Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/cqB4bMgbChum_yVJW3wpXVZR-2Y.roa
File:                     cqB4bMgbChum_yVJW3wpXVZR-2Y.roa (raw, json)
Hash identifier:          S8icZ58TNKyzETkeq7SQgOPgc3rTZBePX9cWB3kzP/U=
Subject key identifier:   72:A0:78:6C:C8:1B:0A:1B:A6:FF:25:49:5B:7C:29:5D:56:51:FB:66
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01971C80D6F237A2F92F8CCAABCC9CC80082
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/cqB4bMgbChum_yVJW3wpXVZR-2Y.roa
Signing time:             Thu 29 May 2025 14:44:55 +0000
ROA not before:           Thu 29 May 2025 14:44:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a0b:ac00::/29 maxlen: 29
                          2a13:e040::/29 maxlen: 29
                          2a14:62c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Jun 2025 20:34:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:80:d6:f2:37:a2:f9:2f:8c:ca:ab:cc:9c:c8:00:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 29 14:44:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72a0786cc81b0a1ba6ff25495b7c295d5651fb66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a6:2f:fa:05:5e:38:b2:b1:5c:06:75:13:8e:
                    93:0b:2b:53:a2:79:47:df:b9:f9:ff:85:a3:e6:e2:
                    55:8e:34:44:ab:5a:64:8e:d9:ce:3a:da:b1:8e:f8:
                    0d:a6:ea:3d:f5:41:c4:ea:97:2c:c9:b1:f3:fe:bb:
                    fe:5e:f5:75:f2:fe:3d:c5:39:c9:09:7a:b4:a3:25:
                    43:8c:6c:96:29:36:fe:07:4b:6d:6c:a9:3b:2d:23:
                    7f:6a:b7:08:4e:e4:6d:30:a2:97:a7:af:40:0c:35:
                    65:3b:e9:16:66:29:66:fd:db:8f:46:6d:1f:32:b1:
                    c0:c9:59:80:af:5d:c6:f2:db:8a:23:65:1b:8c:b4:
                    8a:97:ac:ac:6f:f6:4c:e2:44:7a:9e:1b:26:8f:8a:
                    02:d6:15:64:5f:14:f1:34:bc:e9:a6:5b:77:8e:2b:
                    2f:c6:4c:13:7d:15:cf:bf:d8:8d:30:3f:28:12:9d:
                    c1:f8:b4:59:26:27:b7:56:0e:86:b2:ad:d8:98:d3:
                    e7:20:b7:38:6a:6b:74:e2:dc:5c:d8:57:e5:01:99:
                    8c:1e:4c:d7:a1:bf:bc:a4:6e:c1:dc:1f:93:49:84:
                    75:fe:ba:60:3b:42:dc:55:af:b2:ac:44:3e:a1:72:
                    59:9a:8d:03:0f:c3:d5:84:53:08:9c:9e:43:ea:b2:
                    30:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:A0:78:6C:C8:1B:0A:1B:A6:FF:25:49:5B:7C:29:5D:56:51:FB:66
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/cqB4bMgbChum_yVJW3wpXVZR-2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:ac00::/29
                  2a13:e040::/29
                  2a14:62c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:78:9a:6f:40:ae:b6:4d:92:e1:82:ff:84:ab:b1:6b:a3:5c:
         30:4b:e0:45:35:90:dc:f3:32:fe:b5:6f:55:e6:01:27:4f:19:
         b9:26:23:5a:a6:52:85:77:d5:77:57:f7:7d:a6:e8:6a:2e:50:
         24:44:b8:40:62:e2:38:4a:8b:59:e2:e0:10:df:df:32:1b:57:
         b5:d1:19:58:d5:4e:fb:f3:20:09:34:29:6e:4a:a6:d4:d4:bc:
         d6:3b:fb:07:2d:08:42:e1:b2:70:37:e3:15:74:b1:97:99:26:
         c7:06:30:aa:fc:94:32:72:eb:3a:b7:44:6f:95:64:e6:af:2f:
         43:4a:03:83:85:4d:35:72:14:b0:7e:d1:2c:0d:f2:f5:36:19:
         0d:72:5c:ab:69:20:e1:66:1b:8c:50:d1:d8:29:a9:40:a6:a5:
         5a:0b:78:26:95:40:16:a6:36:7a:81:c0:e9:08:7e:cd:51:04:
         c6:fb:0d:fe:48:b8:74:4a:f0:0d:fc:9c:6b:f5:d6:6e:c4:36:
         d8:f1:82:56:f4:a2:17:53:54:34:e9:ad:05:07:6c:71:69:a0:
         45:18:fe:78:45:94:fd:45:16:3d:58:09:60:c3:44:31:29:17:
         79:3f:2e:7b:24:6b:6f:e0:ae:7d:d8:9f:3f:1f:37:f1:11:c8:
         99:51:d3:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZccgNbyN6L5L4zKq8ycyACCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI5MTQ0NDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmEwNzg2Y2M4MWIwYTFiYTZmZjI1NDk1YjdjMjk1ZDU2NTFmYjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaYv+gVeOLKxXAZ1E46TCytTonlH
37n5/4Wj5uJVjjREq1pkjtnOOtqxjvgNpuo99UHE6pcsybHz/rv+XvV18v49xTnJ
CXq0oyVDjGyWKTb+B0ttbKk7LSN/arcITuRtMKKXp69ADDVlO+kWZilm/duPRm0f
MrHAyVmAr13G8tuKI2UbjLSKl6ysb/ZM4kR6nhsmj4oC1hVkXxTxNLzpplt3jisv
xkwTfRXPv9iNMD8oEp3B+LRZJie3Vg6Gsq3YmNPnILc4amt04txc2FflAZmMHkzX
ob+8pG7B3B+TSYR1/rpgO0LcVa+yrEQ+oXJZmo0DD8PVhFMInJ5D6rIw9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHKgeGzIGwobpv8lSVt8KV1WUftmMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvY3FCNGJNZ2JDaHVtX3lWSlczd3BYVlpSLTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgusAAMF
AyoT4EADBQMqFGLAMA0GCSqGSIb3DQEBCwUAA4IBAQBgeJpvQK62TZLhgv+Eq7Fr
o1wwS+BFNZDc8zL+tW9V5gEnTxm5JiNaplKFd9V3V/d9puhqLlAkRLhAYuI4SotZ
4uAQ398yG1e10RlY1U778yAJNCluSqbU1LzWO/sHLQhC4bJwN+MVdLGXmSbHBjCq
/JQycus6t0RvlWTmry9DSgODhU01chSwftEsDfL1NhkNclyraSDhZhuMUNHYKalA
pqVaC3gmlUAWpjZ6gcDpCH7NUQTG+w3+SLh0SvAN/Jxr9dZuxDbY8YJW9KIXU1Q0
6a0FB2xxaaBFGP54RZT9RRY9WAlgw0QxKRd5Py57JGtv4K592J8/HzfxEciZUdP8
-----END CERTIFICATE-----