Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/4_eWVTbuyBWFWXmZsgd58LozWxA.roa
File:                     4_eWVTbuyBWFWXmZsgd58LozWxA.roa (raw, json)
Hash identifier:          VcywCNJAu5x4K91o4zk/dsIIOQy3B1o5AtQtJM+7WGg=
Subject key identifier:   E3:F7:96:55:36:EE:C8:15:85:59:79:99:B2:07:79:F0:BA:33:5B:10
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0194236A0482F6B18F3B4C52CB912191387F
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/4_eWVTbuyBWFWXmZsgd58LozWxA.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400813
IP address blocks:        2a0d:6f80:38d2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:04:82:f6:b1:8f:3b:4c:52:cb:91:21:91:38:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3f7965536eec81585597999b20779f0ba335b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:38:7f:24:12:39:91:43:cf:91:54:f9:45:26:
                    fa:b0:36:15:f2:48:2c:e4:fd:58:8a:4e:ff:6c:b7:
                    eb:c2:aa:aa:df:b3:5d:88:5a:ef:4a:81:9a:be:05:
                    71:1c:7a:97:73:34:6b:85:82:b8:43:d3:80:6c:8f:
                    0b:1b:36:fa:ca:73:f1:2d:24:76:0a:69:28:f6:14:
                    90:8e:c9:3e:db:ad:1c:52:66:ec:84:62:9d:4d:24:
                    f2:2c:77:68:51:b2:00:da:2d:78:a7:43:a1:78:45:
                    eb:c7:30:b3:e8:51:06:0b:77:f9:df:a6:1e:6e:ef:
                    3b:95:bf:72:e2:f8:41:79:ef:31:e5:d1:4f:e6:fe:
                    0c:8a:9e:90:45:f7:c0:c2:67:51:09:b9:cb:22:e1:
                    86:dd:b1:7f:58:47:4b:13:94:1f:45:da:d5:46:58:
                    8f:2d:1a:28:8f:c0:8f:e4:d3:7e:2e:02:16:d2:db:
                    00:df:41:66:9a:b3:86:43:2b:83:16:a1:e4:a4:72:
                    f0:42:02:09:dc:9b:98:b6:79:90:4e:8d:02:f5:6b:
                    1a:6b:99:62:37:71:06:95:11:7f:6d:f6:87:46:08:
                    e6:33:53:3a:b6:c7:3c:2b:28:d5:cb:b9:d0:e6:63:
                    95:ba:dc:0d:d7:17:5c:91:27:e2:cf:e6:43:73:20:
                    f0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F7:96:55:36:EE:C8:15:85:59:79:99:B2:07:79:F0:BA:33:5B:10
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/4_eWVTbuyBWFWXmZsgd58LozWxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:38d2::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:e7:be:67:77:a1:9c:fa:f4:5f:f9:0f:7e:40:5e:ad:63:7d:
         c9:f1:e8:a1:60:b6:f1:6b:13:1f:2d:9f:44:f2:54:a6:be:13:
         0e:e7:61:6d:ec:14:bb:f1:20:dd:67:f5:b3:e5:ab:e0:db:96:
         14:58:1c:83:e0:e6:c4:71:40:4a:7a:86:10:f1:d1:dc:15:b2:
         9a:03:0e:94:5a:f3:87:89:5d:e2:02:70:3d:a4:00:c2:c0:8f:
         76:14:7a:77:93:5f:b0:45:13:f3:04:5a:a7:25:c6:57:e1:4d:
         e0:0b:a5:e0:d3:4b:f1:b5:cf:4a:7b:68:a6:5c:c9:3f:cc:54:
         2d:4c:5c:2d:10:21:c8:60:f0:56:a5:1d:7f:6b:31:c7:7c:fa:
         17:86:f1:d6:08:fb:31:5f:68:08:b1:37:e0:81:d7:e4:7e:bb:
         5a:2c:fe:f2:4a:da:59:c9:bc:cf:f1:7f:ef:5b:56:99:42:a6:
         d2:9b:51:b9:f0:28:ad:96:7e:44:bf:d2:44:be:35:74:b2:53:
         fa:cd:ae:5d:e2:c8:94:18:92:75:19:ef:06:9e:a0:33:61:10:
         ed:ed:e4:b1:d9:11:82:f5:59:0f:81:4b:86:ee:ed:3f:f9:8b:
         33:86:e0:34:85:ab:50:f2:fe:6b:bb:dc:99:80:64:ba:5c:dc:
         1f:76:ea:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjagSC9rGPO0xSy5EhkTh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Y3OTY1NTM2ZWVjODE1ODU1OTc5OTliMjA3NzlmMGJhMzM1YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjh/JBI5kUPPkVT5RSb6sDYV8kgs
5P1Yik7/bLfrwqqq37NdiFrvSoGavgVxHHqXczRrhYK4Q9OAbI8LGzb6ynPxLSR2
Cmko9hSQjsk+260cUmbshGKdTSTyLHdoUbIA2i14p0OheEXrxzCz6FEGC3f536Ye
bu87lb9y4vhBee8x5dFP5v4Mip6QRffAwmdRCbnLIuGG3bF/WEdLE5QfRdrVRliP
LRooj8CP5NN+LgIW0tsA30FmmrOGQyuDFqHkpHLwQgIJ3JuYtnmQTo0C9Wsaa5li
N3EGlRF/bfaHRgjmM1M6tsc8KyjVy7nQ5mOVutwN1xdckSfiz+ZDcyDwEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOP3llU27sgVhVl5mbIHefC6M1sQMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvNF9lV1ZUYnV5QldGV1htWnNnZDU4TG96V3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgDjS
MA0GCSqGSIb3DQEBCwUAA4IBAQAy575nd6Gc+vRf+Q9+QF6tY33J8eihYLbxaxMf
LZ9E8lSmvhMO52Ft7BS78SDdZ/Wz5avg25YUWByD4ObEcUBKeoYQ8dHcFbKaAw6U
WvOHiV3iAnA9pADCwI92FHp3k1+wRRPzBFqnJcZX4U3gC6Xg00vxtc9Ke2imXMk/
zFQtTFwtECHIYPBWpR1/azHHfPoXhvHWCPsxX2gIsTfggdfkfrtaLP7yStpZybzP
8X/vW1aZQqbSm1G58Citln5Ev9JEvjV0slP6za5d4siUGJJ1Ge8GnqAzYRDt7eSx
2RGC9VkPgUuG7u0/+YszhuA0hatQ8v5ru9yZgGS6XNwfdury
-----END CERTIFICATE-----