Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/383_1VdEp3KzVtUy-zLsnKElzJw.roa
File:                     383_1VdEp3KzVtUy-zLsnKElzJw.roa (raw, json)
Hash identifier:          XyJabMx2wI0xpA2wlE851CYHJAotzoRPG9v2++m9Fas=
Subject key identifier:   DF:CD:FF:D5:57:44:A7:72:B3:56:D5:32:FB:32:EC:9C:A1:25:CC:9C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195BF318B767253E23A6EDD845092CAA476
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/383_1VdEp3KzVtUy-zLsnKElzJw.roa
Signing time:             Sat 22 Mar 2025 18:50:49 +0000
ROA not before:           Sat 22 Mar 2025 18:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213705
IP address blocks:        2a06:5fc0::/29 maxlen: 29
                          2a14:1100::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:31:8b:76:72:53:e2:3a:6e:dd:84:50:92:ca:a4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 22 18:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfcdffd55744a772b356d532fb32ec9ca125cc9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:31:c9:63:0f:c2:51:87:98:85:2b:50:ef:53:
                    95:7c:a3:36:76:01:b8:60:c5:28:39:68:c7:92:49:
                    bd:88:d7:6d:7c:81:f5:85:a1:0d:52:c3:d5:bf:cb:
                    61:73:a9:b8:64:35:34:64:f0:e1:87:31:b0:a8:49:
                    c0:00:55:a1:88:24:79:a4:7f:59:5a:f2:59:ee:29:
                    76:22:71:5b:2c:c7:7a:d1:f8:38:b9:1d:98:d6:2c:
                    52:08:53:9f:90:4d:ed:08:97:82:8a:cb:6d:c0:4e:
                    84:9f:9a:bd:81:88:18:69:b3:74:0d:07:f8:ae:71:
                    c6:c2:f7:c8:4b:02:63:af:3d:5e:17:e3:07:f7:fb:
                    59:9d:2c:8a:df:ed:92:b4:10:a5:76:fa:fe:55:7d:
                    c5:ae:f7:41:bd:3a:c0:8c:75:e5:d1:36:99:aa:a3:
                    f8:97:0d:d8:37:10:76:cf:66:97:ed:95:2f:05:5a:
                    44:bd:df:ce:2b:39:8a:57:6c:02:cb:54:c2:14:52:
                    cb:bc:ea:26:48:3e:69:96:20:d2:e5:b0:77:dc:b7:
                    c8:f2:21:e3:91:be:2e:23:3f:24:8c:5b:86:5c:3e:
                    af:48:4e:1b:0b:43:cf:fe:40:b2:53:30:50:b4:3f:
                    0e:f6:85:f1:eb:8f:9a:09:f9:cc:f1:47:e5:24:df:
                    de:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:CD:FF:D5:57:44:A7:72:B3:56:D5:32:FB:32:EC:9C:A1:25:CC:9C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/383_1VdEp3KzVtUy-zLsnKElzJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:5fc0::/29
                  2a14:1100::/33

    Signature Algorithm: sha256WithRSAEncryption
         a4:f9:48:e7:2b:55:be:55:e3:48:c7:8b:07:0a:71:7f:43:d4:
         1b:a8:ed:b9:e0:9d:43:7d:05:bf:b1:b8:5f:a8:34:9f:0d:d9:
         e3:03:83:a5:88:c4:92:8d:ae:ad:dd:7a:ac:f4:47:f9:71:b8:
         34:b4:e2:24:b6:53:10:89:46:2f:09:8d:64:6c:dc:cf:97:c2:
         ad:ce:d1:34:de:0f:4f:6e:e5:f7:c3:85:22:38:72:f1:15:1b:
         1a:61:19:5b:f1:02:9a:d1:a7:70:34:67:03:15:f1:4c:bf:07:
         42:82:8c:18:a8:58:66:71:29:7a:b1:24:98:10:de:0c:5f:eb:
         76:c6:70:84:2d:a0:9c:ce:4b:f7:fb:92:92:9a:11:44:5c:de:
         77:a5:c1:cd:7c:cc:fc:38:bc:67:bb:45:65:1f:c1:ba:a9:72:
         3c:6d:a1:b7:30:c1:9a:7d:8b:d0:76:ec:a5:3d:fa:de:61:1a:
         9c:15:37:15:0b:f0:a9:6d:c0:92:2c:7e:95:41:f4:7d:4a:9b:
         cf:d6:a8:71:4c:f9:91:c5:38:55:79:09:7d:e4:e1:ba:80:65:
         55:a7:32:cb:ac:8c:c2:69:84:76:d0:76:22:39:12:98:61:a4:
         78:59:79:13:04:41:1f:73:28:cb:e7:ba:7d:b2:e8:83:b8:ce:
         42:ef:28:fc
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZW/MYt2clPiOm7dhFCSyqR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzIyMTg1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNkZmZkNTU3NDRhNzcyYjM1NmQ1MzJmYjMyZWM5Y2ExMjVjYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DHJYw/CUYeYhStQ71OVfKM2dgG4
YMUoOWjHkkm9iNdtfIH1haENUsPVv8thc6m4ZDU0ZPDhhzGwqEnAAFWhiCR5pH9Z
WvJZ7il2InFbLMd60fg4uR2Y1ixSCFOfkE3tCJeCisttwE6En5q9gYgYabN0DQf4
rnHGwvfISwJjrz1eF+MH9/tZnSyK3+2StBCldvr+VX3FrvdBvTrAjHXl0TaZqqP4
lw3YNxB2z2aX7ZUvBVpEvd/OKzmKV2wCy1TCFFLLvOomSD5pliDS5bB33LfI8iHj
kb4uIz8kjFuGXD6vSE4bC0PP/kCyUzBQtD8O9oXx64+aCfnM8UflJN/eHwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFN/N/9VXRKdys1bVMvsy7JyhJcycMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvMzgzXzFWZEVwM0t6VnRVeS16THNuS0Vsekp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUDKgZfwAMG
ByoUEQAAMA0GCSqGSIb3DQEBCwUAA4IBAQCk+UjnK1W+VeNIx4sHCnF/Q9QbqO25
4J1DfQW/sbhfqDSfDdnjA4OliMSSja6t3Xqs9Ef5cbg0tOIktlMQiUYvCY1kbNzP
l8KtztE03g9PbuX3w4UiOHLxFRsaYRlb8QKa0adwNGcDFfFMvwdCgowYqFhmcSl6
sSSYEN4MX+t2xnCELaCczkv3+5KSmhFEXN53pcHNfMz8OLxnu0VlH8G6qXI8baG3
MMGafYvQduylPfreYRqcFTcVC/CpbcCSLH6VQfR9SpvP1qhxTPmRxThVeQl95OG6
gGVVpzLLrIzCaYR20HYiORKYYaR4WXkTBEEfcyjL57p9suiDuM5C7yj8
-----END CERTIFICATE-----