Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/eAr-aAj7uWMuBz66qsxEYuZsKRU.roa
File:                     eAr-aAj7uWMuBz66qsxEYuZsKRU.roa (raw, json)
Hash identifier:          upDaP9emSBMltrR9yq3F/Qw8IFTio9ABAVUioXIvrx4=
Subject key identifier:   78:0A:FE:68:08:FB:B9:63:2E:07:3E:BA:AA:CC:44:62:E6:6C:29:15
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       01987F66F30B74C1AB60A2C37145F3253042
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/eAr-aAj7uWMuBz66qsxEYuZsKRU.roa
Signing time:             Wed 06 Aug 2025 12:41:50 +0000
ROA not before:           Wed 06 Aug 2025 12:41:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a14:e601::/32 maxlen: 32
                          2a14:e605::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7f:66:f3:0b:74:c1:ab:60:a2:c3:71:45:f3:25:30:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Aug  6 12:41:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=780afe6808fbb9632e073ebaaacc4462e66c2915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a8:47:9f:3e:41:9a:3b:ae:12:11:55:b5:ea:
                    3b:f9:de:dd:af:67:a0:d3:60:7b:2e:bc:65:58:76:
                    68:5c:82:4d:0b:73:7a:a2:b2:d7:f0:db:f3:ba:01:
                    d3:e6:c8:11:59:53:06:08:e1:e8:bf:09:09:3a:8d:
                    e1:18:77:16:ea:54:21:71:98:44:4b:06:f6:62:e9:
                    bf:8f:39:df:bb:7c:85:4d:6d:1b:3d:91:08:fb:b9:
                    35:f3:83:49:d6:ba:bf:4d:2b:0a:73:d4:6c:6e:17:
                    68:06:fb:40:69:c6:69:f6:6e:c0:c4:33:7c:74:04:
                    1e:e1:39:b0:b7:5a:b0:d6:a6:f8:4a:d6:4f:00:34:
                    44:50:8b:e0:2f:e7:5b:3b:c8:87:b4:bc:73:81:32:
                    3f:8b:f7:48:5b:53:6d:4c:c4:ad:4a:27:9a:ad:ff:
                    a4:53:8a:7c:6d:90:35:7a:46:d4:c3:92:53:1b:49:
                    ac:89:be:4a:97:aa:e3:18:15:c4:c3:60:0c:69:f7:
                    78:16:c8:60:31:62:8a:d0:ba:bc:d3:b9:72:48:1d:
                    20:98:7a:cc:86:46:01:47:3d:82:29:eb:07:ce:94:
                    2d:d5:93:09:8c:a2:33:18:e7:ad:0a:a4:eb:a7:af:
                    2e:25:82:49:76:98:f8:c7:db:d4:00:49:dc:f2:aa:
                    45:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0A:FE:68:08:FB:B9:63:2E:07:3E:BA:AA:CC:44:62:E6:6C:29:15
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/eAr-aAj7uWMuBz66qsxEYuZsKRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e601::/32
                  2a14:e605::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:b8:77:49:00:e2:86:39:d1:15:ea:5e:0f:81:e2:45:d3:ab:
         59:fd:7d:c1:b5:6b:0b:c1:e1:29:b5:34:77:48:c8:f6:58:31:
         c2:b6:a4:56:04:4b:bd:1d:c5:af:4d:5e:1f:89:23:09:53:7f:
         7d:06:65:c3:73:30:f5:a1:dc:c3:95:99:f3:5d:4d:53:56:e1:
         87:3d:88:56:80:25:d4:c6:d0:96:39:cd:a9:5e:99:6f:f0:27:
         53:b4:7a:0c:61:3b:e1:85:2c:84:e2:1e:5f:35:87:21:03:33:
         c4:56:73:16:36:11:81:d9:7a:b6:58:fa:d3:23:fe:85:6f:5b:
         d3:bd:f1:1d:c4:96:66:f6:ac:33:cc:90:44:77:09:2e:5e:4e:
         e0:51:6f:bb:b1:a5:95:41:9e:fb:43:8f:f5:9c:b6:c9:dd:80:
         1c:51:da:be:cd:04:41:c0:2e:a8:ce:99:d7:f3:fe:61:76:ab:
         b6:c3:62:b6:73:ca:1b:23:c2:df:32:61:10:52:4c:99:b4:33:
         ec:c4:b7:8a:64:fb:c4:e6:8e:29:ab:7d:1d:da:fe:5d:6a:ff:
         85:f7:ff:9e:cf:b1:3a:e1:37:d8:99:8f:f3:35:41:fa:18:2b:
         bb:ef:0e:82:f1:e3:f5:10:3a:b4:6b:99:a6:e4:14:5a:61:21:
         93:ab:16:c9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZh/ZvMLdMGrYKLDcUXzJTBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUwODA2MTI0MTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODBhZmU2ODA4ZmJiOTYzMmUwNzNlYmFhYWNjNDQ2MmU2NmMyOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KhHnz5BmjuuEhFVteo7+d7dr2eg
02B7LrxlWHZoXIJNC3N6orLX8NvzugHT5sgRWVMGCOHovwkJOo3hGHcW6lQhcZhE
Swb2Yum/jznfu3yFTW0bPZEI+7k184NJ1rq/TSsKc9RsbhdoBvtAacZp9m7AxDN8
dAQe4Tmwt1qw1qb4StZPADREUIvgL+dbO8iHtLxzgTI/i/dIW1NtTMStSiearf+k
U4p8bZA1ekbUw5JTG0msib5Kl6rjGBXEw2AMafd4FshgMWKK0Lq807lySB0gmHrM
hkYBRz2CKesHzpQt1ZMJjKIzGOetCqTrp68uJYJJdpj4x9vUAEnc8qpFKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHgK/mgI+7ljLgc+uqrMRGLmbCkVMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvZUFyLWFBajd1V011Qno2NnFzeEVZdVpzS1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhTmAQMF
ACoU5gUwDQYJKoZIhvcNAQELBQADggEBAFi4d0kA4oY50RXqXg+B4kXTq1n9fcG1
awvB4Sm1NHdIyPZYMcK2pFYES70dxa9NXh+JIwlTf30GZcNzMPWh3MOVmfNdTVNW
4Yc9iFaAJdTG0JY5zalemW/wJ1O0egxhO+GFLITiHl81hyEDM8RWcxY2EYHZerZY
+tMj/oVvW9O98R3Elmb2rDPMkER3CS5eTuBRb7uxpZVBnvtDj/WctsndgBxR2r7N
BEHALqjOmdfz/mF2q7bDYrZzyhsjwt8yYRBSTJm0M+zEt4pk+8TmjimrfR3a/l1q
/4X3/57PsTrhN9iZj/M1QfoYK7vvDoLx4/UQOrRrmabkFFphIZOrFsk=
-----END CERTIFICATE-----