96:95:ac:c1:2c:
                    bb:ef:c1:ec:b6:43:18:f7:67:ca:b9:07:c3:91:a1:
                    fa:2e:8a:90:99:ec:06:1d:22:ae:7d:db:41:0e:9a:
                    b2:e3:dd:b8:86:97:bc:1f:f9:23:f8:2f:c8:57:6e:
                    f8:c4:a6:15:18:0c:b0:30:65:fc:78:09:65:2e:e4:
                    9b:89:a6:ed:f9:27:43:ab:d7:61:0f:62:2c:6c:20:
                    51:8e:44:a9:f1:46:57:ee:00:04:58:b4:7c:32:b6:
                    2b:b9:58:d5:5c:33:49:5a:b4:d6:ac:79:fd:cf:1e:
                    14:88:58:c9:84:37:d4:b3:b7:35:f6:4b:78:a9:44:
                    e0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8D:4A:2E:28:C2:8D:D2:9E:8E:F7:95:BE:B9:B9:C7:16:EA:75:0B
            X509v3 Authority Key Identifier:
                keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/Mo1KLijCjdKejveVvrm5xxbqdQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a401::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:7e:92:a5:30:87:00:12:12:82:d8:ae:d4:95:24:06:8f:a5:
         d0:17:f9:5b:4b:36:08:fd:cd:bc:a9:ea:c5:1c:39:66:00:73:
         8e:18:5b:6b:52:01:05:37:0c:35:2e:f9:fb:2a:12:e8:18:8a:
         82:87:2a:da:05:1f:c1:0b:ac:11:0a:6f:a3:2e:ec:16:b8:8d:
         40:30:ce:3c:a7:48:c2:c0:67:b7:d2:ac:f4:21:7a:3e:53:e7:
         0c:9e:54:b0:31:f3:85:d5:8a:de:c3:54:42:95:a7:e8:8f:28:
         a7:f6:50:42:2c:eb:9d:41:a5:88:20:5b:b4:80:c3:6c:1d:82:
         7b:43:01:a7:4f:56:b1:54:fd:db:32:f9:08:09:28:c6:c6:e1:
         a8:01:54:c0:e7:00:c5:47:95:63:9d:0c:23:0e:f7:0a:8d:09:
         9f:2e:dd:4d:18:b5:eb:41:b2:09:bc:62:b7:1d:d5:c2:0b:ee:
         25:47:09:1b:a3:54:fc:83:15:3c:8f:36:ed:f2:8e:6a:11:f8:
         8b:4f:0d:a2:ef:5d:70:00:89:42:62:9c:93:76:f8:08:0a:7f:
         7e:9b:25:49:04:89:c7:63:25:a8:f4:d5:0d:ef:2d:e4:59:de:
         5a:b2:a6:05:38:8b:16:74:a6:35:1d:02:1d:53:c2:5d:96:86:
         7b:7d:8e:5a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZahq7eDtgbM86V1U12NrvBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUwNTA1MTgxODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjhkNGEyZTI4YzI4ZGQyOWU4ZWY3OTViZWI5YjljNzE2ZWE3NTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+1sk2Iw64/Af7o9Jtw9Fa6hk8fo
xEVLuWFHosLcdSgsBnrEFL/5KxxFWh0EYcTnKTMnhfJVKjjGdBHEMugCCOAoYJka
UWHR6IWPe7XhXmQnfdknn1AIZMPrBEa4SPYZPXmXZ87i47ulETd/wAkqHPo3OH0C
btcwzxKyhA1zoGzXlpWswSy778HstkMY92fKuQfDkaH6LoqQmewGHSKufdtBDpqy
4924hpe8H/kj+C/IV274xKYVGAywMGX8eAllLuSbiabt+SdDq9dhD2IsbCBRjkSp
8UZX7gAEWLR8MrYruVjVXDNJWrTWrHn9zx4UiFjJhDfUs7c19kt4qUTgKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDKNSi4owo3Sno73lb65uccW6nULMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvTW8xS0xpakNqZEtlanZlVnZybTV4eGJxZFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSkATAN
BgkqhkiG9w0BAQsFAAOCAQEAf36SpTCHABISgtiu1JUkBo+l0Bf5W0s2CP3NvKnq
xRw5ZgBzjhhba1IBBTcMNS75+yoS6BiKgocq2gUfwQusEQpvoy7sFriNQDDOPKdI
wsBnt9Ks9CF6PlPnDJ5UsDHzhdWK3sNUQpWn6I8op/ZQQizrnUGliCBbtIDDbB2C
e0MBp09WsVT92zL5CAkoxsbhqAFUwOcAxUeVY50MIw73Co0Jny7dTRi160GyCbxi
tx3VwgvuJUcJG6NU/IMVPI827fKOahH4i08Nou9dcACJQmKck3b4CAp/fpslSQSJ
x2MlqPTVDe8t5FneWrKmBTiLFnSmNR0CHVPCXZaGe32OWg==
-----END CERTIFICATE-----