Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9zvFPm4njFAej8b1jV9nivw9Nh4.roa
File:                     9zvFPm4njFAej8b1jV9nivw9Nh4.roa (raw, json)
Hash identifier:          YII38ea5NsAm7EbLo5n5KgT5PqsXBO0Qj35Ia7pcDlA=
Subject key identifier:   F7:3B:C5:3E:6E:27:8C:50:1E:8F:C6:F5:8D:5F:67:8A:FC:3D:36:1E
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197091BEFF8F4B951524F5566DF5740CA13
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9zvFPm4njFAej8b1jV9nivw9Nh4.roa
Signing time:             Sun 25 May 2025 20:21:55 +0000
ROA not before:           Sun 25 May 2025 20:21:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209375
IP address blocks:        2a13:b9c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:1b:ef:f8:f4:b9:51:52:4f:55:66:df:57:40:ca:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 25 20:21:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f73bc53e6e278c501e8fc6f58d5f678afc3d361e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ad:4c:10:5f:7c:73:5e:08:b9:5f:92:a8:2d:
                    72:23:ff:36:be:37:7b:18:87:79:30:4d:45:da:e5:
                    f7:0e:cb:02:ed:26:3a:54:89:d5:f4:36:f0:f3:2c:
                    5a:98:da:1d:c1:51:b8:79:b8:ab:a8:a7:66:cf:57:
                    a6:c1:a1:d0:91:f7:f7:e0:a5:2c:dd:b6:87:9e:0c:
                    ad:6b:5f:8f:c8:56:c4:89:ce:95:69:1f:c7:85:90:
                    d7:45:dd:cf:74:04:03:33:c6:d0:49:ca:63:86:93:
                    b0:8c:a4:45:65:60:f6:84:49:6c:16:89:36:4b:c0:
                    37:9f:72:79:20:d5:e6:14:ce:f7:0e:e1:b9:94:34:
                    de:e4:51:d7:8e:a3:fd:0a:69:55:3c:31:94:39:c5:
                    a9:90:60:ef:a6:dc:58:0b:2b:89:c8:43:fc:65:42:
                    50:d7:2c:49:80:91:af:06:b3:5e:9e:fa:77:0a:83:
                    3c:59:97:95:04:38:67:f6:ca:de:05:b1:c8:ad:7b:
                    ab:db:5d:e5:93:13:13:d1:8f:c3:bc:13:3d:6e:87:
                    8f:e4:58:a0:13:a7:d9:c9:b4:fe:8f:f2:31:d2:ad:
                    a3:55:68:57:cb:75:06:f2:0c:ba:2d:56:fa:f5:a7:
                    56:8d:9b:2d:01:4e:db:e6:02:58:50:01:26:ba:89:
                    4b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3B:C5:3E:6E:27:8C:50:1E:8F:C6:F5:8D:5F:67:8A:FC:3D:36:1E
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9zvFPm4njFAej8b1jV9nivw9Nh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b9c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:c7:88:40:d3:64:09:59:16:a1:b7:f2:03:e8:db:95:24:9b:
         77:38:06:5e:1d:f9:07:fd:f7:a6:ff:46:4a:16:5a:e4:d5:bd:
         33:7d:55:a5:76:14:75:5b:f4:9a:c5:55:3a:e5:9e:bb:11:05:
         f9:2d:ea:6d:cd:10:a5:9f:b6:d2:2f:8f:41:95:c0:ca:ed:d2:
         d9:21:43:eb:62:a2:20:8e:fb:75:db:88:74:12:1c:ed:10:d5:
         33:08:aa:ae:bd:15:3d:1b:d6:7e:c6:9a:c6:28:0d:03:43:a5:
         df:17:38:61:d2:44:6c:02:26:64:68:ee:70:67:6a:09:81:12:
         6d:66:cd:4c:d5:7f:a3:c0:b9:ac:62:83:af:d4:c9:70:b6:3d:
         1b:47:2d:e5:35:41:23:7d:1f:71:b5:f5:03:aa:53:26:b3:38:
         d3:9d:66:a5:e5:b0:89:e5:ea:88:af:52:19:12:e8:b7:23:f9:
         13:2a:5f:84:44:31:06:35:35:b0:fb:4c:8d:2a:a4:64:97:72:
         c4:56:ef:b2:fb:8c:13:20:7e:19:9a:fa:a5:4a:b1:79:cc:85:
         05:80:1e:3f:13:76:26:ad:3f:24:23:12:f9:bf:fb:60:51:29:
         d6:ba:1a:4a:59:82:f7:d6:d5:b2:78:d8:4f:3c:66:c9:9d:2f:
         12:c9:0a:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJG+/49LlRUk9VZt9XQMoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI1MjAyMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNiYzUzZTZlMjc4YzUwMWU4ZmM2ZjU4ZDVmNjc4YWZjM2QzNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK1MEF98c14IuV+SqC1yI/82vjd7
GId5ME1F2uX3DssC7SY6VInV9Dbw8yxamNodwVG4ebirqKdmz1emwaHQkff34KUs
3baHngyta1+PyFbEic6VaR/HhZDXRd3PdAQDM8bQScpjhpOwjKRFZWD2hElsFok2
S8A3n3J5INXmFM73DuG5lDTe5FHXjqP9CmlVPDGUOcWpkGDvptxYCyuJyEP8ZUJQ
1yxJgJGvBrNenvp3CoM8WZeVBDhn9sreBbHIrXur213lkxMT0Y/DvBM9boeP5Fig
E6fZybT+j/Ix0q2jVWhXy3UG8gy6LVb69adWjZstAU7b5gJYUAEmuolLAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPc7xT5uJ4xQHo/G9Y1fZ4r8PTYeMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOXp2RlBtNG5qRkFlajhiMWpWOW5pdnc5Tmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO5xDAN
BgkqhkiG9w0BAQsFAAOCAQEARMeIQNNkCVkWobfyA+jblSSbdzgGXh35B/33pv9G
ShZa5NW9M31VpXYUdVv0msVVOuWeuxEF+S3qbc0QpZ+20i+PQZXAyu3S2SFD62Ki
II77dduIdBIc7RDVMwiqrr0VPRvWfsaaxigNA0Ol3xc4YdJEbAImZGjucGdqCYES
bWbNTNV/o8C5rGKDr9TJcLY9G0ct5TVBI30fcbX1A6pTJrM4051mpeWwieXqiK9S
GRLotyP5EypfhEQxBjU1sPtMjSqkZJdyxFbvsvuMEyB+GZr6pUqxecyFBYAePxN2
Jq0/JCMS+b/7YFEp1roaSlmC99bVsnjYTzxmyZ0vEskKJQ==
-----END CERTIFICATE-----