Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/6-bSZTM6rBMqerg_jVr60D9628M.roa
File:                     6-bSZTM6rBMqerg_jVr60D9628M.roa (raw, json)
Hash identifier:          aBAG3+F0w/FlmCjE/KxbdZ79/DuVdQBfmRWCRY11BTY=
Subject key identifier:   EB:E6:D2:65:33:3A:AC:13:2A:7A:B8:3F:8D:5A:FA:D0:3F:7A:DB:C3
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DBF4DC26C6C1E1B46281AF04A283253
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/6-bSZTM6rBMqerg_jVr60D9628M.roa
Signing time:             Tue 17 Jun 2025 11:56:18 +0000
ROA not before:           Tue 17 Jun 2025 11:56:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206005
IP address blocks:        2a13:bb43::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:bf:4d:c2:6c:6c:1e:1b:46:28:1a:f0:4a:28:32:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:56:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebe6d265333aac132a7ab83f8d5afad03f7adbc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f0:19:f4:10:1a:a0:ae:ae:77:c3:50:82:5b:
                    bd:f5:66:e1:d3:61:e1:b3:87:f3:db:b4:3f:eb:1d:
                    bd:a7:bc:a2:c8:79:04:e2:7a:c3:25:33:16:a8:60:
                    9b:b7:be:f2:4b:76:bb:43:08:8e:c9:77:3a:ad:44:
                    d4:43:4e:44:65:13:65:4c:fb:53:a1:b8:52:b2:0c:
                    29:82:45:ab:9b:a3:aa:f8:b9:fa:6c:c6:4f:a8:20:
                    fd:d8:72:45:df:b6:9a:30:0b:85:85:c4:b9:d6:23:
                    13:56:46:2a:ff:2c:63:92:4e:4c:48:4d:e7:0b:26:
                    63:d6:8f:62:e8:3e:3e:f6:1a:36:f4:cb:f5:62:0b:
                    07:ab:4c:ca:9a:47:af:eb:c6:7e:79:cf:78:ea:37:
                    d1:d0:29:06:41:20:b0:54:a8:fb:02:9b:e1:7b:ff:
                    fb:6d:0c:aa:9b:63:09:87:d1:69:56:cb:73:08:c7:
                    6c:c4:f2:e4:cb:f9:09:09:c4:6f:72:aa:e1:9e:ef:
                    ea:b8:8f:64:c0:51:4b:cc:18:ec:a1:b1:c6:0c:89:
                    32:93:8c:45:11:83:b7:34:99:4b:5a:8c:bf:11:d1:
                    fa:b8:d5:e4:9d:39:c0:eb:db:c7:1a:e4:a7:65:13:
                    a7:a0:1c:2b:91:48:4e:88:16:88:86:55:82:1e:25:
                    ee:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:E6:D2:65:33:3A:AC:13:2A:7A:B8:3F:8D:5A:FA:D0:3F:7A:DB:C3
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/6-bSZTM6rBMqerg_jVr60D9628M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bb43::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:4a:3a:dd:e1:68:f3:d3:8f:ad:b5:e0:ac:4b:a2:a2:8c:cb:
         b7:68:50:48:d2:32:b7:b3:05:7d:31:f4:74:d7:81:ab:91:7b:
         6b:3f:3c:c9:a2:19:1a:4c:ae:cf:64:70:96:3f:d9:49:2e:78:
         3e:55:67:d5:99:1c:cf:5c:8b:8a:c9:a0:bf:6f:0e:4a:c9:e2:
         98:5a:f5:33:5e:1d:03:4c:b8:17:48:73:75:a0:3d:a2:2c:39:
         62:b3:68:af:d2:bb:83:12:ff:42:e4:9d:6f:17:69:e9:69:aa:
         eb:d4:45:e2:0b:b4:16:f6:d9:22:b2:5c:2a:4d:1d:e7:8e:61:
         b8:4c:ef:e6:dd:e3:0e:cc:fe:ba:b9:12:cb:ce:cd:34:2f:99:
         67:02:9f:88:3d:79:e0:c9:38:c6:fc:de:f7:8c:c9:22:46:77:
         d8:d7:75:c4:50:04:b4:b8:38:44:6f:da:ad:c9:46:49:cb:c7:
         2a:c8:b8:b4:04:4b:31:4e:33:9e:32:d7:49:2b:d6:c0:84:48:
         df:e5:e2:ec:dc:1f:d7:29:3c:17:6b:8a:b4:86:f5:57:25:1e:
         50:d0:b8:71:47:36:25:c2:b9:04:4b:03:5d:9e:b7:32:a5:59:
         8a:03:c7:ed:e9:76:3d:87:89:ec:f9:26:25:90:b7:41:3a:8e:
         cd:49:d5:9c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9v03CbGweG0YoGvBKKDJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE1NjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmU2ZDI2NTMzM2FhYzEzMmE3YWI4M2Y4ZDVhZmFkMDNmN2FkYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfAZ9BAaoK6ud8NQglu99Wbh02Hh
s4fz27Q/6x29p7yiyHkE4nrDJTMWqGCbt77yS3a7QwiOyXc6rUTUQ05EZRNlTPtT
obhSsgwpgkWrm6Oq+Ln6bMZPqCD92HJF37aaMAuFhcS51iMTVkYq/yxjkk5MSE3n
CyZj1o9i6D4+9ho29Mv1YgsHq0zKmkev68Z+ec946jfR0CkGQSCwVKj7Apvhe//7
bQyqm2MJh9FpVstzCMdsxPLky/kJCcRvcqrhnu/quI9kwFFLzBjsobHGDIkyk4xF
EYO3NJlLWoy/EdH6uNXknTnA69vHGuSnZROnoBwrkUhOiBaIhlWCHiXuKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOvm0mUzOqwTKnq4P41a+tA/etvDMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvNi1iU1pUTTZyQk1xZXJnX2pWcjYwRDk2MjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO7QzAN
BgkqhkiG9w0BAQsFAAOCAQEAL0o63eFo89OPrbXgrEuioozLt2hQSNIyt7MFfTH0
dNeBq5F7az88yaIZGkyuz2Rwlj/ZSS54PlVn1Zkcz1yLismgv28OSsnimFr1M14d
A0y4F0hzdaA9oiw5YrNor9K7gxL/QuSdbxdp6Wmq69RF4gu0FvbZIrJcKk0d545h
uEzv5t3jDsz+urkSy87NNC+ZZwKfiD154Mk4xvze94zJIkZ32Nd1xFAEtLg4RG/a
rclGScvHKsi4tARLMU4znjLXSSvWwIRI3+Xi7Nwf1yk8F2uKtIb1VyUeUNC4cUc2
JcK5BEsDXZ63MqVZigPH7el2PYeJ7PkmJZC3QTqOzUnVnA==
-----END CERTIFICATE-----