Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/MTR8TFh7oYQIepGerUx_3Va49to.roa
File:                     MTR8TFh7oYQIepGerUx_3Va49to.roa (raw, json)
Hash identifier:          OMZbRLQuWWFiin5ptJrcyeBXTPTDT/8LukyAbzxwCuA=
Subject key identifier:   31:34:7C:4C:58:7B:A1:84:08:7A:91:9E:AD:4C:7F:DD:56:B8:F6:DA
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197091BEF099B5B0A1DD47D4E4629CEE52D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/MTR8TFh7oYQIepGerUx_3Va49to.roa
Signing time:             Sun 25 May 2025 20:21:54 +0000
ROA not before:           Sun 25 May 2025 20:21:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203950
IP address blocks:        2a13:b9c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:1b:ef:09:9b:5b:0a:1d:d4:7d:4e:46:29:ce:e5:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 25 20:21:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31347c4c587ba184087a919ead4c7fdd56b8f6da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:aa:86:e4:ac:f8:61:b2:c3:a7:91:62:6b:e6:
                    9b:37:29:6a:1f:13:6d:84:08:f7:99:e7:b7:e8:4f:
                    91:d8:6d:3a:58:c7:03:c6:49:88:4b:bb:1e:69:e0:
                    1b:18:70:be:6b:eb:9e:62:92:08:79:c3:55:d3:2c:
                    9a:42:6d:2a:db:00:bf:09:f3:4a:ab:40:ae:97:16:
                    6c:e3:4b:cd:ba:26:ef:4d:37:99:a6:2b:7e:32:44:
                    cb:87:d0:c3:33:b7:9c:9f:d4:13:2f:b7:42:56:16:
                    49:88:e6:5c:8a:da:66:80:d0:09:e9:28:a2:55:05:
                    2f:42:aa:38:7f:ae:f6:3a:b5:96:d6:c7:5e:93:97:
                    c4:83:99:0f:65:b8:78:39:84:c4:55:e3:28:c8:fa:
                    a4:17:7f:49:fe:26:03:44:f7:34:98:34:d0:86:cf:
                    9f:f8:37:b7:8d:60:8a:f1:5c:91:7a:a8:71:38:30:
                    3a:bb:ed:05:73:ba:26:76:28:4e:75:3c:b8:c6:7e:
                    72:0c:87:b0:ad:eb:18:b3:b2:31:60:d0:3e:60:0f:
                    de:a0:9e:ab:9a:e3:6f:4d:36:ca:a6:ee:b5:b7:f9:
                    52:c4:9b:61:52:fa:ee:62:ea:1f:ef:48:ca:f7:95:
                    b3:07:18:16:e7:b3:23:3f:b8:8b:64:02:9e:9b:07:
                    e6:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:34:7C:4C:58:7B:A1:84:08:7A:91:9E:AD:4C:7F:DD:56:B8:F6:DA
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/MTR8TFh7oYQIepGerUx_3Va49to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b9c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:12:84:96:23:a9:71:07:c3:72:aa:6c:9e:7f:a8:31:05:b9:
         58:85:13:0d:88:8f:66:a7:e4:4a:f0:57:96:a0:c5:b5:6e:ab:
         44:0d:3b:62:51:7b:f6:90:c7:97:22:6f:78:52:8c:59:ca:83:
         79:52:15:1c:a6:58:ee:fa:ac:8c:d1:af:0a:85:eb:aa:5e:83:
         9d:5a:b7:35:70:ad:6b:e4:20:93:0f:6b:b3:ae:d5:ad:44:bf:
         41:00:c8:bc:5c:e5:7d:8a:62:cb:ae:c5:d6:8b:7c:67:0a:37:
         a4:b3:25:82:e0:44:97:ce:cc:6b:84:36:f6:aa:fb:3d:e8:2b:
         c1:e6:0a:06:5a:e1:41:b3:5f:86:2a:48:42:f5:fa:75:a8:fe:
         f6:92:d3:7a:f2:c7:5f:31:0d:63:59:d5:e5:2f:71:3e:86:94:
         6d:32:11:1d:25:39:81:e0:de:ff:b4:ab:ac:27:68:c2:53:62:
         7c:65:9c:4b:07:82:3a:51:9c:d3:31:8e:5e:8d:e0:62:a5:23:
         e5:47:cd:e0:f6:dc:06:ab:b9:87:5f:63:cb:0b:6e:83:41:c8:
         3b:51:f1:45:ed:c3:39:15:54:11:c3:2c:4f:9b:89:5a:8a:1a:
         46:1f:63:10:92:34:44:58:6b:d2:92:bb:08:5f:d1:6b:3c:88:
         9a:7d:74:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJG+8Jm1sKHdR9TkYpzuUtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI1MjAyMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM0N2M0YzU4N2JhMTg0MDg3YTkxOWVhZDRjN2ZkZDU2YjhmNmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aqG5Kz4YbLDp5Fia+abNylqHxNt
hAj3mee36E+R2G06WMcDxkmIS7seaeAbGHC+a+ueYpIIecNV0yyaQm0q2wC/CfNK
q0CulxZs40vNuibvTTeZpit+MkTLh9DDM7ecn9QTL7dCVhZJiOZcitpmgNAJ6Sii
VQUvQqo4f672OrWW1sdek5fEg5kPZbh4OYTEVeMoyPqkF39J/iYDRPc0mDTQhs+f
+De3jWCK8VyReqhxODA6u+0Fc7omdihOdTy4xn5yDIewresYs7IxYNA+YA/eoJ6r
muNvTTbKpu61t/lSxJthUvruYuof70jK95WzBxgW57MjP7iLZAKemwfm8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDE0fExYe6GECHqRnq1Mf91WuPbaMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTVRSOFRGaDdvWVFJZXBHZXJVeF8zVmE0OXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO5wzAN
BgkqhkiG9w0BAQsFAAOCAQEAkxKEliOpcQfDcqpsnn+oMQW5WIUTDYiPZqfkSvBX
lqDFtW6rRA07YlF79pDHlyJveFKMWcqDeVIVHKZY7vqsjNGvCoXrql6DnVq3NXCt
a+Qgkw9rs67VrUS/QQDIvFzlfYpiy67F1ot8Zwo3pLMlguBEl87Ma4Q29qr7Pegr
weYKBlrhQbNfhipIQvX6daj+9pLTevLHXzENY1nV5S9xPoaUbTIRHSU5geDe/7Sr
rCdowlNifGWcSweCOlGc0zGOXo3gYqUj5UfN4PbcBqu5h19jywtug0HIO1HxRe3D
ORVUEcMsT5uJWooaRh9jEJI0RFhr0pK7CF/RazyImn10zg==
-----END CERTIFICATE-----