Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/tIh3EbNG8PyhR2bhdKGu98lXfi0.roa
File:                     tIh3EbNG8PyhR2bhdKGu98lXfi0.roa (raw, json)
Hash identifier:          WvckFFiPzlkbuyQKqzi40xspGv9L4xehhqGGvB5LMXk=
Subject key identifier:   B4:88:77:11:B3:46:F0:FC:A1:47:66:E1:74:A1:AE:F7:C9:57:7E:2D
Certificate issuer:       /CN=6a9c1faa9783dfab2b7a53da3fb0fdef4ccfeae5
Certificate serial:       0196AAF8BE020F430092615AA3AC0B754EC0
Authority key identifier: 6A:9C:1F:AA:97:83:DF:AB:2B:7A:53:DA:3F:B0:FD:EF:4C:CF:EA:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/apwfqpeD36srelPaP7D970zP6uU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/tIh3EbNG8PyhR2bhdKGu98lXfi0.roa
Signing time:             Wed 07 May 2025 13:39:10 +0000
ROA not before:           Wed 07 May 2025 13:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210503
IP address blocks:        2a14:ec80::/29 maxlen: 29
                          2a14:ec80::/48 maxlen: 48
                          2a14:ec80:1::/48 maxlen: 48
                          2a14:ec80:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/apwfqpeD36srelPaP7D970zP6uU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/apwfqpeD36srelPaP7D970zP6uU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/apwfqpeD36srelPaP7D970zP6uU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:f8:be:02:0f:43:00:92:61:5a:a3:ac:0b:75:4e:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a9c1faa9783dfab2b7a53da3fb0fdef4ccfeae5
        Validity
            Not Before: May  7 13:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4887711b346f0fca14766e174a1aef7c9577e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:86:a8:ac:19:b0:04:2a:98:a9:b6:1b:e3:b5:
                    1f:71:04:bd:33:56:d2:58:73:e7:87:11:cc:ae:81:
                    33:c8:8c:71:af:c7:e4:83:6a:b2:75:fe:97:ad:0c:
                    3a:16:27:34:e4:a9:63:06:05:b7:ed:21:d0:bc:d9:
                    3b:77:9b:cf:de:b1:46:59:5a:99:e7:b7:9f:8b:ae:
                    8f:21:10:53:4a:43:65:6e:c3:8c:59:c7:e3:8b:4c:
                    97:e9:5d:ef:72:75:1c:fb:20:01:0f:fa:56:67:25:
                    72:07:59:46:4f:cd:bd:22:0f:7c:d1:bb:05:96:0f:
                    ff:c2:8a:d0:68:bf:3b:28:97:49:66:9d:70:ac:2e:
                    aa:af:3a:fb:33:cd:01:14:1f:df:38:f4:68:a3:f1:
                    8b:c9:dd:7d:82:90:81:98:d1:8d:09:f3:66:95:7f:
                    bf:f5:01:df:91:2e:52:a0:24:5f:86:6c:a5:34:cf:
                    66:ff:92:5d:74:0a:e4:cf:7f:58:45:2d:da:32:80:
                    1e:be:fd:72:c5:6a:51:53:b2:8b:b3:06:2e:1e:14:
                    e4:b7:29:b5:77:5b:58:51:b9:9c:25:e0:ba:8f:12:
                    6d:58:62:95:e7:fa:3b:5f:89:a8:1c:f5:04:b4:e2:
                    50:3b:d1:1b:ba:93:46:f7:14:e8:db:30:f1:4c:f0:
                    18:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:88:77:11:B3:46:F0:FC:A1:47:66:E1:74:A1:AE:F7:C9:57:7E:2D
            X509v3 Authority Key Identifier:
                keyid:6A:9C:1F:AA:97:83:DF:AB:2B:7A:53:DA:3F:B0:FD:EF:4C:CF:EA:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/apwfqpeD36srelPaP7D970zP6uU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/tIh3EbNG8PyhR2bhdKGu98lXfi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3fd4b6-b414-4902-891f-d2bb7c795a86/1/apwfqpeD36srelPaP7D970zP6uU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ec80::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:ec:47:e3:b8:38:37:30:df:5c:ef:81:e9:4c:8e:18:0d:ee:
         6e:f3:e9:9b:86:d2:79:18:cd:e0:5c:19:3b:dd:4a:7d:b8:00:
         88:f4:45:d6:05:6d:a2:31:12:86:30:0f:be:f2:11:dc:c1:77:
         78:53:ad:20:ac:9a:e5:21:6f:ee:63:a8:be:48:2b:ea:11:8b:
         90:51:be:4f:67:11:36:f1:e0:77:83:46:76:27:ef:40:15:75:
         fc:7e:c0:49:b2:b1:9b:53:03:85:7d:ee:b2:86:1a:63:c8:c3:
         24:e6:a6:f5:c0:76:dc:c1:bd:59:18:70:57:92:f2:32:87:15:
         94:ba:54:77:a8:7e:50:5d:54:5b:94:ca:9a:62:b3:d5:a3:d2:
         4f:fc:ac:5b:9e:54:ae:71:7e:6e:89:cd:65:90:1f:af:91:0f:
         2d:54:4f:bc:a6:3b:75:bc:a9:62:ad:25:e1:ff:8e:a0:f3:39:
         59:49:32:4f:2b:3c:17:e0:c6:fb:99:c8:22:f2:ff:07:cd:e1:
         8d:67:a1:14:34:0e:85:f4:03:66:de:39:66:c6:88:8e:0c:0a:
         7b:95:fa:26:18:66:d4:b7:66:56:91:7b:ba:8c:4f:27:75:da:
         7a:b1:d4:ff:d3:16:db:66:84:e8:0a:10:54:96:da:69:42:19:
         aa:d3:f2:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaq+L4CD0MAkmFao6wLdU7AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOWMxZmFhOTc4M2RmYWIyYjdhNTNkYTNmYjBmZGVmNGNj
ZmVhZTUwHhcNMjUwNTA3MTMzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDg4NzcxMWIzNDZmMGZjYTE0NzY2ZTE3NGExYWVmN2M5NTc3ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYaorBmwBCqYqbYb47UfcQS9M1bS
WHPnhxHMroEzyIxxr8fkg2qydf6XrQw6Fic05KljBgW37SHQvNk7d5vP3rFGWVqZ
57efi66PIRBTSkNlbsOMWcfji0yX6V3vcnUc+yABD/pWZyVyB1lGT829Ig980bsF
lg//worQaL87KJdJZp1wrC6qrzr7M80BFB/fOPRoo/GLyd19gpCBmNGNCfNmlX+/
9QHfkS5SoCRfhmylNM9m/5JddArkz39YRS3aMoAevv1yxWpRU7KLswYuHhTktym1
d1tYUbmcJeC6jxJtWGKV5/o7X4moHPUEtOJQO9EbupNG9xTo2zDxTPAYAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLSIdxGzRvD8oUdm4XShrvfJV34tMB8GA1UdIwQY
MBaAFGqcH6qXg9+rK3pT2j+w/e9Mz+rlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXB3ZnFwZUQzNnNyZWxQYVA3RDk3MHpQNnVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zZmQ0YjYtYjQxNC00OTAyLTg5MWYt
ZDJiYjdjNzk1YTg2LzEvdEloM0ViTkc4UHloUjJiaGRLR3U5OGxYZmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zZmQ0YjYtYjQxNC00OTAyLTg5MWYtZDJiYjdjNzk1YTg2
LzEvYXB3ZnFwZUQzNnNyZWxQYVA3RDk3MHpQNnVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTsgDAN
BgkqhkiG9w0BAQsFAAOCAQEAr+xH47g4NzDfXO+B6UyOGA3ubvPpm4bSeRjN4FwZ
O91KfbgAiPRF1gVtojEShjAPvvIR3MF3eFOtIKya5SFv7mOovkgr6hGLkFG+T2cR
NvHgd4NGdifvQBV1/H7ASbKxm1MDhX3usoYaY8jDJOam9cB23MG9WRhwV5LyMocV
lLpUd6h+UF1UW5TKmmKz1aPST/ysW55UrnF+bonNZZAfr5EPLVRPvKY7dbypYq0l
4f+OoPM5WUkyTys8F+DG+5nIIvL/B83hjWehFDQOhfQDZt45ZsaIjgwKe5X6Jhhm
1LdmVpF7uoxPJ3XaerHU/9MW22aE6AoQVJbaaUIZqtPyEQ==
-----END CERTIFICATE-----