Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/EYgXdph0ad7x7RpPlZyOENzd-oA.roa
File:                     EYgXdph0ad7x7RpPlZyOENzd-oA.roa (raw, json)
Hash identifier:          Hrugq5ntPmxP93lV9SDtZJap5r0QftcRWf7OkP/hZyI=
Subject key identifier:   11:88:17:76:98:74:69:DE:F1:ED:1A:4F:95:9C:8E:10:DC:DD:FA:80
Certificate issuer:       /CN=1b12120c351c14eec22109f603249fcdac1d3321
Certificate serial:       01975563905E51E2DBF4F2137F82209C24D5
Authority key identifier: 1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/EYgXdph0ad7x7RpPlZyOENzd-oA.roa
Signing time:             Mon 09 Jun 2025 15:51:17 +0000
ROA not before:           Mon 09 Jun 2025 15:51:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207625
IP address blocks:        2a14:db80:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:55:63:90:5e:51:e2:db:f4:f2:13:7f:82:20:9c:24:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b12120c351c14eec22109f603249fcdac1d3321
        Validity
            Not Before: Jun  9 15:51:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11881776987469def1ed1a4f959c8e10dcddfa80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:56:57:db:ad:7c:ea:6f:e9:53:e4:33:a1:11:
                    fa:23:e5:7f:33:6e:93:db:2e:c9:63:fa:db:cb:31:
                    74:5a:ad:48:54:73:f9:ed:59:7c:93:c6:19:e0:65:
                    7e:f8:38:45:6f:30:bd:bd:ae:29:e4:e5:50:a2:6a:
                    fd:41:c2:52:9a:7d:28:aa:e3:c3:ad:fb:91:cc:77:
                    fe:d3:41:2d:73:5a:f7:0c:b0:42:05:7c:33:01:ca:
                    1e:42:7f:55:ab:74:7f:bf:e9:2a:5a:c3:cb:3a:aa:
                    f2:32:20:af:0e:8c:ac:cb:d4:a1:d7:1b:5d:dd:9f:
                    cd:27:3e:e6:3a:17:34:93:17:8b:fc:62:f1:10:03:
                    b5:8d:bd:90:d4:a7:ce:88:d0:1c:5c:b7:2a:41:09:
                    6a:11:cc:24:20:71:18:90:e6:f6:9f:6a:a1:7e:6c:
                    4d:8b:5b:5f:01:cf:bc:6c:3f:ef:e3:3f:c2:31:12:
                    34:b0:d0:cd:94:fb:1d:f5:1c:c8:26:c0:cb:f0:17:
                    09:0d:41:5a:fa:12:02:8e:12:87:17:7f:5d:67:d6:
                    eb:db:7a:1c:66:71:7a:f8:62:45:b1:b0:4d:ff:44:
                    67:6f:33:15:e5:cf:93:cf:8d:45:d6:55:46:50:71:
                    b5:87:ba:c4:93:68:39:ed:8c:cb:9a:ba:76:4b:18:
                    ef:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:88:17:76:98:74:69:DE:F1:ED:1A:4F:95:9C:8E:10:DC:DD:FA:80
            X509v3 Authority Key Identifier:
                keyid:1B:12:12:0C:35:1C:14:EE:C2:21:09:F6:03:24:9F:CD:AC:1D:33:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxISDDUcFO7CIQn2AySfzawdMyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/EYgXdph0ad7x7RpPlZyOENzd-oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/3daf7f-301d-423e-946e-43df47d5a1e7/1/GxISDDUcFO7CIQn2AySfzawdMyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:db80:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:56:04:90:71:53:5a:dd:10:58:3d:23:d3:cc:13:9f:55:44:
         6c:f9:e5:47:3e:b3:09:bb:37:50:1e:4a:69:5e:71:4c:76:e7:
         4c:23:90:0f:61:e2:f0:d8:7a:2a:33:ea:24:b2:cb:ff:9b:26:
         7b:57:9f:a4:56:55:99:a6:44:80:50:7f:b1:7b:29:0d:60:34:
         09:5a:ff:d4:5f:d7:5d:ef:d3:d1:88:90:0b:bc:b0:19:74:b0:
         22:ef:4c:51:08:ea:e5:e4:d7:ec:fe:74:fe:27:79:81:2d:f1:
         26:43:da:e9:14:38:a5:1a:13:12:b0:d9:4b:24:0a:20:49:9b:
         b4:04:35:b5:d7:49:3d:4e:70:36:38:bb:17:74:37:13:91:bb:
         af:7d:e7:8a:7a:c3:4a:2d:01:ce:e0:f3:5c:cb:6d:a9:48:0f:
         64:74:28:15:16:3c:1e:ab:1b:0a:a8:81:e3:8a:75:db:86:08:
         a5:c5:8a:0f:77:33:72:0b:16:de:df:13:33:e5:29:40:f3:31:
         30:59:30:20:ab:ea:26:43:45:00:e7:ef:65:ea:bf:55:17:ec:
         ec:0a:d8:84:6f:7d:b8:c3:0c:f9:03:0d:d2:d5:b2:ed:54:b3:
         aa:f5:49:ea:ce:29:33:d6:cd:1f:6d:fc:df:e4:f5:df:64:7b:
         98:94:5e:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdVY5BeUeLb9PITf4IgnCTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMTIxMjBjMzUxYzE0ZWVjMjIxMDlmNjAzMjQ5ZmNkYWMx
ZDMzMjEwHhcNMjUwNjA5MTU1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg4MTc3Njk4NzQ2OWRlZjFlZDFhNGY5NTljOGUxMGRjZGRmYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllZX26186m/pU+QzoRH6I+V/M26T
2y7JY/rbyzF0Wq1IVHP57Vl8k8YZ4GV++DhFbzC9va4p5OVQomr9QcJSmn0oquPD
rfuRzHf+00Etc1r3DLBCBXwzAcoeQn9Vq3R/v+kqWsPLOqryMiCvDoysy9Sh1xtd
3Z/NJz7mOhc0kxeL/GLxEAO1jb2Q1KfOiNAcXLcqQQlqEcwkIHEYkOb2n2qhfmxN
i1tfAc+8bD/v4z/CMRI0sNDNlPsd9RzIJsDL8BcJDUFa+hICjhKHF39dZ9br23oc
ZnF6+GJFsbBN/0RnbzMV5c+Tz41F1lVGUHG1h7rEk2g57YzLmrp2Sxjv1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBGIF3aYdGne8e0aT5WcjhDc3fqAMB8GA1UdIwQY
MBaAFBsSEgw1HBTuwiEJ9gMkn82sHTMhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUt
NDNkZjQ3ZDVhMWU3LzEvRVlnWGRwaDBhZDd4N1JwUGxaeU9FTnpkLW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8zZGFmN2YtMzAxZC00MjNlLTk0NmUtNDNkZjQ3ZDVhMWU3
LzEvR3hJU0REVWNGTzdDSVFuMkF5U2Z6YXdkTXlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhTbgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQA0VgSQcVNa3RBYPSPTzBOfVURs+eVHPrMJuzdQ
HkppXnFMdudMI5APYeLw2HoqM+okssv/myZ7V5+kVlWZpkSAUH+xeykNYDQJWv/U
X9dd79PRiJALvLAZdLAi70xRCOrl5Nfs/nT+J3mBLfEmQ9rpFDilGhMSsNlLJAog
SZu0BDW110k9TnA2OLsXdDcTkbuvfeeKesNKLQHO4PNcy22pSA9kdCgVFjweqxsK
qIHjinXbhgilxYoPdzNyCxbe3xMz5SlA8zEwWTAgq+omQ0UA5+9l6r9VF+zsCtiE
b324wwz5Aw3S1bLtVLOq9Unqzikz1s0fbfzf5PXfZHuYlF5Y
-----END CERTIFICATE-----