Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/0tHvPtdsZRMSdECFrWywHEFzjJY.roa
File:                     0tHvPtdsZRMSdECFrWywHEFzjJY.roa (raw, json)
Hash identifier:          wDxCLikDUetb91mXxU1f33qmz0PqiuAAUobRz5+KIoE=
Subject key identifier:   D2:D1:EF:3E:D7:6C:65:13:12:74:40:85:AD:6C:B0:1C:41:73:8C:96
Certificate issuer:       /CN=1ccf33cf78477313c7382e89b17573ed68588b93
Certificate serial:       01974B01C9B56BB0A1A7103959E6E44B62FD
Authority key identifier: 1C:CF:33:CF:78:47:73:13:C7:38:2E:89:B1:75:73:ED:68:58:8B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/0tHvPtdsZRMSdECFrWywHEFzjJY.roa
Signing time:             Sat 07 Jun 2025 15:28:17 +0000
ROA not before:           Sat 07 Jun 2025 15:28:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213953
IP address blocks:        2a14:ec00:3::/48 maxlen: 48
                          2a14:ec00:4::/48 maxlen: 48
                          2a14:ec00:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 06:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4b:01:c9:b5:6b:b0:a1:a7:10:39:59:e6:e4:4b:62:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ccf33cf78477313c7382e89b17573ed68588b93
        Validity
            Not Before: Jun  7 15:28:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2d1ef3ed76c651312744085ad6cb01c41738c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b7:e9:73:ce:ea:f4:ba:32:0d:96:e0:74:f9:
                    2f:49:22:66:40:14:ee:11:56:b6:de:2f:05:d3:ce:
                    c1:7f:8b:60:8c:34:9c:6f:a6:7e:d5:17:75:42:ee:
                    e8:5e:60:a5:11:ab:ec:ea:ad:f2:dd:a5:ce:3f:24:
                    cc:99:93:f0:33:6b:83:3b:80:d5:dc:97:b0:26:0d:
                    36:6c:65:79:38:7e:67:88:d8:ce:a2:b3:b1:d7:3f:
                    b1:51:0c:84:5c:ec:26:51:ee:af:a1:3b:aa:6f:6a:
                    43:ec:73:1a:7b:5a:61:cc:1c:9c:54:c3:47:ac:d9:
                    7f:cf:11:5e:2c:b3:60:9d:e6:98:a1:7a:39:52:08:
                    fb:4d:4b:9c:80:f8:35:29:58:ff:04:0e:db:4b:f6:
                    e6:24:51:82:eb:8c:9c:df:ee:d1:05:9a:a8:9b:4e:
                    d9:f2:45:68:db:a7:89:ac:e8:fc:95:ec:20:72:d0:
                    3b:84:cb:b1:41:2a:64:be:b3:a3:07:57:33:fb:46:
                    fb:a8:24:c8:6e:fc:8b:4f:ee:89:b4:6a:41:5f:e3:
                    f5:43:91:2e:da:e6:05:fe:96:53:e1:78:e9:d0:7f:
                    9c:c3:fd:38:bc:25:d8:a2:d3:e4:49:b2:db:b1:6a:
                    3f:47:0b:0e:d5:8a:27:7c:d0:18:37:81:2b:f5:6a:
                    f7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D1:EF:3E:D7:6C:65:13:12:74:40:85:AD:6C:B0:1C:41:73:8C:96
            X509v3 Authority Key Identifier:
                keyid:1C:CF:33:CF:78:47:73:13:C7:38:2E:89:B1:75:73:ED:68:58:8B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/0tHvPtdsZRMSdECFrWywHEFzjJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ec00:3::-2a14:ec00:5:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         97:04:ba:5b:46:49:b8:01:54:73:15:52:00:b7:29:7c:34:e5:
         fa:89:1a:2d:23:a5:60:8c:58:09:eb:67:15:04:a1:cb:4a:63:
         da:bb:cf:3f:d8:ce:7d:ea:96:ee:a5:21:d0:a0:30:12:f2:e3:
         a0:64:80:2d:65:b8:e1:48:d7:7f:04:20:b0:49:55:56:e7:3b:
         ab:b9:33:9d:dc:6b:1b:8c:55:e0:2c:21:53:16:91:48:9b:df:
         68:9f:07:b8:0c:94:93:df:89:00:4b:79:db:c8:ad:cc:01:d1:
         d0:51:aa:f6:d7:c9:cc:20:11:5c:55:d1:ee:d4:04:cf:f5:77:
         7c:38:3d:09:74:cb:5a:f1:f7:52:52:80:de:ee:ed:7b:3f:0d:
         4a:94:ed:da:4e:2a:6b:85:62:fc:95:1b:27:dd:e5:cb:3a:31:
         dd:14:8f:93:2f:2f:ed:e4:91:88:0e:ae:13:16:6a:f4:d3:52:
         67:a3:18:1d:9a:88:64:ef:0f:1a:a1:c1:4f:78:62:15:ac:fa:
         0d:ea:13:75:85:52:fb:3a:e5:ad:a5:18:68:d3:a2:e8:0a:08:
         70:96:76:8e:38:28:ac:85:79:79:2b:46:8b:8a:68:30:5f:ec:
         4d:75:33:9a:12:9b:86:36:1b:08:7c:c5:06:f3:5e:02:85:91:
         67:a2:9d:40
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZdLAcm1a7ChpxA5WebkS2L9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjY2YzM2NmNzg0NzczMTNjNzM4MmU4OWIxNzU3M2VkNjg1
ODhiOTMwHhcNMjUwNjA3MTUyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmQxZWYzZWQ3NmM2NTEzMTI3NDQwODVhZDZjYjAxYzQxNzM4Yzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprfpc87q9LoyDZbgdPkvSSJmQBTu
EVa23i8F087Bf4tgjDScb6Z+1Rd1Qu7oXmClEavs6q3y3aXOPyTMmZPwM2uDO4DV
3JewJg02bGV5OH5niNjOorOx1z+xUQyEXOwmUe6voTuqb2pD7HMae1phzBycVMNH
rNl/zxFeLLNgneaYoXo5Ugj7TUucgPg1KVj/BA7bS/bmJFGC64yc3+7RBZqom07Z
8kVo26eJrOj8lewgctA7hMuxQSpkvrOjB1cz+0b7qCTIbvyLT+6JtGpBX+P1Q5Eu
2uYF/pZT4Xjp0H+cw/04vCXYotPkSbLbsWo/RwsO1YonfNAYN4Er9Wr3GQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNLR7z7XbGUTEnRAha1ssBxBc4yWMB8GA1UdIwQY
MBaAFBzPM894R3MTxzguibF1c+1oWIuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE04enozaEhjeFBIT0M2SnNYVno3V2hZaTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jZWYyN2UtOTkwMy00YzNmLTgwN2Mt
MTI4ZTAwNTNkY2NmLzEvMHRIdlB0ZHNaUk1TZEVDRnJXeXdIRUZ6akpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jZWYyN2UtOTkwMy00YzNmLTgwN2MtMTI4ZTAwNTNkY2Nm
LzEvSE04enozaEhjeFBIT0M2SnNYVno3V2hZaTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqFOwA
AAMDBwEqFOwAAAQwDQYJKoZIhvcNAQELBQADggEBAJcEultGSbgBVHMVUgC3KXw0
5fqJGi0jpWCMWAnrZxUEoctKY9q7zz/Yzn3qlu6lIdCgMBLy46BkgC1luOFI138E
ILBJVVbnO6u5M53caxuMVeAsIVMWkUib32ifB7gMlJPfiQBLedvIrcwB0dBRqvbX
ycwgEVxV0e7UBM/1d3w4PQl0y1rx91JSgN7u7Xs/DUqU7dpOKmuFYvyVGyfd5cs6
Md0Uj5MvL+3kkYgOrhMWavTTUmejGB2aiGTvDxqhwU94YhWs+g3qE3WFUvs65a2l
GGjTougKCHCWdo44KKyFeXkrRouKaDBf7E11M5oSm4Y2Gwh8xQbzXgKFkWeinUA=
-----END CERTIFICATE-----