Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ZI4YHAyCqjfjaoUZWL63dzsFL10.roa
File:                     ZI4YHAyCqjfjaoUZWL63dzsFL10.roa (raw, json)
Hash identifier:          yu6Gn7Q3U4qVlxl45DD6m8lfY144fEaYodsGHxKY7hk=
Subject key identifier:   64:8E:18:1C:0C:82:AA:37:E3:6A:85:19:58:BE:B7:77:3B:05:2F:5D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F3F1820DF7834F8E82CD0045FCD600B88
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ZI4YHAyCqjfjaoUZWL63dzsFL10.roa
Signing time:             Fri 03 May 2024 15:34:56 +0000
ROA not before:           Fri 03 May 2024 15:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215427
IP address blocks:        2a13:c340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3f:18:20:df:78:34:f8:e8:2c:d0:04:5f:cd:60:0b:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  3 15:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=648e181c0c82aa37e36a851958beb7773b052f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cd:75:51:84:de:38:d6:65:84:63:64:5e:93:
                    36:1f:a5:0f:9c:34:4c:53:eb:e9:f0:d6:65:30:3e:
                    a1:9a:7f:0b:7b:55:c2:db:2c:b9:4f:98:21:12:75:
                    78:f5:bc:93:d9:9d:b6:68:c3:4f:13:da:75:17:53:
                    21:ba:07:ee:55:43:31:57:35:c7:5d:1d:48:2f:24:
                    02:09:de:2d:86:25:64:f1:aa:ea:ef:a1:06:31:f0:
                    0a:67:35:e2:e3:38:15:19:45:f4:13:27:8f:6a:42:
                    8e:97:3d:d1:ae:60:70:51:3c:26:fd:6a:34:62:2b:
                    81:1b:dd:e8:bf:b3:a7:17:48:03:fc:43:5a:8f:97:
                    3c:f3:24:92:12:68:91:a4:05:ce:fb:ef:d6:0b:7d:
                    ca:97:2b:93:ef:72:1a:3e:b2:e3:03:56:3e:3f:6b:
                    2d:da:f3:89:a4:d4:36:cf:82:79:0d:d4:47:59:a3:
                    dc:c0:17:59:20:4c:fa:6f:c0:7b:30:68:6e:91:bc:
                    e5:cc:4e:93:1a:73:d7:c7:98:37:e0:e3:df:ea:14:
                    60:1b:69:e3:f4:bb:90:2c:f4:50:d4:03:61:a4:8d:
                    8a:70:84:1e:46:f6:eb:6f:c3:d0:b1:18:bd:14:67:
                    d8:a6:12:9d:e9:79:ca:4c:fc:2b:9b:26:92:65:86:
                    d4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:8E:18:1C:0C:82:AA:37:E3:6A:85:19:58:BE:B7:77:3B:05:2F:5D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ZI4YHAyCqjfjaoUZWL63dzsFL10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c340::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:0b:89:a0:3e:2c:cb:48:04:de:90:08:74:24:11:12:08:f0:
         53:21:00:af:6a:42:ee:4b:46:38:44:3e:d9:35:1e:f8:df:11:
         20:0a:c4:2e:e3:66:bc:c5:9b:38:01:24:6b:08:f8:75:a3:50:
         8d:2a:4b:b8:3b:85:c7:f9:f8:86:43:82:0a:f8:c0:3f:6e:32:
         ec:30:29:45:ce:c1:ec:9c:ce:87:12:99:a1:66:37:49:9a:55:
         ca:5d:a8:92:e6:46:a2:e4:5a:e1:5f:1c:94:cb:b7:2a:10:2c:
         63:4b:df:42:52:07:56:a5:9e:be:22:be:ac:d5:4f:e3:2c:a0:
         6a:8a:94:27:1d:8b:54:45:52:1c:1b:7e:4b:84:4f:94:67:a8:
         fd:04:c1:fe:61:3c:92:3c:0c:92:ac:7e:b7:da:58:a9:73:bf:
         30:aa:75:a7:95:66:6f:59:8c:d7:69:26:e9:b6:9b:90:86:32:
         63:c0:4a:eb:98:eb:77:86:7e:a8:b4:28:ee:fb:53:82:07:c5:
         ec:0e:22:6f:9c:04:00:35:e1:23:c7:fe:34:f1:11:7a:7f:50:
         8b:aa:6f:7f:3d:5b:f4:d3:48:09:73:4e:a7:6f:3b:de:53:7c:
         86:b6:5f:36:e6:b8:34:e7:d1:fe:77:18:a1:9b:85:eb:93:67:
         a6:55:f6:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8/GCDfeDT46CzQBF/NYAuIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNTAzMTUzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDhlMTgxYzBjODJhYTM3ZTM2YTg1MTk1OGJlYjc3NzNiMDUyZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs811UYTeONZlhGNkXpM2H6UPnDRM
U+vp8NZlMD6hmn8Le1XC2yy5T5ghEnV49byT2Z22aMNPE9p1F1MhugfuVUMxVzXH
XR1ILyQCCd4thiVk8arq76EGMfAKZzXi4zgVGUX0EyePakKOlz3RrmBwUTwm/Wo0
YiuBG93ov7OnF0gD/ENaj5c88ySSEmiRpAXO++/WC33KlyuT73IaPrLjA1Y+P2st
2vOJpNQ2z4J5DdRHWaPcwBdZIEz6b8B7MGhukbzlzE6TGnPXx5g34OPf6hRgG2nj
9LuQLPRQ1ANhpI2KcIQeRvbrb8PQsRi9FGfYphKd6XnKTPwrmyaSZYbU5wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGSOGBwMgqo342qFGVi+t3c7BS9dMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvWkk0WUhBeUNxamZqYW9VWldMNjNkenNGTDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPDQDAN
BgkqhkiG9w0BAQsFAAOCAQEAkQuJoD4sy0gE3pAIdCQREgjwUyEAr2pC7ktGOEQ+
2TUe+N8RIArELuNmvMWbOAEkawj4daNQjSpLuDuFx/n4hkOCCvjAP24y7DApRc7B
7JzOhxKZoWY3SZpVyl2okuZGouRa4V8clMu3KhAsY0vfQlIHVqWeviK+rNVP4yyg
aoqUJx2LVEVSHBt+S4RPlGeo/QTB/mE8kjwMkqx+t9pYqXO/MKp1p5Vmb1mM12km
6babkIYyY8BK65jrd4Z+qLQo7vtTggfF7A4ib5wEADXhI8f+NPERen9Qi6pvfz1b
9NNICXNOp2873lN8hrZfNua4NOfR/ncYoZuF65NnplX2Gg==
-----END CERTIFICATE-----