Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9qWS7e376cs5iwpVqwku_5ghe1M.roa
File:                     9qWS7e376cs5iwpVqwku_5ghe1M.roa (raw, json)
Hash identifier:          o+ylO5O+k4IHeCQ55k9Z2OqjVzRPmzugkn/mJFp3NgA=
Subject key identifier:   F6:A5:92:ED:ED:FB:E9:CB:39:8B:0A:55:AB:09:2E:FF:98:21:7B:53
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019711260AA44CAA7C60DDEB7D65292D08AE
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9qWS7e376cs5iwpVqwku_5ghe1M.roa
Signing time:             Tue 27 May 2025 09:49:55 +0000
ROA not before:           Tue 27 May 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206644
IP address blocks:        2a05:9a47::/32 maxlen: 32
                          2a13:c447::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:26:0a:a4:4c:aa:7c:60:dd:eb:7d:65:29:2d:08:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6a592ededfbe9cb398b0a55ab092eff98217b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:23:3f:b8:b6:ae:8e:a4:4a:45:58:c9:a2:6c:
                    40:0d:fa:bf:66:b4:42:18:30:8d:d0:8f:23:33:d5:
                    4e:63:51:5d:3d:d6:a2:3a:99:80:e1:93:3c:fa:d7:
                    b4:8f:d2:d2:08:27:7e:0d:e3:90:33:e9:6e:1f:a8:
                    8a:43:23:ce:ca:bc:56:b4:1e:3f:5a:65:e9:2a:be:
                    22:9d:8a:d1:fe:29:f8:90:97:24:a0:8b:ee:8a:ed:
                    61:89:c9:6f:22:48:75:da:43:38:92:20:a8:fe:cc:
                    e1:7c:fe:77:df:71:7f:af:cc:94:b6:f9:38:07:f1:
                    80:7e:7b:1b:2a:78:1e:99:b2:62:08:c4:f7:df:c6:
                    c1:27:24:af:55:ac:2e:8b:23:a1:02:33:5f:29:f1:
                    16:c8:76:21:01:19:a7:c3:21:3f:51:2b:81:29:a4:
                    4a:97:e6:0c:17:a6:d3:0b:c2:7f:d6:8e:1c:f6:4d:
                    8e:7d:93:8f:da:28:11:c9:a7:b5:fa:91:72:89:c1:
                    1e:80:c2:15:b2:ba:5f:e0:d9:4e:6e:f2:7a:29:71:
                    bf:2e:43:e1:57:68:69:7c:f2:fc:9c:4a:bc:de:b6:
                    1b:a3:cb:98:1a:93:ac:64:47:de:7d:91:f9:60:f7:
                    a3:7a:b8:7b:9c:dd:97:4d:14:74:0f:61:11:b8:a6:
                    90:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A5:92:ED:ED:FB:E9:CB:39:8B:0A:55:AB:09:2E:FF:98:21:7B:53
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9qWS7e376cs5iwpVqwku_5ghe1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a47::/32
                  2a13:c447::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:a5:fd:f7:ff:7d:23:a8:8a:ea:ca:43:59:ef:ee:70:ca:08:
         e4:fb:35:8a:d5:6b:ee:d8:cf:1f:00:d4:39:3f:35:20:fc:44:
         fa:7e:7c:12:8b:fa:3d:76:b5:f8:e4:d7:2a:d4:94:b5:b0:c3:
         c7:92:c8:b3:cf:ce:ae:db:f7:7f:1d:e6:fd:2b:22:17:74:26:
         5e:9e:51:48:40:d2:cd:8b:eb:57:cc:9e:60:d8:2e:2b:8d:51:
         6a:24:fe:03:ba:8c:26:a9:32:7e:1b:97:d4:38:4c:1d:a0:2d:
         28:a9:fc:fc:dc:c8:b9:00:cf:2b:16:25:88:80:4a:ed:f2:a0:
         18:6f:0b:9c:bc:b1:b1:c0:5a:7a:3e:d4:b2:2f:1d:89:6d:1e:
         ae:c5:26:f3:4f:a7:b7:50:71:ed:42:c3:c4:43:e1:14:fb:09:
         ef:88:4a:83:a6:37:d0:c6:7c:a6:03:48:0b:1d:2f:a3:ac:cb:
         1c:26:31:cf:01:5c:64:18:57:88:36:65:bc:9c:66:86:db:7a:
         af:14:7f:cc:9b:0c:ad:ea:a6:b2:a0:aa:12:50:c4:f0:db:b7:
         36:d6:2a:4d:ce:28:b9:66:c1:d2:3c:4f:0b:7a:fb:14:9d:35:
         7e:bf:a0:4a:cf:8d:05:27:47:92:de:08:87:b1:24:94:65:12:
         ed:39:8a:79
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJgqkTKp8YN3rfWUpLQiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE1OTJlZGVkZmJlOWNiMzk4YjBhNTVhYjA5MmVmZjk4MjE3YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CM/uLaujqRKRVjJomxADfq/ZrRC
GDCN0I8jM9VOY1FdPdaiOpmA4ZM8+te0j9LSCCd+DeOQM+luH6iKQyPOyrxWtB4/
WmXpKr4inYrR/in4kJckoIvuiu1hiclvIkh12kM4kiCo/szhfP5333F/r8yUtvk4
B/GAfnsbKngembJiCMT338bBJySvVawuiyOhAjNfKfEWyHYhARmnwyE/USuBKaRK
l+YMF6bTC8J/1o4c9k2OfZOP2igRyae1+pFyicEegMIVsrpf4NlObvJ6KXG/LkPh
V2hpfPL8nEq83rYbo8uYGpOsZEfefZH5YPejerh7nN2XTRR0D2ERuKaQSQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPalku3t++nLOYsKVasJLv+YIXtTMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOXFXUzdlMzc2Y3M1aXdwVnF3a3VfNWdoZTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgWaRwMF
ACoTxEcwDQYJKoZIhvcNAQELBQADggEBAKel/ff/fSOoiurKQ1nv7nDKCOT7NYrV
a+7Yzx8A1Dk/NSD8RPp+fBKL+j12tfjk1yrUlLWww8eSyLPPzq7b938d5v0rIhd0
Jl6eUUhA0s2L61fMnmDYLiuNUWok/gO6jCapMn4bl9Q4TB2gLSip/PzcyLkAzysW
JYiASu3yoBhvC5y8sbHAWno+1LIvHYltHq7FJvNPp7dQce1Cw8RD4RT7Ce+ISoOm
N9DGfKYDSAsdL6OsyxwmMc8BXGQYV4g2ZbycZobbeq8Uf8ybDK3qprKgqhJQxPDb
tzbWKk3OKLlmwdI8Twt6+xSdNX6/oErPjQUnR5LeCIexJJRlEu05ink=
-----END CERTIFICATE-----