Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/bUvunvA1qeI1B6U6Omnh_Mewaqk.roa
File:                     bUvunvA1qeI1B6U6Omnh_Mewaqk.roa (raw, json)
Hash identifier:          ldi80J/6WwUbivA33XBOIZR3qCbUxP7anEn+i9Zhmmo=
Subject key identifier:   6D:4B:EE:9E:F0:35:A9:E2:35:07:A5:3A:3A:69:E1:FC:C7:B0:6A:A9
Certificate issuer:       /CN=ea93edfc2aa748e4981050ec06e3a66920265e17
Certificate serial:       019424B379B5B5E83FB9D62AEB1F589222B1
Authority key identifier: EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/bUvunvA1qeI1B6U6Omnh_Mewaqk.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        132.72.0.0/16 maxlen: 16
                          132.73.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:79:b5:b5:e8:3f:b9:d6:2a:eb:1f:58:92:22:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea93edfc2aa748e4981050ec06e3a66920265e17
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d4bee9ef035a9e23507a53a3a69e1fcc7b06aa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8f:f1:7e:56:9b:25:f0:b1:41:cc:92:60:5e:
                    9f:26:db:d1:64:8c:b5:96:2e:08:cd:51:a2:ec:73:
                    c1:62:05:51:db:92:96:b6:04:14:d5:e9:fa:40:fb:
                    61:2f:13:19:b5:a2:d1:ff:ae:bf:45:9e:86:76:13:
                    41:08:3b:d7:a8:9f:d8:a5:b7:68:be:b6:b0:2c:ee:
                    2d:4e:d6:51:7a:ee:22:33:8e:a9:80:5b:55:01:48:
                    52:81:f2:f0:f8:71:73:7a:66:36:1f:68:4b:6b:b4:
                    b5:f9:c9:8b:8e:a7:69:30:3c:94:cb:15:a2:a9:7d:
                    71:6e:a9:1a:3f:d4:cd:08:37:18:4a:8f:30:2c:ac:
                    16:8e:ee:ac:5a:f2:e0:63:73:4c:1b:85:39:10:bb:
                    16:62:bd:5f:c1:1c:1f:59:23:b4:92:2a:30:0d:af:
                    35:0c:af:7e:c5:22:64:af:df:f5:0f:e7:18:a2:76:
                    32:51:b9:f1:34:d0:46:c1:03:7f:47:3a:88:dc:9a:
                    cf:68:0d:eb:e9:24:6c:ca:62:24:da:75:81:e3:e8:
                    a9:bf:a2:c0:27:22:2b:49:45:47:ad:f3:80:20:d0:
                    ad:5f:26:90:9a:c2:47:f4:e3:7f:bb:a8:28:4c:a1:
                    be:79:7d:d0:e2:30:74:22:3c:4f:9c:16:15:46:5b:
                    d3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:4B:EE:9E:F0:35:A9:E2:35:07:A5:3A:3A:69:E1:FC:C7:B0:6A:A9
            X509v3 Authority Key Identifier:
                keyid:EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/bUvunvA1qeI1B6U6Omnh_Mewaqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         b8:fe:33:a6:b7:98:79:30:0c:19:98:50:50:4a:08:93:44:61:
         51:05:35:fa:4c:8b:75:52:2b:12:a2:99:db:37:bb:5b:99:50:
         4d:83:c7:d7:5c:0b:d1:45:54:f7:71:e7:f5:73:6c:62:a2:80:
         e6:84:92:78:79:4c:6b:75:ec:b8:a0:43:bc:0f:72:c0:28:bf:
         01:7d:01:ff:33:75:b2:ed:df:f1:fe:40:c9:dd:2d:c8:3f:1f:
         00:9b:bd:33:20:eb:7d:c2:de:ac:83:f7:e5:82:73:10:c1:a9:
         60:fe:4d:66:6d:02:37:e2:4b:33:57:91:87:c0:4a:64:8b:33:
         38:df:75:27:7a:e3:fa:f2:ff:93:da:b3:cb:f4:69:a1:5d:cf:
         4f:7e:67:db:30:67:ba:16:46:c0:3b:8c:f2:ac:63:92:c7:12:
         fe:36:9e:19:68:ef:fb:8b:4b:9e:3a:5e:63:c7:99:6c:9b:0e:
         44:11:32:a3:e2:2c:06:7b:f9:ce:e6:84:83:64:64:9b:7e:e7:
         57:c7:62:a9:e7:70:74:5d:4d:53:ce:eb:97:5d:1d:74:fa:1d:
         9d:63:8e:49:28:0d:6c:54:7f:f2:14:30:1b:0f:9c:dd:4a:a3:
         88:75:e2:49:ae:8d:23:d4:cb:fa:29:2e:2c:a9:26:74:5b:33:
         43:a7:bb:b8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks3m1teg/udYq6x9YkiKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOTNlZGZjMmFhNzQ4ZTQ5ODEwNTBlYzA2ZTNhNjY5MjAy
NjVlMTcwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDRiZWU5ZWYwMzVhOWUyMzUwN2E1M2EzYTY5ZTFmY2M3YjA2YWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuI/xflabJfCxQcySYF6fJtvRZIy1
li4IzVGi7HPBYgVR25KWtgQU1en6QPthLxMZtaLR/66/RZ6GdhNBCDvXqJ/Ypbdo
vrawLO4tTtZReu4iM46pgFtVAUhSgfLw+HFzemY2H2hLa7S1+cmLjqdpMDyUyxWi
qX1xbqkaP9TNCDcYSo8wLKwWju6sWvLgY3NMG4U5ELsWYr1fwRwfWSO0kiowDa81
DK9+xSJkr9/1D+cYonYyUbnxNNBGwQN/RzqI3JrPaA3r6SRsymIk2nWB4+ipv6LA
JyIrSUVHrfOAINCtXyaQmsJH9ON/u6goTKG+eX3Q4jB0IjxPnBYVRlvT2QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFG1L7p7wNaniNQelOjpp4fzHsGqpMB8GA1UdIwQY
MBaAFOqT7fwqp0jkmBBQ7AbjpmkgJl4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmIt
ZDEzOGE5YzRlNDNmLzEvYlV2dW52QTFxZUkxQjZVNk9tbmhfTWV3YXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmItZDEzOGE5YzRlNDNm
LzEvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEgwDQYJ
KoZIhvcNAQELBQADggEBALj+M6a3mHkwDBmYUFBKCJNEYVEFNfpMi3VSKxKimds3
u1uZUE2Dx9dcC9FFVPdx5/VzbGKigOaEknh5TGt17LigQ7wPcsAovwF9Af8zdbLt
3/H+QMndLcg/HwCbvTMg633C3qyD9+WCcxDBqWD+TWZtAjfiSzNXkYfASmSLMzjf
dSd64/ry/5Pas8v0aaFdz09+Z9swZ7oWRsA7jPKsY5LHEv42nhlo7/uLS546XmPH
mWybDkQRMqPiLAZ7+c7mhINkZJt+51fHYqnncHRdTVPO65ddHXT6HZ1jjkkoDWxU
f/IUMBsPnN1Ko4h14kmujSPUy/opLiypJnRbM0Onu7g=
-----END CERTIFICATE-----