Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aUfIJPIIiz2wd5AKxInInOBjBbA.roa
File:                     aUfIJPIIiz2wd5AKxInInOBjBbA.roa (raw, json)
Hash identifier:          jXwXl9/ue3Ht/mMU3QCKF3TMJ1Ra0OrTmpd0rcriA7s=
Subject key identifier:   69:47:C8:24:F2:08:8B:3D:B0:77:90:0A:C4:89:C8:9C:E0:63:05:B0
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195C9CDE943BE9EDCFFA3EC56FDD45E9FEB
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aUfIJPIIiz2wd5AKxInInOBjBbA.roa
Signing time:             Mon 24 Mar 2025 20:17:49 +0000
ROA not before:           Mon 24 Mar 2025 20:17:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a13:c240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c9:cd:e9:43:be:9e:dc:ff:a3:ec:56:fd:d4:5e:9f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 24 20:17:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6947c824f2088b3db077900ac489c89ce06305b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:b5:a7:02:e2:b0:10:ec:6e:52:07:09:61:
                    dc:09:57:22:d7:c8:a9:5e:9e:56:9f:08:b9:01:cf:
                    da:0a:ab:81:78:dc:3d:59:c1:5c:74:4e:4c:de:4e:
                    59:6b:68:dc:cf:be:d8:e7:5e:76:d8:25:8f:84:e9:
                    86:80:77:6e:b7:3c:fd:6a:ac:62:0e:50:3f:11:4c:
                    74:3c:ae:1c:43:ee:9e:40:14:b0:b1:7a:b2:f0:2b:
                    34:f2:19:3c:ad:d4:fc:7f:d4:20:8c:37:a8:ad:e5:
                    e1:e4:94:7f:08:8d:cf:13:53:8a:1c:74:0c:55:07:
                    28:0a:56:0b:06:98:d0:50:46:07:68:c7:9b:3c:54:
                    39:97:78:bf:15:d2:02:62:38:b9:9d:b1:db:fa:a3:
                    f0:a9:12:69:f0:44:20:af:8c:4f:81:f2:35:ae:06:
                    79:0a:9d:75:b6:dc:fc:29:f5:7d:0c:a2:ba:c2:bc:
                    e8:5f:6b:bc:c0:32:35:2b:b1:70:a2:1b:30:30:6a:
                    cc:6e:aa:20:4c:cf:81:e0:5b:32:5e:36:01:a2:2c:
                    18:e2:c6:3b:16:a8:69:93:2f:2f:83:15:5a:37:69:
                    da:39:3d:bd:17:d1:6e:de:10:04:00:c0:f4:5b:bb:
                    50:8b:d2:52:6a:21:4b:06:d6:95:7e:4a:1c:5c:a2:
                    fd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:47:C8:24:F2:08:8B:3D:B0:77:90:0A:C4:89:C8:9C:E0:63:05:B0
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aUfIJPIIiz2wd5AKxInInOBjBbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c240::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:d9:00:64:00:e6:03:40:bc:2d:06:5b:c1:64:cc:64:c1:1a:
         a5:5e:c5:5a:14:a4:77:44:5c:92:f5:b2:60:e6:72:af:07:f5:
         de:81:20:82:a6:54:f8:34:8f:b5:ce:68:47:17:f1:21:cf:5e:
         51:10:ab:7a:3c:a7:c8:f3:f0:ac:e8:b3:2b:c8:9e:0d:d1:1a:
         5e:23:bf:3f:f1:ab:99:fa:b4:5b:36:a2:d7:fe:8c:8e:07:4f:
         f7:71:2f:1d:49:d8:4c:03:20:b6:98:9f:5f:fe:ff:39:0f:1a:
         d4:4d:d0:36:a8:d2:bc:b2:9c:34:da:ed:82:f9:ee:a6:61:94:
         54:2b:c1:97:ca:b9:23:b2:d5:d3:f5:10:e1:f7:d9:1e:ee:7b:
         1d:81:d7:8f:fc:23:5b:a6:d5:e4:76:9e:5a:4b:af:27:1f:62:
         65:f6:9b:30:c9:43:98:58:ae:96:12:f2:31:5e:76:a7:3c:3e:
         9d:30:44:b2:0d:51:fe:30:48:ec:23:c5:44:d2:10:4f:36:d7:
         be:8c:b2:f9:30:db:0f:d6:bc:6f:69:c9:5e:3a:25:e7:16:56:
         ca:31:5c:19:5f:fd:cd:c7:bd:00:eb:bd:1e:20:11:bf:ce:70:
         49:be:f9:9e:1e:5c:ef:ad:f2:8e:d4:b6:d6:62:21:8d:01:80:
         9d:8b:72:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXJzelDvp7c/6PsVv3UXp/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzI0MjAxNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTQ3YzgyNGYyMDg4YjNkYjA3NzkwMGFjNDg5Yzg5Y2UwNjMwNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYK1pwLisBDsblIHCWHcCVci18ip
Xp5Wnwi5Ac/aCquBeNw9WcFcdE5M3k5Za2jcz77Y51522CWPhOmGgHdutzz9aqxi
DlA/EUx0PK4cQ+6eQBSwsXqy8Cs08hk8rdT8f9QgjDeoreXh5JR/CI3PE1OKHHQM
VQcoClYLBpjQUEYHaMebPFQ5l3i/FdICYji5nbHb+qPwqRJp8EQgr4xPgfI1rgZ5
Cp11ttz8KfV9DKK6wrzoX2u8wDI1K7FwohswMGrMbqogTM+B4FsyXjYBoiwY4sY7
Fqhpky8vgxVaN2naOT29F9Fu3hAEAMD0W7tQi9JSaiFLBtaVfkocXKL9rwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGlHyCTyCIs9sHeQCsSJyJzgYwWwMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvYVVmSUpQSUlpejJ3ZDVBS3hJbkluT0JqQmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPCQDAN
BgkqhkiG9w0BAQsFAAOCAQEAYtkAZADmA0C8LQZbwWTMZMEapV7FWhSkd0RckvWy
YOZyrwf13oEggqZU+DSPtc5oRxfxIc9eURCrejynyPPwrOizK8ieDdEaXiO/P/Gr
mfq0Wzai1/6MjgdP93EvHUnYTAMgtpifX/7/OQ8a1E3QNqjSvLKcNNrtgvnupmGU
VCvBl8q5I7LV0/UQ4ffZHu57HYHXj/wjW6bV5HaeWkuvJx9iZfabMMlDmFiulhLy
MV52pzw+nTBEsg1R/jBI7CPFRNIQTzbXvoyy+TDbD9a8b2nJXjol5xZWyjFcGV/9
zce9AOu9HiARv85wSb75nh5c763yjtS21mIhjQGAnYtyfg==
-----END CERTIFICATE-----