Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ub-EImg7sZxEH_F7QHqbWGO6CUY.roa
File:                     ub-EImg7sZxEH_F7QHqbWGO6CUY.roa (raw, json)
Hash identifier:          lJ+1drlb14VNBDHNtv9sTy7b/P/VIX5UpmkbW/P26H8=
Subject key identifier:   B9:BF:84:22:68:3B:B1:9C:44:1F:F1:7B:40:7A:9B:58:63:BA:09:46
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018CC50154CC68D308AD422680E7BF7647B7
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ub-EImg7sZxEH_F7QHqbWGO6CUY.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210819
IP address blocks:        2a0e:4006::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:54:cc:68:d3:08:ad:42:26:80:e7:bf:76:47:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9bf8422683bb19c441ff17b407a9b5863ba0946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:27:5c:c7:6b:ec:a8:e1:e5:05:92:e9:8e:5a:
                    f8:9b:88:31:7f:3c:4a:ac:7e:65:03:9f:64:4c:2a:
                    6b:7a:5c:01:3e:85:32:17:8b:10:f8:72:04:d1:43:
                    64:c4:4b:0f:31:7a:00:2a:da:3a:8a:bc:9e:ce:61:
                    7c:f1:b3:b7:66:20:f8:60:07:1e:6e:7b:b8:23:11:
                    e2:d8:84:b7:2a:9a:18:87:c1:ac:0c:a9:d8:8f:dd:
                    a1:e0:16:e7:14:b4:ad:50:3c:66:78:43:dc:38:0d:
                    fe:8e:0e:7a:db:dc:c3:a0:fd:7b:88:0f:b4:6d:27:
                    41:6f:03:45:c9:58:f6:e4:92:1e:d5:97:1e:fc:b8:
                    9e:43:0e:21:7b:fe:0d:a1:a3:09:8f:3b:38:f9:cb:
                    72:8c:91:44:5c:f5:dc:36:9c:d9:23:c3:8b:f0:90:
                    e6:57:e6:c7:ac:00:23:2f:60:6c:96:ba:58:8b:f9:
                    e9:3a:f6:f7:7c:c5:dc:a5:f0:09:7c:92:79:63:2a:
                    31:34:46:30:de:6c:45:a2:c4:0c:be:af:bb:9c:c7:
                    54:ba:48:bb:88:e6:a6:79:1e:5a:8f:6e:6c:a3:da:
                    9c:7a:42:3e:76:84:ea:44:b0:6d:e8:80:50:15:3d:
                    ca:e0:78:57:bd:2b:c3:c0:0e:36:54:1a:2c:49:79:
                    6b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BF:84:22:68:3B:B1:9C:44:1F:F1:7B:40:7A:9B:58:63:BA:09:46
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ub-EImg7sZxEH_F7QHqbWGO6CUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4006::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:0e:61:17:24:52:e4:a6:a0:fb:5a:69:57:c6:9f:46:45:9e:
         10:b4:7b:32:c9:8a:e3:36:19:58:2c:2b:9c:c2:f1:91:9f:ce:
         ad:30:e5:21:64:0b:18:ae:39:bf:71:27:a8:86:fa:d2:23:af:
         bf:b3:86:9b:29:d9:39:d1:4b:f3:91:96:93:e9:82:98:f4:2c:
         f2:33:15:a6:61:30:49:f8:1d:e1:2f:02:7e:8e:54:d0:b1:51:
         e7:b9:e1:d7:6a:a7:a3:d6:1b:eb:5f:27:e3:e4:5c:de:dc:41:
         1b:72:47:39:d7:52:c9:d0:49:68:45:fe:6a:e8:aa:28:a2:62:
         4c:93:a9:2a:d2:ac:a6:f8:01:8b:d7:3d:fc:7b:ab:1c:ac:ff:
         70:b3:2e:da:ff:be:c8:d4:58:f1:6f:95:04:d4:fb:98:b6:a2:
         c6:ca:2d:b4:90:1a:8d:d2:5f:8f:4a:61:cd:78:b9:81:64:9c:
         21:d9:d3:03:53:b7:7f:25:da:e7:8d:d6:2e:4b:6f:99:a9:83:
         3b:23:e2:d0:e9:19:15:53:1e:67:59:44:9c:9a:2e:f4:30:d0:
         1b:5c:0c:f7:e2:9d:5f:2f:af:3f:c7:dd:7f:9b:c6:57:ab:2d:
         53:a9:d0:39:cf:1f:a5:8f:5f:78:e7:10:8f:df:f6:e7:aa:49:
         c5:95:64:39
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAVTMaNMIrUImgOe/dke3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWJmODQyMjY4M2JiMTljNDQxZmYxN2I0MDdhOWI1ODYzYmEwOTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCdcx2vsqOHlBZLpjlr4m4gxfzxK
rH5lA59kTCprelwBPoUyF4sQ+HIE0UNkxEsPMXoAKto6iryezmF88bO3ZiD4YAce
bnu4IxHi2IS3KpoYh8GsDKnYj92h4BbnFLStUDxmeEPcOA3+jg5629zDoP17iA+0
bSdBbwNFyVj25JIe1Zce/LieQw4he/4NoaMJjzs4+ctyjJFEXPXcNpzZI8OL8JDm
V+bHrAAjL2BslrpYi/npOvb3fMXcpfAJfJJ5YyoxNEYw3mxFosQMvq+7nMdUuki7
iOameR5aj25so9qcekI+doTqRLBt6IBQFT3K4HhXvSvDwA42VBosSXlrxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLm/hCJoO7GcRB/xe0B6m1hjuglGMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvdWItRUltZzdzWnhFSF9GN1FIcWJXR082Q1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5ABjAN
BgkqhkiG9w0BAQsFAAOCAQEARg5hFyRS5Kag+1ppV8afRkWeELR7MsmK4zYZWCwr
nMLxkZ/OrTDlIWQLGK45v3EnqIb60iOvv7OGmynZOdFL85GWk+mCmPQs8jMVpmEw
Sfgd4S8Cfo5U0LFR57nh12qno9Yb618n4+Rc3txBG3JHOddSydBJaEX+auiqKKJi
TJOpKtKspvgBi9c9/HurHKz/cLMu2v++yNRY8W+VBNT7mLaixsottJAajdJfj0ph
zXi5gWScIdnTA1O3fyXa543WLktvmamDOyPi0OkZFVMeZ1lEnJou9DDQG1wM9+Kd
Xy+vP8fdf5vGV6stU6nQOc8fpY9feOcQj9/256pJxZVkOQ==
-----END CERTIFICATE-----