Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TeKnTDPBbaFOdmRLbl0nRSRfzWs.roa
File:                     TeKnTDPBbaFOdmRLbl0nRSRfzWs.roa (raw, json)
Hash identifier:          ayx+945nuDaQsQmv2l5nAmAwPfcMQuoLm0GsbQyCVlE=
Subject key identifier:   4D:E2:A7:4C:33:C1:6D:A1:4E:76:64:4B:6E:5D:27:45:24:5F:CD:6B
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369FED1C6A3AC4B353858CC32B25FE1
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TeKnTDPBbaFOdmRLbl0nRSRfzWs.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215434
IP address blocks:        2a13:afc0::/29 maxlen: 29
                          2a14:61c0::/29 maxlen: 29
                          2a14:69c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fe:d1:c6:a3:ac:4b:35:38:58:cc:32:b2:5f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4de2a74c33c16da14e76644b6e5d2745245fcd6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:57:6c:ed:c6:c4:28:b4:ef:53:9a:c0:3b:08:
                    6e:e6:07:c9:fb:a5:d7:0f:84:8b:60:51:92:6e:6f:
                    d5:93:4c:fe:03:64:78:3a:5c:64:61:95:09:52:82:
                    ba:f1:37:fc:58:9c:c7:07:e6:95:92:68:c6:d3:3c:
                    a7:4d:bd:23:a0:31:93:81:65:47:8d:4f:c2:23:c5:
                    63:22:c1:7b:37:2f:ef:76:f0:8a:de:f4:4b:ad:72:
                    1f:3d:7c:3c:52:09:2d:2a:de:41:3a:ea:c2:11:9b:
                    0d:ae:13:14:66:7c:54:2d:4d:2d:4e:4f:bd:9b:0e:
                    bf:ab:de:ca:2b:6d:29:26:a7:31:d5:95:ed:a2:bf:
                    45:cd:85:43:32:ae:cd:8d:05:f6:59:6e:81:08:5f:
                    63:93:91:b0:24:00:73:a8:44:be:63:4b:d3:22:e9:
                    e4:b9:80:44:42:bc:a1:7f:43:cb:19:e2:20:3a:ab:
                    c9:32:ec:58:9f:79:35:c9:7a:a5:3b:66:86:97:10:
                    55:17:e1:08:59:57:c2:e3:96:b4:a9:7e:ee:a6:90:
                    b5:4b:1a:57:71:9a:1b:ff:51:33:65:44:cd:d7:96:
                    a6:71:ae:e6:bf:84:4c:1d:ef:8c:53:fe:74:98:da:
                    ae:d9:32:de:5d:73:c0:c7:16:b5:03:f3:e8:a3:e6:
                    bc:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E2:A7:4C:33:C1:6D:A1:4E:76:64:4B:6E:5D:27:45:24:5F:CD:6B
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TeKnTDPBbaFOdmRLbl0nRSRfzWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:afc0::/29
                  2a14:61c0::/29
                  2a14:69c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         cd:4d:bb:54:f2:b5:d1:1f:a8:28:67:a9:82:d5:e0:ed:df:a6:
         85:36:ba:f8:8d:00:c4:e8:57:e2:77:f2:a6:4c:7f:ba:4e:b9:
         27:4b:79:8f:d7:2d:10:86:66:ea:13:b6:0c:f6:ea:71:51:3a:
         35:91:73:f6:83:fb:2e:98:42:a7:d0:28:e5:04:60:ea:df:06:
         77:e5:3b:e0:c4:72:49:2a:b3:38:7c:34:b8:d0:26:17:4d:45:
         46:ab:f0:79:5d:c1:34:e5:50:47:67:79:80:59:8b:5c:c4:60:
         fb:25:11:74:f7:93:76:20:78:98:4d:b8:cd:03:82:78:52:04:
         2f:d7:89:1f:95:99:41:98:6b:c9:e8:04:e9:bd:58:24:61:29:
         3b:8f:bf:8f:8a:ba:59:5c:6d:cc:1b:02:52:0f:4f:5e:b1:cc:
         39:dd:fb:c9:fd:64:56:c5:98:44:35:bb:86:90:07:6a:49:ef:
         63:40:5a:7b:b1:30:47:74:42:17:52:00:7f:b7:12:58:f1:a2:
         57:d6:fe:40:64:2b:c1:24:c8:56:bd:3f:8a:f4:d4:33:38:13:
         af:79:30:e9:e6:e2:1f:bc:7d:fa:88:d4:f2:58:14:f2:e3:e6:
         48:e0:31:11:f1:9c:fa:27:e0:de:ec:23:31:05:97:20:56:58:
         8a:22:dc:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaf7RxqOsSzU4WMwysl/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGUyYTc0YzMzYzE2ZGExNGU3NjY0NGI2ZTVkMjc0NTI0NWZjZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFds7cbEKLTvU5rAOwhu5gfJ+6XX
D4SLYFGSbm/Vk0z+A2R4OlxkYZUJUoK68Tf8WJzHB+aVkmjG0zynTb0joDGTgWVH
jU/CI8VjIsF7Ny/vdvCK3vRLrXIfPXw8UgktKt5BOurCEZsNrhMUZnxULU0tTk+9
mw6/q97KK20pJqcx1ZXtor9FzYVDMq7NjQX2WW6BCF9jk5GwJABzqES+Y0vTIunk
uYBEQryhf0PLGeIgOqvJMuxYn3k1yXqlO2aGlxBVF+EIWVfC45a0qX7uppC1SxpX
cZob/1EzZUTN15amca7mv4RMHe+MU/50mNqu2TLeXXPAxxa1A/Poo+a8fQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE3ip0wzwW2hTnZkS25dJ0UkX81rMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVGVLblREUEJiYUZPZG1STGJsMG5SU1JmeldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhOvwAMF
AyoUYcADBQMqFGnAMA0GCSqGSIb3DQEBCwUAA4IBAQDNTbtU8rXRH6goZ6mC1eDt
36aFNrr4jQDE6Ffid/KmTH+6TrknS3mP1y0QhmbqE7YM9upxUTo1kXP2g/sumEKn
0CjlBGDq3wZ35TvgxHJJKrM4fDS40CYXTUVGq/B5XcE05VBHZ3mAWYtcxGD7JRF0
95N2IHiYTbjNA4J4UgQv14kflZlBmGvJ6ATpvVgkYSk7j7+PirpZXG3MGwJSD09e
scw53fvJ/WRWxZhENbuGkAdqSe9jQFp7sTBHdEIXUgB/txJY8aJX1v5AZCvBJMhW
vT+K9NQzOBOveTDp5uIfvH36iNTyWBTy4+ZI4DER8Zz6J+De7CMxBZcgVliKItzX
-----END CERTIFICATE-----