Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Uod8YCbTmLksu8OGWWULulq_eW0.roa
File:                     Uod8YCbTmLksu8OGWWULulq_eW0.roa (raw, json)
Hash identifier:          doLwYvewC3xOwZq2lZG5VYAkgwj+y4zKegD7Wz88e3c=
Subject key identifier:   52:87:7C:60:26:D3:98:B9:2C:BB:C3:86:59:65:0B:BA:5A:BF:79:6D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E6749F1B3983EFFB56D7D25E14AF
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Uod8YCbTmLksu8OGWWULulq_eW0.roa
Signing time:             Thu 02 Jan 2025 13:50:10 +0000
ROA not before:           Thu 02 Jan 2025 13:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209862
IP address blocks:        2a0b:b87:ff17::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e6:74:9f:1b:39:83:ef:fb:56:d7:d2:5e:14:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52877c6026d398b92cbbc38659650bba5abf796d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6f:d5:94:9b:07:4f:6b:d7:3c:9e:7a:19:30:
                    e8:62:e4:c6:e1:86:d0:0d:4d:36:e0:97:d8:22:03:
                    af:e9:e8:d5:0f:67:6b:97:04:90:00:f7:e5:90:8f:
                    e2:05:52:63:83:4d:4f:83:34:f7:fb:69:07:0c:c2:
                    16:d2:d3:35:ac:bf:99:65:a0:6d:c8:ca:6b:0e:fd:
                    9e:07:17:3b:39:64:c2:79:6e:43:d7:16:72:3a:60:
                    47:89:61:8c:48:d2:82:d8:dd:28:6c:8f:1c:b8:ad:
                    27:d1:23:47:ab:81:70:7b:3b:8c:0d:98:29:3c:83:
                    19:30:cc:2f:d9:97:a3:41:c3:e4:60:23:32:4e:78:
                    96:2c:b2:3f:ba:53:75:33:a2:96:0e:76:36:0b:02:
                    de:96:c2:ef:c6:c9:83:a0:e1:6d:8f:1a:61:58:99:
                    a9:da:0a:fb:2a:5e:e9:f9:ee:bf:be:3b:1e:38:44:
                    2d:69:e6:bb:a4:dd:c3:c8:6f:8d:7b:20:d7:61:ba:
                    ce:3d:62:61:5b:3f:19:87:93:30:28:d4:53:7e:cd:
                    8d:b6:fd:63:a9:9c:00:0d:3c:1c:d1:84:dc:d9:16:
                    8e:5e:a4:c5:5d:57:cf:04:43:39:4b:10:8a:2c:5d:
                    e6:c3:4f:e4:93:d8:d8:85:30:cf:0a:97:9f:76:b1:
                    93:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:87:7C:60:26:D3:98:B9:2C:BB:C3:86:59:65:0B:BA:5A:BF:79:6D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Uod8YCbTmLksu8OGWWULulq_eW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff17::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:8d:3b:a3:e9:7f:9e:77:7a:dd:15:e4:e2:fa:26:9a:d1:1f:
         89:39:51:62:b0:ee:33:d1:7e:aa:40:8a:c3:df:d8:be:0f:ab:
         f7:76:a6:13:1b:e5:6c:65:d5:45:c8:b8:ad:1e:e2:7d:2b:92:
         c0:80:db:a7:b5:29:7b:5c:42:ca:ed:c2:49:19:b3:f9:2d:20:
         c4:e6:62:54:ff:01:28:c5:3d:68:f2:dc:20:00:b9:10:aa:cb:
         b3:b0:9d:cb:89:73:df:d8:68:39:b0:da:da:e5:0b:02:39:00:
         00:5d:82:56:86:72:7b:8d:d2:63:68:63:34:66:2c:75:ae:38:
         7e:59:4e:e3:d8:c9:b9:95:46:1b:8d:ad:2e:0e:16:6c:b8:25:
         a5:04:32:ec:52:30:c0:54:b5:9b:81:b0:51:2e:b6:04:5e:9c:
         d3:29:ba:82:84:10:a0:30:98:58:ee:e3:0e:67:ab:16:b9:08:
         a7:37:a3:8b:f6:66:eb:da:05:f1:b3:35:3c:38:35:f6:a1:26:
         db:34:6b:f0:4c:d1:ca:5c:b1:ae:2e:6e:e2:1d:67:f4:2d:db:
         c8:b0:2a:7e:c4:09:6f:f6:b0:b2:d0:1b:86:aa:1a:5e:51:19:
         b8:9a:1c:47:58:cc:60:0d:3c:8f:e7:f0:a1:6a:50:c3:6e:05:
         0c:3f:54:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR+Z0nxs5g+/7VtfSXhSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjg3N2M2MDI2ZDM5OGI5MmNiYmMzODY1OTY1MGJiYTVhYmY3OTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2/VlJsHT2vXPJ56GTDoYuTG4YbQ
DU024JfYIgOv6ejVD2drlwSQAPflkI/iBVJjg01PgzT3+2kHDMIW0tM1rL+ZZaBt
yMprDv2eBxc7OWTCeW5D1xZyOmBHiWGMSNKC2N0obI8cuK0n0SNHq4FwezuMDZgp
PIMZMMwv2ZejQcPkYCMyTniWLLI/ulN1M6KWDnY2CwLelsLvxsmDoOFtjxphWJmp
2gr7Kl7p+e6/vjseOEQtaea7pN3DyG+NeyDXYbrOPWJhWz8Zh5MwKNRTfs2Ntv1j
qZwADTwc0YTc2RaOXqTFXVfPBEM5SxCKLF3mw0/kk9jYhTDPCpefdrGTiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFKHfGAm05i5LLvDhlllC7pav3ltMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvVW9kOFlDYlRtTGtzdThPR1dXVUx1bHFfZVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8X
MA0GCSqGSIb3DQEBCwUAA4IBAQDJjTuj6X+ed3rdFeTi+iaa0R+JOVFisO4z0X6q
QIrD39i+D6v3dqYTG+VsZdVFyLitHuJ9K5LAgNuntSl7XELK7cJJGbP5LSDE5mJU
/wEoxT1o8twgALkQqsuzsJ3LiXPf2Gg5sNra5QsCOQAAXYJWhnJ7jdJjaGM0Zix1
rjh+WU7j2Mm5lUYbja0uDhZsuCWlBDLsUjDAVLWbgbBRLrYEXpzTKbqChBCgMJhY
7uMOZ6sWuQinN6OL9mbr2gXxszU8ODX2oSbbNGvwTNHKXLGuLm7iHWf0LdvIsCp+
xAlv9rCy0BuGqhpeURm4mhxHWMxgDTyP5/ChalDDbgUMP1Sk
-----END CERTIFICATE-----