Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/Q6silJK-IvgyeC7B9ILjiqVlW8g.roa
File:                     Q6silJK-IvgyeC7B9ILjiqVlW8g.roa (raw, json)
Hash identifier:          52E/4nvDPRzIRmQ8XP9pcAbqbJbgApdKo3OnGEgthTM=
Subject key identifier:   43:AB:22:94:92:BE:22:F8:32:78:2E:C1:F4:82:E3:8A:A5:65:5B:C8
Certificate issuer:       /CN=f10b734df4fa6aee12ea990657b035a162b4a9e6
Certificate serial:       0196670EE08ADBA6077118DB7DF28FE5397A
Authority key identifier: F1:0B:73:4D:F4:FA:6A:EE:12:EA:99:06:57:B0:35:A1:62:B4:A9:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/Q6silJK-IvgyeC7B9ILjiqVlW8g.roa
Signing time:             Thu 24 Apr 2025 09:09:10 +0000
ROA not before:           Thu 24 Apr 2025 09:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209925
IP address blocks:        2a14:fa80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 21:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:67:0e:e0:8a:db:a6:07:71:18:db:7d:f2:8f:e5:39:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f10b734df4fa6aee12ea990657b035a162b4a9e6
        Validity
            Not Before: Apr 24 09:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43ab229492be22f832782ec1f482e38aa5655bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:09:37:19:4a:cc:4e:ee:c4:87:f2:17:1e:e0:
                    96:ab:8b:db:9f:4e:03:ea:39:77:e5:e6:80:92:f6:
                    89:66:34:67:77:aa:33:f4:43:ba:e4:cb:e3:da:69:
                    00:d9:ca:36:8e:df:f1:0c:46:64:d2:b2:23:a4:b3:
                    1a:57:ea:dc:8c:72:3f:8a:ab:c6:ec:6c:c5:87:94:
                    57:52:94:90:29:33:f5:b0:c1:fe:3f:d2:73:c6:05:
                    c7:54:df:7b:15:76:10:2c:35:28:e0:3c:7a:f7:97:
                    57:5c:7e:81:ed:9b:7b:d1:23:0d:db:c4:20:7e:d7:
                    73:d5:af:c7:97:07:2b:eb:30:4b:16:d9:a7:7f:5b:
                    4c:a8:75:9b:7a:1c:87:51:42:cf:03:24:c4:4f:9a:
                    c4:e2:6c:69:5d:0a:80:14:9b:f5:4d:d1:1e:5c:e6:
                    40:3b:79:a5:b7:97:d1:8c:f2:95:63:ca:48:bb:f8:
                    f2:a9:24:f7:a0:45:ca:33:ba:3f:c4:73:ba:17:f0:
                    d6:f7:37:b0:21:ef:79:d3:7b:b6:cc:01:1b:4b:49:
                    8b:ac:1a:fd:4d:5c:cb:ce:20:8b:dd:d7:30:7b:30:
                    fe:05:6e:6f:56:89:3e:3d:cf:74:e7:ba:5e:67:ad:
                    12:8e:20:9c:df:c9:18:a1:ec:02:cb:9b:8d:d5:2b:
                    f9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:AB:22:94:92:BE:22:F8:32:78:2E:C1:F4:82:E3:8A:A5:65:5B:C8
            X509v3 Authority Key Identifier:
                keyid:F1:0B:73:4D:F4:FA:6A:EE:12:EA:99:06:57:B0:35:A1:62:B4:A9:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8QtzTfT6au4S6pkGV7A1oWK0qeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/Q6silJK-IvgyeC7B9ILjiqVlW8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/02bd8e-2eb8-4515-956b-e15250392887/1/8QtzTfT6au4S6pkGV7A1oWK0qeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:fa80::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:0a:e1:89:00:11:b4:5e:c7:1c:30:f3:87:57:20:bb:3f:de:
         7c:00:e8:ad:6d:da:2e:27:80:06:b5:94:a6:c2:1b:fa:cd:e5:
         92:62:88:18:14:0e:25:88:38:a1:84:14:42:b6:46:c8:2e:89:
         43:f9:67:f9:d9:48:bc:96:33:fa:2f:f3:5c:0e:c9:16:80:fc:
         a8:9d:28:5d:d6:42:ec:b4:9f:33:6f:8f:46:3f:f1:57:9f:39:
         62:df:78:55:f7:05:13:19:b8:e5:4d:3f:25:54:7f:60:55:26:
         91:34:ce:fc:04:a2:d8:63:28:ec:5f:ba:80:25:a2:5d:7b:5a:
         6b:0a:5a:14:b7:3b:01:e4:e5:c6:1a:dd:f3:75:15:30:a0:9b:
         7a:d4:0e:69:8d:88:66:72:1a:0b:88:72:c9:51:cd:de:66:61:
         04:f0:6d:14:24:a2:01:67:0f:c2:e2:38:fb:e3:46:e3:51:73:
         b6:0c:76:22:8c:f4:2c:4b:15:93:d2:ca:18:17:fe:4c:c7:ac:
         37:1e:ae:90:6f:8f:80:59:7d:f5:ee:15:70:fc:23:d9:85:44:
         29:c8:eb:6a:2d:02:b5:8b:8b:9d:2e:a9:46:17:d9:67:7c:cb:
         09:cc:5c:c3:29:26:22:5c:4b:2c:2d:a2:dd:99:91:2e:37:01:
         1c:6c:d8:86
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZnDuCK26YHcRjbffKP5Tl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMGI3MzRkZjRmYTZhZWUxMmVhOTkwNjU3YjAzNWExNjJi
NGE5ZTYwHhcNMjUwNDI0MDkwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2FiMjI5NDkyYmUyMmY4MzI3ODJlYzFmNDgyZTM4YWE1NjU1YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQk3GUrMTu7Eh/IXHuCWq4vbn04D
6jl35eaAkvaJZjRnd6oz9EO65Mvj2mkA2co2jt/xDEZk0rIjpLMaV+rcjHI/iqvG
7GzFh5RXUpSQKTP1sMH+P9JzxgXHVN97FXYQLDUo4Dx695dXXH6B7Zt70SMN28Qg
ftdz1a/Hlwcr6zBLFtmnf1tMqHWbehyHUULPAyTET5rE4mxpXQqAFJv1TdEeXOZA
O3mlt5fRjPKVY8pIu/jyqST3oEXKM7o/xHO6F/DW9zewIe9503u2zAEbS0mLrBr9
TVzLziCL3dcwezD+BW5vVok+Pc9057peZ60SjiCc38kYoewCy5uN1Sv5dQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEOrIpSSviL4MnguwfSC44qlZVvIMB8GA1UdIwQY
MBaAFPELc030+mruEuqZBlewNaFitKnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFF0elRmVDZhdTRTNnBrR1Y3QTFvV0swcWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMmJkOGUtMmViOC00NTE1LTk1NmIt
ZTE1MjUwMzkyODg3LzEvUTZzaWxKSy1Jdmd5ZUM3QjlJTGppcVZsVzhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMmJkOGUtMmViOC00NTE1LTk1NmItZTE1MjUwMzkyODg3
LzEvOFF0elRmVDZhdTRTNnBrR1Y3QTFvV0swcWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhT6gDAN
BgkqhkiG9w0BAQsFAAOCAQEAVwrhiQARtF7HHDDzh1cguz/efADorW3aLieABrWU
psIb+s3lkmKIGBQOJYg4oYQUQrZGyC6JQ/ln+dlIvJYz+i/zXA7JFoD8qJ0oXdZC
7LSfM2+PRj/xV585Yt94VfcFExm45U0/JVR/YFUmkTTO/ASi2GMo7F+6gCWiXXta
awpaFLc7AeTlxhrd83UVMKCbetQOaY2IZnIaC4hyyVHN3mZhBPBtFCSiAWcPwuI4
++NG41Fztgx2Ioz0LEsVk9LKGBf+TMesNx6ukG+PgFl99e4VcPwj2YVEKcjrai0C
tYuLnS6pRhfZZ3zLCcxcwykmIlxLLC2i3ZmRLjcBHGzYhg==
-----END CERTIFICATE-----