Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/990590-4a63-4b2f-a933-d1959f3e2f76/1/hs1Ttmuuy8oKm2rJqVYgyDXaPIw.roa
File:                     hs1Ttmuuy8oKm2rJqVYgyDXaPIw.roa (raw, json)
Hash identifier:          Byo6rO4TnKOVrKw6LlKH8flPLRHULJLiFuZMsf82Wv4=
Subject key identifier:   86:CD:53:B6:6B:AE:CB:CA:0A:9B:6A:C9:A9:56:20:C8:35:DA:3C:8C
Certificate issuer:       /CN=846cd7bc19142056acaf9573caa1af8de8718156
Certificate serial:       01963ECDB5098166FC54155E98AA7D658F06
Authority key identifier: 84:6C:D7:BC:19:14:20:56:AC:AF:95:73:CA:A1:AF:8D:E8:71:81:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGzXvBkUIFasr5VzyqGvjehxgVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/990590-4a63-4b2f-a933-d1959f3e2f76/1/hs1Ttmuuy8oKm2rJqVYgyDXaPIw.roa
Signing time:             Wed 16 Apr 2025 13:33:10 +0000
ROA not before:           Wed 16 Apr 2025 13:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39591
IP address blocks:        2a14:6880::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/990590-4a63-4b2f-a933-d1959f3e2f76/1/hGzXvBkUIFasr5VzyqGvjehxgVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/990590-4a63-4b2f-a933-d1959f3e2f76/1/hGzXvBkUIFasr5VzyqGvjehxgVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGzXvBkUIFasr5VzyqGvjehxgVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 22:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:cd:b5:09:81:66:fc:54:15:5e:98:aa:7d:65:8f:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=846cd7bc19142056acaf9573caa1af8de8718156
        Validity
            Not Before: Apr 16 13:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86cd53b66baecbca0a9b6ac9a95620c835da3c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e6:94:1a:17:cb:93:2c:16:e8:72:c5:af:5c:
                    cc:d6:76:cb:56:66:d5:4b:fc:05:2b:45:84:61:36:
                    f5:5d:99:92:7f:8c:d1:4a:0c:78:d1:ea:23:73:42:
                    1c:a0:e2:7f:28:80:42:44:3e:22:95:cb:a9:de:c9:
                    73:86:a6:b6:5d:b6:4f:b9:00:47:eb:64:c0:bc:d9:
                    91:4d:34:4a:3d:0d:6d:e3:4e:aa:a7:ef:e8:c5:e9:
                    46:f8:1b:81:5f:48:ba:3f:17:e3:53:13:ec:3e:15:
                    b5:b6:14:dd:d9:e3:75:f2:af:5e:29:cf:79:7d:3b:
                    82:a6:1a:c7:f1:c3:03:a9:e5:6d:39:ae:72:79:eb:
                    7d:4e:fd:11:b2:20:00:38:f6:e3:5a:04:5b:9d:c3:
                    d6:c4:a2:d0:cf:4c:67:2b:84:2b:c5:85:c0:77:12:
                    4d:01:90:38:92:6c:56:ee:21:4f:6a:8f:64:b5:53:
                    e1:db:87:4c:3c:2a:09:0f:c6:2c:e6:1a:fc:d8:18:
                    61:64:d9:3a:b3:7e:a0:bb:40:ad:3e:1d:30:27:fb:
                    0f:09:8c:47:47:6e:4e:9e:a7:96:26:de:6c:33:ca:
                    3a:fd:10:7f:1e:c3:d4:08:3d:a0:db:63:f1:d8:21:
                    3b:d6:77:19:be:0d:4e:64:57:98:26:3c:f7:be:e2:
                    63:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CD:53:B6:6B:AE:CB:CA:0A:9B:6A:C9:A9:56:20:C8:35:DA:3C:8C
            X509v3 Authority Key Identifier:
                keyid:84:6C:D7:BC:19:14:20:56:AC:AF:95:73:CA:A1:AF:8D:E8:71:81:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGzXvBkUIFasr5VzyqGvjehxgVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/990590-4a63-4b2f-a933-d1959f3e2f76/1/hs1Ttmuuy8oKm2rJqVYgyDXaPIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/990590-4a63-4b2f-a933-d1959f3e2f76/1/hGzXvBkUIFasr5VzyqGvjehxgVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6880::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:78:b3:a9:05:9c:ed:3b:9d:ef:e1:ee:46:5f:3e:18:88:58:
         f8:4f:27:f7:89:c0:11:50:56:65:c8:76:40:16:93:e5:85:12:
         cc:97:c5:24:c2:c2:3b:c1:c3:d0:e7:1a:b5:63:54:b0:de:4a:
         31:b0:02:7a:69:48:d3:61:8f:39:0a:84:e4:c8:93:ca:20:67:
         43:4c:8b:3a:b7:60:bc:5a:fa:c9:aa:87:02:99:1e:1d:10:78:
         0d:fd:96:2d:74:ee:ce:ef:2a:f7:c7:cc:59:b8:a9:05:0b:95:
         a2:07:8e:fa:07:b9:6d:7a:01:9c:2e:81:83:a4:04:13:72:cc:
         f1:f6:91:6d:3e:f3:3b:42:d1:52:28:be:69:97:8b:9a:15:c5:
         72:2a:78:bb:24:eb:75:9d:fc:48:78:48:7a:b0:cd:ae:26:93:
         2f:a4:cb:2a:92:15:a4:f8:09:cc:1e:2f:c6:ae:1d:b2:ad:d5:
         f1:00:d0:d3:4f:ec:b1:15:2a:36:9b:50:9c:fd:d3:35:10:5a:
         04:ff:e9:a2:56:43:b6:f2:98:15:b0:6e:86:b0:a1:c2:f1:3a:
         5f:92:b6:78:2e:b8:dc:86:dc:0b:d5:8e:d1:09:78:1c:93:f2:
         cb:af:b4:d5:62:5f:27:4c:05:5e:2c:d5:83:4a:79:49:3a:d6:
         e2:bb:e2:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZY+zbUJgWb8VBVemKp9ZY8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NmNkN2JjMTkxNDIwNTZhY2FmOTU3M2NhYTFhZjhkZTg3
MTgxNTYwHhcNMjUwNDE2MTMzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNkNTNiNjZiYWVjYmNhMGE5YjZhYzlhOTU2MjBjODM1ZGEzYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+aUGhfLkywW6HLFr1zM1nbLVmbV
S/wFK0WEYTb1XZmSf4zRSgx40eojc0IcoOJ/KIBCRD4ilcup3slzhqa2XbZPuQBH
62TAvNmRTTRKPQ1t406qp+/oxelG+BuBX0i6PxfjUxPsPhW1thTd2eN18q9eKc95
fTuCphrH8cMDqeVtOa5yeet9Tv0RsiAAOPbjWgRbncPWxKLQz0xnK4QrxYXAdxJN
AZA4kmxW7iFPao9ktVPh24dMPCoJD8Ys5hr82BhhZNk6s36gu0CtPh0wJ/sPCYxH
R25OnqeWJt5sM8o6/RB/HsPUCD2g22Px2CE71ncZvg1OZFeYJjz3vuJjjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIbNU7ZrrsvKCptqyalWIMg12jyMMB8GA1UdIwQY
MBaAFIRs17wZFCBWrK+Vc8qhr43ocYFWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEd6WHZCa1VJRmFzcjVWenlxR3ZqZWh4Z1ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85OTA1OTAtNGE2My00YjJmLWE5MzMt
ZDE5NTlmM2UyZjc2LzEvaHMxVHRtdXV5OG9LbTJySnFWWWd5RFhhUEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85OTA1OTAtNGE2My00YjJmLWE5MzMtZDE5NTlmM2UyZjc2
LzEvaEd6WHZCa1VJRmFzcjVWenlxR3ZqZWh4Z1ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRogDAN
BgkqhkiG9w0BAQsFAAOCAQEAYXizqQWc7Tud7+HuRl8+GIhY+E8n94nAEVBWZch2
QBaT5YUSzJfFJMLCO8HD0OcatWNUsN5KMbACemlI02GPOQqE5MiTyiBnQ0yLOrdg
vFr6yaqHApkeHRB4Df2WLXTuzu8q98fMWbipBQuVogeO+ge5bXoBnC6Bg6QEE3LM
8faRbT7zO0LRUii+aZeLmhXFcip4uyTrdZ38SHhIerDNriaTL6TLKpIVpPgJzB4v
xq4dsq3V8QDQ00/ssRUqNptQnP3TNRBaBP/polZDtvKYFbBuhrChwvE6X5K2eC64
3IbcC9WO0Ql4HJPyy6+01WJfJ0wFXizVg0p5STrW4rvi3A==
-----END CERTIFICATE-----