Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/U4OmDOgBxKAxTCrY78PKeh7uXT8.roa
File:                     U4OmDOgBxKAxTCrY78PKeh7uXT8.roa (raw, json)
Hash identifier:          pStFNA55gv886y6AlH7D54kcH2MnnTZPm3WG1ltgp/U=
Subject key identifier:   53:83:A6:0C:E8:01:C4:A0:31:4C:2A:D8:EF:C3:CA:7A:1E:EE:5D:3F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196B1993754C7A3C83A947E1C489A80C616
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/U4OmDOgBxKAxTCrY78PKeh7uXT8.roa
Signing time:             Thu 08 May 2025 20:32:10 +0000
ROA not before:           Thu 08 May 2025 20:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39690
IP address blocks:        2a10:b44::/32 maxlen: 32
                          2a13:b4c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:99:37:54:c7:a3:c8:3a:94:7e:1c:48:9a:80:c6:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  8 20:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5383a60ce801c4a0314c2ad8efc3ca7a1eee5d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:65:43:63:72:9d:1e:d5:01:93:c8:af:c9:d8:
                    0a:90:51:71:c0:48:46:62:84:b4:74:e2:bc:98:79:
                    1a:e4:75:84:a0:d9:d6:e6:25:4f:c1:50:72:27:03:
                    33:5b:bc:58:f3:d6:08:04:d1:52:38:b8:15:04:b2:
                    14:72:fd:e0:5d:14:97:c3:f2:bd:82:b9:10:ef:5d:
                    5a:14:26:d8:5e:2a:7f:d6:d3:e7:ba:e1:da:38:7b:
                    f5:55:a9:bb:b5:35:b7:08:45:2a:05:65:85:e3:ba:
                    2e:f8:f5:a8:56:9c:f2:fb:a7:a1:df:95:13:86:55:
                    79:66:96:ed:df:a4:c8:cb:63:01:9b:f1:12:c9:84:
                    88:b3:5d:51:a6:24:e8:bd:dc:d6:36:73:b3:65:be:
                    d9:fd:9b:d2:71:67:e7:7e:50:f6:b0:8c:dd:f1:ee:
                    c1:18:1d:9e:a1:7e:ef:44:39:34:f9:ad:c1:14:25:
                    fe:24:24:36:ea:62:ac:9c:4e:a5:44:77:60:93:db:
                    1a:11:0e:d5:ca:18:d1:1c:08:fd:b9:a0:73:f6:f0:
                    12:e8:32:43:8c:7d:fe:3f:b6:20:d9:4c:6c:7b:ab:
                    26:40:2d:a5:ad:e5:47:3e:ae:53:26:12:76:bf:f1:
                    70:4d:22:37:bf:49:c6:ec:e7:28:98:50:dd:cb:05:
                    36:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:83:A6:0C:E8:01:C4:A0:31:4C:2A:D8:EF:C3:CA:7A:1E:EE:5D:3F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/U4OmDOgBxKAxTCrY78PKeh7uXT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b44::/32
                  2a13:b4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:67:b9:6f:44:84:6f:54:8c:a7:7c:b7:81:62:39:47:c2:02:
         c0:00:dd:e3:3f:8e:c7:cb:06:14:f0:e2:9d:bc:ba:96:e0:bd:
         6d:64:e6:ab:46:68:09:0f:38:8a:52:81:8b:db:72:fe:8e:57:
         cf:30:12:62:96:6a:97:e4:97:1f:2f:82:d9:c3:78:40:fe:f3:
         0c:7d:17:81:8f:e9:f0:d6:7d:75:81:b8:c9:b5:c3:eb:78:ea:
         d3:a7:80:b6:c4:87:5f:60:f0:db:c3:80:79:7b:7f:83:6d:97:
         67:91:c0:77:64:ae:9a:1d:73:07:53:4d:82:60:a0:7b:76:37:
         80:53:5a:4c:5b:b1:b3:5c:b1:29:84:e5:bc:b9:8e:b2:11:54:
         d5:f5:62:19:a1:7c:c9:0b:75:e2:48:5f:19:10:93:e6:36:3b:
         64:13:8c:dd:f1:ad:b1:6f:b8:77:d4:30:ba:79:0a:b7:a2:36:
         39:15:9c:0a:20:f3:87:ef:02:ce:6f:7f:30:51:5b:a5:8f:f3:
         af:d5:e2:0c:5e:a3:1e:ec:1c:5d:96:2f:f4:0c:f4:40:a1:c1:
         2f:e2:be:b9:6a:33:56:de:68:5b:2f:bb:f5:94:96:df:48:24:
         a1:67:3d:2a:fa:a8:80:b3:64:12:f2:94:22:b3:6d:ee:87:e0:
         26:91:a5:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZaxmTdUx6PIOpR+HEiagMYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTA4MjAzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzgzYTYwY2U4MDFjNGEwMzE0YzJhZDhlZmMzY2E3YTFlZWU1ZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWVDY3KdHtUBk8ivydgKkFFxwEhG
YoS0dOK8mHka5HWEoNnW5iVPwVByJwMzW7xY89YIBNFSOLgVBLIUcv3gXRSXw/K9
grkQ711aFCbYXip/1tPnuuHaOHv1Vam7tTW3CEUqBWWF47ou+PWoVpzy+6eh35UT
hlV5Zpbt36TIy2MBm/ESyYSIs11RpiTovdzWNnOzZb7Z/ZvScWfnflD2sIzd8e7B
GB2eoX7vRDk0+a3BFCX+JCQ26mKsnE6lRHdgk9saEQ7VyhjRHAj9uaBz9vAS6DJD
jH3+P7Yg2Uxse6smQC2lreVHPq5TJhJ2v/FwTSI3v0nG7OcomFDdywU29QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFODpgzoAcSgMUwq2O/Dynoe7l0/MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVTRPbURPZ0J4S0F4VENyWTc4UEtlaDd1WFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhALRAMF
ACoTtMAwDQYJKoZIhvcNAQELBQADggEBAJFnuW9EhG9UjKd8t4FiOUfCAsAA3eM/
jsfLBhTw4p28upbgvW1k5qtGaAkPOIpSgYvbcv6OV88wEmKWapfklx8vgtnDeED+
8wx9F4GP6fDWfXWBuMm1w+t46tOngLbEh19g8NvDgHl7f4Ntl2eRwHdkrpodcwdT
TYJgoHt2N4BTWkxbsbNcsSmE5by5jrIRVNX1YhmhfMkLdeJIXxkQk+Y2O2QTjN3x
rbFvuHfUMLp5CreiNjkVnAog84fvAs5vfzBRW6WP86/V4gxeox7sHF2WL/QM9ECh
wS/ivrlqM1beaFsvu/WUlt9IJKFnPSr6qICzZBLylCKzbe6H4CaRpUY=
-----END CERTIFICATE-----