Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/OlWQuPFKSNi-lMPuSHyeoXkQb1w.roa
File:                     OlWQuPFKSNi-lMPuSHyeoXkQb1w.roa (raw, json)
Hash identifier:          cPpAXv2T/mpO/pOXyDcOC/7/aCX4i9BnU0WoNi0AiHM=
Subject key identifier:   3A:55:90:B8:F1:4A:48:D8:BE:94:C3:EE:48:7C:9E:A1:79:10:6F:5C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196B19A2209ED06EF5A77DF98C70B0D9FB3
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/OlWQuPFKSNi-lMPuSHyeoXkQb1w.roa
Signing time:             Thu 08 May 2025 20:33:10 +0000
ROA not before:           Thu 08 May 2025 20:33:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264749
IP address blocks:        2a10:b47::/32 maxlen: 32
                          2a13:b4c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:9a:22:09:ed:06:ef:5a:77:df:98:c7:0b:0d:9f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  8 20:33:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a5590b8f14a48d8be94c3ee487c9ea179106f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f7:05:26:84:e0:c6:25:ea:da:a9:f8:96:cf:
                    71:da:10:58:8b:80:05:80:e9:24:1b:41:df:3d:70:
                    5f:53:d1:4f:b7:7d:17:13:3d:64:b2:4f:8a:ca:af:
                    ee:91:29:3f:45:e4:ad:5a:68:2a:c3:80:ea:4e:71:
                    33:85:da:de:e8:61:e6:93:54:b9:08:a1:96:d8:1f:
                    15:d8:e0:04:63:c4:3b:05:15:f0:6e:2c:23:8f:04:
                    7c:a3:13:c0:8e:03:70:27:92:ba:48:96:5b:18:1c:
                    b5:8f:b8:fe:2a:62:ee:97:ba:af:40:40:20:24:b3:
                    f9:9d:1f:79:48:e7:a8:f8:44:f4:4e:be:87:30:a7:
                    22:a3:e7:76:1f:83:c8:87:11:c7:ca:27:a4:08:7a:
                    44:22:be:ff:51:71:59:25:3e:25:d3:11:24:cd:f5:
                    44:30:99:3b:2b:9f:a5:25:df:a5:72:eb:f1:83:71:
                    5a:25:ce:19:b0:c5:ed:96:81:8b:4c:69:83:a8:4d:
                    b0:b3:2c:9c:d5:2e:ae:ac:d1:43:73:6f:56:9f:21:
                    dd:ae:ce:5c:50:e8:36:b0:0a:46:11:94:44:0a:90:
                    55:3a:7d:e3:78:01:bd:ca:4f:fb:25:cd:31:a2:d7:
                    d1:43:f7:30:57:39:f1:a6:b7:af:66:b5:36:b6:9c:
                    b0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:55:90:B8:F1:4A:48:D8:BE:94:C3:EE:48:7C:9E:A1:79:10:6F:5C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/OlWQuPFKSNi-lMPuSHyeoXkQb1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b47::/32
                  2a13:b4c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:f7:06:72:41:fb:f1:37:0d:22:eb:a9:ab:6d:97:c3:49:17:
         e5:51:4f:0e:c3:39:c8:d3:63:7c:79:45:d7:ee:db:4a:91:e2:
         a5:d6:63:d9:a7:76:b0:1c:2b:a2:64:19:46:23:30:fc:5e:4b:
         1d:18:d9:96:dd:75:d0:7f:c4:bc:ec:ef:1f:73:88:ac:3c:b6:
         3f:85:59:86:9d:b0:0a:a0:30:11:b5:d7:df:6f:bf:46:12:7a:
         9d:79:32:01:14:d8:93:0a:fd:a7:6c:a6:0c:83:88:a3:3f:a7:
         69:e5:6b:5b:c4:6e:9e:4e:ed:9b:12:d2:30:10:a5:46:c5:02:
         91:56:d2:e0:80:b3:bb:e2:3a:13:0c:90:5a:fd:3e:2f:50:88:
         23:ab:50:2c:b2:cb:d4:7b:08:10:fb:db:43:2f:c7:7d:e8:fa:
         0c:0d:60:62:81:8d:5d:77:2a:79:a4:48:db:61:52:6a:2a:93:
         de:c0:27:98:6f:51:14:36:1d:b6:da:8e:9a:c8:4d:fe:99:d3:
         d4:2a:61:7a:1a:31:1c:d8:2d:57:bf:64:10:22:7a:ad:33:bc:
         19:5a:2d:d6:9d:85:fb:f0:76:b6:7b:59:ee:88:94:17:f2:2f:
         54:1f:0b:6d:73:96:13:19:31:db:04:d8:69:85:7a:24:a3:c2:
         11:eb:de:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZaxmiIJ7QbvWnffmMcLDZ+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTA4MjAzMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTU1OTBiOGYxNGE0OGQ4YmU5NGMzZWU0ODdjOWVhMTc5MTA2ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fcFJoTgxiXq2qn4ls9x2hBYi4AF
gOkkG0HfPXBfU9FPt30XEz1ksk+Kyq/ukSk/ReStWmgqw4DqTnEzhdre6GHmk1S5
CKGW2B8V2OAEY8Q7BRXwbiwjjwR8oxPAjgNwJ5K6SJZbGBy1j7j+KmLul7qvQEAg
JLP5nR95SOeo+ET0Tr6HMKcio+d2H4PIhxHHyiekCHpEIr7/UXFZJT4l0xEkzfVE
MJk7K5+lJd+lcuvxg3FaJc4ZsMXtloGLTGmDqE2wsyyc1S6urNFDc29WnyHdrs5c
UOg2sApGEZRECpBVOn3jeAG9yk/7Jc0xotfRQ/cwVznxprevZrU2tpywxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDpVkLjxSkjYvpTD7kh8nqF5EG9cMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvT2xXUXVQRktTTmktbE1QdVNIeWVvWGtRYjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhALRwMF
ACoTtMMwDQYJKoZIhvcNAQELBQADggEBAJj3BnJB+/E3DSLrqattl8NJF+VRTw7D
OcjTY3x5Rdfu20qR4qXWY9mndrAcK6JkGUYjMPxeSx0Y2ZbdddB/xLzs7x9ziKw8
tj+FWYadsAqgMBG1199vv0YSep15MgEU2JMK/adspgyDiKM/p2nla1vEbp5O7ZsS
0jAQpUbFApFW0uCAs7viOhMMkFr9Pi9QiCOrUCyyy9R7CBD720Mvx33o+gwNYGKB
jV13KnmkSNthUmoqk97AJ5hvURQ2HbbajprITf6Z09QqYXoaMRzYLVe/ZBAieq0z
vBlaLdadhfvwdrZ7We6IlBfyL1QfC21zlhMZMdsE2GmFeiSjwhHr3sM=
-----END CERTIFICATE-----