Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/y400N3PZclguAjhueJIgy4HOyos.roa
File:                     y400N3PZclguAjhueJIgy4HOyos.roa (raw, json)
Hash identifier:          crfkK0jw+Ihm+QT2DqlEE3XBM7PJgBYSQDaN9kZ910o=
Subject key identifier:   CB:8D:34:37:73:D9:72:58:2E:02:38:6E:78:92:20:CB:81:CE:CA:8B
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01965A34C150FE2C2AD2EFEFA4F78AA5C3C5
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/y400N3PZclguAjhueJIgy4HOyos.roa
Signing time:             Mon 21 Apr 2025 21:15:28 +0000
ROA not before:           Mon 21 Apr 2025 21:15:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42881
IP address blocks:        2a13:c241::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 14:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:34:c1:50:fe:2c:2a:d2:ef:ef:a4:f7:8a:a5:c3:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 21 21:15:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb8d343773d972582e02386e789220cb81ceca8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b6:f5:6f:e2:45:57:4f:a2:2b:af:e1:60:a4:
                    42:66:69:d4:07:ff:95:1f:c0:63:92:cc:10:67:72:
                    a7:7d:dd:e5:1f:40:03:a5:93:2a:ec:62:5a:57:16:
                    e6:b2:93:4a:4b:cb:02:f7:72:31:90:53:a2:88:a5:
                    ab:52:38:bf:32:74:1a:75:22:03:eb:aa:7e:ea:77:
                    54:68:74:65:36:92:b4:67:b6:65:3d:f8:fe:ac:47:
                    93:e9:bb:e3:ef:73:fc:d1:60:77:56:9f:49:07:7c:
                    ff:77:c6:6c:4e:86:3e:d5:6b:65:f5:c1:fd:4b:4a:
                    2f:a3:71:62:68:7c:3f:60:8a:43:e4:17:01:99:e7:
                    5c:36:f1:84:bc:3a:18:6e:d9:70:4d:33:ca:6b:7e:
                    38:d3:a3:1e:52:d0:36:51:89:75:bf:2d:71:de:dc:
                    01:00:b2:18:cc:5c:80:1d:b5:a4:d4:7d:b3:d3:3c:
                    a4:94:e1:b5:89:80:d5:bc:0b:96:7a:ef:00:08:25:
                    c3:5f:21:db:93:5b:03:e7:b8:fb:d4:d4:1b:74:c0:
                    2b:4d:b7:89:94:d8:9e:2d:83:cc:6e:82:ce:a6:c1:
                    84:5b:73:b8:52:ee:47:b9:c5:22:38:99:45:90:44:
                    8f:bf:3c:97:bf:9e:8a:97:67:ff:f3:ba:12:8f:10:
                    cb:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:8D:34:37:73:D9:72:58:2E:02:38:6E:78:92:20:CB:81:CE:CA:8B
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/y400N3PZclguAjhueJIgy4HOyos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c241::/33

    Signature Algorithm: sha256WithRSAEncryption
         55:90:bf:6f:a0:a4:eb:e5:da:8e:9f:25:9a:da:b9:c5:8b:50:
         d3:43:0f:0f:7d:c5:3d:52:98:10:84:6c:e0:6d:dd:0f:6b:2a:
         53:6a:2a:87:34:e3:f1:52:4e:d4:b9:03:06:4d:f5:0d:3e:9c:
         81:78:a2:dd:9b:8c:20:1c:05:b9:81:3b:46:33:c8:75:38:f2:
         29:e0:ee:a3:5d:46:4b:7e:34:6a:fc:1b:34:1e:3f:b3:b1:39:
         d8:07:ea:1a:33:1f:64:db:1c:cf:2d:55:31:ff:14:3c:03:ea:
         2f:e7:08:17:9f:ca:2d:56:9d:50:df:32:4d:fd:c0:d3:a1:3b:
         15:2b:d7:de:9d:90:5b:b7:49:f8:97:4a:a6:5d:2e:a9:fd:30:
         c4:91:4c:97:1e:4f:c8:5e:87:76:ec:03:d0:1b:c8:a9:02:22:
         ab:b9:95:65:4d:6b:91:ca:15:7f:22:7e:6f:8e:53:2d:08:ed:
         c8:24:a1:76:e6:32:3c:a4:c7:b6:ab:c5:61:ab:a7:ae:6b:a6:
         c3:64:b5:9f:70:21:e7:25:4a:91:e9:f7:41:6d:3e:74:bf:86:
         cd:17:a8:7e:09:27:e9:cc:b3:46:6b:99:ba:31:19:9d:6e:7f:
         05:7b:a1:8c:2e:97:70:36:f2:62:2b:59:68:6e:31:0b:66:ff:
         cb:99:0f:b4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZaNMFQ/iwq0u/vpPeKpcPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjhkMzQzNzczZDk3MjU4MmUwMjM4NmU3ODkyMjBjYjgxY2VjYThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bb1b+JFV0+iK6/hYKRCZmnUB/+V
H8BjkswQZ3Knfd3lH0ADpZMq7GJaVxbmspNKS8sC93IxkFOiiKWrUji/MnQadSID
66p+6ndUaHRlNpK0Z7ZlPfj+rEeT6bvj73P80WB3Vp9JB3z/d8ZsToY+1Wtl9cH9
S0ovo3FiaHw/YIpD5BcBmedcNvGEvDoYbtlwTTPKa34406MeUtA2UYl1vy1x3twB
ALIYzFyAHbWk1H2z0zyklOG1iYDVvAuWeu8ACCXDXyHbk1sD57j71NQbdMArTbeJ
lNieLYPMboLOpsGEW3O4Uu5HucUiOJlFkESPvzyXv56Kl2f/87oSjxDLTwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMuNNDdz2XJYLgI4bniSIMuBzsqLMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEveTQwME4zUFpjbGd1QWpodWVKSWd5NEhPeW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhPCQQAw
DQYJKoZIhvcNAQELBQADggEBAFWQv2+gpOvl2o6fJZraucWLUNNDDw99xT1SmBCE
bOBt3Q9rKlNqKoc04/FSTtS5AwZN9Q0+nIF4ot2bjCAcBbmBO0YzyHU48ing7qNd
Rkt+NGr8GzQeP7OxOdgH6hozH2TbHM8tVTH/FDwD6i/nCBefyi1WnVDfMk39wNOh
OxUr196dkFu3SfiXSqZdLqn9MMSRTJceT8heh3bsA9AbyKkCIqu5lWVNa5HKFX8i
fm+OUy0I7cgkoXbmMjykx7arxWGrp65rpsNktZ9wIeclSpHp90FtPnS/hs0XqH4J
J+nMs0ZrmboxGZ1ufwV7oYwul3A28mIrWWhuMQtm/8uZD7Q=
-----END CERTIFICATE-----