Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/vQc_bZT2DB7tP_6paeqse-xLhts.roa
File:                     vQc_bZT2DB7tP_6paeqse-xLhts.roa (raw, json)
Hash identifier:          g1N22LMn3sIqbymnJWRyefIeCeqv+pLoVca/Gby/sk8=
Subject key identifier:   BD:07:3F:6D:94:F6:0C:1E:ED:3F:FE:A9:69:EA:AC:7B:EC:4B:86:DB
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01968A8716DFE4D04961404D95C54CD3BE01
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/vQc_bZT2DB7tP_6paeqse-xLhts.roa
Signing time:             Thu 01 May 2025 06:27:11 +0000
ROA not before:           Thu 01 May 2025 06:27:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205227
IP address blocks:        2a13:c245:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8a:87:16:df:e4:d0:49:61:40:4d:95:c5:4c:d3:be:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  1 06:27:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd073f6d94f60c1eed3ffea969eaac7bec4b86db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:35:f7:c8:04:13:ef:97:bb:4a:e9:f0:f1:53:
                    24:be:a5:3a:b8:e5:6b:df:ae:f6:bb:75:02:e8:61:
                    7e:5c:c8:d2:d7:d2:df:96:a7:e3:90:7b:80:3e:a6:
                    99:ee:fc:ff:a3:e4:6e:49:17:a6:47:87:68:7e:4b:
                    52:3b:9f:68:d2:60:d9:76:28:fb:4a:e0:29:e0:d3:
                    93:42:43:11:88:bb:13:87:e7:ab:37:32:12:be:f4:
                    4d:ed:5f:8b:be:08:03:2a:46:75:ba:93:40:20:98:
                    c3:b4:36:17:af:93:f4:1f:37:68:16:f6:9f:bc:59:
                    42:c2:05:c9:d7:33:be:8b:8c:81:ef:fa:eb:92:e8:
                    d4:00:37:11:a8:55:9d:b4:21:7b:53:b5:6b:be:16:
                    31:80:14:c1:70:ab:37:c0:4f:06:4b:db:4b:f7:4b:
                    b8:fc:6f:18:25:8a:20:1d:8e:7f:03:24:c0:32:d4:
                    52:51:36:22:1b:4b:b0:e6:93:f0:52:dd:98:51:1e:
                    3c:b7:80:13:e0:f2:2b:89:7c:b0:4d:34:c9:65:ce:
                    64:ae:a7:38:1d:df:a6:7f:3e:df:25:32:b7:b0:4f:
                    93:b7:ff:54:15:01:a5:19:34:9b:8d:66:bb:9d:49:
                    a0:39:20:34:e0:2f:71:f5:37:e6:b4:ad:35:3b:45:
                    47:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:07:3F:6D:94:F6:0C:1E:ED:3F:FE:A9:69:EA:AC:7B:EC:4B:86:DB
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/vQc_bZT2DB7tP_6paeqse-xLhts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c245:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         e1:0e:54:15:22:07:dc:87:78:a3:8a:da:cd:f7:2e:60:51:13:
         cb:e5:38:2a:b6:69:1c:40:c5:fc:31:3d:ac:95:3e:9b:a0:ee:
         ed:25:11:f0:30:e7:03:2e:a6:09:25:6d:0e:6f:25:83:09:b8:
         13:4e:02:a2:37:43:02:25:83:3d:b1:d6:21:ca:4e:59:fe:de:
         43:bc:30:db:53:72:c2:06:1b:53:83:07:ee:52:01:eb:f2:24:
         a3:08:e1:b4:43:a9:8a:48:2d:06:37:8e:92:79:a1:d5:4c:f2:
         cc:a5:04:f4:e4:69:d8:dc:3f:66:03:6c:1e:a4:2d:17:55:ff:
         35:94:a9:46:9d:6b:0b:9d:cd:95:4a:3b:8f:27:24:22:cb:bb:
         61:58:97:bf:b0:a4:12:3a:7d:e6:f4:85:08:e8:d1:b3:86:0b:
         66:14:5b:3f:fa:f8:8d:00:30:d8:37:96:a4:2d:b6:42:22:42:
         b4:4d:78:66:20:77:37:69:b2:6a:aa:02:21:e2:1f:ce:e8:84:
         25:ab:cd:03:65:03:5c:30:d2:7f:a3:0b:72:4d:67:c9:e6:53:
         29:42:c4:b0:36:54:66:13:73:01:b2:0d:a0:71:94:b4:8f:f3:
         4e:46:30:dc:3c:de:c2:e7:5f:69:88:7b:96:4f:a5:ac:04:4e:
         93:ea:d1:76
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZaKhxbf5NBJYUBNlcVM074BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTAxMDYyNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDA3M2Y2ZDk0ZjYwYzFlZWQzZmZlYTk2OWVhYWM3YmVjNGI4NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzX3yAQT75e7Sunw8VMkvqU6uOVr
3672u3UC6GF+XMjS19LflqfjkHuAPqaZ7vz/o+RuSRemR4dofktSO59o0mDZdij7
SuAp4NOTQkMRiLsTh+erNzISvvRN7V+LvggDKkZ1upNAIJjDtDYXr5P0HzdoFvaf
vFlCwgXJ1zO+i4yB7/rrkujUADcRqFWdtCF7U7VrvhYxgBTBcKs3wE8GS9tL90u4
/G8YJYogHY5/AyTAMtRSUTYiG0uw5pPwUt2YUR48t4AT4PIriXywTTTJZc5krqc4
Hd+mfz7fJTK3sE+Tt/9UFQGlGTSbjWa7nUmgOSA04C9x9TfmtK01O0VHaQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL0HP22U9gwe7T/+qWnqrHvsS4bbMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdlFjX2JaVDJEQjd0UF82cGFlcXNlLXhMaHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhPCRYAw
DQYJKoZIhvcNAQELBQADggEBAOEOVBUiB9yHeKOK2s33LmBRE8vlOCq2aRxAxfwx
PayVPpug7u0lEfAw5wMupgklbQ5vJYMJuBNOAqI3QwIlgz2x1iHKTln+3kO8MNtT
csIGG1ODB+5SAevyJKMI4bRDqYpILQY3jpJ5odVM8sylBPTkadjcP2YDbB6kLRdV
/zWUqUadawudzZVKO48nJCLLu2FYl7+wpBI6feb0hQjo0bOGC2YUWz/6+I0AMNg3
lqQttkIiQrRNeGYgdzdpsmqqAiHiH87ohCWrzQNlA1ww0n+jC3JNZ8nmUylCxLA2
VGYTcwGyDaBxlLSP805GMNw83sLnX2mIe5ZPpawETpPq0XY=
-----END CERTIFICATE-----