Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/pDl6hjVHpGVGnBZA8FIcgMyb1sE.roa
File:                     pDl6hjVHpGVGnBZA8FIcgMyb1sE.roa (raw, json)
Hash identifier:          i8dVdKkU8bB5/LDJfiUuSca9ywTFxXxdXno+EsotXmw=
Subject key identifier:   A4:39:7A:86:35:47:A4:65:46:9C:16:40:F0:52:1C:80:CC:9B:D6:C1
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DBF4FF8F27EAF03091F91544B52B7B9
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/pDl6hjVHpGVGnBZA8FIcgMyb1sE.roa
Signing time:             Tue 17 Jun 2025 11:56:19 +0000
ROA not before:           Tue 17 Jun 2025 11:56:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209944
IP address blocks:        2a13:bb41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 04:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:bf:4f:f8:f2:7e:af:03:09:1f:91:54:4b:52:b7:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:56:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4397a863547a465469c1640f0521c80cc9bd6c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:58:0b:36:77:94:f6:24:76:fb:f7:1c:76:b1:
                    80:69:c8:5f:dc:dc:cd:0a:25:d1:0a:54:24:b9:37:
                    29:cc:3e:d4:45:d8:a9:ce:d2:50:f4:c8:25:ab:20:
                    16:91:38:64:73:9f:1b:bf:3b:ab:13:a2:9d:9e:57:
                    6b:0a:b7:4c:87:35:ea:01:6e:49:c2:b9:ea:53:fa:
                    b8:34:43:b0:43:64:15:9a:d8:3c:53:e0:5f:02:ea:
                    a9:0b:85:59:65:0f:8d:2e:80:61:46:76:1f:fa:44:
                    f8:6c:c3:61:12:88:5f:e7:5f:f8:ec:25:f2:31:32:
                    95:8c:ea:6e:fb:02:05:ba:4d:86:f5:8a:e9:1d:dc:
                    8b:bb:29:2c:0a:2a:e8:2c:c7:2e:85:56:2a:a9:21:
                    f5:6e:0e:70:87:60:87:66:50:4c:64:d4:58:a3:f4:
                    71:99:80:4e:7e:4f:5c:34:29:f3:6e:aa:54:f5:f6:
                    3b:1e:fe:85:ca:58:32:9e:3f:11:4a:69:cd:cd:ba:
                    0e:8d:94:12:e3:f4:29:cd:e1:c0:64:e5:33:26:e7:
                    52:f2:f1:29:ae:2a:d6:d7:b2:c3:bf:84:ba:c2:01:
                    c1:39:59:a9:e7:6a:ee:f7:cb:14:76:c3:5b:05:15:
                    d7:1e:3d:80:4b:00:93:b1:06:25:91:52:96:b7:b9:
                    36:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:39:7A:86:35:47:A4:65:46:9C:16:40:F0:52:1C:80:CC:9B:D6:C1
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/pDl6hjVHpGVGnBZA8FIcgMyb1sE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bb41::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:20:da:18:5e:fd:d7:6d:65:f8:4d:c0:ea:77:4f:19:a2:69:
         87:0d:44:4c:a8:5f:da:3a:8d:eb:a5:c4:03:4e:ea:61:07:07:
         19:61:9e:b6:b6:da:cb:35:c5:4c:c3:bc:d7:b6:89:ee:05:a7:
         08:76:ec:e2:53:88:10:3d:6f:bc:ad:98:ec:62:42:4c:b5:5d:
         52:4e:5e:a1:b8:6a:9a:ca:8f:a8:9e:60:f7:17:fd:7e:94:8f:
         6f:a3:e0:9f:ae:22:d8:80:08:62:76:93:77:1f:39:e6:96:76:
         60:2f:7b:fa:43:c7:dd:88:44:46:c4:5d:08:88:31:24:03:f7:
         1d:44:8d:07:da:32:43:bb:e3:46:b3:c1:7b:52:77:3c:3d:6b:
         ab:a2:30:11:fe:87:6e:fb:fa:13:2a:9f:50:f8:5a:f7:e0:ab:
         69:25:6f:06:55:9b:5e:12:90:b5:a6:a5:32:47:d6:37:45:08:
         65:57:b1:53:b1:6a:c7:2a:7d:e4:3c:82:c7:f9:30:e4:6b:a9:
         8a:b5:a3:83:73:cb:33:6a:04:2f:95:86:09:6a:53:2e:b9:cd:
         bb:8c:f3:61:ed:27:ef:95:16:7d:8e:11:0c:c6:33:31:2a:18:
         ed:2c:cb:f4:dc:b1:b4:67:d8:6e:1e:de:74:3e:5f:2a:d1:6d:
         46:c6:3e:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9v0/48n6vAwkfkVRLUre5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE1NjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM5N2E4NjM1NDdhNDY1NDY5YzE2NDBmMDUyMWM4MGNjOWJkNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVgLNneU9iR2+/ccdrGAachf3NzN
CiXRClQkuTcpzD7URdipztJQ9MglqyAWkThkc58bvzurE6KdnldrCrdMhzXqAW5J
wrnqU/q4NEOwQ2QVmtg8U+BfAuqpC4VZZQ+NLoBhRnYf+kT4bMNhEohf51/47CXy
MTKVjOpu+wIFuk2G9YrpHdyLuyksCiroLMcuhVYqqSH1bg5wh2CHZlBMZNRYo/Rx
mYBOfk9cNCnzbqpU9fY7Hv6Fylgynj8RSmnNzboOjZQS4/QpzeHAZOUzJudS8vEp
rirW17LDv4S6wgHBOVmp52ru98sUdsNbBRXXHj2ASwCTsQYlkVKWt7k2GQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKQ5eoY1R6RlRpwWQPBSHIDMm9bBMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcERsNmhqVkhwR1ZHbkJaQThGSWNnTXliMXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO7QTAN
BgkqhkiG9w0BAQsFAAOCAQEAFCDaGF79121l+E3A6ndPGaJphw1ETKhf2jqN66XE
A07qYQcHGWGetrbayzXFTMO817aJ7gWnCHbs4lOIED1vvK2Y7GJCTLVdUk5eobhq
msqPqJ5g9xf9fpSPb6Pgn64i2IAIYnaTdx855pZ2YC97+kPH3YhERsRdCIgxJAP3
HUSNB9oyQ7vjRrPBe1J3PD1rq6IwEf6Hbvv6EyqfUPha9+CraSVvBlWbXhKQtaal
MkfWN0UIZVexU7Fqxyp95DyCx/kw5GupirWjg3PLM2oEL5WGCWpTLrnNu4zzYe0n
75UWfY4RDMYzMSoY7SzL9NyxtGfYbh7edD5fKtFtRsY+fw==
-----END CERTIFICATE-----