Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Oqfev-3NdlQ5Gs0_4AFSoqgDtzM.roa
File:                     Oqfev-3NdlQ5Gs0_4AFSoqgDtzM.roa (raw, json)
Hash identifier:          GDXwM0ro3Y3kPMFZr2AxFqhr7nVaLp1UiE2hVOEDMyI=
Subject key identifier:   3A:A7:DE:BF:ED:CD:76:54:39:1A:CD:3F:E0:01:52:A2:A8:03:B7:33
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01925E12E2D9DABF7787F0269AA26A627C30
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Oqfev-3NdlQ5Gs0_4AFSoqgDtzM.roa
Signing time:             Sat 05 Oct 2024 19:05:48 +0000
ROA not before:           Sat 05 Oct 2024 19:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a13:c240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:12:e2:d9:da:bf:77:87:f0:26:9a:a2:6a:62:7c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Oct  5 19:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3aa7debfedcd7654391acd3fe00152a2a803b733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:07:fc:ca:65:ab:9c:45:7a:f1:e5:93:90:1f:
                    b8:2c:ca:bb:70:b2:57:3c:c5:59:87:09:67:03:7c:
                    11:b2:15:26:0c:e8:d4:e3:d7:da:94:66:ba:fe:76:
                    af:79:04:ba:f7:c4:82:eb:ed:0d:41:45:03:b4:dd:
                    8c:6a:1f:0d:48:ef:89:61:97:26:d2:5a:c2:21:4e:
                    5a:96:05:73:71:c4:31:30:96:8c:95:a4:60:27:10:
                    ff:bb:d7:0e:ec:55:6f:75:7b:16:0f:94:ff:e5:86:
                    5f:23:48:09:10:d2:ad:2e:6d:b1:12:7b:f4:0a:08:
                    e8:0b:d7:f7:7d:7f:4c:f5:2d:b8:5d:a4:be:94:2b:
                    73:84:45:21:a9:8c:11:15:91:e7:57:d0:45:3e:a3:
                    d6:aa:95:9f:0d:29:7e:d8:9c:f1:d2:4a:01:7c:6f:
                    69:0a:92:62:27:22:17:60:f5:ff:31:eb:e7:0b:9a:
                    9b:b3:48:81:ba:8c:16:d7:52:8a:58:8f:ed:29:2f:
                    d1:6f:9a:cf:2a:1d:a4:75:fb:33:49:9f:6a:53:c7:
                    e5:3d:92:74:07:bb:fa:ed:e2:bf:c5:9a:16:57:79:
                    57:1a:e3:85:0b:55:17:67:15:e9:a0:9e:51:6a:52:
                    23:c7:60:22:e8:a7:10:2a:15:b3:d1:9a:64:02:f6:
                    b2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A7:DE:BF:ED:CD:76:54:39:1A:CD:3F:E0:01:52:A2:A8:03:B7:33
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Oqfev-3NdlQ5Gs0_4AFSoqgDtzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c240::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:76:b7:ba:dc:27:d1:f6:91:e0:e9:7d:8e:f2:e1:ff:91:e5:
         b2:63:dc:27:97:b8:9b:53:6a:ec:bd:9f:0a:23:a9:54:f5:ce:
         8c:36:05:71:92:00:21:c0:84:91:e9:08:af:da:14:24:07:a7:
         42:ba:fe:2c:e6:a2:37:de:c6:37:7d:18:2e:cc:b6:ea:df:fb:
         32:91:a5:1b:74:36:ac:7a:65:c1:22:1b:88:ee:d2:3a:60:63:
         f5:98:43:8e:3f:b0:28:29:8c:26:b5:90:43:41:91:89:71:06:
         7d:b3:e0:08:76:10:78:57:35:59:ad:b5:ce:31:69:41:1d:7f:
         59:83:26:b2:f5:3b:04:87:31:3c:a4:48:b4:c8:cc:30:19:f5:
         c4:bd:f4:e1:56:b2:7c:a6:80:e5:70:8c:ad:52:ba:09:bd:e3:
         ff:3a:c7:a3:fa:9c:e4:81:1a:9a:d9:84:2d:df:d8:d0:8e:52:
         d6:85:a8:46:9d:6d:f8:37:7c:23:6f:e0:ae:21:65:1c:0e:e3:
         e2:9b:c1:6a:68:29:86:ed:31:1c:7d:66:3f:d9:96:73:c8:78:
         52:e5:f4:31:b4:12:86:d8:80:62:57:47:55:1c:fb:86:0c:85:
         6d:41:fc:25:15:c8:a7:30:95:99:42:76:b8:f3:a1:4c:aa:18:
         b1:37:9b:12
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJeEuLZ2r93h/AmmqJqYnwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQxMDA1MTkwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWE3ZGViZmVkY2Q3NjU0MzkxYWNkM2ZlMDAxNTJhMmE4MDNiNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQf8ymWrnEV68eWTkB+4LMq7cLJX
PMVZhwlnA3wRshUmDOjU49falGa6/naveQS698SC6+0NQUUDtN2Mah8NSO+JYZcm
0lrCIU5algVzccQxMJaMlaRgJxD/u9cO7FVvdXsWD5T/5YZfI0gJENKtLm2xEnv0
CgjoC9f3fX9M9S24XaS+lCtzhEUhqYwRFZHnV9BFPqPWqpWfDSl+2Jzx0koBfG9p
CpJiJyIXYPX/MevnC5qbs0iBuowW11KKWI/tKS/Rb5rPKh2kdfszSZ9qU8flPZJ0
B7v67eK/xZoWV3lXGuOFC1UXZxXpoJ5RalIjx2Ai6KcQKhWz0ZpkAvaydwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDqn3r/tzXZUORrNP+ABUqKoA7czMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvT3FmZXYtM05kbFE1R3MwXzRBRlNvcWdEdHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPCQDAN
BgkqhkiG9w0BAQsFAAOCAQEAiHa3utwn0faR4Ol9jvLh/5HlsmPcJ5e4m1Nq7L2f
CiOpVPXOjDYFcZIAIcCEkekIr9oUJAenQrr+LOaiN97GN30YLsy26t/7MpGlG3Q2
rHplwSIbiO7SOmBj9ZhDjj+wKCmMJrWQQ0GRiXEGfbPgCHYQeFc1Wa21zjFpQR1/
WYMmsvU7BIcxPKRItMjMMBn1xL304VayfKaA5XCMrVK6Cb3j/zrHo/qc5IEamtmE
Ld/Y0I5S1oWoRp1t+Dd8I2/griFlHA7j4pvBamgphu0xHH1mP9mWc8h4UuX0MbQS
htiAYldHVRz7hgyFbUH8JRXIpzCVmUJ2uPOhTKoYsTebEg==
-----END CERTIFICATE-----