Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/SuiPT4OpOSXX4F_Q08V7H0pW3oc.roa
File:                     SuiPT4OpOSXX4F_Q08V7H0pW3oc.roa (raw, json)
Hash identifier:          nbaBrPFQI+zfNFxJSdsD7DL4EkKvwULT0XZpKSDtxZI=
Subject key identifier:   4A:E8:8F:4F:83:A9:39:25:D7:E0:5F:D0:D3:C5:7B:1F:4A:56:DE:87
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019711260A6950C0F85B5B44F75947C5103D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/SuiPT4OpOSXX4F_Q08V7H0pW3oc.roa
Signing time:             Tue 27 May 2025 09:49:55 +0000
ROA not before:           Tue 27 May 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206623
IP address blocks:        2a05:9a46::/32 maxlen: 32
                          2a13:c446::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:26:0a:69:50:c0:f8:5b:5b:44:f7:59:47:c5:10:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ae88f4f83a93925d7e05fd0d3c57b1f4a56de87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ea:cd:ef:73:36:5a:c3:ee:b8:8a:c9:2a:3f:
                    38:a1:64:98:9e:69:10:88:59:48:bd:66:0e:6c:d7:
                    8b:3e:82:eb:02:63:28:05:90:63:20:67:dd:2c:61:
                    43:12:49:2a:91:75:19:35:e5:2a:2d:ef:26:58:d7:
                    e3:73:45:f9:96:f5:f9:41:61:35:fb:5f:68:57:43:
                    e0:e6:a2:fa:00:2c:e8:58:0c:a7:1b:1f:ee:91:af:
                    f0:29:4a:48:65:47:88:aa:af:e7:f0:f5:a0:b8:55:
                    54:66:42:e5:55:60:10:2d:72:89:9f:99:a2:eb:36:
                    52:9e:84:cb:8c:a8:82:ea:a4:b9:a1:64:56:ce:e0:
                    ff:83:9d:ff:72:af:23:df:e9:49:e9:74:b0:f6:a7:
                    8d:dc:12:58:f9:e8:a8:3a:1b:67:56:0f:10:01:d5:
                    65:98:5c:50:5f:9a:43:63:45:89:b3:1b:2f:f8:1f:
                    e8:a0:68:20:d5:52:01:57:89:4f:8b:0e:1d:e2:b7:
                    9f:f1:fa:91:52:98:2e:e0:fc:3b:9b:e4:f9:e2:ef:
                    e4:33:f9:ff:1a:15:c5:fc:3f:23:84:f9:82:9e:05:
                    db:34:0a:1c:0e:0a:bc:2a:1b:ab:23:03:ed:12:6b:
                    07:aa:f5:55:1d:4a:7c:63:ba:34:97:27:6e:b3:54:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E8:8F:4F:83:A9:39:25:D7:E0:5F:D0:D3:C5:7B:1F:4A:56:DE:87
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/SuiPT4OpOSXX4F_Q08V7H0pW3oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a46::/32
                  2a13:c446::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:46:97:cf:9a:b3:eb:b8:8e:44:6c:99:c0:aa:55:7b:02:04:
         7a:4f:e3:12:87:40:c4:2c:fe:91:eb:9e:68:86:e1:ff:19:75:
         99:ec:2a:59:6a:28:6b:4c:40:b2:c7:b8:91:13:fc:53:80:68:
         b6:7f:65:c8:af:91:c3:93:d9:2e:d9:b6:1c:4e:79:e8:93:4e:
         9f:eb:bb:26:1e:98:96:b5:4a:6d:08:36:7c:22:17:8b:06:5e:
         21:f1:d2:43:fe:50:d6:ca:9b:d4:0d:8d:44:f4:c1:6c:c0:ce:
         7c:5c:7e:b5:9d:5f:9e:f0:e3:8d:ca:9b:f0:9a:f7:ae:27:7d:
         43:89:33:c1:54:2b:22:59:57:a8:4d:1d:64:12:0d:8d:f7:2d:
         1e:86:b1:ac:49:6a:f1:72:6e:f6:b7:3a:a6:be:ff:8f:cd:ad:
         d3:dc:cf:b3:87:29:3e:05:50:76:c5:e0:25:6c:fa:54:43:63:
         be:9e:91:82:ca:c8:81:b2:a0:24:f5:35:5f:1c:0b:39:e6:27:
         1d:1b:40:6d:ba:c5:86:f5:04:83:f8:c0:50:b2:bf:3a:6d:6c:
         31:53:6b:f7:76:f6:d6:15:e5:34:86:1a:65:e7:a2:5e:04:08:
         6e:f0:7c:2c:fe:3a:32:4e:18:a5:e3:30:c9:44:d4:5d:32:9a:
         e8:52:d1:0e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJgppUMD4W1tE91lHxRA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWU4OGY0ZjgzYTkzOTI1ZDdlMDVmZDBkM2M1N2IxZjRhNTZkZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOrN73M2WsPuuIrJKj84oWSYnmkQ
iFlIvWYObNeLPoLrAmMoBZBjIGfdLGFDEkkqkXUZNeUqLe8mWNfjc0X5lvX5QWE1
+19oV0Pg5qL6ACzoWAynGx/uka/wKUpIZUeIqq/n8PWguFVUZkLlVWAQLXKJn5mi
6zZSnoTLjKiC6qS5oWRWzuD/g53/cq8j3+lJ6XSw9qeN3BJY+eioOhtnVg8QAdVl
mFxQX5pDY0WJsxsv+B/ooGgg1VIBV4lPiw4d4ref8fqRUpgu4Pw7m+T54u/kM/n/
GhXF/D8jhPmCngXbNAocDgq8KhurIwPtEmsHqvVVHUp8Y7o0lydus1RybQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEroj0+DqTkl1+Bf0NPFex9KVt6HMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvU3VpUFQ0T3BPU1hYNEZfUTA4VjdIMHBXM29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgWaRgMF
ACoTxEYwDQYJKoZIhvcNAQELBQADggEBAKNGl8+as+u4jkRsmcCqVXsCBHpP4xKH
QMQs/pHrnmiG4f8ZdZnsKllqKGtMQLLHuJET/FOAaLZ/ZcivkcOT2S7ZthxOeeiT
Tp/ruyYemJa1Sm0INnwiF4sGXiHx0kP+UNbKm9QNjUT0wWzAznxcfrWdX57w443K
m/Ca964nfUOJM8FUKyJZV6hNHWQSDY33LR6GsaxJavFybva3Oqa+/4/NrdPcz7OH
KT4FUHbF4CVs+lRDY76ekYLKyIGyoCT1NV8cCznmJx0bQG26xYb1BIP4wFCyvzpt
bDFTa/d29tYV5TSGGmXnol4ECG7wfCz+OjJOGKXjMMlE1F0ymuhS0Q4=
-----END CERTIFICATE-----