Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UIA0jpaLbBh1ZQbE2rUe2xvMdHk.roa
File:                     UIA0jpaLbBh1ZQbE2rUe2xvMdHk.roa (raw, json)
Hash identifier:          gIbcEXHBeLEhGKSnqw/pzxAnY+XTT4B31jbzAC8TfbE=
Subject key identifier:   50:80:34:8E:96:8B:6C:18:75:65:06:C4:DA:B5:1E:DB:1B:CC:74:79
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DBD78DBE1601EE59C2E4668B03858B4
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UIA0jpaLbBh1ZQbE2rUe2xvMdHk.roa
Signing time:             Tue 17 Jun 2025 11:54:18 +0000
ROA not before:           Tue 17 Jun 2025 11:54:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206644
IP address blocks:        2a13:c447::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 16:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:bd:78:db:e1:60:1e:e5:9c:2e:46:68:b0:38:58:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:54:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5080348e968b6c18756506c4dab51edb1bcc7479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a2:1a:9b:cc:88:44:77:2a:e7:3e:da:80:44:
                    2e:6a:91:e4:7b:fa:4c:62:a0:41:ed:7d:ea:6f:39:
                    89:6b:14:cc:c3:35:91:17:84:fa:d3:26:54:d3:96:
                    14:f9:41:f0:de:ad:54:86:42:72:2b:93:3b:71:78:
                    73:f0:be:e2:f1:df:72:d7:93:fb:7e:6d:a0:ba:71:
                    e7:16:4b:b7:73:e1:8d:ab:af:77:b7:80:15:c5:28:
                    d4:d9:e8:18:46:d6:b4:7c:3f:d5:c2:8a:8f:18:cc:
                    78:bc:8a:68:62:f2:82:73:2e:d1:41:e9:47:3f:11:
                    92:19:2a:53:4c:11:9c:5c:c1:2d:6c:81:6b:a9:d6:
                    25:a4:a1:9a:3e:46:25:2f:8d:a7:03:11:49:b1:b2:
                    e4:89:a0:c3:3b:c4:8b:3c:51:bb:9a:44:ea:4b:6f:
                    9f:48:e2:6a:b5:a5:13:6d:d8:70:e7:7b:00:07:d8:
                    45:a1:bb:53:93:b4:3a:83:78:d5:3f:95:60:e8:7e:
                    11:74:a9:01:1d:03:8b:05:3c:0c:d0:cb:e7:f8:32:
                    dc:d2:2d:10:c4:6a:26:80:3e:d8:e5:2d:97:9f:1e:
                    47:b8:55:a1:56:ea:47:7e:74:4a:83:24:9e:81:18:
                    55:99:74:35:3a:42:c9:4c:da:f4:de:02:2b:86:56:
                    56:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:80:34:8E:96:8B:6C:18:75:65:06:C4:DA:B5:1E:DB:1B:CC:74:79
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UIA0jpaLbBh1ZQbE2rUe2xvMdHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c447::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:f4:5e:b4:57:d7:02:22:c9:eb:81:95:7b:7a:3c:3e:b6:00:
         4d:6b:a1:74:7e:78:35:34:e8:3d:8d:af:70:85:17:e2:2a:02:
         1e:fa:c2:54:7a:6a:6b:38:27:ad:7d:58:54:f9:24:0e:47:c3:
         a0:9e:21:c7:f7:51:d6:7a:1d:db:d7:cc:c9:cc:83:fc:36:88:
         34:a2:6e:08:78:b8:25:a4:09:63:06:2d:9f:20:2e:61:19:9f:
         1d:8f:1b:44:d5:fc:38:66:19:bf:03:89:88:9e:6f:f6:38:6c:
         1d:bd:e6:40:61:ef:a5:c1:df:fd:b3:1b:e4:16:85:32:6c:c3:
         9c:d0:81:a5:ba:57:ef:1c:4e:1f:3a:d5:e8:b6:65:e1:58:54:
         8a:a4:29:91:d1:d9:14:ac:9a:f3:29:c8:3c:a9:06:0c:db:4f:
         e4:80:9b:05:28:b5:07:15:a1:76:86:ea:07:8d:89:27:69:75:
         6b:9d:c8:ee:27:20:6d:da:6f:c0:fe:2f:26:fa:af:98:a7:f6:
         04:0a:a8:6e:f6:73:d4:fd:75:3d:a2:8a:90:eb:80:1d:d3:57:
         5b:10:8b:df:3c:96:c8:b8:e9:7f:1f:e0:28:7b:a0:a1:15:85:
         41:b6:68:6c:df:68:cc:6c:89:f6:95:52:de:f3:34:6e:3f:24:
         65:83:66:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9vXjb4WAe5ZwuRmiwOFi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE1NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDgwMzQ4ZTk2OGI2YzE4NzU2NTA2YzRkYWI1MWVkYjFiY2M3NDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6Iam8yIRHcq5z7agEQuapHke/pM
YqBB7X3qbzmJaxTMwzWRF4T60yZU05YU+UHw3q1UhkJyK5M7cXhz8L7i8d9y15P7
fm2gunHnFku3c+GNq693t4AVxSjU2egYRta0fD/VwoqPGMx4vIpoYvKCcy7RQelH
PxGSGSpTTBGcXMEtbIFrqdYlpKGaPkYlL42nAxFJsbLkiaDDO8SLPFG7mkTqS2+f
SOJqtaUTbdhw53sAB9hFobtTk7Q6g3jVP5Vg6H4RdKkBHQOLBTwM0Mvn+DLc0i0Q
xGomgD7Y5S2Xnx5HuFWhVupHfnRKgySegRhVmXQ1OkLJTNr03gIrhlZWGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFCANI6Wi2wYdWUGxNq1HtsbzHR5MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVUlBMGpwYUxiQmgxWlFiRTJyVWUyeHZNZEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPERzAN
BgkqhkiG9w0BAQsFAAOCAQEA1PRetFfXAiLJ64GVe3o8PrYATWuhdH54NTToPY2v
cIUX4ioCHvrCVHpqazgnrX1YVPkkDkfDoJ4hx/dR1nod29fMycyD/DaINKJuCHi4
JaQJYwYtnyAuYRmfHY8bRNX8OGYZvwOJiJ5v9jhsHb3mQGHvpcHf/bMb5BaFMmzD
nNCBpbpX7xxOHzrV6LZl4VhUiqQpkdHZFKya8ynIPKkGDNtP5ICbBSi1BxWhdobq
B42JJ2l1a53I7icgbdpvwP4vJvqvmKf2BAqobvZz1P11PaKKkOuAHdNXWxCL3zyW
yLjpfx/gKHugoRWFQbZobN9ozGyJ9pVS3vM0bj8kZYNmkw==
-----END CERTIFICATE-----