Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/aAUDoOMiIkIoTxqpgiR2vBHCYiA.roa
File:                     aAUDoOMiIkIoTxqpgiR2vBHCYiA.roa (raw, json)
Hash identifier:          bEbrJBN9qOyrrJrbKszXph6Dv/8oZGFIwIyFCbBw1tg=
Subject key identifier:   68:05:03:A0:E3:22:22:42:28:4F:1A:A9:82:24:76:BC:11:C2:62:20
Certificate issuer:       /CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
Certificate serial:       01977E47B41FBDBA32D04CC128A6FD20E07B
Authority key identifier: 63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/aAUDoOMiIkIoTxqpgiR2vBHCYiA.roa
Signing time:             Tue 17 Jun 2025 14:25:17 +0000
ROA not before:           Tue 17 Jun 2025 14:25:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        2a14:4b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Jun 2025 16:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:47:b4:1f:bd:ba:32:d0:4c:c1:28:a6:fd:20:e0:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=635d5b644e22fb488e4d6c0012b0aabf238e61e5
        Validity
            Not Before: Jun 17 14:25:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=680503a0e3222242284f1aa9822476bc11c26220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5c:e7:df:79:23:55:60:27:6a:a4:8e:86:8f:
                    6c:83:51:e7:18:35:08:3b:4d:b8:12:82:ac:89:34:
                    1b:69:7c:3f:57:e5:c0:00:94:b4:e6:85:82:5d:0d:
                    67:0b:86:02:98:b1:b0:44:33:53:86:ff:92:bc:fb:
                    d8:1e:2f:4c:3e:0b:f6:f8:d4:8b:f0:77:e6:14:fc:
                    af:b3:c5:8f:3e:fa:8c:28:2b:f1:cb:5a:87:2d:cf:
                    f1:8c:ba:7a:ad:5d:60:e6:e1:4e:26:0f:8b:06:ad:
                    50:dd:cb:8e:a2:db:27:b7:3f:7a:7b:66:c3:9a:63:
                    87:a2:48:ab:04:aa:d2:4b:64:c9:b9:93:12:33:a6:
                    44:0c:ac:e1:4f:07:c2:98:41:de:50:75:ee:ab:dd:
                    43:60:01:fc:ce:1c:b5:15:dc:08:2e:12:4d:51:07:
                    64:cd:87:94:08:2b:5f:39:38:b7:ef:eb:8a:7f:47:
                    2d:69:20:bf:c3:8c:24:41:45:74:eb:e9:e8:44:80:
                    db:97:42:fb:2d:9c:cf:fa:88:ba:2d:60:51:42:56:
                    51:b5:fa:ee:94:d9:d2:46:23:ed:c6:49:b0:ed:1f:
                    31:bf:21:e2:44:63:e1:92:4f:31:40:a5:25:1a:ac:
                    73:24:e6:f2:29:97:35:ec:db:4f:1a:0c:78:49:6c:
                    53:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:05:03:A0:E3:22:22:42:28:4F:1A:A9:82:24:76:BC:11:C2:62:20
            X509v3 Authority Key Identifier:
                keyid:63:5D:5B:64:4E:22:FB:48:8E:4D:6C:00:12:B0:AA:BF:23:8E:61:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y11bZE4i-0iOTWwAErCqvyOOYeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/aAUDoOMiIkIoTxqpgiR2vBHCYiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/fe7fc2-41cc-467d-980b-f5af616b5483/1/Y11bZE4i-0iOTWwAErCqvyOOYeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:10:7d:a5:a7:68:59:9a:bb:1c:2e:93:50:ea:0e:be:5d:c7:
         c5:0d:f5:1b:a7:90:05:b5:9f:25:34:a0:fa:e3:0c:3d:eb:34:
         ca:d5:91:e3:ae:c4:09:bc:9f:5c:6a:6a:24:40:44:3a:14:0f:
         2b:6e:fb:83:95:e6:2d:9a:a4:e2:c9:91:79:6a:0a:9b:d5:41:
         94:ad:64:3f:c9:97:d9:70:a5:70:22:63:f7:d8:29:2d:b7:80:
         53:cc:4c:3f:5e:52:6a:98:a6:c2:3e:03:08:86:87:3f:81:4d:
         a7:42:34:fb:84:90:eb:df:fe:28:a6:e9:ef:d7:38:06:a8:30:
         c0:98:b9:71:c9:78:b6:48:11:fb:b7:85:db:1b:e5:d5:c0:d4:
         df:b6:12:4a:35:4f:5e:de:20:07:ae:21:d0:10:ca:fb:20:f5:
         94:3a:85:69:4d:bf:2f:5e:df:8f:1f:68:fe:be:e2:45:d0:64:
         9c:39:31:8c:49:85:cd:1b:ed:5f:61:eb:50:90:c1:07:69:9e:
         ee:00:7c:d1:95:27:57:75:80:86:05:45:45:da:2e:b1:d6:8c:
         9b:5d:65:73:71:89:71:bc:98:49:66:ee:c9:aa:b8:e4:f7:4d:
         9c:9e:9a:af:f3:1e:9d:6f:1d:44:44:49:13:0b:df:26:10:75:
         99:2d:67:dd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd+R7Qfvboy0EzBKKb9IOB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNWQ1YjY0NGUyMmZiNDg4ZTRkNmMwMDEyYjBhYWJmMjM4
ZTYxZTUwHhcNMjUwNjE3MTQyNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA1MDNhMGUzMjIyMjQyMjg0ZjFhYTk4MjI0NzZiYzExYzI2MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1zn33kjVWAnaqSOho9sg1HnGDUI
O024EoKsiTQbaXw/V+XAAJS05oWCXQ1nC4YCmLGwRDNThv+SvPvYHi9MPgv2+NSL
8HfmFPyvs8WPPvqMKCvxy1qHLc/xjLp6rV1g5uFOJg+LBq1Q3cuOotsntz96e2bD
mmOHokirBKrSS2TJuZMSM6ZEDKzhTwfCmEHeUHXuq91DYAH8zhy1FdwILhJNUQdk
zYeUCCtfOTi37+uKf0ctaSC/w4wkQUV06+noRIDbl0L7LZzP+oi6LWBRQlZRtfru
lNnSRiPtxkmw7R8xvyHiRGPhkk8xQKUlGqxzJObyKZc17NtPGgx4SWxTlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGgFA6DjIiJCKE8aqYIkdrwRwmIgMB8GA1UdIwQY
MBaAFGNdW2ROIvtIjk1sABKwqr8jjmHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGIt
ZjVhZjYxNmI1NDgzLzEvYUFVRG9PTWlJa0lvVHhxcGdpUjJ2QkhDWWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9mZTdmYzItNDFjYy00NjdkLTk4MGItZjVhZjYxNmI1NDgz
LzEvWTExYlpFNGktMGlPVFd3QUVyQ3F2eU9PWWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRLADAN
BgkqhkiG9w0BAQsFAAOCAQEARxB9padoWZq7HC6TUOoOvl3HxQ31G6eQBbWfJTSg
+uMMPes0ytWR467ECbyfXGpqJEBEOhQPK277g5XmLZqk4smReWoKm9VBlK1kP8mX
2XClcCJj99gpLbeAU8xMP15Sapimwj4DCIaHP4FNp0I0+4SQ69/+KKbp79c4Bqgw
wJi5ccl4tkgR+7eF2xvl1cDU37YSSjVPXt4gB64h0BDK+yD1lDqFaU2/L17fjx9o
/r7iRdBknDkxjEmFzRvtX2HrUJDBB2me7gB80ZUnV3WAhgVFRdousdaMm11lc3GJ
cbyYSWbuyaq45PdNnJ6ar/MenW8dRERJEwvfJhB1mS1n3Q==
-----END CERTIFICATE-----