Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/a5D8zG7Sz5lX66d9Op1Pavz4bcU.roa
File:                     a5D8zG7Sz5lX66d9Op1Pavz4bcU.roa (raw, json)
Hash identifier:          gTa8uLn0TUKKD9e5FNngPQLsiHfj5C5vTkuhMJrpKvM=
Subject key identifier:   6B:90:FC:CC:6E:D2:CF:99:57:EB:A7:7D:3A:9D:4F:6A:FC:F8:6D:C5
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019695705B3F6EA6AD08F73C9BD7DD6181C2
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/a5D8zG7Sz5lX66d9Op1Pavz4bcU.roa
Signing time:             Sat 03 May 2025 09:18:10 +0000
ROA not before:           Sat 03 May 2025 09:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60223
IP address blocks:        2a14:62c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:95:70:5b:3f:6e:a6:ad:08:f7:3c:9b:d7:dd:61:81:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  3 09:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b90fccc6ed2cf9957eba77d3a9d4f6afcf86dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:16:c7:20:9c:52:92:8e:a9:cb:e0:08:2c:12:
                    7f:d9:94:a7:00:32:f0:54:a3:2d:11:a0:9e:d0:a8:
                    42:b4:43:ae:f8:5a:ab:92:1c:8d:90:02:e2:a5:4a:
                    00:24:de:b3:56:89:91:0c:5a:c8:fe:dd:0f:f9:08:
                    dd:72:62:4b:73:72:37:a9:db:28:62:22:9b:52:4e:
                    8e:0a:08:dd:6f:de:e7:fa:d1:52:45:d6:a4:d3:91:
                    ee:04:1d:0e:62:34:10:d2:6e:d8:09:d0:da:1f:ca:
                    5b:57:86:58:6b:4f:cf:30:c7:84:11:37:9d:9e:8a:
                    6e:f8:df:4b:d5:7f:43:41:d0:25:69:e9:f9:c7:e1:
                    dc:44:42:34:e6:86:0c:12:1b:8c:f7:eb:1f:57:7f:
                    36:b8:ce:b5:0f:ae:f6:cc:8a:99:f2:bc:da:27:2d:
                    81:87:8f:83:e3:fa:6d:00:f5:d3:52:e1:bc:92:c1:
                    3c:01:14:23:f8:ed:68:fc:50:1c:28:a1:61:3f:b4:
                    a4:be:b5:f4:0c:47:79:c4:0d:de:b3:ff:a7:f0:a4:
                    67:92:21:a9:7c:23:5c:9c:0e:0f:7a:7b:a7:9e:2b:
                    47:ba:c6:e6:89:02:c4:31:07:73:90:60:a1:70:3d:
                    c4:52:53:4d:3f:2e:0b:58:4e:37:06:19:dc:f4:e8:
                    7a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:90:FC:CC:6E:D2:CF:99:57:EB:A7:7D:3A:9D:4F:6A:FC:F8:6D:C5
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/a5D8zG7Sz5lX66d9Op1Pavz4bcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:62c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:6a:7c:3d:09:a8:57:fd:f9:9f:5e:45:2a:75:0e:e6:0a:03:
         90:86:db:d0:57:c5:83:eb:e6:11:59:41:e5:02:04:61:74:4b:
         e2:5a:b4:db:8c:b4:3c:01:33:b2:2d:ce:5d:b8:2b:3a:62:ef:
         09:ca:cb:db:7e:22:8a:bb:37:ad:8d:01:76:04:81:e6:3d:73:
         16:fb:c8:f6:59:5f:a1:33:19:95:c9:5d:e0:69:da:f3:0f:d3:
         ec:cf:03:81:2d:29:eb:5a:54:35:f3:0e:02:8d:c8:f8:57:96:
         71:33:3a:f0:16:00:cb:2c:fb:23:21:0e:2e:b0:32:10:5e:2b:
         63:ab:1e:4f:6c:72:7e:9e:fb:e3:fb:c6:e1:9a:12:0d:ff:6a:
         97:60:e9:79:83:8c:86:46:d7:ef:8f:1d:d2:d7:9a:80:d5:6d:
         6a:74:ee:89:8b:da:91:c7:be:2d:c7:a3:d9:a0:f2:20:d0:09:
         15:2a:c1:5d:45:4e:49:51:a6:9c:ec:f3:81:2c:d5:6d:c6:aa:
         27:e6:07:64:42:63:10:2a:9a:cc:5b:d1:0d:6e:3c:85:93:85:
         e0:2b:4d:71:9f:4d:60:d6:47:6b:85:35:b9:af:b9:e5:14:db:
         ec:42:8f:3c:86:7f:d5:d3:44:4c:b3:6b:71:fb:ff:62:ca:e3:
         c1:ec:39:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaVcFs/bqatCPc8m9fdYYHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTAzMDkxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjkwZmNjYzZlZDJjZjk5NTdlYmE3N2QzYTlkNGY2YWZjZjg2ZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhbHIJxSko6py+AILBJ/2ZSnADLw
VKMtEaCe0KhCtEOu+FqrkhyNkALipUoAJN6zVomRDFrI/t0P+QjdcmJLc3I3qdso
YiKbUk6OCgjdb97n+tFSRdak05HuBB0OYjQQ0m7YCdDaH8pbV4ZYa0/PMMeEETed
nopu+N9L1X9DQdAlaen5x+HcREI05oYMEhuM9+sfV382uM61D672zIqZ8rzaJy2B
h4+D4/ptAPXTUuG8ksE8ARQj+O1o/FAcKKFhP7SkvrX0DEd5xA3es/+n8KRnkiGp
fCNcnA4PenunnitHusbmiQLEMQdzkGChcD3EUlNNPy4LWE43Bhnc9Oh6YwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGuQ/Mxu0s+ZV+unfTqdT2r8+G3FMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvYTVEOHpHN1N6NWxYNjZkOU9wMVBhdno0YmNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAhGp8PQmoV/35n15FKnUO5goDkIbb0FfFg+vmEVlB
5QIEYXRL4lq024y0PAEzsi3OXbgrOmLvCcrL234iirs3rY0BdgSB5j1zFvvI9llf
oTMZlcld4Gna8w/T7M8DgS0p61pUNfMOAo3I+FeWcTM68BYAyyz7IyEOLrAyEF4r
Y6seT2xyfp774/vG4ZoSDf9ql2DpeYOMhkbX748d0teagNVtanTuiYvakce+Lcej
2aDyINAJFSrBXUVOSVGmnOzzgSzVbcaqJ+YHZEJjECqazFvRDW48hZOF4CtNcZ9N
YNZHa4U1ua+55RTb7EKPPIZ/1dNETLNrcfv/Ysrjwew5fg==
-----END CERTIFICATE-----