Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/5XuiSGUCaiDrzeasyRGYf9zN0hc.roa
File:                     5XuiSGUCaiDrzeasyRGYf9zN0hc.roa (raw, json)
Hash identifier:          W9p7dwJuDUWcYiPyNw+uhCjCfNUe44kqMPoHF+OrXVQ=
Subject key identifier:   E5:7B:A2:48:65:02:6A:20:EB:CD:E6:AC:C9:11:98:7F:DC:CD:D2:17
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195BF344AB072E7AC0A60D46596CE3242BF
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/5XuiSGUCaiDrzeasyRGYf9zN0hc.roa
Signing time:             Sat 22 Mar 2025 18:53:49 +0000
ROA not before:           Sat 22 Mar 2025 18:53:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201341
IP address blocks:        2a14:1105:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:34:4a:b0:72:e7:ac:0a:60:d4:65:96:ce:32:42:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 22 18:53:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e57ba24865026a20ebcde6acc911987fdccdd217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:82:44:af:34:a6:6b:33:f7:42:e4:ef:6d:c3:
                    dd:b2:52:bf:ab:5f:24:6b:35:5c:e6:88:c3:dc:cc:
                    94:8e:f6:84:b9:3c:bc:f1:ea:f0:8a:56:20:42:6a:
                    ed:2a:e2:1b:25:6a:68:1a:1b:aa:61:66:b3:40:99:
                    3b:df:ef:1b:08:bc:cf:da:a5:2d:c1:62:f1:c1:b3:
                    87:54:9b:ea:65:e1:20:97:d3:29:68:6d:40:97:64:
                    75:d0:8e:f6:d6:ed:46:1c:9c:b4:a5:d1:30:a2:96:
                    49:6d:47:ee:5d:58:c6:a2:f2:aa:c1:74:35:a2:f1:
                    23:34:a6:3b:8f:57:09:cc:72:2e:40:3a:b5:0b:b8:
                    82:05:bd:9b:31:6a:ca:42:18:19:a3:73:5e:cc:8e:
                    12:a8:fb:89:69:f6:6b:13:12:c1:fd:c4:c8:cc:d7:
                    e8:f5:b8:13:a2:22:84:d2:71:f2:2c:fc:78:64:23:
                    5a:00:c7:b2:d1:e5:67:14:7f:a2:f4:44:86:c9:e9:
                    72:38:4e:2e:8b:29:a6:28:ac:53:96:78:65:d0:7f:
                    a8:58:82:57:f9:a6:24:fb:6b:50:56:b3:95:dc:f9:
                    bc:a2:a3:6c:27:59:24:0b:9b:00:39:47:c6:3a:bf:
                    52:1e:91:b4:6d:03:e2:e4:6e:d4:14:78:da:5a:bb:
                    81:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:7B:A2:48:65:02:6A:20:EB:CD:E6:AC:C9:11:98:7F:DC:CD:D2:17
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/5XuiSGUCaiDrzeasyRGYf9zN0hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1105:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         05:a5:66:6b:b6:66:d6:86:ef:6b:ab:c2:7f:73:a1:ae:47:77:
         d7:7f:12:e7:79:b3:61:dc:25:5e:8d:b3:20:8e:98:63:3d:db:
         c3:7a:3f:11:ce:18:a6:ec:74:c9:e7:62:85:f4:f8:40:c4:39:
         db:a1:ff:92:d4:5f:21:16:d1:b5:31:50:ad:0d:1c:36:f4:7a:
         82:c0:6d:8c:37:58:36:c7:26:49:dd:45:60:bf:f2:c9:bb:7c:
         2e:5d:2b:82:36:bb:75:56:76:b8:8c:51:fd:d4:ae:44:0a:0e:
         4b:e9:04:b0:cc:bf:45:cc:34:1f:a9:3b:01:1e:1d:02:96:37:
         7d:2f:3c:7b:dc:63:c9:ac:63:7d:ff:a5:88:1f:b7:d7:4e:cd:
         3f:54:62:ae:01:87:ae:1c:6c:82:ed:c6:b2:f3:b3:46:30:b0:
         80:a0:00:9b:48:6b:81:e5:0f:71:9c:0c:d1:30:67:05:9d:2f:
         3e:67:72:ca:ee:4c:db:1b:f1:dd:f1:c7:0d:a1:3b:c9:ab:de:
         34:9c:89:76:fd:4b:db:7a:ea:fa:d1:ec:5f:f7:06:86:eb:92:
         0a:a0:39:66:a4:16:53:34:30:91:56:9c:48:77:6b:55:be:40:
         17:5f:8d:ea:f1:73:a5:34:4f:e1:3b:85:c3:5e:c7:dc:13:50:
         b6:76:1e:71
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZW/NEqwcuesCmDUZZbOMkK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzIyMTg1MzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTdiYTI0ODY1MDI2YTIwZWJjZGU2YWNjOTExOTg3ZmRjY2RkMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYJErzSmazP3QuTvbcPdslK/q18k
azVc5ojD3MyUjvaEuTy88erwilYgQmrtKuIbJWpoGhuqYWazQJk73+8bCLzP2qUt
wWLxwbOHVJvqZeEgl9MpaG1Al2R10I721u1GHJy0pdEwopZJbUfuXVjGovKqwXQ1
ovEjNKY7j1cJzHIuQDq1C7iCBb2bMWrKQhgZo3NezI4SqPuJafZrExLB/cTIzNfo
9bgToiKE0nHyLPx4ZCNaAMey0eVnFH+i9ESGyelyOE4uiymmKKxTlnhl0H+oWIJX
+aYk+2tQVrOV3Pm8oqNsJ1kkC5sAOUfGOr9SHpG0bQPi5G7UFHjaWruBrwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOV7okhlAmog683mrMkRmH/czdIXMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvNVh1aVNHVUNhaURyemVhc3lSR1lmOXpOMGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhQRBYAw
DQYJKoZIhvcNAQELBQADggEBAAWlZmu2ZtaG72urwn9zoa5Hd9d/Eud5s2HcJV6N
syCOmGM928N6PxHOGKbsdMnnYoX0+EDEOduh/5LUXyEW0bUxUK0NHDb0eoLAbYw3
WDbHJkndRWC/8sm7fC5dK4I2u3VWdriMUf3UrkQKDkvpBLDMv0XMNB+pOwEeHQKW
N30vPHvcY8msY33/pYgft9dOzT9UYq4Bh64cbILtxrLzs0YwsICgAJtIa4HlD3Gc
DNEwZwWdLz5ncsruTNsb8d3xxw2hO8mr3jSciXb9S9t66vrR7F/3BobrkgqgOWak
FlM0MJFWnEh3a1W+QBdfjerxc6U0T+E7hcNex9wTULZ2HnE=
-----END CERTIFICATE-----