Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GekOQSRgaOq2ZMppSTi9JC4xr5c.roa
File:                     GekOQSRgaOq2ZMppSTi9JC4xr5c.roa (raw, json)
Hash identifier:          +xllFqhGaEr3x2j2aZdOO9FiBxWmNKtqHeZi5tWloaU=
Subject key identifier:   19:E9:0E:41:24:60:68:EA:B6:64:CA:69:49:38:BD:24:2E:31:AF:97
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DB8E63EE70278E031B038AA281966B4
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GekOQSRgaOq2ZMppSTi9JC4xr5c.roa
Signing time:             Tue 17 Jun 2025 11:49:18 +0000
ROA not before:           Tue 17 Jun 2025 11:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209709
IP address blocks:        2a10:b41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:b8:e6:3e:e7:02:78:e0:31:b0:38:aa:28:19:66:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19e90e41246068eab664ca694938bd242e31af97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ee:3b:ff:62:a7:4a:26:1d:bd:57:f3:28:81:
                    51:b1:8a:f3:f3:18:4c:dc:ed:20:89:d7:ec:7e:9d:
                    3d:bb:6c:a9:3a:6d:19:75:42:ab:7e:9c:65:5b:0c:
                    5b:53:92:09:ba:2e:f0:80:9f:f4:1b:d3:31:76:60:
                    24:30:47:14:64:c1:ac:73:1d:83:40:09:fb:01:c1:
                    5b:22:77:0f:87:e4:e8:91:0b:90:24:4a:e9:22:af:
                    c7:82:a2:a3:87:ec:aa:f7:8e:9e:15:d4:16:58:05:
                    97:d5:1f:b4:7d:28:01:69:39:43:ac:0a:15:26:3d:
                    5d:0c:cc:b4:9d:5d:52:84:b5:1a:70:95:da:a7:6e:
                    1c:fc:a0:3b:b8:b5:df:51:c6:94:46:63:4a:25:63:
                    ba:06:29:47:1b:9e:6d:b7:a8:27:ce:e1:03:8c:cb:
                    8e:3c:fe:eb:fa:eb:3d:a4:70:00:00:a6:ea:49:99:
                    ad:2b:b4:cb:56:1a:ac:1e:02:d6:48:8c:f4:89:f4:
                    8a:ff:5d:6b:4c:e5:1d:20:25:c0:52:c4:6b:db:3e:
                    cc:2e:4a:84:9b:27:a0:f5:05:24:25:c4:62:54:ef:
                    bb:08:d9:ad:af:33:87:47:4b:22:44:df:f9:14:a3:
                    6d:4a:4a:96:36:ee:8b:72:f9:a1:e9:ce:0f:21:78:
                    27:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E9:0E:41:24:60:68:EA:B6:64:CA:69:49:38:BD:24:2E:31:AF:97
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GekOQSRgaOq2ZMppSTi9JC4xr5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b41::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:5b:fb:74:41:d2:1b:4f:f4:1d:3a:1b:fb:77:33:2b:3c:ad:
         4d:67:1a:f3:ef:9a:c5:3e:1c:2f:85:c1:00:e5:ce:18:04:e0:
         5a:f8:3e:39:29:7e:6d:27:d6:9d:f2:66:e5:aa:53:d4:f6:2c:
         ca:c5:0f:e0:f8:a8:37:7c:9f:fc:34:db:fe:08:5a:72:a5:a7:
         72:89:7e:b5:2f:8e:60:ff:1e:43:63:ff:b9:22:c9:67:7c:29:
         94:a2:c3:c1:6a:96:60:f4:ad:9f:55:57:30:2a:62:62:c4:3b:
         2c:a1:75:00:24:ed:38:0a:53:29:1d:f0:4d:ef:0c:c6:1f:0e:
         b0:a8:a1:d0:5b:24:e4:44:9b:12:3b:73:55:9d:0f:98:b1:2d:
         fd:bf:f5:54:a1:b6:82:50:0e:61:81:94:e9:5c:c4:e0:64:29:
         d2:e1:19:83:8f:de:80:65:52:8e:f3:9b:c1:64:24:cb:b0:25:
         e3:aa:bc:60:8e:97:4f:90:65:74:31:b5:63:bb:f9:b1:3d:9b:
         90:d9:53:7b:0d:d9:d1:fb:82:a8:51:f7:b7:9f:9e:1e:40:1b:
         74:fc:d1:7e:61:ed:27:7c:40:54:3d:5e:0b:1b:15:ef:b8:30:
         21:a2:75:f9:07:cb:33:66:c5:18:c5:11:af:fc:da:40:4b:7c:
         c0:ef:29:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9uOY+5wJ44DGwOKooGWa0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU5MGU0MTI0NjA2OGVhYjY2NGNhNjk0OTM4YmQyNDJlMzFhZjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnO47/2KnSiYdvVfzKIFRsYrz8xhM
3O0gidfsfp09u2ypOm0ZdUKrfpxlWwxbU5IJui7wgJ/0G9MxdmAkMEcUZMGscx2D
QAn7AcFbIncPh+TokQuQJErpIq/HgqKjh+yq946eFdQWWAWX1R+0fSgBaTlDrAoV
Jj1dDMy0nV1ShLUacJXap24c/KA7uLXfUcaURmNKJWO6BilHG55tt6gnzuEDjMuO
PP7r+us9pHAAAKbqSZmtK7TLVhqsHgLWSIz0ifSK/11rTOUdICXAUsRr2z7MLkqE
myeg9QUkJcRiVO+7CNmtrzOHR0siRN/5FKNtSkqWNu6Lcvmh6c4PIXgnqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBnpDkEkYGjqtmTKaUk4vSQuMa+XMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvR2VrT1FTUmdhT3EyWk1wcFNUaTlKQzR4cjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhALQTAN
BgkqhkiG9w0BAQsFAAOCAQEAklv7dEHSG0/0HTob+3czKzytTWca8++axT4cL4XB
AOXOGATgWvg+OSl+bSfWnfJm5apT1PYsysUP4PioN3yf/DTb/ghacqWncol+tS+O
YP8eQ2P/uSLJZ3wplKLDwWqWYPStn1VXMCpiYsQ7LKF1ACTtOApTKR3wTe8Mxh8O
sKih0Fsk5ESbEjtzVZ0PmLEt/b/1VKG2glAOYYGU6VzE4GQp0uEZg4/egGVSjvOb
wWQky7Al46q8YI6XT5BldDG1Y7v5sT2bkNlTew3Z0fuCqFH3t5+eHkAbdPzRfmHt
J3xAVD1eCxsV77gwIaJ1+QfLM2bFGMURr/zaQEt8wO8pJw==
-----END CERTIFICATE-----