Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/UUmhkoidYpnQB4p-zhPdqfuS6VQ.roa
File:                     UUmhkoidYpnQB4p-zhPdqfuS6VQ.roa (raw, json)
Hash identifier:          Itjpdvpx6H5CbuXyi5RNAUyG1fRQKGFDiAFUMz2LPB8=
Subject key identifier:   51:49:A1:92:88:9D:62:99:D0:07:8A:7E:CE:13:DD:A9:FB:92:E9:54
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       018F061F0ACF7734CFE8A4629E5FEF43A98F
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/UUmhkoidYpnQB4p-zhPdqfuS6VQ.roa
Signing time:             Mon 22 Apr 2024 14:04:08 +0000
ROA not before:           Mon 22 Apr 2024 14:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a0e:dfc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:1f:0a:cf:77:34:cf:e8:a4:62:9e:5f:ef:43:a9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Apr 22 14:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5149a192889d6299d0078a7ece13dda9fb92e954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9f:eb:a0:67:d1:c3:e7:a9:9f:8c:22:e1:f1:
                    71:af:54:f5:68:e2:57:db:fb:93:bd:03:85:dd:b7:
                    f4:de:bd:e1:36:fb:0f:53:b7:6c:3b:a3:4d:04:e4:
                    b6:a3:04:71:f9:de:ee:d1:97:b5:a4:bd:72:b0:b9:
                    15:2e:15:c1:93:c3:33:cd:fa:48:80:ea:e4:92:42:
                    c4:4c:ac:27:57:7d:cf:b8:4d:c8:a8:bd:f4:50:e6:
                    4e:51:1a:3f:7f:67:02:d3:82:62:41:fd:ab:85:97:
                    b4:36:d5:25:7d:78:8a:ff:a3:45:ff:89:73:58:20:
                    52:f8:29:5f:1c:00:4b:a8:c5:5f:00:86:6d:c8:36:
                    14:da:9f:72:83:46:0b:0b:7c:fb:f7:cd:a8:64:d3:
                    6b:6f:43:bd:20:3b:35:5f:10:f9:78:03:51:62:cc:
                    61:cf:55:58:d8:41:1f:7f:f1:ae:82:3b:32:a4:d6:
                    0c:85:8a:9e:20:58:65:09:6e:ed:9c:24:0c:33:9e:
                    7e:a1:ad:d1:f4:19:1d:47:ba:bd:c4:31:92:25:0d:
                    d9:dd:fc:c0:f3:9a:66:22:55:68:03:1a:27:4e:63:
                    32:08:e6:32:42:83:16:d9:43:17:0e:09:f5:9d:9b:
                    f4:bf:78:b7:d2:88:83:fb:9c:a8:87:57:a4:57:0a:
                    f1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:49:A1:92:88:9D:62:99:D0:07:8A:7E:CE:13:DD:A9:FB:92:E9:54
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/UUmhkoidYpnQB4p-zhPdqfuS6VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:dfc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:b2:6f:81:aa:ea:5b:41:d3:47:06:8e:d0:1d:b2:8e:fe:92:
         20:52:84:54:72:ec:fe:a2:5b:ad:65:fe:ba:72:2b:d5:af:58:
         2e:37:e3:14:6f:01:1b:9e:cc:b3:b5:d6:f3:84:71:cf:28:f9:
         be:45:8f:2f:52:02:95:0d:d9:19:26:61:e4:c0:2b:64:2e:b0:
         0d:35:6e:62:f7:99:bc:e8:23:49:93:02:c9:6d:c1:52:3a:3c:
         41:07:9b:45:8c:8c:35:a0:d6:72:ab:23:24:b2:7c:f3:a5:ae:
         40:9d:e9:fb:38:2d:83:0e:44:61:bb:5a:33:ff:10:bd:ef:fa:
         7d:dd:bd:2f:71:ce:ab:23:6f:33:bf:0f:29:a6:5a:ce:25:69:
         81:ca:7a:10:fc:85:84:63:a9:80:59:9d:b1:3a:fd:d5:d5:1d:
         32:0f:a9:52:e7:b0:06:3a:3c:d7:9a:96:8b:e1:de:c7:42:1e:
         34:04:a0:67:86:f6:43:58:12:ca:f7:2d:79:1d:f4:b2:4c:95:
         28:96:88:fe:d7:7c:10:b5:e4:04:b2:1c:da:ae:57:0f:5f:08:
         02:2c:5b:41:e3:29:0b:90:4b:51:f9:bc:cc:bb:f4:b9:0f:76:
         2a:82:bd:7d:7b:d0:b7:78:d8:00:02:12:8a:98:5f:d1:d5:39:
         d0:63:9c:d1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8GHwrPdzTP6KRinl/vQ6mPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwNDIyMTQwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTQ5YTE5Mjg4OWQ2Mjk5ZDAwNzhhN2VjZTEzZGRhOWZiOTJlOTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJ/roGfRw+epn4wi4fFxr1T1aOJX
2/uTvQOF3bf03r3hNvsPU7dsO6NNBOS2owRx+d7u0Ze1pL1ysLkVLhXBk8MzzfpI
gOrkkkLETKwnV33PuE3IqL30UOZOURo/f2cC04JiQf2rhZe0NtUlfXiK/6NF/4lz
WCBS+ClfHABLqMVfAIZtyDYU2p9yg0YLC3z7982oZNNrb0O9IDs1XxD5eANRYsxh
z1VY2EEff/GugjsypNYMhYqeIFhlCW7tnCQMM55+oa3R9BkdR7q9xDGSJQ3Z3fzA
85pmIlVoAxonTmMyCOYyQoMW2UMXDgn1nZv0v3i30oiD+5yoh1ekVwrxvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFFJoZKInWKZ0AeKfs4T3an7kulUMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvVVVtaGtvaWRZcG5RQjRwLXpoUGRxZnVTNlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7fwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMbJvgarqW0HTRwaO0B2yjv6SIFKEVHLs/qJbrWX+
unIr1a9YLjfjFG8BG57Ms7XW84Rxzyj5vkWPL1IClQ3ZGSZh5MArZC6wDTVuYveZ
vOgjSZMCyW3BUjo8QQebRYyMNaDWcqsjJLJ886WuQJ3p+zgtgw5EYbtaM/8Qve/6
fd29L3HOqyNvM78PKaZaziVpgcp6EPyFhGOpgFmdsTr91dUdMg+pUuewBjo815qW
i+Hex0IeNASgZ4b2Q1gSyvcteR30skyVKJaI/td8ELXkBLIc2q5XD18IAixbQeMp
C5BLUfm8zLv0uQ92KoK9fXvQt3jYAAISiphf0dU50GOc0Q==
-----END CERTIFICATE-----