Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Ko5oG0LYnDzo0SVoHeRWkNvoEI0.roa
File:                     Ko5oG0LYnDzo0SVoHeRWkNvoEI0.roa (raw, json)
Hash identifier:          ZhLG/3FboYxknh7cCrQ/cwrV84RLuLZcALl+FoNJ6Yw=
Subject key identifier:   2A:8E:68:1B:42:D8:9C:3C:E8:D1:25:68:1D:E4:56:90:DB:E8:10:8D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196B1984D0A0A318E944E8E81C6C50077B4
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Ko5oG0LYnDzo0SVoHeRWkNvoEI0.roa
Signing time:             Thu 08 May 2025 20:31:10 +0000
ROA not before:           Thu 08 May 2025 20:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206847
IP address blocks:        2a10:b40::/32 maxlen: 32
                          2a13:b4c4::/32 maxlen: 32
                          2a13:c241:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:98:4d:0a:0a:31:8e:94:4e:8e:81:c6:c5:00:77:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  8 20:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a8e681b42d89c3ce8d125681de45690dbe8108d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b5:35:5c:af:84:18:e9:77:e4:0e:bb:21:0a:
                    7d:1b:63:ec:43:fa:4c:f0:cf:cc:c9:3a:37:c4:71:
                    db:9b:7c:80:5b:d5:38:d1:4e:13:16:e0:3f:97:8f:
                    0a:72:50:58:d3:16:af:f1:52:e0:d0:5a:69:83:ac:
                    55:85:b7:79:fe:b0:a2:76:0f:31:64:e7:5b:86:21:
                    59:57:b9:83:cf:a0:00:50:4b:23:3e:03:aa:29:bd:
                    30:95:7c:cd:9a:fb:da:1c:f5:ce:f4:89:59:9b:76:
                    01:30:c5:89:62:7e:fe:6e:99:1e:9e:72:6f:57:6c:
                    be:3e:7e:e1:fd:60:df:a5:59:6c:b5:35:ec:d4:9b:
                    a9:93:09:e6:39:96:d7:49:50:c2:11:5f:57:a5:aa:
                    a1:06:ee:7b:83:67:db:bc:93:a5:e5:53:d0:d3:0c:
                    2f:2e:99:3f:f2:99:32:42:85:4b:de:c6:2b:50:c6:
                    14:4b:ff:3d:d2:b8:76:8d:ea:4e:8e:d1:65:04:3c:
                    9e:40:3b:91:1e:a6:07:1b:24:b4:04:b4:3c:df:5b:
                    84:75:15:cb:f9:75:da:23:63:ba:d9:47:f7:04:01:
                    64:35:be:0d:f2:e7:f1:f7:ea:63:41:50:e4:c0:a3:
                    42:f3:a3:72:db:a3:5a:9f:a9:fb:b3:e7:da:f4:6a:
                    c9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:8E:68:1B:42:D8:9C:3C:E8:D1:25:68:1D:E4:56:90:DB:E8:10:8D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Ko5oG0LYnDzo0SVoHeRWkNvoEI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b40::/32
                  2a13:b4c4::/32
                  2a13:c241:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         15:51:82:e3:48:41:df:53:f8:19:6f:b7:af:bd:8b:dd:12:50:
         f2:bc:8c:51:2b:11:b9:02:e9:16:8f:62:62:3b:50:32:4d:97:
         f8:f8:86:c8:4b:25:c3:ea:de:b7:91:90:9c:36:9a:1e:69:15:
         91:6c:ce:0e:88:54:1c:e4:89:66:cb:da:e5:fd:00:a8:d6:b2:
         71:8b:7c:4b:29:94:23:eb:4c:be:2e:6c:7b:e9:24:a6:5f:a9:
         b8:05:6d:4e:17:16:8c:5b:f0:6d:52:3e:2a:90:ba:09:6f:a6:
         31:80:14:64:78:44:e2:f9:23:b0:e6:30:d8:c3:c5:02:45:df:
         de:70:c4:0e:43:8d:fe:fc:a7:e0:4d:52:cf:e9:1f:69:29:8e:
         57:e7:08:b3:19:15:10:ff:7a:30:0c:df:61:89:a3:45:55:3c:
         c0:c6:ae:38:a5:be:48:6e:93:20:62:73:28:5f:01:b4:78:a1:
         15:a4:3f:0d:be:3d:4f:30:49:84:1f:ed:fe:f4:07:a9:13:9f:
         09:cc:f5:8e:74:70:d4:c7:9f:a1:3a:9b:a8:55:8b:e4:50:a0:
         91:86:9a:e8:65:ec:5e:79:2f:ae:57:a1:e6:7e:1f:74:02:ac:
         19:e5:57:be:ee:64:71:4b:2e:cd:83:e5:da:30:ab:55:5a:16:
         c7:d6:f3:d8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZaxmE0KCjGOlE6OgcbFAHe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTA4MjAzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYThlNjgxYjQyZDg5YzNjZThkMTI1NjgxZGU0NTY5MGRiZTgxMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbU1XK+EGOl35A67IQp9G2PsQ/pM
8M/MyTo3xHHbm3yAW9U40U4TFuA/l48KclBY0xav8VLg0Fppg6xVhbd5/rCidg8x
ZOdbhiFZV7mDz6AAUEsjPgOqKb0wlXzNmvvaHPXO9IlZm3YBMMWJYn7+bpkennJv
V2y+Pn7h/WDfpVlstTXs1JupkwnmOZbXSVDCEV9XpaqhBu57g2fbvJOl5VPQ0wwv
Lpk/8pkyQoVL3sYrUMYUS/890rh2jepOjtFlBDyeQDuRHqYHGyS0BLQ831uEdRXL
+XXaI2O62Uf3BAFkNb4N8ufx9+pjQVDkwKNC86Ny26Nan6n7s+fa9GrJmQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCqOaBtC2Jw86NElaB3kVpDb6BCNMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvS281b0cwTFluRHpvMFNWb0hlUldrTnZvRUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAcBAIAAjAWAwUAKhALQAMF
ACoTtMQDBgcqE8JBgDANBgkqhkiG9w0BAQsFAAOCAQEAFVGC40hB31P4GW+3r72L
3RJQ8ryMUSsRuQLpFo9iYjtQMk2X+PiGyEslw+ret5GQnDaaHmkVkWzODohUHOSJ
Zsva5f0AqNaycYt8SymUI+tMvi5se+kkpl+puAVtThcWjFvwbVI+KpC6CW+mMYAU
ZHhE4vkjsOYw2MPFAkXf3nDEDkON/vyn4E1Sz+kfaSmOV+cIsxkVEP96MAzfYYmj
RVU8wMauOKW+SG6TIGJzKF8BtHihFaQ/Db49TzBJhB/t/vQHqROfCcz1jnRw1Mef
oTqbqFWL5FCgkYaa6GXsXnkvrleh5n4fdAKsGeVXvu5kcUsuzYPl2jCrVVoWx9bz
2A==
-----END CERTIFICATE-----