Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EnHEFF2Xjzw5L5EqvvSME5fOTv8.roa
File:                     EnHEFF2Xjzw5L5EqvvSME5fOTv8.roa (raw, json)
Hash identifier:          JZD7XBAgyej1quFpFTHaQGuxmn5/PvzAVzAiu4gxdSU=
Subject key identifier:   12:71:C4:14:5D:97:8F:3C:39:2F:91:2A:BE:F4:8C:13:97:CE:4E:FF
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197A335CA4BD9AAC184BAC4B65457C48165
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EnHEFF2Xjzw5L5EqvvSME5fOTv8.roa
Signing time:             Tue 24 Jun 2025 18:31:40 +0000
ROA not before:           Tue 24 Jun 2025 18:31:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a13:c340::/29 maxlen: 29
                          2a13:c3c0::/29 maxlen: 29
                          2a14:42c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a3:35:ca:4b:d9:aa:c1:84:ba:c4:b6:54:57:c4:81:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 24 18:31:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1271c4145d978f3c392f912abef48c1397ce4eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d6:68:8e:de:36:66:4c:3a:d2:4d:16:3c:db:
                    20:7a:a3:a1:ea:5c:53:b9:d1:0e:cf:a7:19:f1:74:
                    76:59:7d:b2:ea:bb:cc:03:06:28:88:a1:bf:1a:f1:
                    b4:ef:9a:29:62:f1:46:b4:a8:23:fe:e9:8c:80:93:
                    99:2f:00:b4:d1:2f:b6:07:1d:d7:f4:fa:80:be:75:
                    ca:60:f5:ed:30:bf:6d:d0:cd:ac:0d:df:d4:d8:d2:
                    c7:99:8d:cd:42:1d:e5:21:da:d0:b7:97:93:23:f7:
                    bb:16:00:be:8e:c9:6f:76:02:f0:a9:5a:55:f6:e6:
                    71:a2:d5:3e:31:54:a2:65:f2:07:e9:11:29:40:3a:
                    5f:d8:9c:b8:d3:9c:d5:f1:7c:e3:98:fd:7d:fd:ab:
                    8d:b1:33:91:ab:39:47:ed:ab:f4:a7:54:a1:a7:55:
                    82:f1:60:37:11:7f:f0:c4:ef:98:26:e3:9c:de:77:
                    3e:da:58:53:be:a5:8f:28:12:10:c6:a4:fe:61:89:
                    ec:29:d1:05:bb:e3:b6:7d:b6:24:4f:f3:27:68:42:
                    57:92:5f:71:56:fa:86:33:de:73:0c:f2:b5:54:dd:
                    4d:17:0f:4f:fd:82:d9:96:6c:9d:83:88:85:7a:a2:
                    dc:b7:d9:0a:d1:58:d8:3b:01:2f:6f:44:7d:d3:5c:
                    36:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:71:C4:14:5D:97:8F:3C:39:2F:91:2A:BE:F4:8C:13:97:CE:4E:FF
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EnHEFF2Xjzw5L5EqvvSME5fOTv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c340::/29
                  2a13:c3c0::/29
                  2a14:42c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:aa:4f:58:fc:42:89:7d:5e:90:cd:97:68:c0:57:c8:04:e5:
         cd:69:ea:74:38:19:a5:09:eb:37:7d:a0:4a:b2:03:0f:39:60:
         2c:9d:2d:57:cd:d7:61:3f:08:13:07:14:09:e5:a0:74:7d:53:
         4b:f8:bc:04:25:ec:cc:55:71:e5:24:77:28:4f:53:70:51:19:
         64:2e:6a:e1:2a:1a:5e:37:f9:ec:d1:2d:7e:54:2b:f8:3b:28:
         b6:5f:17:2b:7d:3c:64:a7:d6:80:0e:7c:a8:4c:c6:e7:49:8f:
         08:e9:d2:20:d3:1e:75:18:44:00:f6:20:5a:e8:db:4a:60:92:
         b6:ed:dc:c5:53:0e:4d:ef:7f:95:59:78:bf:06:fe:8d:98:ba:
         9a:1a:d2:39:a3:64:b5:5a:91:3d:ce:2c:8d:89:32:7b:42:ab:
         c8:96:83:e0:82:50:91:15:a9:8c:d5:e1:07:2c:6a:cb:7b:d9:
         70:7c:6d:a2:ef:94:ec:47:1b:72:ed:5d:31:fd:93:53:39:2b:
         ee:d6:d7:2b:25:0e:dd:02:56:e7:f4:d1:ba:f0:b5:0c:d7:cc:
         5c:d5:45:25:f9:13:4f:61:35:bc:92:b7:a3:d8:4d:78:a8:2d:
         fb:38:71:f7:43:47:9c:43:29:29:fd:00:88:e4:c5:38:34:30:
         38:07:65:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZejNcpL2arBhLrEtlRXxIFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjI0MTgzMTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjcxYzQxNDVkOTc4ZjNjMzkyZjkxMmFiZWY0OGMxMzk3Y2U0ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdZojt42Zkw60k0WPNsgeqOh6lxT
udEOz6cZ8XR2WX2y6rvMAwYoiKG/GvG075opYvFGtKgj/umMgJOZLwC00S+2Bx3X
9PqAvnXKYPXtML9t0M2sDd/U2NLHmY3NQh3lIdrQt5eTI/e7FgC+jslvdgLwqVpV
9uZxotU+MVSiZfIH6REpQDpf2Jy405zV8XzjmP19/auNsTORqzlH7av0p1Shp1WC
8WA3EX/wxO+YJuOc3nc+2lhTvqWPKBIQxqT+YYnsKdEFu+O2fbYkT/MnaEJXkl9x
VvqGM95zDPK1VN1NFw9P/YLZlmydg4iFeqLct9kK0VjYOwEvb0R901w2SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBJxxBRdl488OS+RKr70jBOXzk7/MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRW5IRUZGMlhqenc1TDVFcXZ2U01FNWZPVHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhPDQAMF
AyoTw8ADBQMqFELAMA0GCSqGSIb3DQEBCwUAA4IBAQBCqk9Y/EKJfV6QzZdowFfI
BOXNaep0OBmlCes3faBKsgMPOWAsnS1XzddhPwgTBxQJ5aB0fVNL+LwEJezMVXHl
JHcoT1NwURlkLmrhKhpeN/ns0S1+VCv4Oyi2XxcrfTxkp9aADnyoTMbnSY8I6dIg
0x51GEQA9iBa6NtKYJK27dzFUw5N73+VWXi/Bv6NmLqaGtI5o2S1WpE9ziyNiTJ7
QqvIloPgglCRFamM1eEHLGrLe9lwfG2i75TsRxty7V0x/ZNTOSvu1tcrJQ7dAlbn
9NG68LUM18xc1UUl+RNPYTW8krej2E14qC37OHH3Q0ecQykp/QCI5MU4NDA4B2UY
-----END CERTIFICATE-----