Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uzvuY_vBnmug8NT-Of_ogAkPJh0.roa
File:                     uzvuY_vBnmug8NT-Of_ogAkPJh0.roa (raw, json)
Hash identifier:          uNm6Te/PwH5Ygglfc9g8gbwYc8KBSiNWT+H+cgnaPmA=
Subject key identifier:   BB:3B:EE:63:FB:C1:9E:6B:A0:F0:D4:FE:39:FF:E8:80:09:0F:26:1D
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EC5885817AA30B88C6A5810C67956
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uzvuY_vBnmug8NT-Of_ogAkPJh0.roa
Signing time:             Thu 02 Jan 2025 05:48:21 +0000
ROA not before:           Thu 02 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58235
IP address blocks:        2a0e:aa01:ab01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c5:88:58:17:aa:30:b8:8c:6a:58:10:c6:79:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb3bee63fbc19e6ba0f0d4fe39ffe880090f261d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:85:50:a6:bd:43:24:38:31:d4:1e:9b:40:62:
                    6f:75:f7:dc:97:b1:31:a6:0b:12:15:92:df:2c:5c:
                    e6:97:e9:44:ea:cb:3b:cb:a8:4e:ff:95:9f:e7:56:
                    71:0c:1f:3d:d4:c5:58:2f:6f:10:d3:b1:ac:f0:e4:
                    ac:a9:54:98:d5:5f:54:e3:45:cf:f7:e7:3c:fb:9b:
                    2f:56:19:f5:94:29:b6:b0:7c:4e:c8:d1:ff:b1:cd:
                    90:67:cc:3c:9d:09:59:1a:7a:fa:8c:3d:f5:da:bc:
                    eb:90:ab:5b:f2:e5:e4:35:fb:00:f5:6f:de:ef:9b:
                    df:ed:88:ee:20:40:6a:ed:ff:3f:f9:f6:a1:90:e4:
                    f5:44:6b:92:63:b0:2b:e4:cf:dc:d3:03:31:3e:50:
                    32:ed:b0:1a:a7:83:14:f1:b9:a5:1a:00:a9:56:0b:
                    1e:a2:bc:bd:ce:c2:dd:4c:47:64:1c:14:7c:af:75:
                    19:bd:a9:0a:46:6e:b1:d6:8d:5b:4e:90:08:53:a5:
                    fa:ca:fc:d3:39:f7:d2:73:d2:15:3d:43:bc:f9:b8:
                    83:bf:af:28:ca:d6:50:3e:6e:ff:e3:57:b1:61:fb:
                    4c:03:df:cf:00:c1:a8:05:96:2a:a5:fd:51:d4:6e:
                    c6:b2:bb:69:7a:39:37:0b:63:0c:e9:fd:47:6b:5a:
                    c8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:3B:EE:63:FB:C1:9E:6B:A0:F0:D4:FE:39:FF:E8:80:09:0F:26:1D
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/uzvuY_vBnmug8NT-Of_ogAkPJh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:ab01::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:4d:00:a5:9f:6e:a8:f1:ac:64:05:3d:95:89:9e:ab:22:80:
         20:a1:93:92:76:d6:88:31:17:ce:06:19:ab:8a:3b:22:77:dc:
         b4:3e:98:e0:2f:ed:da:f8:a4:4d:54:54:eb:bd:90:69:8d:3f:
         21:6e:43:39:85:93:fe:e1:7d:74:31:8e:59:f7:07:4a:cc:76:
         9c:c5:67:33:32:54:47:8c:0b:88:91:80:db:b7:2c:2a:df:dc:
         bf:b4:8e:23:f0:2a:dd:80:5e:7e:ec:cc:70:41:13:b7:93:ee:
         13:83:3a:7f:b8:87:02:dd:d3:26:dc:12:78:4b:40:6c:cc:bb:
         d8:1e:1d:af:29:39:1b:b8:64:a9:f4:af:15:1e:17:6d:c8:05:
         fe:8a:e8:b0:af:7f:70:e6:8d:e0:16:f2:d5:aa:05:4b:4c:66:
         89:e6:99:b1:46:d1:46:80:d8:56:6d:71:e3:96:7f:46:25:15:
         47:25:8b:d5:b1:61:0e:53:67:c7:2f:a6:49:b5:b8:a5:46:a5:
         3b:db:35:3b:ef:0d:3f:8e:07:6a:4c:c3:f8:52:e4:3e:40:d1:
         59:27:9b:f8:c4:5e:69:a7:f1:95:f1:36:d1:bf:64:33:74:3c:
         96:83:0c:9c:69:86:c2:29:4d:d7:a3:2b:42:fc:29:7e:0f:d2:
         d0:a0:28:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljsWIWBeqMLiMalgQxnlWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjNiZWU2M2ZiYzE5ZTZiYTBmMGQ0ZmUzOWZmZTg4MDA5MGYyNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIVQpr1DJDgx1B6bQGJvdffcl7Ex
pgsSFZLfLFzml+lE6ss7y6hO/5Wf51ZxDB891MVYL28Q07Gs8OSsqVSY1V9U40XP
9+c8+5svVhn1lCm2sHxOyNH/sc2QZ8w8nQlZGnr6jD312rzrkKtb8uXkNfsA9W/e
75vf7YjuIEBq7f8/+fahkOT1RGuSY7Ar5M/c0wMxPlAy7bAap4MU8bmlGgCpVgse
ory9zsLdTEdkHBR8r3UZvakKRm6x1o1bTpAIU6X6yvzTOffSc9IVPUO8+biDv68o
ytZQPm7/41exYftMA9/PAMGoBZYqpf1R1G7Gsrtpejk3C2MM6f1Ha1rI4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLs77mP7wZ5roPDU/jn/6IAJDyYdMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdXp2dVlfdkJubXVnOE5ULU9mX29nQWtQSmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qAasB
MA0GCSqGSIb3DQEBCwUAA4IBAQC6TQCln26o8axkBT2ViZ6rIoAgoZOSdtaIMRfO
Bhmrijsid9y0PpjgL+3a+KRNVFTrvZBpjT8hbkM5hZP+4X10MY5Z9wdKzHacxWcz
MlRHjAuIkYDbtywq39y/tI4j8CrdgF5+7MxwQRO3k+4Tgzp/uIcC3dMm3BJ4S0Bs
zLvYHh2vKTkbuGSp9K8VHhdtyAX+iuiwr39w5o3gFvLVqgVLTGaJ5pmxRtFGgNhW
bXHjln9GJRVHJYvVsWEOU2fHL6ZJtbilRqU72zU77w0/jgdqTMP4UuQ+QNFZJ5v4
xF5pp/GV8TbRv2QzdDyWgwycaYbCKU3XoytC/Cl+D9LQoCix
-----END CERTIFICATE-----