Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/5f1511-10fc-43e7-a8e0-58b79bc9bcc7/1/7vKO7KJon2U-PLT4fG2hAFvhGko.roa
File:                     7vKO7KJon2U-PLT4fG2hAFvhGko.roa (raw, json)
Hash identifier:          zjVmGhrF2p6uK4Xne1JZdTjHYFdY+pPfwr5U6yqo03M=
Subject key identifier:   EE:F2:8E:EC:A2:68:9F:65:3E:3C:B4:F8:7C:6D:A1:00:5B:E1:1A:4A
Certificate issuer:       /CN=507c770bb6b08dcb4d6ea9b0c96272af3a6f9c71
Certificate serial:       0196BA49F1A2FDF41F447529390D60259308
Authority key identifier: 50:7C:77:0B:B6:B0:8D:CB:4D:6E:A9:B0:C9:62:72:AF:3A:6F:9C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UHx3C7awjctNbqmwyWJyrzpvnHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/5f1511-10fc-43e7-a8e0-58b79bc9bcc7/1/7vKO7KJon2U-PLT4fG2hAFvhGko.roa
Signing time:             Sat 10 May 2025 13:02:10 +0000
ROA not before:           Sat 10 May 2025 13:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213031
IP address blocks:        2a14:c680::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/5f1511-10fc-43e7-a8e0-58b79bc9bcc7/1/UHx3C7awjctNbqmwyWJyrzpvnHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/5f1511-10fc-43e7-a8e0-58b79bc9bcc7/1/UHx3C7awjctNbqmwyWJyrzpvnHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UHx3C7awjctNbqmwyWJyrzpvnHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 13:46:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ba:49:f1:a2:fd:f4:1f:44:75:29:39:0d:60:25:93:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=507c770bb6b08dcb4d6ea9b0c96272af3a6f9c71
        Validity
            Not Before: May 10 13:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eef28eeca2689f653e3cb4f87c6da1005be11a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:dd:e2:98:dd:98:bf:c9:79:df:d9:87:7a:ef:
                    48:b6:e0:25:17:33:03:32:b8:8b:e5:7e:1a:24:77:
                    b0:0d:8f:cd:af:b3:08:ab:74:4f:2c:00:d3:13:56:
                    c0:2b:d7:dd:f4:2d:9c:1e:da:e5:dd:9c:c0:b6:91:
                    60:a3:2b:a5:a6:3b:71:42:c0:bc:ea:61:0d:0b:48:
                    58:46:25:9e:74:88:6e:25:28:4f:ee:fe:9d:92:a8:
                    74:3b:aa:10:42:a8:7c:d2:58:42:f1:a8:08:35:3f:
                    e7:b5:9e:ee:5d:cf:97:40:b5:e0:70:48:a1:05:92:
                    0b:e5:b8:79:79:d1:44:ed:c2:61:9e:4d:62:7d:70:
                    7e:10:b7:ad:1a:76:c5:62:b0:ae:d1:c6:21:84:15:
                    69:34:6b:df:ab:a2:40:78:7a:80:6e:6f:3a:d0:67:
                    7e:35:50:37:22:35:2e:5c:ab:84:bb:3e:ce:10:b5:
                    21:75:52:ac:30:23:eb:c7:28:56:d8:df:c6:95:9c:
                    b8:d0:d8:70:f3:aa:e5:c0:9f:b6:80:ec:d7:d5:c2:
                    f0:e6:06:e3:4a:4c:29:0b:7a:35:27:f1:52:a8:8e:
                    24:5e:9d:cf:94:63:12:46:fd:e4:63:bb:69:49:90:
                    8a:35:59:f9:98:21:c1:5e:b5:0a:f9:02:57:ee:51:
                    10:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F2:8E:EC:A2:68:9F:65:3E:3C:B4:F8:7C:6D:A1:00:5B:E1:1A:4A
            X509v3 Authority Key Identifier:
                keyid:50:7C:77:0B:B6:B0:8D:CB:4D:6E:A9:B0:C9:62:72:AF:3A:6F:9C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UHx3C7awjctNbqmwyWJyrzpvnHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5f1511-10fc-43e7-a8e0-58b79bc9bcc7/1/7vKO7KJon2U-PLT4fG2hAFvhGko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5f1511-10fc-43e7-a8e0-58b79bc9bcc7/1/UHx3C7awjctNbqmwyWJyrzpvnHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c680::/44

    Signature Algorithm: sha256WithRSAEncryption
         9f:f1:8b:ad:bc:cf:54:00:d7:de:7e:fc:dd:8a:f6:63:7a:d7:
         a1:40:04:cd:20:f4:97:47:dd:ee:a8:43:47:01:27:22:7a:ac:
         dd:4a:32:9f:7e:f7:bf:50:f5:01:e4:d4:4d:ad:e5:6e:4a:ca:
         ab:51:f8:b5:0f:d0:cd:14:ed:75:6a:17:14:ed:79:44:26:10:
         61:d4:34:3f:bd:4d:2e:f6:47:1a:22:ac:a7:90:87:4d:ef:c4:
         e6:4a:86:c5:d8:ed:c0:17:77:37:8c:1e:62:bc:f7:ff:df:80:
         b9:cd:e2:be:f3:f8:1e:12:03:4f:52:c9:17:de:95:48:e0:af:
         d8:98:86:a6:0b:cb:dc:b0:7c:39:16:92:7e:d0:65:ac:0b:ae:
         35:5f:b9:b3:cc:3a:df:ff:77:6f:43:19:c0:3a:ae:ec:51:b1:
         24:37:f4:74:69:37:66:5a:89:a0:52:de:63:c0:94:c3:6a:b7:
         48:68:1d:9c:5e:cf:f7:54:f0:a6:e5:52:29:af:57:22:a0:f5:
         02:5b:62:e3:0b:dd:bf:4c:38:be:00:af:1a:51:50:a7:4a:1a:
         87:c8:a0:21:d9:41:c0:d7:78:86:4e:c5:37:dd:0d:1a:4b:8d:
         42:ba:58:58:62:f1:3d:91:ec:b5:00:7e:f5:01:b6:a3:53:7f:
         cb:c1:97:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZa6SfGi/fQfRHUpOQ1gJZMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwN2M3NzBiYjZiMDhkY2I0ZDZlYTliMGM5NjI3MmFmM2E2
ZjljNzEwHhcNMjUwNTEwMTMwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWYyOGVlY2EyNjg5ZjY1M2UzY2I0Zjg3YzZkYTEwMDViZTExYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid3imN2Yv8l539mHeu9ItuAlFzMD
MriL5X4aJHewDY/Nr7MIq3RPLADTE1bAK9fd9C2cHtrl3ZzAtpFgoyulpjtxQsC8
6mENC0hYRiWedIhuJShP7v6dkqh0O6oQQqh80lhC8agINT/ntZ7uXc+XQLXgcEih
BZIL5bh5edFE7cJhnk1ifXB+ELetGnbFYrCu0cYhhBVpNGvfq6JAeHqAbm860Gd+
NVA3IjUuXKuEuz7OELUhdVKsMCPrxyhW2N/GlZy40Nhw86rlwJ+2gOzX1cLw5gbj
SkwpC3o1J/FSqI4kXp3PlGMSRv3kY7tpSZCKNVn5mCHBXrUK+QJX7lEQWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO7yjuyiaJ9lPjy0+HxtoQBb4RpKMB8GA1UdIwQY
MBaAFFB8dwu2sI3LTW6psMlicq86b5xxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUh4M0M3YXdqY3ROYnFtd3lXSnlyenB2bkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81ZjE1MTEtMTBmYy00M2U3LWE4ZTAt
NThiNzliYzliY2M3LzEvN3ZLTzdLSm9uMlUtUExUNGZHMmhBRnZoR2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81ZjE1MTEtMTBmYy00M2U3LWE4ZTAtNThiNzliYzliY2M3
LzEvVUh4M0M3YXdqY3ROYnFtd3lXSnlyenB2bkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTGgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCf8YutvM9UANfefvzdivZjetehQATNIPSXR93u
qENHAScieqzdSjKffve/UPUB5NRNreVuSsqrUfi1D9DNFO11ahcU7XlEJhBh1DQ/
vU0u9kcaIqynkIdN78TmSobF2O3AF3c3jB5ivPf/34C5zeK+8/geEgNPUskX3pVI
4K/YmIamC8vcsHw5FpJ+0GWsC641X7mzzDrf/3dvQxnAOq7sUbEkN/R0aTdmWomg
Ut5jwJTDardIaB2cXs/3VPCm5VIpr1cioPUCW2LjC92/TDi+AK8aUVCnShqHyKAh
2UHA13iGTsU33Q0aS41CulhYYvE9key1AH71AbajU3/LwZdh
-----END CERTIFICATE-----