Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/uuTcIhmMVylXKoo0d8I18SaHjWU.roa
File:                     uuTcIhmMVylXKoo0d8I18SaHjWU.roa (raw, json)
Hash identifier:          a8ZKg1ASt06tQrhILg7SaB6+2r8ufbJSPrndEQoQ7X4=
Subject key identifier:   BA:E4:DC:22:19:8C:57:29:57:2A:8A:34:77:C2:35:F1:26:87:8D:65
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0194221F46AF1543031002553815D60FCE4D
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/uuTcIhmMVylXKoo0d8I18SaHjWU.roa
Signing time:             Wed 01 Jan 2025 13:47:42 +0000
ROA not before:           Wed 01 Jan 2025 13:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210546
IP address blocks:        2a0d:d940:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:46:af:15:43:03:10:02:55:38:15:d6:0f:ce:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jan  1 13:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bae4dc22198c5729572a8a3477c235f126878d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5c:1f:d2:35:4a:23:9b:cb:80:5c:a5:73:78:
                    a8:b9:9a:c1:0b:88:6e:eb:70:b0:58:82:5e:2b:2d:
                    d6:d4:c7:a8:bc:74:6d:d1:86:38:04:8b:34:b8:eb:
                    14:e5:02:09:3e:5a:41:ac:38:4e:7b:a6:d6:e4:72:
                    da:e6:cc:b2:16:63:7a:8d:84:37:46:24:b1:7c:45:
                    43:ed:7b:4c:5b:0f:f6:87:04:a5:56:9a:df:ad:42:
                    9a:6e:5d:08:76:bc:50:9d:f0:91:8a:26:a3:3c:29:
                    1b:60:e3:ed:dd:93:04:eb:f7:25:2f:7d:06:8d:e0:
                    bd:c0:65:5d:11:16:28:f9:cc:ce:a4:eb:08:95:68:
                    b2:f5:16:10:31:17:6e:c0:2f:c7:a1:b4:97:f4:2d:
                    09:ba:4e:2c:67:74:58:3a:64:34:e7:7e:3b:3a:56:
                    29:7d:6b:0b:3d:2c:47:e8:00:47:3e:77:9f:94:f5:
                    ac:49:71:eb:b7:25:36:dd:ba:b3:c1:47:44:27:b4:
                    bc:38:8d:e6:45:d7:91:82:f0:0a:9c:5a:78:09:32:
                    fd:33:88:fb:56:f3:c6:c5:d7:bb:d7:f9:f0:b8:f1:
                    50:3d:30:78:bc:c6:63:aa:3e:d9:09:00:9b:7d:05:
                    eb:79:4a:5e:2b:dc:56:fd:dc:ba:9f:d1:ad:55:c3:
                    5e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E4:DC:22:19:8C:57:29:57:2A:8A:34:77:C2:35:F1:26:87:8D:65
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/uuTcIhmMVylXKoo0d8I18SaHjWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:79:87:a4:e8:3a:74:08:76:d8:f1:14:ad:01:ae:c1:5f:0d:
         f7:4d:2e:ef:4c:00:b0:cf:1b:9b:f6:66:f1:9e:1e:61:c6:cb:
         0e:51:e5:43:b3:6c:fc:d6:bd:36:54:02:7f:e7:d6:da:9c:49:
         1a:cc:ef:66:2c:55:8e:10:41:7c:0a:94:87:44:ce:03:8a:98:
         73:61:7b:3c:f4:30:3e:37:cf:ee:68:1e:c6:78:10:65:4e:28:
         e9:a1:38:6d:d3:8d:82:f3:7f:76:df:3b:f6:42:29:46:6c:01:
         5a:dc:6d:8a:2c:1b:13:a2:15:f5:af:6d:74:55:fa:73:de:e3:
         9a:04:13:a7:29:e4:08:8b:3e:7d:42:63:fc:36:15:d8:ca:71:
         f9:cb:6c:bd:44:a9:76:96:e3:97:53:1e:2b:ce:8b:66:dc:8a:
         98:19:f3:dd:bc:7e:8d:0d:39:dc:6e:da:e9:ac:1a:dc:85:e1:
         00:77:eb:97:2b:93:78:fd:06:c1:9b:ed:c8:f4:6c:dc:3c:37:
         54:6f:53:96:5c:1b:0e:9e:93:b3:51:af:18:7e:1a:da:4d:8b:
         29:13:e8:e4:99:89:5c:5f:a9:ac:ea:f4:fa:e0:aa:3e:38:60:
         92:18:74:50:bf:f8:a7:cd:63:06:e7:5c:6f:7f:b2:c7:fe:77:
         93:cd:95:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH0avFUMDEAJVOBXWD85NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwMTAxMTM0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWU0ZGMyMjE5OGM1NzI5NTcyYThhMzQ3N2MyMzVmMTI2ODc4ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlwf0jVKI5vLgFylc3iouZrBC4hu
63CwWIJeKy3W1MeovHRt0YY4BIs0uOsU5QIJPlpBrDhOe6bW5HLa5syyFmN6jYQ3
RiSxfEVD7XtMWw/2hwSlVprfrUKabl0IdrxQnfCRiiajPCkbYOPt3ZME6/clL30G
jeC9wGVdERYo+czOpOsIlWiy9RYQMRduwC/HobSX9C0Juk4sZ3RYOmQ05347OlYp
fWsLPSxH6ABHPneflPWsSXHrtyU23bqzwUdEJ7S8OI3mRdeRgvAKnFp4CTL9M4j7
VvPGxde71/nwuPFQPTB4vMZjqj7ZCQCbfQXreUpeK9xW/dy6n9GtVcNeDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLrk3CIZjFcpVyqKNHfCNfEmh41lMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvdXVUY0lobU1WeWxYS29vMGQ4STE4U2FIaldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQAAS
MA0GCSqGSIb3DQEBCwUAA4IBAQB2eYek6Dp0CHbY8RStAa7BXw33TS7vTACwzxub
9mbxnh5hxssOUeVDs2z81r02VAJ/59banEkazO9mLFWOEEF8CpSHRM4DiphzYXs8
9DA+N8/uaB7GeBBlTijpoTht042C83923zv2QilGbAFa3G2KLBsTohX1r210Vfpz
3uOaBBOnKeQIiz59QmP8NhXYynH5y2y9RKl2luOXUx4rzotm3IqYGfPdvH6NDTnc
btrprBrcheEAd+uXK5N4/QbBm+3I9GzcPDdUb1OWXBsOnpOzUa8YfhraTYspE+jk
mYlcX6ms6vT64Ko+OGCSGHRQv/inzWMG51xvf7LH/neTzZW9
-----END CERTIFICATE-----