Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/n2C0sjvTrbF7unBNdsXDONkHwzQ.roa
File:                     n2C0sjvTrbF7unBNdsXDONkHwzQ.roa (raw, json)
Hash identifier:          jLl0pdc61DzddqyTuR7Io8Gkj/xajAEL7bTJB3EuzC8=
Subject key identifier:   9F:60:B4:B2:3B:D3:AD:B1:7B:BA:70:4D:76:C5:C3:38:D9:07:C3:34
Certificate issuer:       /CN=b0570845c239e9991c89bc5c50431e9087860c4d
Certificate serial:       0197C5FB7CD8B6B57C098D9331EF00383D20
Authority key identifier: B0:57:08:45:C2:39:E9:99:1C:89:BC:5C:50:43:1E:90:87:86:0C:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/n2C0sjvTrbF7unBNdsXDONkHwzQ.roa
Signing time:             Tue 01 Jul 2025 12:34:42 +0000
ROA not before:           Tue 01 Jul 2025 12:34:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213680
IP address blocks:        2a14:c600::/32 maxlen: 32
                          2a14:c600::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:fb:7c:d8:b6:b5:7c:09:8d:93:31:ef:00:38:3d:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0570845c239e9991c89bc5c50431e9087860c4d
        Validity
            Not Before: Jul  1 12:34:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f60b4b23bd3adb17bba704d76c5c338d907c334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:79:0a:dc:76:06:a6:f8:ab:1f:db:21:1a:b3:
                    37:f8:ae:b3:f3:ef:8d:21:bf:ac:2a:b0:cb:cf:02:
                    e6:79:dc:20:9e:41:c1:57:37:f2:72:9d:84:94:2f:
                    49:78:0a:93:e9:96:da:b4:b6:a4:44:20:d8:46:67:
                    d3:f1:85:6d:72:b5:97:14:ba:a1:a0:aa:63:a4:e3:
                    fe:71:45:51:15:ad:f1:73:93:58:6e:c9:58:58:43:
                    3e:e9:c5:b0:c0:e0:cc:3a:f9:bb:af:f9:14:8d:83:
                    a1:5d:48:43:15:98:65:53:24:b2:32:94:42:4c:32:
                    8d:6a:8f:2b:73:61:31:fd:88:3a:16:ff:9a:2e:da:
                    f4:2c:1f:87:46:ed:c2:ec:75:05:10:3b:28:81:a2:
                    1b:98:af:41:ea:b0:62:33:65:b0:b7:60:5f:16:b1:
                    4f:8a:00:0f:91:f1:b7:93:66:0d:e0:80:f4:10:9d:
                    e8:c3:37:ff:78:fb:3e:08:3f:c9:3e:9e:5b:d0:2f:
                    48:7a:ea:ac:f6:02:c2:84:b3:83:31:c0:f6:5d:97:
                    53:da:3f:f5:69:1f:d3:f9:78:d0:1b:9c:27:ae:57:
                    dd:36:3d:a8:8c:7b:8d:3f:07:04:63:6c:78:86:52:
                    7a:77:c5:2e:f3:d3:94:53:7f:05:ea:00:ef:28:db:
                    09:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:60:B4:B2:3B:D3:AD:B1:7B:BA:70:4D:76:C5:C3:38:D9:07:C3:34
            X509v3 Authority Key Identifier:
                keyid:B0:57:08:45:C2:39:E9:99:1C:89:BC:5C:50:43:1E:90:87:86:0C:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/n2C0sjvTrbF7unBNdsXDONkHwzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c600::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:ec:d8:e8:33:2b:ee:b4:41:44:d4:cb:3f:b9:16:f4:1e:92:
         c5:67:c0:0b:a5:d9:93:eb:9e:3d:8f:96:91:7b:bc:6f:47:0c:
         aa:85:9f:22:0a:96:fe:74:e5:09:dc:73:7d:e4:df:ba:46:89:
         56:2d:2c:a0:fe:8b:82:29:c6:df:25:d2:3e:fd:4c:8a:b6:70:
         c1:9c:f7:95:27:b6:23:25:1d:8e:97:e6:e5:53:f7:57:78:20:
         c7:f5:67:1f:02:3e:63:e0:c8:eb:f7:b5:5f:71:63:d2:cb:97:
         e7:ec:2d:17:e0:c5:e7:dc:c3:c4:ca:76:02:25:2a:26:e0:c2:
         dd:9d:b6:d1:7a:9e:6f:08:3a:55:de:2d:a8:55:92:63:bb:a4:
         8f:44:d9:9e:43:c3:dc:b0:4c:38:49:24:84:a4:f9:88:a2:eb:
         9f:d1:47:3e:08:22:e2:16:4a:52:49:00:bd:7b:f5:04:ed:b9:
         10:d4:6b:76:14:b4:c7:2f:8c:4a:34:74:dc:29:34:3a:76:1d:
         88:f2:c2:c8:96:c2:e7:6c:94:e9:d8:83:d5:a3:23:0b:4f:a2:
         25:98:8f:af:32:8c:0f:8a:34:ee:b8:a3:09:ae:41:72:86:9b:
         9e:b4:98:37:7a:7c:68:81:39:54:b1:0e:a6:2a:14:30:7f:fe:
         a7:68:81:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfF+3zYtrV8CY2TMe8AOD0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTcwODQ1YzIzOWU5OTkxYzg5YmM1YzUwNDMxZTkwODc4
NjBjNGQwHhcNMjUwNzAxMTIzNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjYwYjRiMjNiZDNhZGIxN2JiYTcwNGQ3NmM1YzMzOGQ5MDdjMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnkK3HYGpvirH9shGrM3+K6z8++N
Ib+sKrDLzwLmedwgnkHBVzfycp2ElC9JeAqT6ZbatLakRCDYRmfT8YVtcrWXFLqh
oKpjpOP+cUVRFa3xc5NYbslYWEM+6cWwwODMOvm7r/kUjYOhXUhDFZhlUySyMpRC
TDKNao8rc2Ex/Yg6Fv+aLtr0LB+HRu3C7HUFEDsogaIbmK9B6rBiM2Wwt2BfFrFP
igAPkfG3k2YN4ID0EJ3owzf/ePs+CD/JPp5b0C9Ieuqs9gLChLODMcD2XZdT2j/1
aR/T+XjQG5wnrlfdNj2ojHuNPwcEY2x4hlJ6d8Uu89OUU38F6gDvKNsJ0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ9gtLI7062xe7pwTXbFwzjZB8M0MB8GA1UdIwQY
MBaAFLBXCEXCOemZHIm8XFBDHpCHhgxNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZjSVJjSTU2WmtjaWJ4Y1VFTWVrSWVHREUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xZTdjNDgtZjhjMi00Njc5LWI3NzEt
NDZjYTI2YWZmNTQ1LzEvbjJDMHNqdlRyYkY3dW5CTmRzWERPTmtId3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xZTdjNDgtZjhjMi00Njc5LWI3NzEtNDZjYTI2YWZmNTQ1
LzEvc0ZjSVJjSTU2WmtjaWJ4Y1VFTWVrSWVHREUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhTGADAN
BgkqhkiG9w0BAQsFAAOCAQEAO+zY6DMr7rRBRNTLP7kW9B6SxWfAC6XZk+uePY+W
kXu8b0cMqoWfIgqW/nTlCdxzfeTfukaJVi0soP6LginG3yXSPv1MirZwwZz3lSe2
IyUdjpfm5VP3V3ggx/VnHwI+Y+DI6/e1X3Fj0suX5+wtF+DF59zDxMp2AiUqJuDC
3Z220Xqebwg6Vd4tqFWSY7ukj0TZnkPD3LBMOEkkhKT5iKLrn9FHPggi4hZKUkkA
vXv1BO25ENRrdhS0xy+MSjR03Ck0OnYdiPLCyJbC52yU6diD1aMjC0+iJZiPrzKM
D4o07rijCa5BcoabnrSYN3p8aIE5VLEOpioUMH/+p2iBTQ==
-----END CERTIFICATE-----