Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hVrAN4DXgKNhBUzkiGn7Ot51JzY.roa
File:                     hVrAN4DXgKNhBUzkiGn7Ot51JzY.roa (raw, json)
Hash identifier:          upudPW4i3yYdHqbUlDH44YRb7JIsf7K/lAN8RTLFmK4=
Subject key identifier:   85:5A:C0:37:80:D7:80:A3:61:05:4C:E4:88:69:FB:3A:DE:75:27:36
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196B19937B4A133C0CA103730DF33225453
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hVrAN4DXgKNhBUzkiGn7Ot51JzY.roa
Signing time:             Thu 08 May 2025 20:32:10 +0000
ROA not before:           Thu 08 May 2025 20:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201207
IP address blocks:        2a10:b43::/32 maxlen: 32
                          2a13:b4c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 14:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b1:99:37:b4:a1:33:c0:ca:10:37:30:df:33:22:54:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  8 20:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=855ac03780d780a361054ce48869fb3ade752736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e2:75:b0:2e:40:d2:ca:fb:4c:6f:45:50:80:
                    de:1a:0d:7a:4a:9d:83:ca:bf:39:63:da:fe:41:93:
                    63:59:2f:03:b9:20:b6:60:8f:69:05:6b:b2:42:5c:
                    fd:f0:50:1a:8b:8c:61:96:14:85:3b:98:03:f2:aa:
                    61:79:83:e3:61:ba:99:b1:55:6e:bd:00:6c:c1:ee:
                    59:49:01:3f:83:89:ba:69:01:1e:7a:f8:77:b9:d2:
                    fe:16:db:74:8b:d3:fd:a5:a0:b3:d2:bf:ee:30:57:
                    2d:78:f9:ee:69:50:4e:97:77:98:25:0e:51:98:22:
                    39:7b:21:c5:24:c7:eb:ea:49:78:70:ae:07:1f:1d:
                    68:b6:1f:33:60:35:9e:74:e6:81:dc:16:87:c0:9d:
                    59:9e:ea:68:72:36:bd:e9:00:51:91:a1:58:e9:f0:
                    a5:ab:c3:2b:cf:ee:32:ad:1e:ad:ac:94:73:3d:cf:
                    be:95:cf:e7:16:92:38:15:08:4b:7c:41:ee:50:87:
                    5a:f8:91:8b:46:b0:fe:b3:42:3a:78:a8:28:8c:2b:
                    68:1d:e8:95:d0:a6:94:d3:b7:11:8a:48:07:85:bd:
                    cb:9f:71:d1:5e:86:a1:6c:f6:e7:61:e0:12:eb:47:
                    cd:ee:3d:cf:37:ff:c5:36:fb:02:81:b0:a1:12:bb:
                    00:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:5A:C0:37:80:D7:80:A3:61:05:4C:E4:88:69:FB:3A:DE:75:27:36
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hVrAN4DXgKNhBUzkiGn7Ot51JzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b43::/32
                  2a13:b4c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:7a:f8:a3:be:a4:e0:e7:03:b6:8e:cd:44:c8:22:46:ac:59:
         00:25:83:94:87:d5:aa:42:a5:9a:fa:f2:80:e0:fe:f9:56:48:
         98:86:39:74:46:16:b7:2a:c7:92:77:3a:05:ff:29:af:71:17:
         b9:97:e0:11:af:48:b2:62:4e:9b:18:00:61:60:b2:92:99:b7:
         03:37:7a:20:28:e5:eb:ff:7b:c7:9d:09:23:3e:68:87:8f:bf:
         2b:03:d8:94:67:44:03:ef:2f:0e:c0:45:8a:5b:ce:1f:50:82:
         e9:a8:79:d2:5c:f7:42:ca:1c:f4:37:eb:d0:d8:38:13:cf:38:
         6b:ea:8c:92:be:9d:4b:b1:e4:7c:1f:90:6b:27:ef:56:ee:68:
         d8:55:70:b9:c7:cf:95:9f:e3:c7:f0:e1:fe:dc:cb:dc:45:55:
         b8:5a:03:fa:be:b7:93:5e:d8:77:e4:be:aa:7b:af:78:4f:c3:
         4b:5e:34:f2:d6:90:72:49:a6:9d:78:56:e7:ff:20:2b:58:69:
         b8:a9:3b:7a:34:d8:48:30:e2:28:f0:94:ad:07:15:9a:16:e1:
         bc:2d:0f:04:ae:68:bb:56:57:0e:8b:43:8d:be:2b:02:9d:1c:
         e3:0c:85:b2:f7:0b:85:78:e9:cc:4a:c8:73:75:55:a4:58:db:
         1c:91:24:6c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZaxmTe0oTPAyhA3MN8zIlRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTA4MjAzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVhYzAzNzgwZDc4MGEzNjEwNTRjZTQ4ODY5ZmIzYWRlNzUyNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOJ1sC5A0sr7TG9FUIDeGg16Sp2D
yr85Y9r+QZNjWS8DuSC2YI9pBWuyQlz98FAai4xhlhSFO5gD8qpheYPjYbqZsVVu
vQBswe5ZSQE/g4m6aQEeevh3udL+Ftt0i9P9paCz0r/uMFctePnuaVBOl3eYJQ5R
mCI5eyHFJMfr6kl4cK4HHx1oth8zYDWedOaB3BaHwJ1Znupocja96QBRkaFY6fCl
q8Mrz+4yrR6trJRzPc++lc/nFpI4FQhLfEHuUIda+JGLRrD+s0I6eKgojCtoHeiV
0KaU07cRikgHhb3Ln3HRXoahbPbnYeAS60fN7j3PN//FNvsCgbChErsAqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIVawDeA14CjYQVM5Ihp+zredSc2MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaFZyQU40RFhnS05oQlV6a2lHbjdPdDUxSnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhALQwMF
ACoTtMcwDQYJKoZIhvcNAQELBQADggEBAIx6+KO+pODnA7aOzUTIIkasWQAlg5SH
1apCpZr68oDg/vlWSJiGOXRGFrcqx5J3OgX/Ka9xF7mX4BGvSLJiTpsYAGFgspKZ
twM3eiAo5ev/e8edCSM+aIePvysD2JRnRAPvLw7ARYpbzh9QgumoedJc90LKHPQ3
69DYOBPPOGvqjJK+nUux5HwfkGsn71buaNhVcLnHz5Wf48fw4f7cy9xFVbhaA/q+
t5Ne2Hfkvqp7r3hPw0teNPLWkHJJpp14Vuf/ICtYabipO3o02Egw4ijwlK0HFZoW
4bwtDwSuaLtWVw6LQ42+KwKdHOMMhbL3C4V46cxKyHN1VaRY2xyRJGw=
-----END CERTIFICATE-----