Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zrrQT8knVatjn1-PImIU5Muia0k.roa
File:                     zrrQT8knVatjn1-PImIU5Muia0k.roa (raw, json)
Hash identifier:          jKvdW8mVGx8UF+so2PK3X8u+ceOdXcN640/3O9jBvQc=
Subject key identifier:   CE:BA:D0:4F:C9:27:55:AB:63:9F:5F:8F:22:62:14:E4:CB:A2:6B:49
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01965A364EF6CF74BDFEE1E2DD39633F20F1
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zrrQT8knVatjn1-PImIU5Muia0k.roa
Signing time:             Mon 21 Apr 2025 21:17:10 +0000
ROA not before:           Mon 21 Apr 2025 21:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205227
IP address blocks:        2a13:c245:8000::/33 maxlen: 33
                          2a14:1102::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:36:4e:f6:cf:74:bd:fe:e1:e2:dd:39:63:3f:20:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 21 21:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cebad04fc92755ab639f5f8f226214e4cba26b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ea:0f:e6:e6:ef:61:61:26:08:04:d8:b4:7b:
                    0d:f4:5f:2d:16:d1:f1:e0:58:d1:1a:9c:ca:e1:13:
                    89:a3:12:8f:c9:6b:8c:b0:24:cc:8f:d0:13:9a:50:
                    11:f6:59:0e:47:bd:db:45:ea:bd:df:ef:2e:4b:30:
                    8a:bd:53:01:21:f0:85:88:4c:f8:e9:6a:f4:d9:f1:
                    31:4e:a3:ea:32:23:f5:5b:4b:8b:c2:9c:0b:35:86:
                    dc:b3:c9:ed:be:fb:eb:2e:04:51:9a:e9:48:e6:b7:
                    23:6c:8f:bf:ea:7c:f1:6b:be:dd:e1:51:6f:6a:51:
                    73:d9:ba:b7:de:dc:91:11:db:c1:09:8b:eb:a4:51:
                    51:9f:30:b3:9c:b9:50:4e:8e:24:6d:27:3e:d2:17:
                    36:4f:5c:0e:39:b5:94:6b:95:17:76:87:7d:77:1f:
                    99:d1:e6:ad:19:79:c3:45:92:5a:11:02:df:d8:0a:
                    0f:03:51:6f:74:c4:64:1e:58:9c:47:ef:79:ca:d3:
                    91:eb:59:da:98:09:ec:61:77:ac:b0:c8:bd:f0:77:
                    1e:d0:e4:9e:4d:94:86:8f:e0:60:37:3a:24:08:7f:
                    91:25:da:5e:a0:f1:36:07:34:c9:04:ba:a8:64:97:
                    fb:b8:12:f7:c1:b9:6e:12:b9:20:03:d5:37:60:33:
                    8f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:BA:D0:4F:C9:27:55:AB:63:9F:5F:8F:22:62:14:E4:CB:A2:6B:49
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zrrQT8knVatjn1-PImIU5Muia0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c245:8000::/33
                  2a14:1102::/33

    Signature Algorithm: sha256WithRSAEncryption
         50:0e:66:af:b2:3e:d3:5f:f3:b8:09:55:5d:5d:eb:16:5c:44:
         1e:3e:b3:c6:87:4d:36:28:17:90:cc:04:b4:6c:5e:8c:e7:99:
         31:53:f5:79:97:86:51:24:95:82:82:ad:0c:ed:30:c6:6c:ec:
         9e:fd:e3:5b:e9:71:01:0d:86:0a:1c:1a:b0:74:1b:ce:a1:b0:
         6f:a6:96:3c:d9:e3:98:dd:27:8f:a1:63:63:93:7b:76:d5:97:
         1a:16:c5:51:dc:3e:77:ad:14:4a:36:3a:fd:bb:a1:a3:eb:90:
         f4:d8:9a:f2:1c:3e:c5:6a:90:04:4b:61:b6:76:96:bf:21:6a:
         aa:bd:e4:2e:01:3c:ce:af:a7:96:2e:30:fc:c5:b1:9f:c8:40:
         7b:5b:81:0b:00:c3:86:59:fb:98:c4:3d:57:64:a6:d4:63:86:
         e2:1f:fa:82:74:a9:3f:a4:ba:c8:0a:d4:8e:e4:52:60:93:d5:
         e5:dc:83:39:22:61:5b:ed:de:7d:dd:d8:ac:e4:75:01:2b:d1:
         10:7d:e4:79:1f:69:99:4c:ff:0d:78:7f:7d:e7:61:73:6e:d8:
         19:06:78:07:ec:10:08:73:b2:10:85:47:a7:a7:1c:4f:ab:d3:
         35:20:14:f4:2b:7e:cc:68:60:3a:82:cf:0b:bc:7b:d7:4c:7e:
         63:44:e6:1b
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZZaNk72z3S9/uHi3TljPyDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWJhZDA0ZmM5Mjc1NWFiNjM5ZjVmOGYyMjYyMTRlNGNiYTI2YjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5eoP5ubvYWEmCATYtHsN9F8tFtHx
4FjRGpzK4ROJoxKPyWuMsCTMj9ATmlAR9lkOR73bReq93+8uSzCKvVMBIfCFiEz4
6Wr02fExTqPqMiP1W0uLwpwLNYbcs8ntvvvrLgRRmulI5rcjbI+/6nzxa77d4VFv
alFz2bq33tyREdvBCYvrpFFRnzCznLlQTo4kbSc+0hc2T1wOObWUa5UXdod9dx+Z
0eatGXnDRZJaEQLf2AoPA1FvdMRkHlicR+95ytOR61namAnsYXessMi98Hce0OSe
TZSGj+BgNzokCH+RJdpeoPE2BzTJBLqoZJf7uBL3wbluErkgA9U3YDOPjQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFM660E/JJ1WrY59fjyJiFOTLomtJMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvenJyUVQ4a25WYXRqbjEtUEltSVU1TXVpYTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYHKhPCRYAD
BgcqFBECADANBgkqhkiG9w0BAQsFAAOCAQEAUA5mr7I+01/zuAlVXV3rFlxEHj6z
xodNNigXkMwEtGxejOeZMVP1eZeGUSSVgoKtDO0wxmzsnv3jW+lxAQ2GChwasHQb
zqGwb6aWPNnjmN0nj6FjY5N7dtWXGhbFUdw+d60USjY6/buho+uQ9Nia8hw+xWqQ
BEthtnaWvyFqqr3kLgE8zq+nli4w/MWxn8hAe1uBCwDDhln7mMQ9V2Sm1GOG4h/6
gnSpP6S6yArUjuRSYJPV5dyDOSJhW+3efd3YrOR1ASvREH3keR9pmUz/DXh/fedh
c27YGQZ4B+wQCHOyEIVHp6ccT6vTNSAU9Ct+zGhgOoLPC7x710x+Y0TmGw==
-----END CERTIFICATE-----