Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/UDwlK5i6kK3A947K1F2f3Nxg72M.roa
File:                     UDwlK5i6kK3A947K1F2f3Nxg72M.roa (raw, json)
Hash identifier:          /9gSFN6Jh6IOVjlZNhRpSBitYWPHct6GZTgiTAiwPR8=
Subject key identifier:   50:3C:25:2B:98:BA:90:AD:C0:F7:8E:CA:D4:5D:9F:DC:DC:60:EF:63
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       01942521E13875ED1D85E71685586BC49D1A
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/UDwlK5i6kK3A947K1F2f3Nxg72M.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203069
IP address blocks:        2a0a:280:1e00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e1:38:75:ed:1d:85:e7:16:85:58:6b:c4:9d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=503c252b98ba90adc0f78ecad45d9fdcdc60ef63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d6:5c:57:ee:87:42:51:26:24:87:ca:20:f7:
                    43:ca:25:93:11:8a:c9:30:9e:6d:b8:1c:04:f2:f9:
                    6e:fe:e1:8c:86:08:8e:e8:ef:2c:8d:db:de:cc:b0:
                    63:9a:ad:ee:7d:95:a3:e6:53:84:00:ee:34:fe:df:
                    21:03:09:c1:b2:58:f2:21:a9:df:85:96:23:9c:70:
                    6d:0e:10:fe:1a:a1:cb:96:91:f6:c0:3d:40:fd:0f:
                    8c:41:02:dc:8f:31:15:83:90:ba:80:87:06:2b:fc:
                    c6:8a:1a:7f:61:e4:c4:e9:ef:cf:e2:f0:ef:6d:18:
                    18:53:e7:be:92:a9:25:ff:0c:25:46:6b:8a:d5:70:
                    45:04:35:67:2b:9f:72:a8:90:8e:af:d3:d6:56:22:
                    eb:f8:8d:26:05:f6:a2:53:04:d6:2f:6d:9e:64:37:
                    d1:19:d9:5c:bf:2c:cf:db:07:0c:cf:31:12:0e:0e:
                    81:a8:62:85:d8:cf:bd:34:60:fe:ab:cc:40:a2:f4:
                    6f:9b:a8:c8:9d:be:e7:c2:98:66:e5:69:e6:99:80:
                    8b:94:55:70:87:4a:b6:85:06:c1:f8:00:a4:9e:70:
                    c9:40:33:19:28:9c:42:3c:75:4e:8e:d4:60:7c:34:
                    68:57:9c:9a:76:10:91:77:ff:1f:50:c8:ab:1d:26:
                    fa:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:3C:25:2B:98:BA:90:AD:C0:F7:8E:CA:D4:5D:9F:DC:DC:60:EF:63
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/UDwlK5i6kK3A947K1F2f3Nxg72M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:31:19:73:98:9c:d1:76:52:74:3a:a2:1e:47:9c:8e:8d:9a:
         16:c3:1d:1e:55:30:76:43:b0:35:63:50:d2:58:54:50:1e:5f:
         93:6d:7c:15:5f:64:27:23:e2:74:e4:77:4f:12:e9:88:83:be:
         03:7c:e6:e1:cd:5b:dd:d0:80:a0:be:e4:44:c3:58:39:d1:27:
         ea:4c:d9:d8:34:37:c5:9a:74:a6:ca:9c:e1:34:5a:e8:52:df:
         67:cf:e9:1b:81:0c:d3:e1:50:48:5e:d4:fb:02:90:2b:7d:a2:
         b0:d5:46:be:35:9c:6b:e6:5e:e8:90:40:48:4d:d5:07:49:a6:
         8c:d6:e9:f5:cd:7f:e0:8a:ba:ca:af:fc:a4:ca:eb:f8:af:a4:
         1c:47:1e:45:6a:4d:4f:6c:a6:48:7a:d2:71:01:08:6e:4c:c2:
         29:0f:d9:0b:03:cb:01:8f:1e:29:fd:a2:cc:25:4c:aa:a2:d4:
         99:18:84:11:3a:46:00:aa:48:17:a3:e2:0f:68:61:d6:f5:e3:
         b4:37:c6:a7:b2:ef:41:b5:a8:eb:a3:47:2f:11:eb:e4:bc:dd:
         f7:fd:f8:92:70:67:45:9c:60:6f:b0:c6:90:68:7a:7e:3f:e4:
         8c:15:24:d5:b6:4b:fb:fe:26:e8:ad:98:8c:9e:e1:77:7d:57:
         3a:cd:e3:bb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIeE4de0dhecWhVhrxJ0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDNjMjUyYjk4YmE5MGFkYzBmNzhlY2FkNDVkOWZkY2RjNjBlZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztZcV+6HQlEmJIfKIPdDyiWTEYrJ
MJ5tuBwE8vlu/uGMhgiO6O8sjdvezLBjmq3ufZWj5lOEAO40/t8hAwnBsljyIanf
hZYjnHBtDhD+GqHLlpH2wD1A/Q+MQQLcjzEVg5C6gIcGK/zGihp/YeTE6e/P4vDv
bRgYU+e+kqkl/wwlRmuK1XBFBDVnK59yqJCOr9PWViLr+I0mBfaiUwTWL22eZDfR
GdlcvyzP2wcMzzESDg6BqGKF2M+9NGD+q8xAovRvm6jInb7nwphm5WnmmYCLlFVw
h0q2hQbB+ACknnDJQDMZKJxCPHVOjtRgfDRoV5yadhCRd/8fUMirHSb6oQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFA8JSuYupCtwPeOytRdn9zcYO9jMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvVUR3bEs1aTZrSzNBOTQ3SzFGMmYzTnhnNzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgB4w
DQYJKoZIhvcNAQELBQADggEBAIgxGXOYnNF2UnQ6oh5HnI6NmhbDHR5VMHZDsDVj
UNJYVFAeX5NtfBVfZCcj4nTkd08S6YiDvgN85uHNW93QgKC+5ETDWDnRJ+pM2dg0
N8WadKbKnOE0WuhS32fP6RuBDNPhUEhe1PsCkCt9orDVRr41nGvmXuiQQEhN1QdJ
pozW6fXNf+CKusqv/KTK6/ivpBxHHkVqTU9spkh60nEBCG5MwikP2QsDywGPHin9
oswlTKqi1JkYhBE6RgCqSBej4g9oYdb147Q3xqey70G1qOujRy8R6+S83ff9+JJw
Z0WcYG+wxpBoen4/5IwVJNW2S/v+JuitmIye4Xd9VzrN47s=
-----END CERTIFICATE-----