Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/1ZcaUu_QHqvHR37oNnshBtiPqW0.roa
File:                     1ZcaUu_QHqvHR37oNnshBtiPqW0.roa (raw, json)
Hash identifier:          T1zzkPe+RayFFPa3deBnsdUUQl/lFotVHGCeT7TtY5M=
Subject key identifier:   D5:97:1A:52:EF:D0:1E:AB:C7:47:7E:E8:36:7B:21:06:D8:8F:A9:6D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019711251FFADD6A8000A6381AD3F5850681
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/1ZcaUu_QHqvHR37oNnshBtiPqW0.roa
Signing time:             Tue 27 May 2025 09:48:55 +0000
ROA not before:           Tue 27 May 2025 09:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209868
IP address blocks:        2a05:9a42::/32 maxlen: 32
                          2a13:c442::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:25:1f:fa:dd:6a:80:00:a6:38:1a:d3:f5:85:06:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5971a52efd01eabc7477ee8367b2106d88fa96d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:10:79:db:6e:b0:44:48:dd:2c:45:98:bc:f6:
                    02:38:73:6c:bc:f7:79:2b:36:92:89:97:06:96:5c:
                    87:29:37:ff:3d:8a:8f:e4:f1:6b:23:4a:97:88:93:
                    57:6f:84:a6:83:45:58:cb:e2:79:21:c2:22:8a:77:
                    0f:86:a1:25:fd:d0:86:6a:22:00:7e:45:61:95:3b:
                    1a:c7:e3:97:88:e0:c7:41:ed:e1:d7:70:45:9a:99:
                    47:1c:fb:0e:26:ef:2e:9f:cc:0f:55:95:6e:46:44:
                    a4:84:1e:e8:1f:c4:8c:0d:ce:bb:6c:0d:73:f7:5b:
                    49:26:9d:62:08:f1:7f:6f:b8:60:26:07:99:db:bc:
                    73:c3:0b:d0:5f:76:be:1f:24:57:f0:8d:31:c1:58:
                    b4:15:bc:68:53:c6:47:a4:a6:22:17:fe:b9:33:92:
                    01:77:fa:1d:6c:e0:8c:32:64:86:1b:25:d6:b0:03:
                    b9:dd:1d:fb:91:b0:d9:93:a0:dc:00:72:6e:58:19:
                    9b:d1:57:15:8c:69:6e:44:f5:ac:e4:5e:ec:43:cf:
                    38:ca:d3:02:f7:fa:b3:a3:7c:b8:53:32:26:9d:e5:
                    af:40:fc:e2:ec:30:23:b0:c3:1f:d3:8d:e4:0b:67:
                    be:b5:c8:0d:0a:b1:ce:21:b9:60:24:17:f2:b1:31:
                    3c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:97:1A:52:EF:D0:1E:AB:C7:47:7E:E8:36:7B:21:06:D8:8F:A9:6D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/1ZcaUu_QHqvHR37oNnshBtiPqW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a42::/32
                  2a13:c442::/32

    Signature Algorithm: sha256WithRSAEncryption
         c2:f0:82:69:6c:56:02:d6:7e:2e:3f:fe:31:ec:c2:42:20:cf:
         a1:c0:0e:4f:b9:9b:a7:44:39:23:9d:4b:11:44:8e:6a:aa:41:
         24:28:6d:c0:3a:53:4b:58:85:5c:8d:ba:30:da:a4:b0:f7:86:
         a8:a7:d2:f4:69:bf:98:8c:3c:19:74:ce:94:c8:a5:65:71:91:
         93:1c:91:4f:0d:48:0c:2e:db:e8:bb:54:30:b4:9e:40:4b:48:
         f1:e3:b8:18:00:e9:bd:72:41:aa:80:78:b4:19:37:b9:a7:92:
         a7:d3:72:ae:c5:1c:ab:e4:e5:01:52:24:2b:a8:49:df:77:d5:
         37:d7:6f:e1:43:00:f8:f3:de:c0:23:40:e8:a9:15:be:89:56:
         25:72:ab:3f:81:a5:3d:51:87:dc:27:5b:85:17:ba:70:15:df:
         f4:21:84:aa:46:f5:55:81:a2:7f:b2:67:12:da:32:3f:dd:79:
         96:f1:72:af:f0:8f:1d:0e:e6:e8:8c:78:6e:55:3e:a4:68:4d:
         ec:9a:9c:c5:b0:ee:15:c8:9a:8f:69:c9:3d:8c:d5:4f:9f:2c:
         2c:f5:c9:3d:0e:50:40:22:fd:c1:db:5a:84:d6:92:4d:d7:19:
         98:09:fe:28:7b:13:3f:73:72:ab:e6:e5:6e:75:ea:24:e3:13:
         35:ee:aa:86
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJR/63WqAAKY4GtP1hQaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk3MWE1MmVmZDAxZWFiYzc0NzdlZTgzNjdiMjEwNmQ4OGZhOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BB5226wREjdLEWYvPYCOHNsvPd5
KzaSiZcGllyHKTf/PYqP5PFrI0qXiJNXb4Smg0VYy+J5IcIiincPhqEl/dCGaiIA
fkVhlTsax+OXiODHQe3h13BFmplHHPsOJu8un8wPVZVuRkSkhB7oH8SMDc67bA1z
91tJJp1iCPF/b7hgJgeZ27xzwwvQX3a+HyRX8I0xwVi0FbxoU8ZHpKYiF/65M5IB
d/odbOCMMmSGGyXWsAO53R37kbDZk6DcAHJuWBmb0VcVjGluRPWs5F7sQ884ytMC
9/qzo3y4UzImneWvQPzi7DAjsMMf043kC2e+tcgNCrHOIblgJBfysTE8NQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNWXGlLv0B6rx0d+6DZ7IQbYj6ltMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvMVpjYVV1X1FIcXZIUjM3b05uc2hCdGlQcVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgWaQgMF
ACoTxEIwDQYJKoZIhvcNAQELBQADggEBAMLwgmlsVgLWfi4//jHswkIgz6HADk+5
m6dEOSOdSxFEjmqqQSQobcA6U0tYhVyNujDapLD3hqin0vRpv5iMPBl0zpTIpWVx
kZMckU8NSAwu2+i7VDC0nkBLSPHjuBgA6b1yQaqAeLQZN7mnkqfTcq7FHKvk5QFS
JCuoSd931TfXb+FDAPjz3sAjQOipFb6JViVyqz+BpT1Rh9wnW4UXunAV3/QhhKpG
9VWBon+yZxLaMj/deZbxcq/wjx0O5uiMeG5VPqRoTeyanMWw7hXImo9pyT2M1U+f
LCz1yT0OUEAi/cHbWoTWkk3XGZgJ/ih7Ez9zcqvm5W516iTjEzXuqoY=
-----END CERTIFICATE-----