Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/mMZAxP3crKZ-4uvydehu4xzu21g.roa
File:                     mMZAxP3crKZ-4uvydehu4xzu21g.roa (raw, json)
Hash identifier:          ykOUNawt1dQC2GEd6e4Fn3MkceK8w74Ywfjgo+7w/eg=
Subject key identifier:   98:C6:40:C4:FD:DC:AC:A6:7E:E2:EB:F2:75:E8:6E:E3:1C:EE:DB:58
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DBD783F6F604F035900FD0A992A1ABB
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/mMZAxP3crKZ-4uvydehu4xzu21g.roa
Signing time:             Tue 17 Jun 2025 11:54:18 +0000
ROA not before:           Tue 17 Jun 2025 11:54:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206623
IP address blocks:        2a13:c446::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:bd:78:3f:6f:60:4f:03:59:00:fd:0a:99:2a:1a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:54:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98c640c4fddcaca67ee2ebf275e86ee31ceedb58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:25:32:ed:e3:b7:af:cb:de:71:fb:2c:91:d6:
                    da:ee:57:bc:91:9e:c7:ac:85:50:4b:8c:95:f6:a6:
                    58:07:4d:73:a7:a2:b8:39:dd:9f:3d:a3:0d:62:bc:
                    84:f8:41:ea:5f:c4:03:dc:61:40:1c:75:43:0d:36:
                    bd:bd:95:96:d7:d0:11:13:29:93:25:b3:ce:2b:74:
                    cb:f5:c8:d8:f4:a5:3f:a2:ec:18:46:a2:14:df:06:
                    bc:7c:52:1f:56:aa:db:cd:03:55:01:9e:66:68:32:
                    7a:34:d6:c9:f9:6d:08:0e:7f:46:9a:16:da:eb:96:
                    8e:38:8a:2a:12:c7:7d:91:5e:60:c4:0f:02:b3:3d:
                    09:59:69:e5:b4:b0:67:a1:f3:db:a5:71:d1:a5:84:
                    75:54:c1:c0:4a:d3:0f:cc:cb:3c:cf:81:d2:4f:e4:
                    75:57:c0:a5:08:9e:80:8a:ab:79:1b:cb:d5:ba:1a:
                    15:80:a5:5b:5d:7f:34:7b:5b:db:a6:c6:9d:01:62:
                    77:fa:56:2b:08:2d:08:c3:60:a7:00:66:a8:c0:ac:
                    2b:9e:8e:b9:c2:95:59:2a:ef:91:f1:d0:ca:4f:56:
                    ef:1d:af:4c:e4:d3:b5:b0:84:67:5e:8f:a0:ef:6c:
                    26:cb:57:88:b6:d7:5b:7b:8e:ae:00:29:26:8d:40:
                    d5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C6:40:C4:FD:DC:AC:A6:7E:E2:EB:F2:75:E8:6E:E3:1C:EE:DB:58
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/mMZAxP3crKZ-4uvydehu4xzu21g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c446::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:cd:88:93:3e:46:86:bc:94:69:85:55:6d:69:73:f6:79:a8:
         09:eb:62:4b:f1:ee:8a:b8:a4:3c:09:56:93:05:d3:29:c8:1e:
         9a:35:3f:7e:ab:de:3f:d6:63:88:2a:fa:ca:c6:57:a1:e6:85:
         1d:fb:f6:7e:8d:fa:d6:c0:57:2c:af:26:cf:50:0b:5a:21:94:
         6f:5a:92:f7:c1:42:83:ed:15:17:82:fe:b8:f8:8d:d2:06:29:
         b6:64:a2:b0:41:12:7b:d7:c6:a8:9e:06:2b:a7:b9:7c:76:68:
         c8:71:60:dd:92:3c:ab:3d:40:62:ef:ec:80:be:4e:22:d9:a6:
         8a:20:ae:a6:9f:fe:18:04:65:91:6b:12:25:44:ce:6d:e7:ac:
         d3:e4:28:a1:14:74:70:c1:75:2d:b7:70:0b:2e:46:53:bf:48:
         f3:b9:44:1e:09:76:6f:ae:9f:f0:d0:28:50:04:6a:9f:9a:4c:
         c3:4b:7d:41:f6:77:39:c4:cf:31:e8:c3:af:d4:5f:12:92:5d:
         fe:3d:d6:66:39:4d:97:05:f4:3a:19:96:66:30:c0:14:31:ca:
         dc:ff:8a:ca:65:6e:bc:99:96:33:27:df:e8:6e:f8:6a:77:8f:
         ab:c5:2d:ff:eb:0a:95:01:db:66:38:94:be:cd:6b:99:61:43:
         17:51:45:9c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9vXg/b2BPA1kA/QqZKhq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE1NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGM2NDBjNGZkZGNhY2E2N2VlMmViZjI3NWU4NmVlMzFjZWVkYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7iUy7eO3r8vecfsskdba7le8kZ7H
rIVQS4yV9qZYB01zp6K4Od2fPaMNYryE+EHqX8QD3GFAHHVDDTa9vZWW19AREymT
JbPOK3TL9cjY9KU/ouwYRqIU3wa8fFIfVqrbzQNVAZ5maDJ6NNbJ+W0IDn9Gmhba
65aOOIoqEsd9kV5gxA8Csz0JWWnltLBnofPbpXHRpYR1VMHAStMPzMs8z4HST+R1
V8ClCJ6Aiqt5G8vVuhoVgKVbXX80e1vbpsadAWJ3+lYrCC0Iw2CnAGaowKwrno65
wpVZKu+R8dDKT1bvHa9M5NO1sIRnXo+g72wmy1eIttdbe46uACkmjUDVwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJjGQMT93KymfuLr8nXobuMc7ttYMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvbU1aQXhQM2NyS1otNHV2eWRlaHU0eHp1MjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPERjAN
BgkqhkiG9w0BAQsFAAOCAQEArc2Ikz5GhryUaYVVbWlz9nmoCetiS/HuirikPAlW
kwXTKcgemjU/fqveP9ZjiCr6ysZXoeaFHfv2fo361sBXLK8mz1ALWiGUb1qS98FC
g+0VF4L+uPiN0gYptmSisEESe9fGqJ4GK6e5fHZoyHFg3ZI8qz1AYu/sgL5OItmm
iiCupp/+GARlkWsSJUTObees0+QooRR0cMF1LbdwCy5GU79I87lEHgl2b66f8NAo
UARqn5pMw0t9QfZ3OcTPMejDr9RfEpJd/j3WZjlNlwX0OhmWZjDAFDHK3P+KymVu
vJmWMyff6G74anePq8Ut/+sKlQHbZjiUvs1rmWFDF1FFnA==
-----END CERTIFICATE-----