Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/bARFSirSOMmDcs9ftEWb_FCtqL0.roa
File:                     bARFSirSOMmDcs9ftEWb_FCtqL0.roa (raw, json)
Hash identifier:          INFuzpmVx6ezm17/8n0GBa+YD6a0VA1kKluU193VCyM=
Subject key identifier:   6C:04:45:4A:2A:D2:38:C9:83:72:CF:5F:B4:45:9B:FC:50:AD:A8:BD
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019711260A2470BCC19C4D2B4B40D4C9AC1E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/bARFSirSOMmDcs9ftEWb_FCtqL0.roa
Signing time:             Tue 27 May 2025 09:49:54 +0000
ROA not before:           Tue 27 May 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206582
IP address blocks:        2a05:9a45::/32 maxlen: 32
                          2a13:c445::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:26:0a:24:70:bc:c1:9c:4d:2b:4b:40:d4:c9:ac:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 27 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c04454a2ad238c98372cf5fb4459bfc50ada8bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:dd:6f:3b:29:3e:dd:ed:f3:8c:79:9b:89:83:
                    b6:cf:4c:7b:1c:6a:b1:9a:58:c9:4b:c4:4d:d1:4e:
                    96:60:0c:f7:a2:42:7e:c7:00:07:84:18:68:f7:60:
                    3a:53:a2:1d:e1:fe:18:0d:5f:16:c3:20:ff:15:f1:
                    03:4f:4c:31:28:62:d1:c9:80:c6:19:7b:df:f1:ed:
                    c2:4c:36:14:71:c5:11:4c:39:a4:00:a8:29:da:00:
                    26:f3:d9:c5:8d:1f:98:d7:7c:80:53:55:4d:c7:b9:
                    46:a4:f6:d1:21:f6:98:fb:da:a3:fd:c9:9e:e2:49:
                    30:cd:30:ad:dd:70:1b:3a:36:fa:db:72:ba:72:30:
                    04:5c:0b:50:a4:46:59:55:31:d8:4d:45:ae:46:e2:
                    30:87:dd:f5:de:09:12:e1:3d:f6:5e:5d:42:fc:eb:
                    87:d8:2a:c5:a9:82:74:b7:b1:07:08:e0:c6:d4:33:
                    2d:b7:cb:9d:0a:cd:fb:24:86:c8:a6:50:14:da:58:
                    36:5a:a2:e2:01:e9:b4:57:f3:0e:09:11:0e:3a:0b:
                    7c:bf:ca:90:a6:fc:ec:5d:44:f3:1c:b8:2a:3d:99:
                    25:f2:2c:a2:85:89:5f:06:f0:c0:05:1d:ae:93:e9:
                    0f:de:7f:24:73:b2:55:7d:28:9f:59:c4:48:a6:cb:
                    f4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:04:45:4A:2A:D2:38:C9:83:72:CF:5F:B4:45:9B:FC:50:AD:A8:BD
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/bARFSirSOMmDcs9ftEWb_FCtqL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a45::/32
                  2a13:c445::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:ec:22:c4:41:a1:74:f2:e5:0f:9a:c1:0b:d1:9f:ae:49:c7:
         1b:9e:8a:04:02:49:42:74:4c:77:5b:ab:68:96:84:c7:7f:e4:
         ed:a3:28:e5:82:1f:51:af:31:6f:e5:25:98:44:6c:1b:c3:d9:
         9c:c9:dd:10:f7:50:c6:b1:65:7e:16:f6:7f:da:94:c2:15:59:
         fb:e2:b7:03:74:94:61:8a:a7:44:bf:a4:0a:eb:85:15:55:a2:
         3d:d9:dc:a2:a0:cd:36:aa:92:22:37:46:23:67:b5:af:37:b2:
         a9:d3:13:4a:41:e5:20:26:52:ed:6d:84:58:b3:0f:b2:fc:02:
         ae:89:ed:ff:cc:8e:18:0f:4e:bb:c1:9c:06:fa:e9:fd:80:e6:
         77:f7:6a:bb:68:45:68:59:a8:8a:25:be:a0:1a:6a:60:28:f0:
         2d:7f:c6:ae:f4:08:37:84:1f:2a:92:e6:f6:d7:e3:42:3b:de:
         f0:16:e3:91:df:c5:fe:47:10:bd:ea:1b:cc:3f:72:64:39:19:
         46:7f:f4:85:ea:3e:ff:26:86:10:63:41:9b:a7:dc:ee:b7:b6:
         a5:82:8d:f1:b5:e0:70:ee:3b:59:89:77:6f:58:79:98:06:cc:
         35:58:4e:1b:a4:fd:ee:24:7e:e3:1d:a4:d4:5b:19:1c:a9:7c:
         ea:cf:c8:2a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcRJgokcLzBnE0rS0DUyaweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI3MDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzA0NDU0YTJhZDIzOGM5ODM3MmNmNWZiNDQ1OWJmYzUwYWRhOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4t1vOyk+3e3zjHmbiYO2z0x7HGqx
mljJS8RN0U6WYAz3okJ+xwAHhBho92A6U6Id4f4YDV8WwyD/FfEDT0wxKGLRyYDG
GXvf8e3CTDYUccURTDmkAKgp2gAm89nFjR+Y13yAU1VNx7lGpPbRIfaY+9qj/cme
4kkwzTCt3XAbOjb623K6cjAEXAtQpEZZVTHYTUWuRuIwh9313gkS4T32Xl1C/OuH
2CrFqYJ0t7EHCODG1DMtt8udCs37JIbIplAU2lg2WqLiAem0V/MOCREOOgt8v8qQ
pvzsXUTzHLgqPZkl8iyihYlfBvDABR2uk+kP3n8kc7JVfSifWcRIpsv0IQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGwERUoq0jjJg3LPX7RFm/xQrai9MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvYkFSRlNpclNPTW1EY3M5ZnRFV2JfRkN0cUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgWaRQMF
ACoTxEUwDQYJKoZIhvcNAQELBQADggEBAB7sIsRBoXTy5Q+awQvRn65JxxueigQC
SUJ0THdbq2iWhMd/5O2jKOWCH1GvMW/lJZhEbBvD2ZzJ3RD3UMaxZX4W9n/alMIV
WfvitwN0lGGKp0S/pArrhRVVoj3Z3KKgzTaqkiI3RiNnta83sqnTE0pB5SAmUu1t
hFizD7L8Aq6J7f/MjhgPTrvBnAb66f2A5nf3artoRWhZqIolvqAaamAo8C1/xq70
CDeEHyqS5vbX40I73vAW45Hfxf5HEL3qG8w/cmQ5GUZ/9IXqPv8mhhBjQZun3O63
tqWCjfG14HDuO1mJd29YeZgGzDVYThuk/e4kfuMdpNRbGRypfOrPyCo=
-----END CERTIFICATE-----