Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/t7hwcOZnrCpqY8HNXgnv-pQiA1c.roa
File:                     t7hwcOZnrCpqY8HNXgnv-pQiA1c.roa (raw, json)
Hash identifier:          TM8ue9tPauBtnrIqgAUZqk6NlYcETHMSp34FDiNkHaI=
Subject key identifier:   B7:B8:70:70:E6:67:AC:2A:6A:63:C1:CD:5E:09:EF:FA:94:22:03:57
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196CE07A999A9438114D85DDAE3129141F2
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/t7hwcOZnrCpqY8HNXgnv-pQiA1c.roa
Signing time:             Wed 14 May 2025 09:02:10 +0000
ROA not before:           Wed 14 May 2025 09:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205745
IP address blocks:        2a10:3c80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:07:a9:99:a9:43:81:14:d8:5d:da:e3:12:91:41:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 14 09:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7b87070e667ac2a6a63c1cd5e09effa94220357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6b:4c:dc:ef:9f:01:21:3c:9b:18:62:ee:6e:
                    ad:26:a8:b6:0b:04:8b:17:98:31:04:2b:c8:25:bc:
                    8f:fd:07:a7:32:01:f5:aa:39:c3:19:46:70:72:d8:
                    a4:f6:6a:56:07:5d:8c:8c:78:1f:88:3d:d3:77:22:
                    17:b9:92:9a:dc:f6:ec:ba:26:5a:5a:df:36:c2:35:
                    cb:9e:bb:24:f2:94:23:af:7d:23:95:49:d1:ce:dc:
                    70:a7:a8:80:85:73:d1:bb:b7:9b:62:8b:c2:38:58:
                    4a:02:00:0d:91:1e:d4:1f:a4:87:58:05:2b:6b:3f:
                    1d:1b:7a:dd:2b:49:b2:30:69:eb:c9:fa:a4:2f:2d:
                    3c:a5:60:1b:d9:58:d1:23:4a:06:46:0a:8e:46:4f:
                    ec:26:4f:71:83:1b:d1:f1:47:7a:94:bd:f5:9a:f5:
                    5e:98:f1:db:29:15:3e:24:de:3e:77:a2:89:d8:d9:
                    63:62:32:75:7d:49:cc:60:ed:46:63:f8:b4:13:83:
                    44:f1:17:fd:63:63:c9:ec:57:1c:ee:f3:f4:7c:b7:
                    9c:ad:09:1c:40:9b:bd:bf:14:73:ab:57:95:e3:2d:
                    24:55:4f:2d:df:c8:c6:8b:9f:08:87:00:6a:31:0d:
                    6b:41:6f:f0:35:3c:fc:56:64:32:7c:7a:45:aa:10:
                    db:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B8:70:70:E6:67:AC:2A:6A:63:C1:CD:5E:09:EF:FA:94:22:03:57
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/t7hwcOZnrCpqY8HNXgnv-pQiA1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:6c:e3:e8:4f:66:8c:41:26:43:fd:88:ff:6a:2c:31:22:79:
         b6:2c:6d:b8:54:7b:eb:82:2f:13:c5:df:65:39:24:c7:84:cb:
         9b:c9:43:62:6e:26:f9:2d:6c:c5:a7:c5:88:99:0e:84:b1:59:
         04:ef:3c:c9:e5:07:7b:7c:63:90:62:b2:2c:1b:1c:c2:4a:a8:
         b5:cd:79:9b:37:9c:29:b9:8d:8c:34:d8:f2:ff:55:8f:17:59:
         fe:2c:46:a6:2e:8b:65:93:b5:37:df:39:45:ef:76:c6:1e:9a:
         bd:0f:ef:3f:51:fa:cd:9b:63:85:66:af:97:76:bb:f9:a3:11:
         2f:6f:3d:f8:1d:eb:38:4c:43:bf:36:02:1e:4d:f3:2b:97:3a:
         5b:fc:af:6e:cc:a9:51:6c:22:dc:c2:01:30:15:6d:d8:53:c6:
         28:b5:ba:de:eb:7a:4c:95:f1:45:c1:d7:4d:3d:1d:9c:00:9c:
         a2:26:88:a1:ac:6c:db:5e:2a:c1:de:5b:ca:40:9d:ea:d8:11:
         9f:4c:69:56:39:18:b8:a0:c5:3a:22:8b:03:d2:fe:5c:5f:07:
         7f:ac:20:68:04:6a:31:ae:94:d2:1a:40:d3:7b:e2:51:08:73:
         20:cf:f0:1b:ec:70:18:ce:2e:a6:7d:94:52:2e:3f:f1:24:ec:
         ce:3b:eb:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZbOB6mZqUOBFNhd2uMSkUHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTE0MDkwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2I4NzA3MGU2NjdhYzJhNmE2M2MxY2Q1ZTA5ZWZmYTk0MjIwMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWtM3O+fASE8mxhi7m6tJqi2CwSL
F5gxBCvIJbyP/QenMgH1qjnDGUZwctik9mpWB12MjHgfiD3TdyIXuZKa3PbsuiZa
Wt82wjXLnrsk8pQjr30jlUnRztxwp6iAhXPRu7ebYovCOFhKAgANkR7UH6SHWAUr
az8dG3rdK0myMGnryfqkLy08pWAb2VjRI0oGRgqORk/sJk9xgxvR8Ud6lL31mvVe
mPHbKRU+JN4+d6KJ2NljYjJ1fUnMYO1GY/i0E4NE8Rf9Y2PJ7Fcc7vP0fLecrQkc
QJu9vxRzq1eV4y0kVU8t38jGi58IhwBqMQ1rQW/wNTz8VmQyfHpFqhDbpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLe4cHDmZ6wqamPBzV4J7/qUIgNXMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdDdod2NPWm5yQ3BxWThITlhnbnYtcFFpQTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhA8gDAN
BgkqhkiG9w0BAQsFAAOCAQEAMmzj6E9mjEEmQ/2I/2osMSJ5tixtuFR764IvE8Xf
ZTkkx4TLm8lDYm4m+S1sxafFiJkOhLFZBO88yeUHe3xjkGKyLBscwkqotc15mzec
KbmNjDTY8v9VjxdZ/ixGpi6LZZO1N985Re92xh6avQ/vP1H6zZtjhWavl3a7+aMR
L289+B3rOExDvzYCHk3zK5c6W/yvbsypUWwi3MIBMBVt2FPGKLW63ut6TJXxRcHX
TT0dnACcoiaIoaxs214qwd5bykCd6tgRn0xpVjkYuKDFOiKLA9L+XF8Hf6wgaARq
Ma6U0hpA03viUQhzIM/wG+xwGM4upn2UUi4/8STszjvrVw==
-----END CERTIFICATE-----