Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/L0VpGs_GxUSOMA1fwZuZySgJ1PI.roa
File:                     L0VpGs_GxUSOMA1fwZuZySgJ1PI.roa (raw, json)
Hash identifier:          O1EHUgi0Bm6OonzJb0OjsF+6BbrxTiEKWVNK6NwNcVk=
Subject key identifier:   2F:45:69:1A:CF:C6:C5:44:8E:30:0D:5F:C1:9B:99:C9:28:09:D4:F2
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196B1984D6D692835EE4B5F420E554FC22D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/L0VpGs_GxUSOMA1fwZuZySgJ1PI.roa
Signing time:             Thu 08 May 2025 20:31:10 +0000
ROA not before:           Thu 08 May 2025 20:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209709
IP address blocks:        2a10:b41::/32 maxlen: 32
                          2a13:b4c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:98:4d:6d:69:28:35:ee:4b:5f:42:0e:55:4f:c2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  8 20:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f45691acfc6c5448e300d5fc19b99c92809d4f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1f:c3:3a:ac:71:82:f4:86:a4:bc:1c:b7:3f:
                    28:4b:b0:61:75:1b:d1:c1:ef:74:d5:ab:86:08:85:
                    5f:0d:4e:a9:3b:d4:8d:97:a1:b9:f7:64:32:3a:1b:
                    b8:73:e3:4b:cc:1a:9a:2a:0f:6d:29:81:3a:a6:ab:
                    26:b3:a6:be:c8:71:3c:fe:d3:95:71:68:93:7a:d1:
                    7b:ac:83:a6:27:55:34:30:54:10:53:58:c4:21:37:
                    ea:57:4d:6b:a1:83:d7:f9:79:58:a8:c6:93:38:e1:
                    ca:6d:4d:8a:da:9d:60:f7:68:e4:de:0a:60:c9:43:
                    24:44:7b:33:4b:dd:87:10:cc:c8:21:1d:92:1c:41:
                    44:cc:8f:1a:d8:2a:ca:ae:3a:63:0f:57:c1:4e:c4:
                    40:8e:f5:56:68:96:0a:76:9c:f3:31:aa:8e:02:14:
                    cf:54:27:a5:de:74:6e:98:a6:b6:12:80:d5:ae:60:
                    fe:94:54:40:58:e2:d5:5a:a8:50:29:c2:21:f7:fb:
                    04:80:ed:1d:bc:c9:fc:e2:b7:c0:27:5e:0c:64:f1:
                    50:f2:79:2e:61:ad:fa:19:01:5d:97:28:8b:b5:d6:
                    14:fd:c9:48:57:66:1b:e3:07:28:24:a3:98:d2:70:
                    ed:93:38:eb:7a:7c:bc:16:5a:0e:0a:0f:9e:5c:09:
                    a5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:45:69:1A:CF:C6:C5:44:8E:30:0D:5F:C1:9B:99:C9:28:09:D4:F2
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/L0VpGs_GxUSOMA1fwZuZySgJ1PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b41::/32
                  2a13:b4c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:99:49:4a:f1:4d:c1:a4:14:05:8b:a4:c8:ed:9c:07:f5:f7:
         45:67:ae:49:f9:4e:f2:e5:92:d4:e3:41:d3:17:c1:a5:26:68:
         66:41:30:af:35:64:be:34:8d:8b:c5:2e:36:fd:d9:ec:f9:6d:
         03:c5:17:df:e4:95:a9:79:62:b4:14:1e:df:ab:a6:24:67:d6:
         92:78:2e:cd:73:8a:47:83:e5:f1:d3:1c:6d:5e:c1:5d:2c:ae:
         97:c5:ff:fc:e7:3d:70:06:1c:ae:0d:19:8d:e9:7a:74:08:c7:
         7e:ec:f9:7c:14:b2:83:2b:58:92:45:18:80:ca:25:ea:1b:fb:
         50:da:81:74:b4:fb:6d:08:ec:87:14:a5:3a:ba:de:a4:af:3c:
         44:30:ee:89:04:f7:f3:96:b3:30:64:51:fa:a8:a5:23:93:08:
         6c:34:dd:5c:ab:15:e7:1e:94:7e:a8:a7:51:50:b0:32:1e:c0:
         ac:99:61:55:ab:24:7a:53:c7:d5:24:c1:ec:6f:0d:59:f8:be:
         a0:7e:1a:84:5a:ba:49:e5:fa:9b:bb:68:83:bf:72:c8:e7:e8:
         62:39:a5:1e:b8:9a:b7:b4:fd:a9:1b:1e:50:4a:82:08:5a:0d:
         ae:03:c2:3d:3a:b2:0c:aa:ff:0f:cf:40:aa:ba:bd:b3:88:bc:
         e3:81:c0:ac
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZaxmE1taSg17ktfQg5VT8ItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTA4MjAzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjQ1NjkxYWNmYzZjNTQ0OGUzMDBkNWZjMTliOTljOTI4MDlkNGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR/DOqxxgvSGpLwctz8oS7BhdRvR
we901auGCIVfDU6pO9SNl6G592QyOhu4c+NLzBqaKg9tKYE6pqsms6a+yHE8/tOV
cWiTetF7rIOmJ1U0MFQQU1jEITfqV01roYPX+XlYqMaTOOHKbU2K2p1g92jk3gpg
yUMkRHszS92HEMzIIR2SHEFEzI8a2CrKrjpjD1fBTsRAjvVWaJYKdpzzMaqOAhTP
VCel3nRumKa2EoDVrmD+lFRAWOLVWqhQKcIh9/sEgO0dvMn84rfAJ14MZPFQ8nku
Ya36GQFdlyiLtdYU/clIV2Yb4wcoJKOY0nDtkzjreny8FloOCg+eXAml8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC9FaRrPxsVEjjANX8GbmckoCdTyMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTDBWcEdzX0d4VVNPTUExZndadVp5U2dKMVBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhALQQMF
ACoTtMUwDQYJKoZIhvcNAQELBQADggEBACGZSUrxTcGkFAWLpMjtnAf190Vnrkn5
TvLlktTjQdMXwaUmaGZBMK81ZL40jYvFLjb92ez5bQPFF9/klal5YrQUHt+rpiRn
1pJ4Ls1zikeD5fHTHG1ewV0srpfF//znPXAGHK4NGY3penQIx37s+XwUsoMrWJJF
GIDKJeob+1DagXS0+20I7IcUpTq63qSvPEQw7okE9/OWszBkUfqopSOTCGw03Vyr
FecelH6op1FQsDIewKyZYVWrJHpTx9UkwexvDVn4vqB+GoRauknl+pu7aIO/csjn
6GI5pR64mre0/akbHlBKgghaDa4Dwj06sgyq/w/PQKq6vbOIvOOBwKw=
-----END CERTIFICATE-----