Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/0oOwxy5LOBlZTyGs7rYpQNFIwWs.roa
File:                     0oOwxy5LOBlZTyGs7rYpQNFIwWs.roa (raw, json)
Hash identifier:          B8pW67eiXfuWhzVV1/xPifrllpWij8QbXX4twnT3gDc=
Subject key identifier:   D2:83:B0:C7:2E:4B:38:19:59:4F:21:AC:EE:B6:29:40:D1:48:C1:6B
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01965A31BA2571F2DD956319BAD2EE7BDC02
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/0oOwxy5LOBlZTyGs7rYpQNFIwWs.roa
Signing time:             Mon 21 Apr 2025 21:12:10 +0000
ROA not before:           Mon 21 Apr 2025 21:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209945
IP address blocks:        2a13:c240::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:31:ba:25:71:f2:dd:95:63:19:ba:d2:ee:7b:dc:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 21 21:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d283b0c72e4b3819594f21aceeb62940d148c16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:94:6a:b3:a8:1f:5b:57:be:c0:43:9e:08:b9:
                    6b:45:52:b8:f4:b3:38:7b:54:59:c8:ed:84:5a:d7:
                    ec:28:ee:70:44:47:96:aa:38:46:24:e0:ad:50:44:
                    f3:ef:d5:53:34:b1:57:d7:06:1a:cd:9b:af:c7:6d:
                    54:7b:13:cb:da:0d:1f:b0:50:e7:c1:34:a6:52:c5:
                    ed:74:3d:35:40:38:e3:4c:52:f0:3c:ef:03:02:fe:
                    e7:48:25:e3:1f:5d:40:a0:9b:4c:6c:af:77:d7:a9:
                    04:e4:52:0f:7c:76:97:ca:70:e1:b4:11:80:8c:2d:
                    b5:d4:b9:66:87:28:2d:6f:ff:f3:31:24:4d:72:13:
                    61:c2:20:79:b2:32:27:8e:2b:13:ea:3f:bc:a6:eb:
                    c0:2e:af:80:26:5b:14:19:81:2e:e2:bd:fa:81:cb:
                    16:17:01:a0:9c:d1:b6:19:40:23:0e:dc:a4:3c:d2:
                    d2:3e:6b:40:ab:60:88:49:32:48:2c:18:2f:ec:78:
                    be:a4:7d:aa:ae:69:23:5e:65:02:38:2a:40:77:bf:
                    15:17:3d:b7:9b:0d:7f:0d:66:3f:97:6d:ee:8b:ec:
                    23:a5:e0:ad:7f:f8:97:50:66:aa:9f:99:bc:57:8c:
                    3e:59:30:1c:37:b0:4e:9f:c7:aa:81:72:45:8f:30:
                    86:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:83:B0:C7:2E:4B:38:19:59:4F:21:AC:EE:B6:29:40:D1:48:C1:6B
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/0oOwxy5LOBlZTyGs7rYpQNFIwWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c240::/33

    Signature Algorithm: sha256WithRSAEncryption
         9e:e5:05:55:a9:00:48:fc:b4:15:6d:66:51:48:75:69:bc:66:
         db:34:d8:06:37:c7:95:37:6b:92:1c:72:de:e8:4a:43:f2:14:
         07:28:04:82:8b:82:c1:95:89:58:4a:ef:8c:95:c5:58:5d:64:
         b7:63:05:b1:c9:73:bd:1c:03:5e:1b:38:b2:9d:a1:96:1b:ac:
         4e:a6:53:9a:2d:cb:53:07:03:00:90:c8:64:1b:95:36:31:f0:
         69:85:07:ab:95:42:e4:97:48:08:37:eb:3e:f5:44:8b:61:fb:
         50:99:f8:0c:99:89:58:c5:64:66:01:be:eb:60:55:1a:9f:4e:
         9c:80:94:e4:71:b7:a6:32:07:cb:33:a0:9b:75:de:22:66:02:
         ec:57:94:cd:50:30:a9:d5:96:34:65:5d:16:e1:91:77:eb:90:
         92:64:ac:9f:1e:ca:8a:c2:81:16:4f:2f:53:e8:26:96:6a:b0:
         2c:38:73:f0:bb:75:93:65:67:72:4a:37:f8:87:b2:8a:2a:70:
         fc:63:a3:60:34:17:e2:ea:a9:13:09:85:65:4f:20:1e:e9:62:
         69:46:3e:e7:35:85:4d:11:c5:b9:2a:85:ec:c3:16:2c:7d:65:
         33:9c:93:9c:61:23:97:45:97:c8:be:14:86:99:78:6e:c7:dd:
         5e:43:7d:a2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZaMbolcfLdlWMZutLue9wCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjgzYjBjNzJlNGIzODE5NTk0ZjIxYWNlZWI2Mjk0MGQxNDhjMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJRqs6gfW1e+wEOeCLlrRVK49LM4
e1RZyO2EWtfsKO5wREeWqjhGJOCtUETz79VTNLFX1wYazZuvx21UexPL2g0fsFDn
wTSmUsXtdD01QDjjTFLwPO8DAv7nSCXjH11AoJtMbK9316kE5FIPfHaXynDhtBGA
jC211Llmhygtb//zMSRNchNhwiB5sjInjisT6j+8puvALq+AJlsUGYEu4r36gcsW
FwGgnNG2GUAjDtykPNLSPmtAq2CISTJILBgv7Hi+pH2qrmkjXmUCOCpAd78VFz23
mw1/DWY/l23ui+wjpeCtf/iXUGaqn5m8V4w+WTAcN7BOn8eqgXJFjzCGuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNKDsMcuSzgZWU8hrO62KUDRSMFrMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvMG9Pd3h5NUxPQmxaVHlHczdyWXBRTkZJd1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhPCQAAw
DQYJKoZIhvcNAQELBQADggEBAJ7lBVWpAEj8tBVtZlFIdWm8Zts02AY3x5U3a5Ic
ct7oSkPyFAcoBIKLgsGViVhK74yVxVhdZLdjBbHJc70cA14bOLKdoZYbrE6mU5ot
y1MHAwCQyGQblTYx8GmFB6uVQuSXSAg36z71RIth+1CZ+AyZiVjFZGYBvutgVRqf
TpyAlORxt6YyB8szoJt13iJmAuxXlM1QMKnVljRlXRbhkXfrkJJkrJ8eyorCgRZP
L1PoJpZqsCw4c/C7dZNlZ3JKN/iHsooqcPxjo2A0F+LqqRMJhWVPIB7pYmlGPuc1
hU0RxbkqhezDFix9ZTOck5xhI5dFl8i+FIaZeG7H3V5DfaI=
-----END CERTIFICATE-----