Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/qLDWr5FRCRwk2RMS3WcB3B53rjQ.roa
File:                     qLDWr5FRCRwk2RMS3WcB3B53rjQ.roa (raw, json)
Hash identifier:          hl3kBvxy5HeRGUZ/+JI94lwbfr4n0ciKRIwo3aDRXTo=
Subject key identifier:   A8:B0:D6:AF:91:51:09:1C:24:D9:13:12:DD:67:01:DC:1E:77:AE:34
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DB8E430130BE5B960ED92774016794F
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/qLDWr5FRCRwk2RMS3WcB3B53rjQ.roa
Signing time:             Tue 17 Jun 2025 11:49:18 +0000
ROA not before:           Tue 17 Jun 2025 11:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201207
IP address blocks:        2a10:b43::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 22:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:b8:e4:30:13:0b:e5:b9:60:ed:92:77:40:16:79:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8b0d6af9151091c24d91312dd6701dc1e77ae34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:7c:4e:c3:69:7e:6c:e7:3c:fd:b4:41:28:ed:
                    3d:c7:2e:41:9e:62:c9:23:d8:24:d2:8a:33:45:76:
                    15:df:71:d5:c3:16:21:1f:fa:31:44:83:d9:fd:68:
                    6f:36:db:ef:2b:0a:0b:a2:63:b2:ab:21:8f:f8:c9:
                    67:b8:2c:93:aa:8e:f7:f9:4a:e7:7e:19:ad:21:03:
                    2f:9a:d4:8a:f5:cc:83:bd:31:55:d7:a6:ee:fa:e2:
                    44:90:e8:12:94:a7:88:4d:17:bb:30:31:58:e6:56:
                    49:1a:13:ce:a5:28:6d:76:bb:5f:bc:b3:03:82:43:
                    25:10:36:ef:b5:24:16:1b:a0:e2:f8:df:91:4b:0f:
                    1a:a1:3e:e3:f4:39:79:49:d6:63:b1:3f:ca:94:34:
                    f6:83:9d:69:f9:65:44:43:40:63:6b:1c:bf:9f:7f:
                    4e:de:29:23:f5:bf:f0:45:b9:8d:d6:32:20:f3:77:
                    64:f9:dc:26:f2:82:4c:c6:f2:6d:4e:87:21:d7:cc:
                    40:4d:3d:8d:b7:40:f0:05:31:90:2c:e3:62:02:f1:
                    b0:95:2e:5f:ba:20:a3:e2:f1:33:04:ee:06:49:71:
                    2a:21:bc:ec:20:4f:3f:8b:64:ee:76:d7:14:39:20:
                    12:c6:bf:3a:d7:cf:c8:67:c7:64:49:d8:be:40:d3:
                    1f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B0:D6:AF:91:51:09:1C:24:D9:13:12:DD:67:01:DC:1E:77:AE:34
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/qLDWr5FRCRwk2RMS3WcB3B53rjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b43::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:86:11:88:11:1d:8c:38:49:c6:c7:a9:65:13:5e:61:53:d6:
         22:3e:e1:5a:e1:32:d4:fd:c6:04:44:b5:8f:2c:74:6a:39:a2:
         d8:56:51:db:e4:cd:74:f8:72:19:19:a7:4f:ed:e3:8d:1c:f3:
         28:ac:63:3d:e9:37:dd:24:0f:3b:b0:13:55:bf:c7:cb:80:3d:
         d9:9c:47:8d:84:bb:1a:8e:5e:e0:51:15:ff:6f:49:4a:10:b5:
         4e:c8:2d:89:7d:16:81:f1:44:2d:7f:70:c5:f7:5e:d7:b7:0d:
         70:f7:c6:34:7c:bf:c9:7e:15:e4:b6:59:e2:e4:8b:9a:86:f6:
         10:c8:b9:2d:22:93:b4:c2:a5:52:a6:dc:76:05:06:73:d5:55:
         21:fc:b4:52:3f:5c:fd:3c:01:11:5a:b9:bb:27:65:01:c4:c1:
         ca:6a:e1:a1:d7:69:34:65:e3:ab:e9:af:65:ec:46:1d:5f:31:
         56:f4:11:32:69:ee:fd:18:8d:4d:42:1f:d8:fe:ed:05:e9:1a:
         32:d9:b5:d6:ef:5c:df:fa:44:d2:e0:9e:9c:3f:0e:4b:08:29:
         44:c7:3d:cf:b6:81:8e:02:b7:81:bd:c8:16:92:b8:3c:28:3b:
         20:08:ea:e5:2b:ec:22:5a:24:ba:3f:5d:08:01:32:b1:be:8d:
         b3:69:8b:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9uOQwEwvluWDtkndAFnlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGIwZDZhZjkxNTEwOTFjMjRkOTEzMTJkZDY3MDFkYzFlNzdhZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HxOw2l+bOc8/bRBKO09xy5BnmLJ
I9gk0oozRXYV33HVwxYhH/oxRIPZ/WhvNtvvKwoLomOyqyGP+MlnuCyTqo73+Urn
fhmtIQMvmtSK9cyDvTFV16bu+uJEkOgSlKeITRe7MDFY5lZJGhPOpShtdrtfvLMD
gkMlEDbvtSQWG6Di+N+RSw8aoT7j9Dl5SdZjsT/KlDT2g51p+WVEQ0Bjaxy/n39O
3ikj9b/wRbmN1jIg83dk+dwm8oJMxvJtToch18xATT2Nt0DwBTGQLONiAvGwlS5f
uiCj4vEzBO4GSXEqIbzsIE8/i2TudtcUOSASxr8618/IZ8dkSdi+QNMfVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKiw1q+RUQkcJNkTEt1nAdwed640MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcUxEV3I1RlJDUndrMlJNUzNXY0IzQjUzcmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhALQzAN
BgkqhkiG9w0BAQsFAAOCAQEASoYRiBEdjDhJxsepZRNeYVPWIj7hWuEy1P3GBES1
jyx0ajmi2FZR2+TNdPhyGRmnT+3jjRzzKKxjPek33SQPO7ATVb/Hy4A92ZxHjYS7
Go5e4FEV/29JShC1TsgtiX0WgfFELX9wxfde17cNcPfGNHy/yX4V5LZZ4uSLmob2
EMi5LSKTtMKlUqbcdgUGc9VVIfy0Uj9c/TwBEVq5uydlAcTBymrhoddpNGXjq+mv
ZexGHV8xVvQRMmnu/RiNTUIf2P7tBekaMtm11u9c3/pE0uCenD8OSwgpRMc9z7aB
jgK3gb3IFpK4PCg7IAjq5SvsIlokuj9dCAEysb6Ns2mL/g==
-----END CERTIFICATE-----