Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aI2NYqmkcYv2KKww0cSjGySGxgg.roa
File:                     aI2NYqmkcYv2KKww0cSjGySGxgg.roa (raw, json)
Hash identifier:          KQ/nFDjAaOgdJNR5OHss0Kd7IzAM9h3KUzyzVYa2qPw=
Subject key identifier:   68:8D:8D:62:A9:A4:71:8B:F6:28:AC:30:D1:C4:A3:1B:24:86:C6:08
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01977DB8E9DFA205D235478408A91ED04404
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aI2NYqmkcYv2KKww0cSjGySGxgg.roa
Signing time:             Tue 17 Jun 2025 11:49:19 +0000
ROA not before:           Tue 17 Jun 2025 11:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264749
IP address blocks:        2a10:b47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:b8:e9:df:a2:05:d2:35:47:84:08:a9:1e:d0:44:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 17 11:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=688d8d62a9a4718bf628ac30d1c4a31b2486c608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f2:28:c2:fd:67:f2:61:b3:5e:5c:e5:0e:33:
                    c3:7f:61:01:01:e5:8f:49:6e:2d:53:fc:2f:42:1a:
                    0a:06:d5:75:f2:8c:c0:1b:16:33:de:17:d6:ec:96:
                    57:71:59:6e:d7:13:63:86:61:89:9d:ac:0f:69:0d:
                    9b:e7:1a:56:26:09:36:8f:6f:de:c8:ff:11:36:1d:
                    35:5a:70:5e:25:2b:b6:84:a2:11:dd:4d:a2:9b:56:
                    f1:c1:b2:cf:03:91:5d:f7:81:bf:18:5d:cc:b0:f2:
                    f6:8f:5d:14:4d:31:d1:3b:17:7a:14:da:39:a2:97:
                    dc:f1:af:89:4b:82:cb:31:61:7a:c8:21:7d:9c:dc:
                    2d:32:9c:8a:12:46:14:c4:b4:fd:7a:ba:2f:fc:66:
                    9e:65:1b:0e:d0:4d:21:25:bd:0c:4c:9e:d6:27:7e:
                    bd:af:34:87:de:ef:21:d7:a1:52:a4:37:e2:26:43:
                    85:24:0b:fa:ab:49:ec:a3:ae:59:c9:b1:1b:ef:76:
                    ba:58:b4:e8:bc:84:61:ee:e3:69:20:f9:09:d4:62:
                    9e:3f:71:79:04:e6:2e:70:36:95:4f:35:eb:65:dd:
                    4b:4a:d4:44:70:3a:de:ef:b6:4e:52:dd:04:7a:f3:
                    fc:cb:eb:b5:00:13:ef:59:ca:8e:e6:7f:6f:0b:df:
                    d3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8D:8D:62:A9:A4:71:8B:F6:28:AC:30:D1:C4:A3:1B:24:86:C6:08
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/aI2NYqmkcYv2KKww0cSjGySGxgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b47::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:38:f7:04:3b:a7:08:14:25:92:b6:76:a0:f4:f0:bb:f8:88:
         91:3c:49:14:d4:2e:b4:4d:01:96:f6:62:01:64:c3:c1:99:c7:
         79:5c:60:42:f2:81:05:09:42:b9:63:e4:f7:62:4f:78:0f:ec:
         7f:0a:f2:d3:58:81:b6:1b:4a:e3:10:b2:90:97:90:dc:22:0a:
         c7:94:66:d5:17:43:d7:83:6c:9e:a3:d0:b1:f9:69:1a:fc:56:
         1c:58:5d:98:e1:2e:99:64:a3:9f:53:e4:98:d8:be:87:af:93:
         7b:38:cc:07:2b:8d:1e:07:df:8d:10:6c:29:84:33:bb:c7:4c:
         1a:a1:da:14:b4:64:07:16:92:30:cb:98:c9:08:66:0b:e7:e2:
         d5:c8:77:f4:92:bb:94:62:a1:ce:28:a6:5b:ee:e8:53:53:d4:
         4f:5e:aa:d2:6a:63:57:a7:04:ed:7e:74:86:f0:4b:9d:9e:6e:
         6d:d4:02:4d:16:1e:09:ea:10:38:79:0f:66:29:23:8f:d2:2a:
         bf:54:d1:13:95:5e:ad:65:e7:4e:4f:af:ad:90:fa:fd:de:75:
         30:91:98:b2:0e:9e:a7:e7:fb:05:47:99:5c:8a:24:7e:fb:00:
         72:77:08:02:82:62:9d:36:1c:d5:89:59:7b:24:2b:75:a4:60:
         7d:d7:22:a0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd9uOnfogXSNUeECKke0EQEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNjE3MTE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhkOGQ2MmE5YTQ3MThiZjYyOGFjMzBkMWM0YTMxYjI0ODZjNjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfIowv1n8mGzXlzlDjPDf2EBAeWP
SW4tU/wvQhoKBtV18ozAGxYz3hfW7JZXcVlu1xNjhmGJnawPaQ2b5xpWJgk2j2/e
yP8RNh01WnBeJSu2hKIR3U2im1bxwbLPA5Fd94G/GF3MsPL2j10UTTHROxd6FNo5
opfc8a+JS4LLMWF6yCF9nNwtMpyKEkYUxLT9erov/GaeZRsO0E0hJb0MTJ7WJ369
rzSH3u8h16FSpDfiJkOFJAv6q0nso65ZybEb73a6WLTovIRh7uNpIPkJ1GKeP3F5
BOYucDaVTzXrZd1LStREcDre77ZOUt0EevP8y+u1ABPvWcqO5n9vC9/TowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGiNjWKppHGL9iisMNHEoxskhsYIMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvYUkyTllxbWtjWXYyS0t3dzBjU2pHeVNHeGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhALRzAN
BgkqhkiG9w0BAQsFAAOCAQEApzj3BDunCBQlkrZ2oPTwu/iIkTxJFNQutE0BlvZi
AWTDwZnHeVxgQvKBBQlCuWPk92JPeA/sfwry01iBthtK4xCykJeQ3CIKx5Rm1RdD
14NsnqPQsflpGvxWHFhdmOEumWSjn1PkmNi+h6+TezjMByuNHgffjRBsKYQzu8dM
GqHaFLRkBxaSMMuYyQhmC+fi1ch39JK7lGKhziimW+7oU1PUT16q0mpjV6cE7X50
hvBLnZ5ubdQCTRYeCeoQOHkPZikjj9Iqv1TRE5VerWXnTk+vrZD6/d51MJGYsg6e
p+f7BUeZXIokfvsAcncIAoJinTYc1YlZeyQrdaRgfdcioA==
-----END CERTIFICATE-----