Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Q3vs2XW1Cojd7-bD1y41nhevM1U.roa
File:                     Q3vs2XW1Cojd7-bD1y41nhevM1U.roa (raw, json)
Hash identifier:          6SuEL35Ylkv0Cji8OqswBgR+P7vAU1djz1SIbUbJiYU=
Subject key identifier:   43:7B:EC:D9:75:B5:0A:88:DD:EF:E6:C3:D7:2E:35:9E:17:AF:33:55
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0196CE07AA76B4D94207116663EE7D514569
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Q3vs2XW1Cojd7-bD1y41nhevM1U.roa
Signing time:             Wed 14 May 2025 09:02:10 +0000
ROA not before:           Wed 14 May 2025 09:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215059
IP address blocks:        2a10:3c82::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:07:aa:76:b4:d9:42:07:11:66:63:ee:7d:51:45:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 14 09:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=437becd975b50a88ddefe6c3d72e359e17af3355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ab:21:d1:58:ce:68:9c:de:75:cb:7e:48:60:
                    ac:67:53:a7:c8:06:26:a3:d1:a4:31:db:36:af:ac:
                    10:29:0b:b5:74:35:e0:4b:38:61:e2:5e:75:b7:f5:
                    09:c3:bb:e1:b8:1f:3e:36:65:ff:e2:f5:b4:d7:2e:
                    5c:f3:d3:9b:74:b6:15:1a:df:78:d6:34:df:e7:dd:
                    60:c9:73:71:f0:61:1b:09:e4:c8:5b:f5:94:ea:34:
                    92:ed:f9:f2:5b:9a:ca:d6:2a:31:de:1c:ef:d9:1b:
                    c1:d3:87:d6:db:4a:e8:24:26:9a:33:a0:0c:b3:4c:
                    1f:f1:65:77:ef:a4:58:ef:0a:fb:6b:fb:93:2b:ee:
                    3d:60:05:23:83:0e:45:cc:11:9e:e4:75:56:5e:a5:
                    25:e9:59:af:25:97:2b:20:8a:f7:8d:8e:a4:da:d1:
                    c3:b7:5f:03:dc:b3:52:09:03:51:19:57:ef:8f:40:
                    9f:6b:10:0e:b9:40:87:d5:75:dc:21:a2:0c:f2:62:
                    b4:4f:f2:f3:56:f0:bc:2e:4f:10:5b:43:a3:68:d4:
                    b2:9d:c6:31:e1:02:05:2a:66:bb:fb:ab:78:47:de:
                    fd:e9:89:23:9f:20:e4:a5:ad:39:49:53:fb:5e:50:
                    9e:f5:6d:b3:82:68:b8:1e:c5:69:4f:d1:ff:66:41:
                    70:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7B:EC:D9:75:B5:0A:88:DD:EF:E6:C3:D7:2E:35:9E:17:AF:33:55
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Q3vs2XW1Cojd7-bD1y41nhevM1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3c82::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:eb:e6:ff:1a:59:24:4c:b9:63:2d:26:29:7a:c8:02:f2:9b:
         6c:8f:8f:a7:0d:d2:ba:26:0f:71:48:15:be:4c:12:b7:bb:e8:
         d5:fe:e1:ce:5b:1e:a6:bf:e0:9c:c5:34:19:f2:bc:7b:b7:5b:
         b7:97:9f:fa:aa:18:ab:1e:43:9d:ea:d2:c5:ce:05:bb:f9:65:
         9c:5e:4b:53:06:a0:35:a7:41:dd:85:75:03:a4:61:e7:04:e2:
         2e:d7:6a:79:05:44:06:39:39:f5:d0:e6:f2:07:44:96:2f:0d:
         d4:90:f9:a1:fd:c1:f3:00:37:1d:78:db:b3:91:f0:49:09:60:
         ba:f9:95:ef:8b:40:e8:7e:b5:4c:be:c1:32:e7:37:7d:97:b4:
         31:70:ef:a6:7a:51:c7:db:4b:bb:13:43:34:45:b9:e6:7b:dd:
         7b:83:ab:bf:f2:a4:ae:c7:31:a7:dd:0d:e5:48:3d:2c:58:8b:
         60:ba:70:d1:bb:af:bd:f5:c9:41:d8:d5:66:8e:fa:52:ab:2c:
         ad:41:45:f8:a1:5f:90:68:90:2f:a7:1d:d7:3d:65:4f:05:e7:
         63:d5:e3:ef:6d:20:a3:a4:28:82:a8:41:f2:a4:38:37:4d:52:
         d6:12:a8:d2:2c:f2:65:c8:62:b6:a4:66:5c:fd:b6:f3:16:c6:
         86:e9:28:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZbOB6p2tNlCBxFmY+59UUVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTE0MDkwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdiZWNkOTc1YjUwYTg4ZGRlZmU2YzNkNzJlMzU5ZTE3YWYzMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjash0VjOaJzedct+SGCsZ1OnyAYm
o9GkMds2r6wQKQu1dDXgSzhh4l51t/UJw7vhuB8+NmX/4vW01y5c89ObdLYVGt94
1jTf591gyXNx8GEbCeTIW/WU6jSS7fnyW5rK1iox3hzv2RvB04fW20roJCaaM6AM
s0wf8WV376RY7wr7a/uTK+49YAUjgw5FzBGe5HVWXqUl6VmvJZcrIIr3jY6k2tHD
t18D3LNSCQNRGVfvj0CfaxAOuUCH1XXcIaIM8mK0T/LzVvC8Lk8QW0OjaNSyncYx
4QIFKma7+6t4R9796YkjnyDkpa05SVP7XlCe9W2zgmi4HsVpT9H/ZkFwPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEN77Nl1tQqI3e/mw9cuNZ4XrzNVMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUTN2czJYVzFDb2pkNy1iRDF5NDFuaGV2TTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhA8gjAN
BgkqhkiG9w0BAQsFAAOCAQEAaevm/xpZJEy5Yy0mKXrIAvKbbI+Ppw3SuiYPcUgV
vkwSt7vo1f7hzlsepr/gnMU0GfK8e7dbt5ef+qoYqx5DnerSxc4Fu/llnF5LUwag
NadB3YV1A6Rh5wTiLtdqeQVEBjk59dDm8gdEli8N1JD5of3B8wA3HXjbs5HwSQlg
uvmV74tA6H61TL7BMuc3fZe0MXDvpnpRx9tLuxNDNEW55nvde4Orv/Kkrscxp90N
5Ug9LFiLYLpw0buvvfXJQdjVZo76UqssrUFF+KFfkGiQL6cd1z1lTwXnY9Xj720g
o6QogqhB8qQ4N01S1hKo0izyZchitqRmXP228xbGhukozw==
-----END CERTIFICATE-----