Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/Jt7oM1rrO61yMkWpOZ9c3x_9OsA.roa
File:                     Jt7oM1rrO61yMkWpOZ9c3x_9OsA.roa (raw, json)
Hash identifier:          wjMwmPPvLGA+Cb8GxvP/xHdMU6RTm33BMyMFOL7GGVk=
Subject key identifier:   26:DE:E8:33:5A:EB:3B:AD:72:32:45:A9:39:9F:5C:DF:1F:FD:3A:C0
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       01975DB42A63724B40A9EB116B22C365D226
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/Jt7oM1rrO61yMkWpOZ9c3x_9OsA.roa
Signing time:             Wed 11 Jun 2025 06:36:17 +0000
ROA not before:           Wed 11 Jun 2025 06:36:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204916
IP address blocks:        2a14:e602::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 18:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:b4:2a:63:72:4b:40:a9:eb:11:6b:22:c3:65:d2:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Jun 11 06:36:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26dee8335aeb3bad723245a9399f5cdf1ffd3ac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:67:44:b9:86:16:27:3a:dd:b2:9f:01:47:
                    c3:49:0f:c5:8b:2e:aa:28:53:a5:52:04:20:ed:c8:
                    e8:5e:35:a5:cf:1b:7e:c1:06:27:bf:35:0f:10:18:
                    60:f1:90:40:f0:b8:a1:1c:63:06:4d:ae:a3:83:66:
                    84:55:54:a0:9f:7c:03:11:c3:d6:fd:83:a1:2e:26:
                    95:59:29:78:12:5f:87:cf:69:cc:d6:55:c3:4e:57:
                    a3:00:8b:b9:29:9f:4a:80:0b:06:b2:2b:b4:d1:b1:
                    90:6b:69:cb:39:cc:17:25:1b:e6:47:a1:7f:b9:a1:
                    25:85:57:ff:d4:da:37:e8:e6:3e:34:51:79:ea:ba:
                    00:e0:6b:56:47:63:41:f0:6d:72:e1:19:c9:f7:cd:
                    a6:68:f6:94:48:34:b8:ad:7e:41:e2:36:19:4e:ae:
                    09:04:40:1d:36:2e:33:55:81:71:9c:2a:d8:81:73:
                    18:b6:a1:1f:2a:28:3f:ba:59:bd:24:e9:9f:ab:d6:
                    d5:ce:9b:77:20:6d:e7:32:9b:3e:71:1f:4e:b6:c7:
                    ed:3f:d4:db:bf:8d:40:6b:3e:68:1a:62:aa:ac:a9:
                    34:0f:ae:28:ee:a9:29:f9:a5:a3:88:2d:29:86:54:
                    6d:1b:2e:82:2c:b1:b5:d7:6a:c0:a3:61:06:b6:73:
                    50:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DE:E8:33:5A:EB:3B:AD:72:32:45:A9:39:9F:5C:DF:1F:FD:3A:C0
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/Jt7oM1rrO61yMkWpOZ9c3x_9OsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e602::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:18:58:06:58:a4:21:05:3e:c9:b9:18:61:09:7d:0a:ed:24:
         c5:31:ca:1b:73:7b:9b:05:9d:d4:41:fb:e4:80:1b:64:72:4e:
         49:e6:b3:bd:4d:2e:8c:9f:17:43:08:57:9f:50:9d:82:90:90:
         ff:b9:7c:ca:da:86:3f:b2:9c:b4:85:51:84:e3:6f:30:55:81:
         b0:a5:b3:c5:c7:36:65:04:60:78:ae:8d:70:2a:35:e8:bb:e6:
         40:65:64:16:ca:06:f1:5e:f2:be:3c:62:3f:f6:b7:f3:ca:82:
         d8:db:18:f4:fb:05:22:14:30:c3:58:2c:bd:6b:e7:2a:c5:f6:
         ae:8d:b6:40:59:15:cb:6d:3e:cb:c3:0e:c8:bb:55:4a:27:fa:
         4e:7c:90:0d:e7:0c:20:4b:8b:6b:85:a4:ca:6a:77:a8:93:25:
         80:6f:39:cf:fc:7a:05:91:21:57:c6:03:02:9d:1a:ea:f2:54:
         47:8f:54:c3:96:27:07:5f:16:f2:5d:e7:b3:d7:ca:9c:da:9f:
         62:43:f4:00:9b:71:ec:7e:d1:34:74:e9:41:37:98:88:da:40:
         84:f3:e0:93:08:39:cf:2f:95:9c:4e:47:98:df:0b:2c:c7:9e:
         a6:99:f9:ff:72:f9:fa:c0:a4:60:4d:d6:db:96:a2:8c:32:29:
         5c:76:7b:f6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZddtCpjcktAqesRayLDZdImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUwNjExMDYzNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRlZTgzMzVhZWIzYmFkNzIzMjQ1YTkzOTlmNWNkZjFmZmQzYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxVnRLmGFic63bKfAUfDSQ/Fiy6q
KFOlUgQg7cjoXjWlzxt+wQYnvzUPEBhg8ZBA8LihHGMGTa6jg2aEVVSgn3wDEcPW
/YOhLiaVWSl4El+Hz2nM1lXDTlejAIu5KZ9KgAsGsiu00bGQa2nLOcwXJRvmR6F/
uaElhVf/1No36OY+NFF56roA4GtWR2NB8G1y4RnJ982maPaUSDS4rX5B4jYZTq4J
BEAdNi4zVYFxnCrYgXMYtqEfKig/ulm9JOmfq9bVzpt3IG3nMps+cR9OtsftP9Tb
v41Aaz5oGmKqrKk0D64o7qkp+aWjiC0phlRtGy6CLLG112rAo2EGtnNQQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCbe6DNa6zutcjJFqTmfXN8f/TrAMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvSnQ3b00xcnJPNjF5TWtXcE9aOWMzeF85T3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhTmAjAN
BgkqhkiG9w0BAQsFAAOCAQEAfhhYBlikIQU+ybkYYQl9Cu0kxTHKG3N7mwWd1EH7
5IAbZHJOSeazvU0ujJ8XQwhXn1CdgpCQ/7l8ytqGP7KctIVRhONvMFWBsKWzxcc2
ZQRgeK6NcCo16LvmQGVkFsoG8V7yvjxiP/a388qC2NsY9PsFIhQww1gsvWvnKsX2
ro22QFkVy20+y8MOyLtVSif6TnyQDecMIEuLa4Wkymp3qJMlgG85z/x6BZEhV8YD
Ap0a6vJUR49Uw5YnB18W8l3ns9fKnNqfYkP0AJtx7H7RNHTpQTeYiNpAhPPgkwg5
zy+VnE5HmN8LLMeeppn5/3L5+sCkYE3W25aijDIpXHZ79g==
-----END CERTIFICATE-----