Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ZI0ZKgnsHSKkt0DZLzrngXj89mQ.roa
File:                     ZI0ZKgnsHSKkt0DZLzrngXj89mQ.roa (raw, json)
Hash identifier:          zglO6MUTp9jbozGP0xbq5eezFd7HbTKldxqBVwgJJPA=
Subject key identifier:   64:8D:19:2A:09:EC:1D:22:A4:B7:40:D9:2F:3A:E7:81:78:FC:F6:64
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01965A34C1AE1F59D8419FC3A9E6681259A5
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ZI0ZKgnsHSKkt0DZLzrngXj89mQ.roa
Signing time:             Mon 21 Apr 2025 21:15:28 +0000
ROA not before:           Mon 21 Apr 2025 21:15:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203025
IP address blocks:        2a13:c243::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:34:c1:ae:1f:59:d8:41:9f:c3:a9:e6:68:12:59:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 21 21:15:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=648d192a09ec1d22a4b740d92f3ae78178fcf664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:38:ad:c2:70:55:45:e3:f1:5f:78:7b:fb:12:
                    16:21:37:f2:6e:58:a6:ba:54:68:74:49:a6:a9:5e:
                    fa:8e:96:aa:b9:01:61:85:57:af:0e:86:48:80:b9:
                    30:63:a9:30:e1:9d:79:c7:c6:95:7a:5a:8c:ac:d2:
                    07:44:34:89:95:35:bc:3f:06:69:fe:c9:d1:73:9b:
                    7f:ef:2e:aa:d6:68:fb:c2:d0:2d:a6:91:eb:fa:13:
                    11:57:61:69:ea:81:ab:b6:3e:2f:76:33:95:9a:67:
                    8a:7b:52:be:0f:06:0f:a8:a6:8d:50:44:b7:a3:5a:
                    63:91:9a:5b:73:21:8c:81:68:9a:d8:6f:34:91:1b:
                    65:00:a1:22:81:eb:36:4b:ad:ea:4f:d7:f4:35:bc:
                    55:74:30:09:f9:01:8f:ba:a3:73:9a:28:43:cc:d3:
                    b4:04:4b:57:be:29:65:9d:da:e2:2f:48:40:3e:77:
                    75:2b:62:8c:28:6a:95:57:99:e6:16:5a:8a:a0:29:
                    ba:ce:0b:64:c9:ea:68:2f:f5:7e:dc:4b:e4:88:70:
                    42:cc:71:e0:5c:e8:09:bb:9e:ae:ef:25:c4:d2:b9:
                    de:dd:dc:14:5b:06:96:a3:02:81:80:38:7f:dc:4e:
                    d8:9a:e0:73:c9:60:57:6c:27:f1:cc:8c:f4:50:82:
                    3f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8D:19:2A:09:EC:1D:22:A4:B7:40:D9:2F:3A:E7:81:78:FC:F6:64
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ZI0ZKgnsHSKkt0DZLzrngXj89mQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c243::/33

    Signature Algorithm: sha256WithRSAEncryption
         a9:b0:6e:f0:ab:db:be:2a:3b:4f:1a:d8:2f:26:ad:b5:ab:32:
         22:33:28:71:87:71:b0:01:23:49:e3:1e:0d:66:92:bb:7f:be:
         ee:63:a8:48:2e:4f:31:55:c7:82:e5:71:ee:97:39:1a:e4:cb:
         4d:a6:c6:dc:d9:ac:bc:80:54:f3:9e:c2:f5:32:36:df:76:f6:
         9f:6a:30:0f:ca:d9:24:49:53:f4:e6:c4:50:08:54:1a:e4:2d:
         07:d1:1b:55:c2:ff:2d:fd:04:89:c7:95:cc:7b:60:ad:3b:fe:
         96:ab:e1:8b:ed:a9:3b:7d:61:82:f7:bc:df:b5:bc:db:b1:2e:
         de:00:b1:68:31:f5:0d:b4:a0:f1:11:39:f0:68:89:12:ba:46:
         7b:f3:db:ff:76:fd:fa:69:93:40:f0:8f:b1:be:e1:1b:18:6a:
         f8:e0:25:e0:43:da:ef:c9:80:3a:0f:6f:c5:07:13:e8:0e:02:
         86:08:bc:5e:f7:0d:f3:96:8e:ad:47:7a:0e:fe:c9:fe:39:4e:
         11:f7:14:b7:84:67:e0:12:66:cd:82:9d:88:20:32:8f:a6:b9:
         56:b1:26:35:0d:eb:39:0f:e6:d2:3f:7c:1a:63:1b:17:3c:05:
         bf:37:6d:dc:77:32:2a:44:b0:2b:89:b0:ad:7f:46:93:99:be:
         e3:ce:23:31
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZaNMGuH1nYQZ/DqeZoElmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhkMTkyYTA5ZWMxZDIyYTRiNzQwZDkyZjNhZTc4MTc4ZmNmNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDitwnBVRePxX3h7+xIWITfyblim
ulRodEmmqV76jpaquQFhhVevDoZIgLkwY6kw4Z15x8aVelqMrNIHRDSJlTW8PwZp
/snRc5t/7y6q1mj7wtAtppHr+hMRV2Fp6oGrtj4vdjOVmmeKe1K+DwYPqKaNUES3
o1pjkZpbcyGMgWia2G80kRtlAKEiges2S63qT9f0NbxVdDAJ+QGPuqNzmihDzNO0
BEtXvillndriL0hAPnd1K2KMKGqVV5nmFlqKoCm6zgtkyepoL/V+3EvkiHBCzHHg
XOgJu56u7yXE0rne3dwUWwaWowKBgDh/3E7YmuBzyWBXbCfxzIz0UII/AQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGSNGSoJ7B0ipLdA2S8654F4/PZkMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvWkkwWktnbnNIU0trdDBEWkx6cm5nWGo4OW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhPCQwAw
DQYJKoZIhvcNAQELBQADggEBAKmwbvCr274qO08a2C8mrbWrMiIzKHGHcbABI0nj
Hg1mkrt/vu5jqEguTzFVx4Llce6XORrky02mxtzZrLyAVPOewvUyNt929p9qMA/K
2SRJU/TmxFAIVBrkLQfRG1XC/y39BInHlcx7YK07/par4YvtqTt9YYL3vN+1vNux
Lt4AsWgx9Q20oPEROfBoiRK6Rnvz2/92/fppk0Dwj7G+4RsYavjgJeBD2u/JgDoP
b8UHE+gOAoYIvF73DfOWjq1Heg7+yf45ThH3FLeEZ+ASZs2CnYggMo+muVaxJjUN
6zkP5tI/fBpjGxc8Bb83bdx3MipEsCuJsK1/RpOZvuPOIzE=
-----END CERTIFICATE-----