Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/CUbuh0PM3yqW-CpytCXAWwYdQ7Q.roa
File:                     CUbuh0PM3yqW-CpytCXAWwYdQ7Q.roa (raw, json)
Hash identifier:          j6MdXA11jocwq2zYd6v7F0+Oq8jAXnx5FNp5BWwzZDI=
Subject key identifier:   09:46:EE:87:43:CC:DF:2A:96:F8:2A:72:B4:25:C0:5B:06:1D:43:B4
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       0197D0C4BB6E30D808F2FEC773E8B9756BBC
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/CUbuh0PM3yqW-CpytCXAWwYdQ7Q.roa
Signing time:             Thu 03 Jul 2025 14:50:43 +0000
ROA not before:           Thu 03 Jul 2025 14:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29290
IP address blocks:        2a00:f10:141::/48 maxlen: 48
                          2a0b:8f80:100::/40 maxlen: 40
                          2a0b:8f80:101::/48 maxlen: 48
                          2a0b:8f80:103::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:c4:bb:6e:30:d8:08:f2:fe:c7:73:e8:b9:75:6b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jul  3 14:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0946ee8743ccdf2a96f82a72b425c05b061d43b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:98:34:57:6d:18:c6:7d:fb:51:54:6b:ff:eb:
                    8d:68:da:bb:d4:bf:eb:86:80:71:bb:f3:d4:95:ec:
                    3b:4b:2f:6e:03:69:3a:28:8e:d9:99:5f:65:f9:c6:
                    f6:81:07:d6:79:4a:1c:7b:d8:66:36:8a:64:cd:8c:
                    47:99:9e:36:5f:c4:0b:7b:92:c1:3a:e4:a7:c9:10:
                    bf:ae:11:02:cf:1d:4e:4b:a6:78:88:08:7f:d1:ac:
                    db:20:b8:08:95:a1:34:59:67:2d:dc:5b:8c:7e:2c:
                    cd:8c:0b:4d:92:84:bb:22:75:91:2a:f9:28:93:ea:
                    b1:cc:94:27:09:9f:6c:b1:dd:46:a9:bc:a7:20:db:
                    8e:fa:b6:1c:06:2f:0c:3c:95:04:10:ab:29:d5:d1:
                    d1:11:fd:34:47:08:b5:78:38:a0:4d:23:02:ec:99:
                    3b:b2:49:4e:35:25:a4:ee:14:88:24:9b:5e:35:51:
                    d1:b2:30:da:a7:76:d4:74:8e:79:b7:58:77:08:03:
                    cb:24:e0:8c:06:44:0f:3d:4f:51:14:b8:0d:2c:98:
                    b9:3d:77:05:a6:94:65:60:bf:05:8e:f5:02:4a:7d:
                    e3:e8:fa:90:fb:8a:4f:a0:26:5d:a6:86:52:df:55:
                    a4:40:fd:43:d3:3b:70:d7:a6:60:68:a5:1c:6f:0d:
                    cc:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:46:EE:87:43:CC:DF:2A:96:F8:2A:72:B4:25:C0:5B:06:1D:43:B4
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/CUbuh0PM3yqW-CpytCXAWwYdQ7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f10:141::/48
                  2a0b:8f80:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         0e:37:ec:32:d1:6f:78:30:b1:35:de:5a:74:f7:f6:5e:af:c0:
         31:f8:81:79:ae:46:f6:3d:e0:54:eb:64:4f:1b:de:c1:68:a9:
         a6:d8:20:d0:82:74:c5:a8:12:0a:1a:8e:98:63:cf:69:9a:23:
         88:ad:39:86:06:fe:2f:2e:35:df:99:34:3b:bf:bb:bc:28:89:
         fc:46:89:01:86:65:05:64:e3:28:ad:4b:fb:11:5b:f7:92:04:
         7e:65:f2:5c:e7:72:d1:9a:cb:7f:8e:1d:a9:4b:85:4e:0b:fe:
         43:04:fc:73:ab:14:99:38:de:4f:a5:4f:86:02:4a:b3:72:12:
         e7:ce:03:88:3f:21:8e:2e:77:e0:0c:3e:5a:45:0b:e3:42:cb:
         d7:b7:71:1a:74:33:0c:5a:75:0c:88:0d:98:df:8d:55:06:cd:
         71:6e:a6:47:91:cb:bb:a3:36:cf:0f:ac:39:13:17:40:17:e0:
         0e:8a:e7:67:71:4b:de:e9:f7:11:c7:2b:62:66:ed:e0:d9:c6:
         c6:cc:9a:15:6e:24:02:cd:b3:bc:d2:c6:14:ed:ef:e9:29:64:
         7f:56:3c:71:fb:42:88:b7:fe:62:81:c1:bd:b9:12:72:e1:56:
         41:65:6d:1e:d8:b5:a1:61:8f:36:38:84:07:ee:3b:4a:05:33:
         39:5c:30:8f
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZfQxLtuMNgI8v7Hc+i5dWu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjUwNzAzMTQ1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ2ZWU4NzQzY2NkZjJhOTZmODJhNzJiNDI1YzA1YjA2MWQ0M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Jg0V20Yxn37UVRr/+uNaNq71L/r
hoBxu/PUlew7Sy9uA2k6KI7ZmV9l+cb2gQfWeUoce9hmNopkzYxHmZ42X8QLe5LB
OuSnyRC/rhECzx1OS6Z4iAh/0azbILgIlaE0WWct3FuMfizNjAtNkoS7InWRKvko
k+qxzJQnCZ9ssd1GqbynINuO+rYcBi8MPJUEEKsp1dHREf00Rwi1eDigTSMC7Jk7
sklONSWk7hSIJJteNVHRsjDap3bUdI55t1h3CAPLJOCMBkQPPU9RFLgNLJi5PXcF
ppRlYL8FjvUCSn3j6PqQ+4pPoCZdpoZS31WkQP1D0ztw16ZgaKUcbw3MYQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFAlG7odDzN8qlvgqcrQlwFsGHUO0MB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvQ1VidWgwUE0zeXFXLUNweXRDWEFXd1lkUTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgAPEAFB
AwYAKguPgAEwDQYJKoZIhvcNAQELBQADggEBAA437DLRb3gwsTXeWnT39l6vwDH4
gXmuRvY94FTrZE8b3sFoqabYINCCdMWoEgoajphjz2maI4itOYYG/i8uNd+ZNDu/
u7woifxGiQGGZQVk4yitS/sRW/eSBH5l8lznctGay3+OHalLhU4L/kME/HOrFJk4
3k+lT4YCSrNyEufOA4g/IY4ud+AMPlpFC+NCy9e3cRp0MwxadQyIDZjfjVUGzXFu
pkeRy7ujNs8PrDkTF0AX4A6K52dxS97p9xHHK2Jm7eDZxsbMmhVuJALNs7zSxhTt
7+kpZH9WPHH7Qoi3/mKBwb25EnLhVkFlbR7YtaFhjzY4hAfuO0oFMzlcMI8=
-----END CERTIFICATE-----