Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/ub_wuD6GrLRSFxkzvOcZq4Jo0u8.roa
File:                     ub_wuD6GrLRSFxkzvOcZq4Jo0u8.roa (raw, json)
Hash identifier:          7Un/Y+Kg84yVZqoJNW9xKfwZcI8pk00diQSKoBsgLzQ=
Subject key identifier:   B9:BF:F0:B8:3E:86:AC:B4:52:17:19:33:BC:E7:19:AB:82:68:D2:EF
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019425FDA0DCB24D632B53B6C521CE5D5325
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/ub_wuD6GrLRSFxkzvOcZq4Jo0u8.roa
Signing time:             Thu 02 Jan 2025 07:49:26 +0000
ROA not before:           Thu 02 Jan 2025 07:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48266
IP address blocks:        2a0e:da40:3000::/36 maxlen: 128
                          2a12:8c00::/36 maxlen: 128
                          2a12:8c00:1000::/36 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a0:dc:b2:4d:63:2b:53:b6:c5:21:ce:5d:53:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 07:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9bff0b83e86acb452171933bce719ab8268d2ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:e8:f4:fd:2e:dd:3b:86:0f:ed:c5:b1:9c:
                    03:39:ac:49:94:8f:e5:13:75:1d:20:7f:50:9a:38:
                    2d:a1:99:24:43:ad:55:ae:c0:0d:b2:49:61:59:6e:
                    8d:34:a8:76:87:ab:2e:5e:64:38:23:9e:47:f9:f6:
                    5b:56:61:95:61:b9:9b:28:93:a8:4f:88:be:74:e2:
                    62:34:bb:b4:29:e7:68:36:47:6d:84:2d:5a:ec:e4:
                    99:6e:71:e9:cf:10:ab:2f:71:6c:96:50:b4:c4:fa:
                    0a:30:dc:07:17:94:d6:be:2c:5b:d4:a9:3a:f3:7d:
                    c8:8c:97:50:73:b6:c9:01:88:8e:f6:a8:c4:64:75:
                    a4:e2:22:2f:ab:3f:88:7d:15:5c:3b:e2:58:bc:34:
                    9a:13:62:14:4d:05:23:cd:30:67:29:a1:73:98:78:
                    86:9e:49:f3:8b:64:44:b7:00:70:2a:92:8f:d7:e0:
                    05:5f:68:b6:e1:65:ab:37:da:f9:ca:fc:f7:bc:3e:
                    6c:5d:f8:8d:75:ab:37:f6:30:9e:1a:75:dc:87:d1:
                    30:38:fd:79:6c:fd:f0:3b:36:c7:2a:17:43:04:98:
                    b6:a3:0a:69:0f:fe:e8:8b:38:ff:af:6d:82:1b:9b:
                    f4:14:5c:c5:9b:96:0c:f0:1f:4f:2b:d0:31:3b:68:
                    43:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BF:F0:B8:3E:86:AC:B4:52:17:19:33:BC:E7:19:AB:82:68:D2:EF
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/ub_wuD6GrLRSFxkzvOcZq4Jo0u8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:da40:3000::/36
                  2a12:8c00::/35

    Signature Algorithm: sha256WithRSAEncryption
         15:3a:95:64:46:ef:49:65:85:12:ff:d1:7e:e7:f2:90:b9:26:
         03:6b:c9:1f:57:97:30:e2:5c:97:5c:c8:4c:6b:84:07:a3:d7:
         fd:08:9b:94:2a:58:dc:4e:5b:6e:6d:04:f4:d9:3c:bd:82:3e:
         a7:55:76:8b:0c:dc:44:b3:3d:95:de:1d:27:98:63:12:20:2a:
         50:6b:0e:b5:40:ca:a1:14:b6:d3:d0:e4:13:33:e5:29:a0:e9:
         6e:bd:fb:33:b5:c1:44:3c:99:d0:f8:eb:07:de:0c:97:f5:ce:
         ac:6b:d3:38:02:d5:0b:8f:c6:03:ed:aa:02:68:b6:a8:89:79:
         c4:09:df:f1:53:d7:b5:21:cd:b1:72:72:22:9f:f4:50:b5:14:
         41:da:2c:7d:c4:93:30:00:9a:7b:0d:33:b8:1f:fd:88:62:92:
         d4:8d:2e:23:07:cf:3d:a0:af:55:5a:cc:7a:03:e1:27:00:b0:
         0d:e7:0c:75:e1:d6:d6:cd:3c:ea:81:fe:69:db:5f:a8:0b:fb:
         13:3f:70:06:ba:e9:29:fc:41:3a:2d:e6:61:12:8c:9a:16:37:
         65:21:1d:3b:b6:e5:af:ca:8c:b8:53:6a:93:23:66:ac:ab:55:
         4b:4e:28:82:c9:3f:63:e0:98:6f:de:2e:a2:ef:5b:25:85:d5:
         43:b8:ad:9e
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQl/aDcsk1jK1O2xSHOXVMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjUwMTAyMDc0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWJmZjBiODNlODZhY2I0NTIxNzE5MzNiY2U3MTlhYjgyNjhkMmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdvo9P0u3TuGD+3FsZwDOaxJlI/l
E3UdIH9QmjgtoZkkQ61VrsANsklhWW6NNKh2h6suXmQ4I55H+fZbVmGVYbmbKJOo
T4i+dOJiNLu0KedoNkdthC1a7OSZbnHpzxCrL3FsllC0xPoKMNwHF5TWvixb1Kk6
833IjJdQc7bJAYiO9qjEZHWk4iIvqz+IfRVcO+JYvDSaE2IUTQUjzTBnKaFzmHiG
nknzi2REtwBwKpKP1+AFX2i24WWrN9r5yvz3vD5sXfiNdas39jCeGnXch9EwOP15
bP3wOzbHKhdDBJi2owppD/7oizj/r22CG5v0FFzFm5YM8B9PK9AxO2hD3QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFLm/8Lg+hqy0UhcZM7znGauCaNLvMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvdWJfd3VENkdyTFJTRnhrenZPY1pxNEpvMHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKg7aQDAD
BgUqEowAADANBgkqhkiG9w0BAQsFAAOCAQEAFTqVZEbvSWWFEv/RfufykLkmA2vJ
H1eXMOJcl1zITGuEB6PX/QiblCpY3E5bbm0E9Nk8vYI+p1V2iwzcRLM9ld4dJ5hj
EiAqUGsOtUDKoRS209DkEzPlKaDpbr37M7XBRDyZ0PjrB94Ml/XOrGvTOALVC4/G
A+2qAmi2qIl5xAnf8VPXtSHNsXJyIp/0ULUUQdosfcSTMACaew0zuB/9iGKS1I0u
IwfPPaCvVVrMegPhJwCwDecMdeHW1s086oH+adtfqAv7Ez9wBrrpKfxBOi3mYRKM
mhY3ZSEdO7blr8qMuFNqkyNmrKtVS04ogsk/Y+CYb94uou9bJYXVQ7itng==
-----END CERTIFICATE-----