Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/u8GnjpmuzO3qXcvtTjXFAnxGRXM.roa
File:                     u8GnjpmuzO3qXcvtTjXFAnxGRXM.roa (raw, json)
Hash identifier:          JmTi18OlMMzqn6Q1w6cnLQRguKPbJx4i72JV2qT+wS0=
Subject key identifier:   BB:C1:A7:8E:99:AE:CC:ED:EA:5D:CB:ED:4E:35:C5:02:7C:46:45:73
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0195BF35363E52E4D8C321BB6CEB096DE9EA
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/u8GnjpmuzO3qXcvtTjXFAnxGRXM.roa
Signing time:             Sat 22 Mar 2025 18:54:50 +0000
ROA not before:           Sat 22 Mar 2025 18:54:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264749
IP address blocks:        2a10:3f80::/29 maxlen: 29
                          2a14:1106:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:35:36:3e:52:e4:d8:c3:21:bb:6c:eb:09:6d:e9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 22 18:54:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbc1a78e99aeccedea5dcbed4e35c5027c464573
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:7e:51:9c:4b:4e:6a:fe:9b:e6:54:0b:9c:2b:
                    91:5f:32:1e:da:0b:8b:59:1f:87:16:50:df:0c:d2:
                    77:48:83:37:13:68:a5:1a:42:4c:d9:e0:b9:11:d4:
                    e9:3b:36:d4:59:ad:7e:6f:28:70:f5:10:e4:2e:77:
                    27:0d:d0:1d:46:65:36:20:db:02:2c:4f:d9:06:c1:
                    cd:db:90:9e:36:4a:3b:24:0f:f8:44:62:54:6a:9a:
                    b9:d5:dd:0f:67:7e:41:94:d8:29:15:3e:98:0d:02:
                    5b:f6:80:25:ec:da:2a:07:73:26:15:6a:1a:e9:6f:
                    4f:96:49:29:99:5b:5c:11:4f:4d:95:4e:fe:a0:1a:
                    4c:c5:58:12:93:34:ff:c1:0a:03:d8:1c:12:38:b6:
                    4b:dc:86:a7:12:b7:c9:e4:7c:44:ca:cc:12:0c:1d:
                    b4:a3:9c:2a:d4:e7:a4:7d:30:1f:0e:47:d7:72:3f:
                    f0:55:f0:82:8a:1f:54:ab:2c:6a:16:0f:de:03:a6:
                    6b:5b:fa:cc:99:a8:d5:1a:98:dd:c8:e9:88:a1:4e:
                    f1:10:9e:51:86:1f:18:54:ba:7a:10:4a:59:54:eb:
                    14:f3:b7:f5:32:7d:c8:fe:c4:e3:a5:3f:12:6c:6b:
                    c3:7f:e1:2c:34:50:b3:0a:61:2a:53:1f:ca:62:90:
                    a8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C1:A7:8E:99:AE:CC:ED:EA:5D:CB:ED:4E:35:C5:02:7C:46:45:73
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/u8GnjpmuzO3qXcvtTjXFAnxGRXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3f80::/29
                  2a14:1106:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         87:c2:39:f2:4b:0a:27:1d:11:03:ca:6f:c8:ff:dd:19:e2:ad:
         04:34:fd:d3:4f:e9:8e:70:61:22:bc:6b:7f:ac:82:a8:44:5a:
         fd:1a:73:b6:83:ce:6a:79:86:a3:f4:58:9d:ef:5f:b0:e4:4b:
         4b:7f:a4:5c:a9:b1:62:6c:20:44:ff:12:b8:8a:62:0f:f9:18:
         1f:f9:7f:d4:a6:a6:4a:39:f5:98:b8:3b:e1:08:6f:be:5a:d9:
         80:b9:11:fb:da:bb:72:d6:96:e0:42:02:63:af:8c:34:6a:21:
         c8:1c:07:f0:dc:f7:45:90:1e:d3:23:0e:11:16:5b:73:56:28:
         dc:b2:e0:c4:fd:2e:76:2a:2f:17:7a:fc:34:ed:36:ef:6e:1b:
         1d:dd:70:12:ce:bb:3f:59:12:35:66:06:e6:35:48:b6:10:f8:
         33:f5:49:7f:ae:33:74:f9:dc:f2:b7:ea:08:a6:88:95:1f:b8:
         1b:12:e8:9f:8c:7f:37:5a:25:29:e1:ca:56:f6:46:eb:25:8e:
         a6:43:08:59:d0:fd:c0:2c:b5:df:90:ed:c1:67:6c:d2:ed:e6:
         55:53:30:42:d1:94:27:9c:a9:68:5d:9e:d1:ad:d3:d8:7e:1a:
         52:ab:4c:da:53:b4:b7:87:34:a7:d3:5f:3c:d6:9f:56:2a:ad:
         df:39:3f:d5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZW/NTY+UuTYwyG7bOsJbenqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMzIyMTg1NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmMxYTc4ZTk5YWVjY2VkZWE1ZGNiZWQ0ZTM1YzUwMjdjNDY0NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6X5RnEtOav6b5lQLnCuRXzIe2guL
WR+HFlDfDNJ3SIM3E2ilGkJM2eC5EdTpOzbUWa1+byhw9RDkLncnDdAdRmU2INsC
LE/ZBsHN25CeNko7JA/4RGJUapq51d0PZ35BlNgpFT6YDQJb9oAl7NoqB3MmFWoa
6W9PlkkpmVtcEU9NlU7+oBpMxVgSkzT/wQoD2BwSOLZL3IanErfJ5HxEyswSDB20
o5wq1OekfTAfDkfXcj/wVfCCih9UqyxqFg/eA6ZrW/rMmajVGpjdyOmIoU7xEJ5R
hh8YVLp6EEpZVOsU87f1Mn3I/sTjpT8SbGvDf+EsNFCzCmEqUx/KYpCojwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFLvBp46Zrszt6l3L7U41xQJ8RkVzMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdThHbmpwbXV6TzNxWGN2dFRqWEZBbnhHUlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUDKhA/gAMG
ByoUEQaAMA0GCSqGSIb3DQEBCwUAA4IBAQCHwjnySwonHREDym/I/90Z4q0ENP3T
T+mOcGEivGt/rIKoRFr9GnO2g85qeYaj9Fid71+w5EtLf6RcqbFibCBE/xK4imIP
+Rgf+X/UpqZKOfWYuDvhCG++WtmAuRH72rty1pbgQgJjr4w0aiHIHAfw3PdFkB7T
Iw4RFltzVijcsuDE/S52Ki8Xevw07Tbvbhsd3XASzrs/WRI1ZgbmNUi2EPgz9Ul/
rjN0+dzyt+oIpoiVH7gbEuifjH83WiUp4cpW9kbrJY6mQwhZ0P3ALLXfkO3BZ2zS
7eZVUzBC0ZQnnKloXZ7RrdPYfhpSq0zaU7S3hzSn01881p9WKq3fOT/V
-----END CERTIFICATE-----