Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/vXLLd3M5Fp_OSZQJZw8libtrJcs.roa
File:                     vXLLd3M5Fp_OSZQJZw8libtrJcs.roa (raw, json)
Hash identifier:          5RnY5Zk8+zHUxbvg6MbFO9D3X4icftf+/rMTbrX2Vpc=
Subject key identifier:   BD:72:CB:77:73:39:16:9F:CE:49:94:09:67:0F:25:89:BB:6B:25:CB
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01965A34C3AA9EB1A87AC5C4E13D13F7E041
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/vXLLd3M5Fp_OSZQJZw8libtrJcs.roa
Signing time:             Mon 21 Apr 2025 21:15:29 +0000
ROA not before:           Mon 21 Apr 2025 21:15:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211432
IP address blocks:        2a13:c243:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:34:c3:aa:9e:b1:a8:7a:c5:c4:e1:3d:13:f7:e0:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 21 21:15:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd72cb777339169fce499409670f2589bb6b25cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:34:fa:8e:02:b1:c5:bd:da:82:05:16:1f:f7:
                    62:bd:c3:22:0f:23:d3:e4:d4:c7:8c:d5:97:5c:6f:
                    f3:c5:99:91:64:8a:3e:02:d9:1e:e3:4d:bf:f7:23:
                    8b:b7:7b:c8:2e:da:2c:4a:9c:4b:3c:c8:d7:d8:0a:
                    5c:84:00:8d:1c:b7:43:f1:4b:a3:e1:13:87:d2:96:
                    0d:96:4a:18:ff:13:8d:d5:94:30:95:07:da:92:d1:
                    a5:84:54:9a:d6:2f:8d:4e:9e:02:7c:71:7f:c8:69:
                    c1:3b:c8:f6:d6:90:33:79:37:74:1c:b8:a1:aa:bc:
                    ec:fb:6d:2e:dc:62:68:d3:fc:e2:0a:e2:fd:5c:f1:
                    3e:35:63:5b:51:3a:01:a0:d1:8c:2d:6f:8e:28:dd:
                    b6:89:13:84:f1:ef:4f:4f:46:9f:dc:0d:83:ca:28:
                    3b:e3:3b:e5:ea:29:87:68:67:bd:dc:0f:6c:55:8c:
                    68:cf:6f:5c:97:12:b9:a3:77:19:be:cb:f2:10:f6:
                    1d:dd:6d:c7:4a:aa:54:b4:2e:af:f2:fb:31:1f:59:
                    68:31:2f:0d:d4:6e:08:61:65:e2:32:d4:a7:b8:51:
                    34:04:a4:f8:b2:fb:a7:31:ad:60:ab:b8:d4:1f:e4:
                    c4:1f:ca:4d:2f:06:69:fc:ee:65:ee:05:87:f8:41:
                    1c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:72:CB:77:73:39:16:9F:CE:49:94:09:67:0F:25:89:BB:6B:25:CB
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/vXLLd3M5Fp_OSZQJZw8libtrJcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c243:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         d2:13:80:b2:31:73:20:2b:13:86:0a:c6:b8:6c:f7:da:0a:21:
         61:24:80:c2:cc:f6:01:2f:61:d7:d5:b9:96:3c:7f:85:40:1b:
         5d:b6:9f:c2:3a:11:4d:82:22:f9:c5:d1:ef:2c:cd:d2:1e:20:
         8d:96:39:ab:68:d2:29:bf:f3:32:82:96:73:b4:48:bd:e4:3b:
         24:4d:0f:02:16:da:4b:42:f4:3e:9f:fe:2e:d3:57:19:19:a5:
         75:49:99:0b:4e:90:aa:c1:c0:0f:81:69:b3:8d:9d:9f:f1:e9:
         86:47:2d:03:37:54:18:5d:c6:db:56:e1:48:2a:bf:8e:7c:05:
         e8:71:74:f8:b9:28:05:89:72:ce:64:a4:c1:9a:b2:68:35:4b:
         13:10:32:42:20:14:da:eb:05:b6:c5:b9:0e:d9:41:e8:79:80:
         6d:1c:53:1e:7c:1c:cc:7f:75:94:c1:fa:5e:4d:33:3f:ae:29:
         28:c3:0b:b6:57:df:89:1c:df:9a:e3:48:d9:d1:49:24:82:9c:
         21:29:12:2c:21:33:d4:ce:4d:a2:a1:39:a4:f8:03:0f:28:ed:
         6d:c4:72:c6:63:d7:da:c1:86:2a:78:b5:c6:ba:26:93:23:33:
         01:2e:34:8b:6f:e9:3e:3f:98:32:04:56:86:99:f7:c2:fe:db:
         05:f7:43:6d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZaNMOqnrGoesXE4T0T9+BBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExNTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDcyY2I3NzczMzkxNjlmY2U0OTk0MDk2NzBmMjU4OWJiNmIyNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszT6jgKxxb3aggUWH/divcMiDyPT
5NTHjNWXXG/zxZmRZIo+Atke402/9yOLt3vILtosSpxLPMjX2ApchACNHLdD8Uuj
4ROH0pYNlkoY/xON1ZQwlQfaktGlhFSa1i+NTp4CfHF/yGnBO8j21pAzeTd0HLih
qrzs+20u3GJo0/ziCuL9XPE+NWNbUToBoNGMLW+OKN22iROE8e9PT0af3A2Dyig7
4zvl6imHaGe93A9sVYxoz29clxK5o3cZvsvyEPYd3W3HSqpUtC6v8vsxH1loMS8N
1G4IYWXiMtSnuFE0BKT4svunMa1gq7jUH+TEH8pNLwZp/O5l7gWH+EEc0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL1yy3dzORafzkmUCWcPJYm7ayXLMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdlhMTGQzTTVGcF9PU1pRSlp3OGxpYnRySmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhPCQ4Aw
DQYJKoZIhvcNAQELBQADggEBANITgLIxcyArE4YKxrhs99oKIWEkgMLM9gEvYdfV
uZY8f4VAG122n8I6EU2CIvnF0e8szdIeII2WOato0im/8zKClnO0SL3kOyRNDwIW
2ktC9D6f/i7TVxkZpXVJmQtOkKrBwA+BabONnZ/x6YZHLQM3VBhdxttW4Ugqv458
BehxdPi5KAWJcs5kpMGasmg1SxMQMkIgFNrrBbbFuQ7ZQeh5gG0cUx58HMx/dZTB
+l5NMz+uKSjDC7ZX34kc35rjSNnRSSSCnCEpEiwhM9TOTaKhOaT4Aw8o7W3EcsZj
19rBhip4tca6JpMjMwEuNItv6T4/mDIEVoaZ98L+2wX3Q20=
-----END CERTIFICATE-----