Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/SGJaxM1tftN6eWW_JhWZIZdq6Hs.roa
File:                     SGJaxM1tftN6eWW_JhWZIZdq6Hs.roa (raw, json)
Hash identifier:          i3+GB/wkLsPOj8TleSkbJUTDI0kj7dMA6dFb0QRWP+8=
Subject key identifier:   48:62:5A:C4:CD:6D:7E:D3:7A:79:65:BF:26:15:99:21:97:6A:E8:7B
Certificate issuer:       /CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
Certificate serial:       019600E05712BB1D759384B29548B97D6E1B
Authority key identifier: 29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/SGJaxM1tftN6eWW_JhWZIZdq6Hs.roa
Signing time:             Fri 04 Apr 2025 12:57:04 +0000
ROA not before:           Fri 04 Apr 2025 12:57:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203098
IP address blocks:        2a14:c884::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:e0:57:12:bb:1d:75:93:84:b2:95:48:b9:7d:6e:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
        Validity
            Not Before: Apr  4 12:57:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48625ac4cd6d7ed37a7965bf26159921976ae87b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:06:a4:5d:71:34:ad:43:99:e4:7e:ae:c2:a2:
                    63:1e:6c:97:4b:81:38:12:86:bd:66:67:a8:db:85:
                    a8:7b:e3:d4:67:2a:e5:4a:bd:33:d2:65:73:2c:c6:
                    d4:c4:2e:e8:ce:93:42:52:9e:eb:fc:75:60:b7:49:
                    26:6d:90:86:da:66:c3:51:43:9a:c1:2f:53:eb:12:
                    3d:83:a8:00:85:33:37:65:c1:05:2c:0a:52:b4:d9:
                    e0:40:15:d7:d2:6d:60:2d:97:b2:cd:cc:eb:91:80:
                    48:38:ab:20:47:38:9e:29:8b:f7:54:f6:bb:0d:54:
                    2f:8e:4b:1f:cb:a8:78:7c:ec:1b:50:c6:48:47:cb:
                    5b:1d:94:c4:5b:c6:12:bc:31:41:be:60:70:e4:13:
                    93:92:a4:33:69:c3:0b:a6:e4:5c:cd:18:88:26:59:
                    67:44:3e:50:26:8f:6e:0d:55:6a:0f:f8:33:89:73:
                    2b:14:ea:90:70:74:fd:19:6b:42:ac:47:04:70:55:
                    f8:fb:85:88:89:b3:d4:3b:a3:e3:f4:38:e9:25:0c:
                    39:a1:5a:51:6a:4b:a2:72:ad:b3:76:94:cd:5b:98:
                    e0:fb:74:f5:e6:7e:f1:5a:7b:b5:29:40:82:a8:9d:
                    b5:ae:26:02:d4:14:bd:09:b0:34:1e:40:c0:61:84:
                    1f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:62:5A:C4:CD:6D:7E:D3:7A:79:65:BF:26:15:99:21:97:6A:E8:7B
            X509v3 Authority Key Identifier:
                keyid:29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/SGJaxM1tftN6eWW_JhWZIZdq6Hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c884::/33

    Signature Algorithm: sha256WithRSAEncryption
         2d:e1:2d:73:57:12:d6:48:67:47:76:df:b1:3d:c3:97:38:7f:
         64:89:26:35:b0:83:a1:86:0a:a7:04:f6:d3:d5:31:6b:cd:a6:
         d1:36:a4:b6:d9:64:94:66:d3:59:08:7f:e6:b4:92:66:11:41:
         26:2f:a4:ef:9d:4d:53:64:57:6d:cb:1e:75:a5:9b:9b:21:59:
         04:3d:be:0b:b4:1f:5e:03:8e:d5:9a:35:44:c8:81:fa:5b:9c:
         93:5a:e3:eb:68:c6:54:32:44:2c:21:59:d2:7e:4b:89:04:6a:
         6f:fe:44:c6:d6:cc:b0:a5:04:97:f8:d0:88:13:36:91:f4:b9:
         f8:f9:4c:7f:1d:d9:dd:ef:0d:23:db:76:89:7a:cd:7b:13:4a:
         49:d2:e1:e9:6b:82:e7:7d:36:fb:48:5d:d6:8b:93:8a:8a:6a:
         ed:13:93:c6:58:f0:a3:9f:b4:8f:8b:25:f1:bb:ac:9c:1a:83:
         34:4b:13:2d:4c:9c:cb:bc:83:eb:31:74:71:66:46:2e:9f:7b:
         3b:73:fc:51:44:6b:9e:51:2d:14:8b:b0:c6:b8:5a:2f:84:34:
         ea:e0:1d:b9:14:b6:26:70:d5:6c:5e:88:67:b8:37:3e:52:55:
         aa:de:de:30:75:be:34:18:f8:52:e4:1f:dc:b4:02:38:b0:7e:
         4c:e5:64:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYA4FcSux11k4SylUi5fW4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmE3ZGQ2M2YyZTJkODdiNWY3ODUwMDkzYzc0M2JiZmJl
MTRlNDQwHhcNMjUwNDA0MTI1NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODYyNWFjNGNkNmQ3ZWQzN2E3OTY1YmYyNjE1OTkyMTk3NmFlODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwakXXE0rUOZ5H6uwqJjHmyXS4E4
Eoa9Zmeo24Woe+PUZyrlSr0z0mVzLMbUxC7ozpNCUp7r/HVgt0kmbZCG2mbDUUOa
wS9T6xI9g6gAhTM3ZcEFLApStNngQBXX0m1gLZeyzczrkYBIOKsgRzieKYv3VPa7
DVQvjksfy6h4fOwbUMZIR8tbHZTEW8YSvDFBvmBw5BOTkqQzacMLpuRczRiIJlln
RD5QJo9uDVVqD/gziXMrFOqQcHT9GWtCrEcEcFX4+4WIibPUO6Pj9DjpJQw5oVpR
akuicq2zdpTNW5jg+3T15n7xWnu1KUCCqJ21riYC1BS9CbA0HkDAYYQfZwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEhiWsTNbX7TenllvyYVmSGXauh7MB8GA1UdIwQY
MBaAFCn6fdY/Li2HtfeFAJPHQ7v74U5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUt
NzlmN2I2ZWE3YzE0LzEvU0dKYXhNMXRmdE42ZVdXX0poV1pJWmRxNkhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUtNzlmN2I2ZWE3YzE0
LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhTIhAAw
DQYJKoZIhvcNAQELBQADggEBAC3hLXNXEtZIZ0d237E9w5c4f2SJJjWwg6GGCqcE
9tPVMWvNptE2pLbZZJRm01kIf+a0kmYRQSYvpO+dTVNkV23LHnWlm5shWQQ9vgu0
H14DjtWaNUTIgfpbnJNa4+toxlQyRCwhWdJ+S4kEam/+RMbWzLClBJf40IgTNpH0
ufj5TH8d2d3vDSPbdol6zXsTSknS4elrgud9NvtIXdaLk4qKau0Tk8ZY8KOftI+L
JfG7rJwagzRLEy1MnMu8g+sxdHFmRi6feztz/FFEa55RLRSLsMa4Wi+ENOrgHbkU
tiZw1WxeiGe4Nz5SVare3jB1vjQY+FLkH9y0AjiwfkzlZEM=
-----END CERTIFICATE-----