Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/UB0nHtcN2JqEpsBiE2dgnMbsFmA.roa
File:                     UB0nHtcN2JqEpsBiE2dgnMbsFmA.roa (raw, json)
Hash identifier:          /6u2jCfdxJpMMlfUjlpcIXqMInwiMRNkGcmBxEuYZxo=
Subject key identifier:   50:1D:27:1E:D7:0D:D8:9A:84:A6:C0:62:13:67:60:9C:C6:EC:16:60
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019421B20A6636143D875E8532BA6B5BD848
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/UB0nHtcN2JqEpsBiE2dgnMbsFmA.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203252
IP address blocks:        2a02:eb00:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0a:66:36:14:3d:87:5e:85:32:ba:6b:5b:d8:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=501d271ed70dd89a84a6c0621367609cc6ec1660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:5e:dd:b0:59:1f:f9:4d:70:7b:b0:d4:25:05:
                    83:1c:9f:61:1f:01:3a:23:e4:bc:c3:b1:fd:3e:a3:
                    99:22:61:0c:0b:d6:07:10:22:7d:3e:40:f3:77:43:
                    25:7a:15:89:1c:b5:fa:a9:2f:f0:ab:7c:a6:8a:95:
                    c2:dc:4a:99:5e:6e:bb:af:40:21:51:db:33:de:89:
                    42:7b:ea:a6:f1:56:7f:b0:12:11:3c:40:ea:0b:5a:
                    f0:e0:a3:c2:5d:98:99:8d:4c:73:21:58:2c:07:0f:
                    32:bd:a4:f2:de:c6:ec:ca:02:6e:55:7c:b5:43:36:
                    3c:f2:ac:af:cd:38:89:e1:df:fe:b2:5b:7b:11:e3:
                    b4:df:0e:3f:09:ef:f6:d9:05:d4:db:03:d3:bc:be:
                    28:62:7c:df:a4:8a:e6:66:bb:64:a6:db:c3:41:83:
                    4d:71:58:60:fa:d4:5f:c9:2d:3a:d6:9e:c7:ef:df:
                    6e:eb:ec:53:74:c5:d5:48:54:a7:44:82:a1:ac:04:
                    d2:bf:b3:6f:85:f1:9c:5b:7c:57:ee:53:94:4f:4a:
                    03:1b:56:d2:2a:d2:23:cd:39:f0:fa:4e:5b:9b:40:
                    70:d6:90:0a:6a:79:0e:75:8d:60:79:fe:4a:6c:56:
                    0a:b6:bf:ed:fb:64:5b:1a:b3:19:5a:a9:7a:d2:ac:
                    25:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:1D:27:1E:D7:0D:D8:9A:84:A6:C0:62:13:67:60:9C:C6:EC:16:60
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/UB0nHtcN2JqEpsBiE2dgnMbsFmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:eb00:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:0d:24:a1:a1:d2:6e:f0:1c:e1:94:37:2e:d5:b5:07:7e:0c:
         55:a6:d6:bd:aa:84:00:9a:e4:a5:92:cb:73:46:48:b7:1c:c9:
         52:51:47:f5:96:57:a7:9e:3d:63:3e:c6:9b:f0:27:4c:f0:f4:
         1c:6e:e8:cb:1c:fd:a9:28:5b:05:98:c2:86:55:c7:ae:77:a9:
         e3:f1:28:52:24:e0:5a:d6:c0:1d:47:6f:4e:00:de:26:2b:bf:
         e0:b0:4b:a8:a0:56:6c:09:a7:13:9e:40:bb:a5:06:91:a0:ee:
         f9:e7:29:34:dd:d6:8d:6d:62:74:d4:80:59:36:a7:78:af:50:
         25:4b:3f:ed:0c:34:14:1c:f4:6b:33:75:56:76:db:17:2b:65:
         fa:e6:20:9b:ef:13:07:1f:a8:3f:eb:8e:b8:ee:dd:b1:ee:84:
         59:4e:d1:01:76:7d:2d:8f:a7:30:0b:12:c1:52:36:2d:7f:ef:
         90:33:30:05:65:4f:63:8a:fc:4e:d7:b7:71:eb:88:0a:c5:0e:
         8f:64:aa:6c:4b:e8:0c:ae:08:42:43:e2:8c:38:a7:ae:4c:cd:
         ac:df:53:40:72:10:67:2d:75:d2:4d:46:91:74:5d:2f:ef:6b:
         3a:c8:31:a7:a4:66:9d:21:57:12:47:23:cd:fe:06:d7:09:54:
         e2:4c:9c:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhsgpmNhQ9h16FMrprW9hIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDFkMjcxZWQ3MGRkODlhODRhNmMwNjIxMzY3NjA5Y2M2ZWMxNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1l7dsFkf+U1we7DUJQWDHJ9hHwE6
I+S8w7H9PqOZImEMC9YHECJ9PkDzd0MlehWJHLX6qS/wq3ymipXC3EqZXm67r0Ah
Udsz3olCe+qm8VZ/sBIRPEDqC1rw4KPCXZiZjUxzIVgsBw8yvaTy3sbsygJuVXy1
QzY88qyvzTiJ4d/+slt7EeO03w4/Ce/22QXU2wPTvL4oYnzfpIrmZrtkptvDQYNN
cVhg+tRfyS061p7H799u6+xTdMXVSFSnRIKhrATSv7NvhfGcW3xX7lOUT0oDG1bS
KtIjzTnw+k5bm0Bw1pAKankOdY1gef5KbFYKtr/t+2RbGrMZWql60qwlgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFAdJx7XDdiahKbAYhNnYJzG7BZgMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvVUIwbkh0Y04ySnFFcHNCaUUyZGduTWJzRm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLrAAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQASDSShodJu8BzhlDcu1bUHfgxVpta9qoQAmuSl
kstzRki3HMlSUUf1llennj1jPsab8CdM8PQcbujLHP2pKFsFmMKGVceud6nj8ShS
JOBa1sAdR29OAN4mK7/gsEuooFZsCacTnkC7pQaRoO755yk03daNbWJ01IBZNqd4
r1AlSz/tDDQUHPRrM3VWdtsXK2X65iCb7xMHH6g/64647t2x7oRZTtEBdn0tj6cw
CxLBUjYtf++QMzAFZU9jivxO17dx64gKxQ6PZKpsS+gMrghCQ+KMOKeuTM2s31NA
chBnLXXSTUaRdF0v72s6yDGnpGadIVcSRyPN/gbXCVTiTJwb
-----END CERTIFICATE-----