Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/lMVPQLjkC-QoSgVYsO2vjf3VCIM.roa
File:                     lMVPQLjkC-QoSgVYsO2vjf3VCIM.roa (raw, json)
Hash identifier:          BL5mQNvtyZ5i4N6NpUrmm+myCp1a/0YRtOlpIpTLx8Y=
Subject key identifier:   94:C5:4F:40:B8:E4:0B:E4:28:4A:05:58:B0:ED:AF:8D:FD:D5:08:83
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195BF35356F3B97073D2EFFD949ED4736F5
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/lMVPQLjkC-QoSgVYsO2vjf3VCIM.roa
Signing time:             Sat 22 Mar 2025 18:54:50 +0000
ROA not before:           Sat 22 Mar 2025 18:54:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200216
IP address blocks:        2a14:1107:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:35:35:6f:3b:97:07:3d:2e:ff:d9:49:ed:47:36:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 22 18:54:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94c54f40b8e40be4284a0558b0edaf8dfdd50883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:88:fb:78:47:1b:fd:4c:c5:4b:d1:e8:d7:76:
                    0d:48:91:20:88:be:dc:a1:4e:02:37:c0:cf:18:82:
                    f0:1c:0b:81:a7:2e:ab:d0:c9:98:23:3e:96:0f:73:
                    ea:8b:88:c0:85:3e:09:a3:95:ca:bd:32:09:49:11:
                    00:86:1c:b4:c5:9e:9c:0f:02:a2:69:cf:e1:2c:76:
                    da:83:2b:82:f1:7d:54:f8:73:2c:a9:62:5b:eb:9b:
                    f1:8d:34:ab:e9:5b:61:eb:5d:7a:fa:23:e1:ec:61:
                    52:c2:0c:cc:df:e2:b6:52:bc:6d:11:0a:65:67:5d:
                    f4:c6:cf:92:ba:c9:ba:72:3e:f7:fb:56:2c:35:6c:
                    18:a7:41:f2:c0:33:8d:ae:0f:d5:c3:44:9d:55:d5:
                    e0:4e:1b:28:89:da:b7:63:7c:f2:ac:66:c4:ab:d6:
                    21:45:80:41:8b:1e:37:fa:b6:b9:fd:d3:e9:70:7f:
                    50:05:83:f5:a3:e0:c6:59:0e:2f:0d:eb:db:d9:3a:
                    0e:2e:d3:9b:58:0a:c8:41:ec:88:d2:42:69:20:8e:
                    57:37:4c:ad:9b:b9:47:8e:55:21:02:29:aa:b2:66:
                    78:d7:85:d2:73:d5:54:df:3c:56:f8:8b:72:57:b0:
                    e5:77:d3:73:73:c0:52:04:e1:d5:22:7d:a8:92:33:
                    bd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C5:4F:40:B8:E4:0B:E4:28:4A:05:58:B0:ED:AF:8D:FD:D5:08:83
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/lMVPQLjkC-QoSgVYsO2vjf3VCIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1107:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         b0:98:94:73:ab:4c:5b:e8:98:26:67:11:6c:af:35:97:a6:18:
         e8:a5:19:6f:3a:97:fe:46:2b:36:08:c1:92:c1:70:8f:da:f4:
         61:68:f9:26:25:52:52:d9:fd:25:7d:77:96:bc:06:b1:8f:fa:
         77:f0:75:80:70:fa:d6:2e:88:dc:74:92:2b:0f:5a:86:67:41:
         7f:f7:d3:eb:5a:71:ea:64:75:0f:8c:e1:6f:34:0f:4c:b3:32:
         90:eb:45:cb:da:ab:ec:e6:0f:28:64:f4:ec:bb:04:89:c0:b2:
         f3:36:93:a5:01:d3:b4:b8:c4:2a:8f:0f:00:c7:fe:61:74:79:
         10:d4:22:3b:e6:fc:cb:39:a6:c4:c3:42:44:a6:73:d7:18:c2:
         d6:70:81:17:72:6c:6f:5d:27:90:7d:37:57:f1:8f:c7:4b:17:
         3f:3a:1e:d0:af:b3:e0:3a:41:c9:9f:dc:73:2b:41:8f:4c:01:
         ae:be:82:12:b8:cb:bc:0a:50:bf:30:85:49:5f:96:e6:6b:91:
         33:11:c0:73:d6:b8:50:27:5e:6e:ff:3d:c1:15:ae:93:82:a1:
         cd:8e:f0:6e:aa:67:25:03:f2:91:95:ff:bd:6e:a2:41:19:93:
         8a:76:83:51:4e:ad:83:ac:65:c7:36:d8:0c:3d:11:0c:7c:44:
         67:d2:9d:ea
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZW/NTVvO5cHPS7/2UntRzb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzIyMTg1NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGM1NGY0MGI4ZTQwYmU0Mjg0YTA1NThiMGVkYWY4ZGZkZDUwODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIj7eEcb/UzFS9Ho13YNSJEgiL7c
oU4CN8DPGILwHAuBpy6r0MmYIz6WD3Pqi4jAhT4Jo5XKvTIJSREAhhy0xZ6cDwKi
ac/hLHbagyuC8X1U+HMsqWJb65vxjTSr6Vth6116+iPh7GFSwgzM3+K2UrxtEQpl
Z130xs+Susm6cj73+1YsNWwYp0HywDONrg/Vw0SdVdXgThsoidq3Y3zyrGbEq9Yh
RYBBix43+ra5/dPpcH9QBYP1o+DGWQ4vDevb2ToOLtObWArIQeyI0kJpII5XN0yt
m7lHjlUhAimqsmZ414XSc9VU3zxW+ItyV7Dld9Nzc8BSBOHVIn2okjO9WQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJTFT0C45AvkKEoFWLDtr4391QiDMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvbE1WUFFMamtDLVFvU2dWWXNPMnZqZjNWQ0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKhQRB4Aw
DQYJKoZIhvcNAQELBQADggEBALCYlHOrTFvomCZnEWyvNZemGOilGW86l/5GKzYI
wZLBcI/a9GFo+SYlUlLZ/SV9d5a8BrGP+nfwdYBw+tYuiNx0kisPWoZnQX/30+ta
cepkdQ+M4W80D0yzMpDrRcvaq+zmDyhk9Oy7BInAsvM2k6UB07S4xCqPDwDH/mF0
eRDUIjvm/Ms5psTDQkSmc9cYwtZwgRdybG9dJ5B9N1fxj8dLFz86HtCvs+A6Qcmf
3HMrQY9MAa6+ghK4y7wKUL8whUlfluZrkTMRwHPWuFAnXm7/PcEVrpOCoc2O8G6q
ZyUD8pGV/71uokEZk4p2g1FOrYOsZcc22Aw9EQx8RGfSneo=
-----END CERTIFICATE-----