Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/UFO187PNIuz6PkBb9kdfTkOqhfI.roa
File:                     UFO187PNIuz6PkBb9kdfTkOqhfI.roa (raw, json)
Hash identifier:          wipKAX331+BL8Bhv0gAms8r9txyWkJbT78vH/+eqoRE=
Subject key identifier:   50:53:B5:F3:B3:CD:22:EC:FA:3E:40:5B:F6:47:5F:4E:43:AA:85:F2
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747F09D76286E0946DED051A41749D0
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/UFO187PNIuz6PkBb9kdfTkOqhfI.roa
Signing time:             Thu 02 Jan 2025 13:50:13 +0000
ROA not before:           Thu 02 Jan 2025 13:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212623
IP address blocks:        2a0b:b83:ff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f0:9d:76:28:6e:09:46:de:d0:51:a4:17:49:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5053b5f3b3cd22ecfa3e405bf6475f4e43aa85f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:90:41:c4:52:08:04:81:f5:f3:80:06:08:ad:
                    5a:68:66:42:80:0b:d1:37:8d:48:7b:38:35:8c:e6:
                    b9:88:3d:bc:57:3b:12:46:da:99:58:d5:01:d9:6a:
                    42:41:79:eb:79:5b:a2:74:4c:90:e0:74:c1:0f:0b:
                    d5:4f:8f:70:7b:0d:f8:1c:9f:9d:d2:66:39:50:8c:
                    7c:89:73:a0:12:e8:7b:12:2b:c3:75:4c:10:95:1b:
                    3a:d7:20:1c:64:fa:60:c0:ff:f1:f5:33:11:9d:4a:
                    38:f7:b7:d7:cc:8a:26:c0:18:49:bf:25:4a:ca:98:
                    18:8d:86:ec:c6:c8:c9:6d:e5:46:df:e5:51:74:21:
                    63:b5:c9:4c:73:05:f6:bf:c3:10:59:2f:25:1b:35:
                    05:59:2f:43:0f:dc:72:cf:63:08:4e:17:a9:66:2b:
                    25:71:0c:98:ff:de:ec:15:88:5b:e4:33:15:9d:8a:
                    6e:41:c9:36:ed:e7:25:5b:0a:ae:51:0e:82:f9:1c:
                    b9:48:f0:bc:cd:78:9c:57:73:84:92:a7:59:f4:dc:
                    19:5f:9e:5b:f4:9b:49:b0:ca:69:4b:a0:95:c2:aa:
                    65:1d:c6:e2:85:4c:b0:25:48:81:ad:e4:ed:b7:b4:
                    87:fa:56:18:64:14:9f:62:84:1d:65:37:c9:4c:51:
                    ee:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:53:B5:F3:B3:CD:22:EC:FA:3E:40:5B:F6:47:5F:4E:43:AA:85:F2
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/UFO187PNIuz6PkBb9kdfTkOqhfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b83:ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:97:9c:16:14:b8:cd:33:ae:04:6e:06:2d:47:30:37:ae:2b:
         4b:ca:f3:8c:68:a1:23:a4:9b:6f:e3:12:72:96:94:14:d7:b7:
         db:07:58:9a:9a:47:1b:1c:64:c8:e9:2c:87:e8:a8:b9:a9:df:
         a2:b0:d8:a9:06:d2:72:17:d4:7d:3a:35:7d:d4:b4:54:d6:4d:
         5d:03:56:46:62:7e:d9:dd:83:61:96:6d:17:ce:5a:09:78:f7:
         1c:7f:f6:44:4a:94:2c:c6:d2:16:7e:13:af:2c:9c:1d:f7:60:
         23:ac:56:0f:15:b1:ab:b9:e5:d6:1a:c8:aa:18:bd:3f:4c:62:
         6f:79:a0:4f:18:6b:3e:7b:3e:2b:8a:bd:69:ea:b9:2b:3a:5a:
         52:75:8c:68:81:e7:4b:25:0a:1f:9f:7f:68:74:1d:af:e8:48:
         42:c3:4f:55:43:aa:3f:d6:4b:e2:d2:d2:f4:bc:13:da:93:d1:
         a2:d3:5e:89:e8:22:29:a4:76:96:d6:e0:92:e7:78:88:ce:ff:
         c0:7d:eb:ba:37:80:37:43:82:69:7e:a2:29:6a:b1:ce:25:bd:
         fa:60:60:9d:80:83:fa:f2:55:62:8d:56:4a:96:2f:5b:9f:8b:
         4a:c3:d0:3c:39:d5:21:d5:6f:69:e1:ab:7f:8d:fd:7e:94:50:
         41:20:4d:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR/CddihuCUbe0FGkF0nQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUzYjVmM2IzY2QyMmVjZmEzZTQwNWJmNjQ3NWY0ZTQzYWE4NWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5BBxFIIBIH184AGCK1aaGZCgAvR
N41Iezg1jOa5iD28VzsSRtqZWNUB2WpCQXnreVuidEyQ4HTBDwvVT49wew34HJ+d
0mY5UIx8iXOgEuh7EivDdUwQlRs61yAcZPpgwP/x9TMRnUo497fXzIomwBhJvyVK
ypgYjYbsxsjJbeVG3+VRdCFjtclMcwX2v8MQWS8lGzUFWS9DD9xyz2MIThepZisl
cQyY/97sFYhb5DMVnYpuQck27eclWwquUQ6C+Ry5SPC8zXicV3OEkqdZ9NwZX55b
9JtJsMppS6CVwqplHcbihUywJUiBreTtt7SH+lYYZBSfYoQdZTfJTFHuuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFBTtfOzzSLs+j5AW/ZHX05DqoXyMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvVUZPMTg3UE5JdXo2UGtCYjlrZGZUa09xaGZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLgwD/
MA0GCSqGSIb3DQEBCwUAA4IBAQA1l5wWFLjNM64EbgYtRzA3ritLyvOMaKEjpJtv
4xJylpQU17fbB1iamkcbHGTI6SyH6Ki5qd+isNipBtJyF9R9OjV91LRU1k1dA1ZG
Yn7Z3YNhlm0XzloJePccf/ZESpQsxtIWfhOvLJwd92AjrFYPFbGrueXWGsiqGL0/
TGJveaBPGGs+ez4rir1p6rkrOlpSdYxogedLJQofn39odB2v6EhCw09VQ6o/1kvi
0tL0vBPak9Gi016J6CIppHaW1uCS53iIzv/Afeu6N4A3Q4JpfqIparHOJb36YGCd
gIP68lVijVZKli9bn4tKw9A8OdUh1W9p4at/jf1+lFBBIE30
-----END CERTIFICATE-----