Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/IAViejdyHrlPYns8gdKgx3DQhPA.roa
File:                     IAViejdyHrlPYns8gdKgx3DQhPA.roa (raw, json)
Hash identifier:          gmL6gZJeCBRvdY6eTlvLbalXjtuiAzEVUB6c6/3TKIk=
Subject key identifier:   20:05:62:7A:37:72:1E:B9:4F:62:7B:3C:81:D2:A0:C7:70:D0:84:F0
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019624FD437B35DA1C580E7E0F266BE8BF8A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/IAViejdyHrlPYns8gdKgx3DQhPA.roa
Signing time:             Fri 11 Apr 2025 13:14:59 +0000
ROA not before:           Fri 11 Apr 2025 13:14:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a13:c240::/29 maxlen: 29
                          2a13:c3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:24:fd:43:7b:35:da:1c:58:0e:7e:0f:26:6b:e8:bf:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 11 13:14:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2005627a37721eb94f627b3c81d2a0c770d084f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6b:1d:16:07:0b:c1:e0:a4:4f:3e:07:04:f2:
                    4a:3c:30:44:4a:00:e1:b8:4c:9a:61:27:c1:5f:57:
                    ca:2e:46:65:0f:d9:2c:10:6a:94:db:2c:da:93:33:
                    77:26:47:30:4f:9f:af:a9:27:25:d1:56:76:8a:89:
                    a1:74:ff:30:41:98:da:6a:56:31:5c:ad:62:c7:23:
                    82:1f:04:d3:9f:bc:5a:5d:74:70:d4:98:0d:37:9f:
                    14:9f:62:59:d2:23:fe:be:b4:95:c1:8f:59:f7:24:
                    84:7d:b8:79:5b:b4:1a:de:b5:94:69:ed:ca:7d:92:
                    8b:2f:16:31:cf:ef:e3:2e:95:a6:97:9d:19:db:87:
                    d9:22:a9:fb:82:ad:f0:12:ba:9c:51:b9:d2:d5:3d:
                    63:f8:22:95:5b:e0:ce:9e:c3:3e:56:73:2e:6f:1e:
                    23:08:96:ef:ba:fd:73:24:a4:65:51:e0:7a:0f:b6:
                    86:b0:c6:f6:1a:c9:f1:e8:18:10:71:73:62:99:2d:
                    88:ee:5d:f5:90:62:27:fc:e6:f1:0b:bd:61:68:c6:
                    1f:50:00:82:2d:c0:0f:4f:98:c0:2b:a5:d3:42:a7:
                    bb:86:12:4f:5e:99:a0:ca:4f:a5:85:ec:30:51:62:
                    81:23:d1:8d:22:52:37:6d:f6:f2:8c:fa:68:7a:2e:
                    f4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:05:62:7A:37:72:1E:B9:4F:62:7B:3C:81:D2:A0:C7:70:D0:84:F0
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/IAViejdyHrlPYns8gdKgx3DQhPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c240::/29
                  2a13:c3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:28:6e:9f:23:58:6e:f5:65:4d:6a:fd:4d:42:7e:5e:15:9c:
         90:14:e1:f3:67:c4:fa:43:f9:a9:c6:0f:ca:55:a6:13:fa:64:
         20:b1:b1:dd:a2:3a:7b:64:f4:d8:74:6c:8e:79:c0:a8:29:83:
         dc:67:d8:73:b7:89:70:e9:24:7a:3e:14:2c:66:3a:94:16:84:
         65:ce:35:07:07:1f:ba:79:86:e3:d6:5e:6e:36:f5:3d:93:0b:
         8f:83:27:5d:e8:59:96:41:a4:0a:56:d8:75:75:4b:f6:16:11:
         32:99:1f:78:4c:d5:d2:57:df:5d:15:7d:4e:30:b7:51:1a:53:
         06:26:a8:48:14:8a:01:60:8c:49:0e:e8:ef:ac:90:a1:ea:cd:
         93:b7:94:3d:0f:eb:26:b6:e5:08:78:a5:3b:99:a3:37:39:f4:
         41:0e:d7:b2:55:d2:6e:71:3f:c2:c6:ee:6b:c7:2c:c1:9f:93:
         84:00:2a:d1:80:68:ac:81:ab:d1:bc:07:13:4d:22:3e:9e:88:
         89:f4:f1:4f:ff:46:71:2b:79:d6:2a:2e:e0:14:77:cf:b3:53:
         08:9b:8b:86:52:b9:14:e1:37:94:49:2e:83:5f:d4:07:ff:95:
         29:a6:76:89:b5:af:42:f3:bc:8c:d1:c9:c8:4e:47:b3:f8:17:
         88:d6:b3:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZYk/UN7NdocWA5+DyZr6L+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDExMTMxNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDA1NjI3YTM3NzIxZWI5NGY2MjdiM2M4MWQyYTBjNzcwZDA4NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmsdFgcLweCkTz4HBPJKPDBESgDh
uEyaYSfBX1fKLkZlD9ksEGqU2yzakzN3JkcwT5+vqScl0VZ2iomhdP8wQZjaalYx
XK1ixyOCHwTTn7xaXXRw1JgNN58Un2JZ0iP+vrSVwY9Z9ySEfbh5W7Qa3rWUae3K
fZKLLxYxz+/jLpWml50Z24fZIqn7gq3wErqcUbnS1T1j+CKVW+DOnsM+VnMubx4j
CJbvuv1zJKRlUeB6D7aGsMb2Gsnx6BgQcXNimS2I7l31kGIn/ObxC71haMYfUACC
LcAPT5jAK6XTQqe7hhJPXpmgyk+lhewwUWKBI9GNIlI3bfbyjPpoei70hQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCAFYno3ch65T2J7PIHSoMdw0ITwMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvSUFWaWVqZHlIcmxQWW5zOGdkS2d4M0RRaFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhPCQAMF
AyoTw8AwDQYJKoZIhvcNAQELBQADggEBAFoobp8jWG71ZU1q/U1Cfl4VnJAU4fNn
xPpD+anGD8pVphP6ZCCxsd2iOntk9Nh0bI55wKgpg9xn2HO3iXDpJHo+FCxmOpQW
hGXONQcHH7p5huPWXm429T2TC4+DJ13oWZZBpApW2HV1S/YWETKZH3hM1dJX310V
fU4wt1EaUwYmqEgUigFgjEkO6O+skKHqzZO3lD0P6ya25Qh4pTuZozc59EEO17JV
0m5xP8LG7mvHLMGfk4QAKtGAaKyBq9G8BxNNIj6eiIn08U//RnEredYqLuAUd8+z
Uwibi4ZSuRThN5RJLoNf1Af/lSmmdom1r0LzvIzRychOR7P4F4jWs8M=
-----END CERTIFICATE-----