Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uVrshHPxHqz1_NMUsu_6J5zR6-8.roa
File:                     uVrshHPxHqz1_NMUsu_6J5zR6-8.roa (raw, json)
Hash identifier:          3IGg95xosDTb/o9qLSympSIfgJUC9rLgDZVGfNSizSI=
Subject key identifier:   B9:5A:EC:84:73:F1:1E:AC:F5:FC:D3:14:B2:EF:FA:27:9C:D1:EB:EF
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EEBA4BC3F7353E911FACA38C4EF7D
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uVrshHPxHqz1_NMUsu_6J5zR6-8.roa
Signing time:             Thu 02 Jan 2025 05:48:30 +0000
ROA not before:           Thu 02 Jan 2025 05:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212916
IP address blocks:        2a0e:aa07:e011::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:eb:a4:bc:3f:73:53:e9:11:fa:ca:38:c4:ef:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b95aec8473f11eacf5fcd314b2effa279cd1ebef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:04:0e:9c:54:ef:85:5c:b7:26:99:20:74:
                    5c:78:74:8c:93:cc:e9:ad:fb:be:ae:5e:a3:be:d3:
                    79:55:2f:17:f8:69:e7:00:7d:de:79:54:f0:65:b5:
                    b9:43:1c:6c:72:32:70:4a:7a:96:d3:7d:d0:ab:89:
                    bd:d3:b8:b5:1a:44:9f:e9:56:d6:76:6e:5f:46:5e:
                    5c:12:93:11:d9:9d:d7:6e:d1:64:40:66:60:49:b3:
                    7d:c9:7a:f9:f5:72:06:93:e2:76:34:cf:f6:8e:a0:
                    1a:db:fc:24:47:d4:09:c4:62:bc:45:49:2d:66:57:
                    b7:19:9e:54:16:d6:23:90:d1:b5:04:b1:52:0e:2a:
                    bf:24:76:7b:63:d9:a6:36:2d:1d:d9:a3:97:cb:95:
                    49:5a:c2:a8:f2:ee:4c:57:01:da:f8:af:5b:d2:9c:
                    11:a8:7e:91:e2:9d:fd:5b:5b:83:14:97:04:86:e2:
                    d9:30:ec:e3:c6:e6:84:8e:23:ff:44:63:c4:a0:60:
                    cf:64:c5:5c:fd:63:be:2c:aa:f7:44:07:0e:89:68:
                    44:b0:e7:5d:6b:52:43:98:fb:fd:b2:a7:27:8b:c1:
                    f4:4d:8c:71:38:ba:3f:50:96:b4:08:03:b4:a7:6b:
                    ad:68:a9:9d:56:ea:35:7f:f8:49:80:df:5e:1d:cd:
                    5b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:5A:EC:84:73:F1:1E:AC:F5:FC:D3:14:B2:EF:FA:27:9C:D1:EB:EF
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uVrshHPxHqz1_NMUsu_6J5zR6-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e011::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:71:b2:ae:81:07:ae:ca:a6:66:e9:89:d5:0c:5b:f4:12:a1:
         b1:da:db:e8:98:e7:80:f5:12:e5:0a:10:10:6a:c8:1f:42:89:
         5a:db:e0:e5:ae:c8:19:53:05:e0:2e:8a:bc:e0:f0:bf:9e:ad:
         54:59:93:eb:fe:b9:b7:6b:b0:14:9c:d8:0f:51:92:53:1c:c6:
         2f:de:b0:08:75:04:35:82:85:2a:94:46:65:7e:09:29:cd:da:
         1a:13:e0:07:ac:c7:71:8b:48:06:fe:67:6f:c3:66:e7:b2:45:
         8d:b6:94:e2:0d:c9:df:77:10:ef:f3:0d:13:74:49:3e:93:77:
         00:5a:11:56:de:0d:18:df:4c:cf:e0:02:65:d0:d0:25:5f:0c:
         00:3e:cc:79:df:fd:51:67:38:cd:ee:3d:b4:9a:d1:f8:ea:47:
         23:33:af:92:07:c8:43:47:70:71:ed:a7:13:d8:b8:ee:39:3e:
         40:ff:2d:e9:28:68:0b:a7:c9:3b:82:7e:ce:e3:8e:c2:08:0d:
         e0:12:57:de:f8:f3:a5:d5:50:ad:0b:7d:de:18:ba:0d:30:00:
         f4:c9:44:4a:3b:25:7a:1c:36:1b:cd:c6:b2:ad:37:bb:24:bb:
         da:87:de:92:d1:ec:ae:d7:44:3d:d6:de:e7:1a:47:d7:19:98:
         49:e9:e2:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljuukvD9zU+kR+so4xO99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTVhZWM4NDczZjExZWFjZjVmY2QzMTRiMmVmZmEyNzljZDFlYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOAEDpxU74VctyaZIHRceHSMk8zp
rfu+rl6jvtN5VS8X+GnnAH3eeVTwZbW5QxxscjJwSnqW033Qq4m907i1GkSf6VbW
dm5fRl5cEpMR2Z3XbtFkQGZgSbN9yXr59XIGk+J2NM/2jqAa2/wkR9QJxGK8RUkt
Zle3GZ5UFtYjkNG1BLFSDiq/JHZ7Y9mmNi0d2aOXy5VJWsKo8u5MVwHa+K9b0pwR
qH6R4p39W1uDFJcEhuLZMOzjxuaEjiP/RGPEoGDPZMVc/WO+LKr3RAcOiWhEsOdd
a1JDmPv9sqcni8H0TYxxOLo/UJa0CAO0p2utaKmdVuo1f/hJgN9eHc1brQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLla7IRz8R6s9fzTFLLv+iec0evvMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdVZyc2hIUHhIcXoxX05NVXN1XzZKNXpSNi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+AR
MA0GCSqGSIb3DQEBCwUAA4IBAQC6cbKugQeuyqZm6YnVDFv0EqGx2tvomOeA9RLl
ChAQasgfQola2+DlrsgZUwXgLoq84PC/nq1UWZPr/rm3a7AUnNgPUZJTHMYv3rAI
dQQ1goUqlEZlfgkpzdoaE+AHrMdxi0gG/mdvw2bnskWNtpTiDcnfdxDv8w0TdEk+
k3cAWhFW3g0Y30zP4AJl0NAlXwwAPsx53/1RZzjN7j20mtH46kcjM6+SB8hDR3Bx
7acT2LjuOT5A/y3pKGgLp8k7gn7O447CCA3gElfe+POl1VCtC33eGLoNMAD0yURK
OyV6HDYbzcayrTe7JLvah96S0eyu10Q91t7nGkfXGZhJ6eLR
-----END CERTIFICATE-----