Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LtUjnrQjM9uDrr6tmxy8q8oRsv4.roa
File:                     LtUjnrQjM9uDrr6tmxy8q8oRsv4.roa (raw, json)
Hash identifier:          CbBsJ/sbj5836jDP9irhHqQ7RNdNUafFvAX4BkHy7sg=
Subject key identifier:   2E:D5:23:9E:B4:23:33:DB:83:AE:BE:AD:9B:1C:BC:AB:CA:11:B2:FE
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195BF3360213657D9D748898157FD3D0726
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LtUjnrQjM9uDrr6tmxy8q8oRsv4.roa
Signing time:             Sat 22 Mar 2025 18:52:49 +0000
ROA not before:           Sat 22 Mar 2025 18:52:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202496
IP address blocks:        2a05:9a40::/29 maxlen: 29
                          2a14:1104:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 22:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:33:60:21:36:57:d9:d7:48:89:81:57:fd:3d:07:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 22 18:52:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ed5239eb42333db83aebead9b1cbcabca11b2fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a2:af:fb:29:01:23:80:a8:08:38:f8:c1:2c:
                    e0:68:ae:be:ee:3c:b5:c2:68:df:a5:e0:3e:80:21:
                    9b:b2:1c:45:88:25:8d:b7:42:d0:ae:e2:45:ad:0c:
                    a2:60:44:2a:ac:30:7a:01:3c:99:bb:78:d7:d4:c1:
                    ee:31:26:42:67:46:07:74:ea:02:42:6e:b9:19:03:
                    50:60:f3:fb:f6:e5:9a:97:c3:6b:e6:f2:65:02:ff:
                    ed:4b:7b:57:fd:b1:c9:69:94:dd:3e:48:32:48:27:
                    23:a4:e0:7e:a7:7f:c4:0f:52:50:4d:57:6e:14:83:
                    52:b5:9c:44:8e:85:20:5a:88:c9:ac:48:76:75:4f:
                    e8:63:20:cf:d9:65:b7:a7:26:83:bb:e5:25:c5:d1:
                    3b:02:a5:bb:1e:ca:35:e5:64:d1:77:03:91:67:27:
                    75:ee:83:cc:ba:db:44:d6:1b:8f:27:50:da:b8:45:
                    40:2a:73:ea:c3:39:bf:07:ac:26:5a:eb:4b:be:d9:
                    e2:18:ea:5f:b3:7c:f5:67:6c:34:47:da:41:db:91:
                    40:d4:82:b7:b3:b3:01:ce:5d:35:7c:41:72:35:01:
                    24:c0:70:19:32:9c:eb:c4:95:8d:e9:58:37:1c:6b:
                    c6:05:de:b2:24:10:49:f7:38:c5:ce:3c:11:5e:6c:
                    75:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D5:23:9E:B4:23:33:DB:83:AE:BE:AD:9B:1C:BC:AB:CA:11:B2:FE
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LtUjnrQjM9uDrr6tmxy8q8oRsv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a40::/29
                  2a14:1104:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         26:c4:f0:36:44:d1:0e:a7:d4:21:d9:7d:99:8f:54:e9:9e:6c:
         04:f4:08:ff:b0:65:a2:cc:dd:5d:9b:66:d1:47:b4:65:b8:70:
         9c:e6:b1:e0:27:79:e1:af:a1:00:71:1c:88:65:bb:e5:07:10:
         ea:67:13:d6:68:9d:62:28:49:73:95:d2:47:06:6c:3a:bc:08:
         b5:c0:8a:9d:c2:9d:3a:d8:82:e5:0c:4f:ae:4a:90:9b:23:6f:
         96:37:58:d5:2f:22:be:eb:26:8f:0c:05:6e:eb:cf:f0:f0:8d:
         0c:39:29:c0:94:33:8f:19:86:ac:a0:d6:e6:9e:de:17:16:26:
         55:d6:b4:e5:4e:d2:33:95:1a:2f:ab:5a:15:fd:29:82:95:ed:
         bd:c6:89:d2:6a:67:37:b1:c7:a6:10:79:de:e0:fc:1b:18:fc:
         ec:6b:25:22:32:26:a5:2a:dd:c4:bc:c2:73:51:05:c3:4d:38:
         f2:fd:a5:59:11:e0:89:67:ef:d4:80:e7:91:7f:4f:07:97:23:
         21:d2:9d:6a:51:80:12:30:23:0a:30:72:61:9f:17:94:70:24:
         cd:77:ab:23:2a:f7:e7:3b:f4:40:9d:90:6a:13:fd:97:2c:2b:
         d6:c4:6f:54:88:f3:db:40:23:e1:3a:64:27:d9:7b:a2:30:60:
         43:51:c0:c0
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZW/M2AhNlfZ10iJgVf9PQcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzIyMTg1MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ1MjM5ZWI0MjMzM2RiODNhZWJlYWQ5YjFjYmNhYmNhMTFiMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qKv+ykBI4CoCDj4wSzgaK6+7jy1
wmjfpeA+gCGbshxFiCWNt0LQruJFrQyiYEQqrDB6ATyZu3jX1MHuMSZCZ0YHdOoC
Qm65GQNQYPP79uWal8Nr5vJlAv/tS3tX/bHJaZTdPkgySCcjpOB+p3/ED1JQTVdu
FINStZxEjoUgWojJrEh2dU/oYyDP2WW3pyaDu+UlxdE7AqW7Hso15WTRdwORZyd1
7oPMuttE1huPJ1DauEVAKnPqwzm/B6wmWutLvtniGOpfs3z1Z2w0R9pB25FA1IK3
s7MBzl01fEFyNQEkwHAZMpzrxJWN6Vg3HGvGBd6yJBBJ9zjFzjwRXmx1pQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFC7VI560IzPbg66+rZscvKvKEbL+MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTHRVam5yUWpNOXVEcnI2dG14eThxOG9Sc3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUDKgWaQAMG
ByoUEQSAMA0GCSqGSIb3DQEBCwUAA4IBAQAmxPA2RNEOp9Qh2X2Zj1TpnmwE9Aj/
sGWizN1dm2bRR7RluHCc5rHgJ3nhr6EAcRyIZbvlBxDqZxPWaJ1iKElzldJHBmw6
vAi1wIqdwp062ILlDE+uSpCbI2+WN1jVLyK+6yaPDAVu68/w8I0MOSnAlDOPGYas
oNbmnt4XFiZV1rTlTtIzlRovq1oV/SmCle29xonSamc3scemEHne4PwbGPzsayUi
MialKt3EvMJzUQXDTTjy/aVZEeCJZ+/UgOeRf08HlyMh0p1qUYASMCMKMHJhnxeU
cCTNd6sjKvfnO/RAnZBqE/2XLCvWxG9UiPPbQCPhOmQn2XuiMGBDUcDA
-----END CERTIFICATE-----