Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hHgz6DdLMTzMsPaEThgu7qWHQPM.roa
File:                     hHgz6DdLMTzMsPaEThgu7qWHQPM.roa (raw, json)
Hash identifier:          x0mrzGo/jy+BPXgYwzKiVy/xohxZmh00olytS4gHOTY=
Subject key identifier:   84:78:33:E8:37:4B:31:3C:CC:B0:F6:84:4E:18:2E:EE:A5:87:40:F3
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197091BF0D3D9FBF5D5A6B2D6B1226AE321
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hHgz6DdLMTzMsPaEThgu7qWHQPM.roa
Signing time:             Sun 25 May 2025 20:21:55 +0000
ROA not before:           Sun 25 May 2025 20:21:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209889
IP address blocks:        2a13:b9c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:1b:f0:d3:d9:fb:f5:d5:a6:b2:d6:b1:22:6a:e3:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 25 20:21:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=847833e8374b313cccb0f6844e182eeea58740f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:84:e3:3d:a2:a2:af:86:07:69:5c:95:b4:5c:
                    e6:4b:06:00:95:f4:4d:31:e5:3a:31:4c:bf:ff:cb:
                    36:67:df:0f:3a:e2:49:63:bc:91:2d:3f:f0:63:c9:
                    3e:e9:1a:ab:a6:95:06:aa:c9:81:b1:ad:85:c4:f7:
                    78:ed:f6:c7:9a:70:56:3a:8b:e3:a6:d5:23:2f:2e:
                    cb:27:ff:11:75:91:b7:83:9c:91:90:a5:3e:26:ae:
                    30:64:38:35:4f:96:1d:90:04:58:84:68:1b:b8:c6:
                    8b:68:ce:75:de:02:92:e3:56:79:d2:99:95:4a:46:
                    88:62:c8:06:a0:65:48:85:11:39:3b:c5:12:f5:7c:
                    f0:d3:85:dd:e2:70:47:ca:fe:3d:2e:67:27:eb:b3:
                    ca:6f:9b:c1:68:69:8e:34:ae:e2:cd:c4:ac:5d:45:
                    f6:90:85:6c:63:8b:8e:0a:02:f0:2d:58:3d:aa:64:
                    73:88:41:a2:97:f6:7d:0e:f0:bd:e9:78:67:96:5b:
                    50:b6:80:ba:58:cb:88:59:34:4e:af:7f:d7:29:ed:
                    ce:3e:24:1c:af:c9:33:b2:92:11:16:7f:89:91:8f:
                    30:bb:5d:bb:dd:90:74:88:da:5b:5d:e9:29:af:cc:
                    3f:43:0f:01:a7:36:80:27:1a:5a:41:e8:83:7e:03:
                    5d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:78:33:E8:37:4B:31:3C:CC:B0:F6:84:4E:18:2E:EE:A5:87:40:F3
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/hHgz6DdLMTzMsPaEThgu7qWHQPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b9c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:23:6a:b7:27:b8:80:3c:49:1c:d1:c2:48:03:60:0c:05:c7:
         32:25:8a:66:ee:65:ac:96:4c:46:24:d2:f4:af:42:5a:b9:f0:
         75:7e:53:f8:ff:8f:24:f9:77:de:0b:97:8a:e8:8d:46:63:f9:
         24:5b:15:d8:71:8b:b3:7f:9b:ef:6a:44:de:a2:5c:0f:ec:80:
         68:87:0f:1f:a6:6f:81:68:1e:fa:84:31:c1:d4:8f:a3:8c:b0:
         61:8c:5a:5f:91:05:cc:5f:84:eb:57:67:94:99:6c:5f:c0:11:
         aa:ce:c4:f0:40:08:4e:ba:03:37:84:41:7d:3f:bc:06:ad:d4:
         73:5f:fc:0d:4a:92:53:c0:a6:fc:9c:24:45:4e:0a:8a:f6:70:
         b0:07:17:a6:d7:17:59:2c:5c:f1:76:3d:02:14:87:7f:ae:b9:
         78:13:4b:a1:ef:01:bd:0d:60:de:34:13:be:e0:be:40:59:a0:
         d6:cb:a4:93:21:12:90:a2:13:30:23:f9:3c:f6:ff:4c:d0:a2:
         1f:22:62:94:13:23:78:91:52:ad:2e:a9:7e:e6:17:85:24:98:
         81:50:77:b3:8a:37:fe:1c:28:4e:2e:f9:36:2b:49:22:09:30:
         d4:3d:cd:a4:55:9a:4e:ad:25:e0:c0:82:50:d6:e8:d0:c3:44:
         da:bd:6f:13
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJG/DT2fv11aay1rEiauMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI1MjAyMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDc4MzNlODM3NGIzMTNjY2NiMGY2ODQ0ZTE4MmVlZWE1ODc0MGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4TjPaKir4YHaVyVtFzmSwYAlfRN
MeU6MUy//8s2Z98POuJJY7yRLT/wY8k+6RqrppUGqsmBsa2FxPd47fbHmnBWOovj
ptUjLy7LJ/8RdZG3g5yRkKU+Jq4wZDg1T5YdkARYhGgbuMaLaM513gKS41Z50pmV
SkaIYsgGoGVIhRE5O8US9Xzw04Xd4nBHyv49Lmcn67PKb5vBaGmONK7izcSsXUX2
kIVsY4uOCgLwLVg9qmRziEGil/Z9DvC96XhnlltQtoC6WMuIWTROr3/XKe3OPiQc
r8kzspIRFn+JkY8wu1273ZB0iNpbXekpr8w/Qw8BpzaAJxpaQeiDfgNdswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIR4M+g3SzE8zLD2hE4YLu6lh0DzMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaEhnejZEZExNVHpNc1BhRVRoZ3U3cVdIUVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO5xjAN
BgkqhkiG9w0BAQsFAAOCAQEALSNqtye4gDxJHNHCSANgDAXHMiWKZu5lrJZMRiTS
9K9CWrnwdX5T+P+PJPl33guXiuiNRmP5JFsV2HGLs3+b72pE3qJcD+yAaIcPH6Zv
gWge+oQxwdSPo4ywYYxaX5EFzF+E61dnlJlsX8ARqs7E8EAITroDN4RBfT+8Bq3U
c1/8DUqSU8Cm/JwkRU4KivZwsAcXptcXWSxc8XY9AhSHf665eBNLoe8BvQ1g3jQT
vuC+QFmg1sukkyESkKITMCP5PPb/TNCiHyJilBMjeJFSrS6pfuYXhSSYgVB3s4o3
/hwoTi75NitJIgkw1D3NpFWaTq0l4MCCUNbo0MNE2r1vEw==
-----END CERTIFICATE-----