Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/uHo3NllV-K3w1G6p5rG7wnxalyc.roa
File:                     uHo3NllV-K3w1G6p5rG7wnxalyc.roa (raw, json)
Hash identifier:          9Ww2h+p6zLKhFMgiZaAelr6XnjDP//hoNtiBUG9Lei4=
Subject key identifier:   B8:7A:37:36:59:55:F8:AD:F0:D4:6E:A9:E6:B1:BB:C2:7C:5A:97:27
Certificate issuer:       /CN=52eb03d211996e99a49e3c3f9ce4b3f2a15723c5
Certificate serial:       019425FD9780B6E8156FD6F428130984C1A6
Authority key identifier: 52:EB:03:D2:11:99:6E:99:A4:9E:3C:3F:9C:E4:B3:F2:A1:57:23:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UusD0hGZbpmknjw_nOSz8qFXI8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/uHo3NllV-K3w1G6p5rG7wnxalyc.roa
Signing time:             Thu 02 Jan 2025 07:49:23 +0000
ROA not before:           Thu 02 Jan 2025 07:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47367
IP address blocks:        2a0f:eb80:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/UusD0hGZbpmknjw_nOSz8qFXI8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/UusD0hGZbpmknjw_nOSz8qFXI8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UusD0hGZbpmknjw_nOSz8qFXI8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:97:80:b6:e8:15:6f:d6:f4:28:13:09:84:c1:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52eb03d211996e99a49e3c3f9ce4b3f2a15723c5
        Validity
            Not Before: Jan  2 07:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b87a37365955f8adf0d46ea9e6b1bbc27c5a9727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:db:d9:e9:6b:16:c8:c7:37:8c:93:82:b6:e6:
                    41:97:b1:6c:cb:6d:66:9c:7d:ef:1d:0d:33:57:69:
                    c4:5a:50:0e:cf:1d:31:8c:38:85:71:46:ea:7a:31:
                    e1:8c:69:95:76:9f:d4:8f:ac:1e:f0:f9:26:6a:09:
                    f6:44:f1:da:04:8d:a0:a6:6a:20:f3:28:40:a5:b9:
                    aa:73:9e:53:5e:45:db:e3:0f:5c:21:cc:d7:73:3f:
                    d1:56:46:b5:e7:27:85:e7:1b:47:c7:3e:4c:4f:db:
                    fd:fa:47:62:e7:53:8a:fc:be:f9:97:b1:5c:b6:2a:
                    ac:53:99:8d:8b:62:f3:3f:41:0e:fc:bb:15:33:48:
                    ef:31:d6:40:55:75:41:cb:93:28:e7:2d:e1:55:00:
                    fc:aa:26:66:f1:25:78:23:0d:7f:3c:d4:5a:4e:3b:
                    b0:96:65:ea:92:2a:9e:4e:bf:41:d9:42:f0:2a:17:
                    09:e2:5c:9f:1d:37:a0:1b:29:df:67:cf:93:65:a6:
                    1c:0f:29:d8:f6:e0:15:20:bc:26:5e:a1:23:51:36:
                    58:d5:1d:2d:b9:08:f0:9f:7c:e7:13:95:0f:7d:c4:
                    8b:66:5b:8c:97:c0:22:07:20:1d:67:22:eb:9f:9d:
                    35:f9:48:19:ef:0b:56:68:24:e5:8f:e0:f7:d3:33:
                    04:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7A:37:36:59:55:F8:AD:F0:D4:6E:A9:E6:B1:BB:C2:7C:5A:97:27
            X509v3 Authority Key Identifier:
                keyid:52:EB:03:D2:11:99:6E:99:A4:9E:3C:3F:9C:E4:B3:F2:A1:57:23:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UusD0hGZbpmknjw_nOSz8qFXI8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/uHo3NllV-K3w1G6p5rG7wnxalyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/66676a-3bac-4b6d-a638-96cd42f0f95b/1/UusD0hGZbpmknjw_nOSz8qFXI8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:eb80:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:c2:ba:15:c4:73:7a:9f:5f:0c:e0:c6:50:73:f8:d9:e6:1c:
         e0:5c:8b:6e:31:d4:b4:e8:85:a0:5e:56:64:0a:4d:ff:bd:1a:
         e1:da:97:69:f1:fc:59:3c:42:55:d2:df:53:87:f0:1c:99:7d:
         0c:5f:b2:e5:29:ff:ba:66:9a:fe:79:05:85:e0:56:b1:26:e5:
         f1:b5:76:5d:90:ac:7d:7a:d1:8b:8f:4e:fe:30:16:94:ff:e0:
         9c:fe:28:85:73:2f:96:6f:f5:fc:da:74:5f:a3:97:65:f4:4c:
         9c:e4:02:72:6e:b5:7c:d3:36:d5:13:43:b5:be:11:d8:f3:2f:
         30:24:a6:be:af:df:30:59:4d:e2:36:1f:c5:02:53:8c:a0:f5:
         d7:b6:7e:c5:91:ce:c1:01:96:c9:d1:53:19:3a:f8:81:a3:f7:
         b7:03:61:3f:54:bd:4a:5d:91:05:88:3d:e4:3e:5c:a8:39:34:
         ae:35:7f:75:db:f6:1f:0b:3d:c2:56:2f:08:a8:7d:3f:89:0c:
         c1:a1:59:b8:45:06:55:8b:ad:39:01:54:8a:d8:6d:78:35:b0:
         9f:ed:6b:02:1f:e6:29:e1:5f:01:bf:bd:03:69:c4:6d:8a:f2:
         13:49:46:41:a7:62:d2:59:9b:73:43:18:9c:60:a4:1f:e4:93:
         7b:33:30:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/ZeAtugVb9b0KBMJhMGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZWIwM2QyMTE5OTZlOTlhNDllM2MzZjljZTRiM2YyYTE1
NzIzYzUwHhcNMjUwMTAyMDc0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdhMzczNjU5NTVmOGFkZjBkNDZlYTllNmIxYmJjMjdjNWE5NzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39vZ6WsWyMc3jJOCtuZBl7Fsy21m
nH3vHQ0zV2nEWlAOzx0xjDiFcUbqejHhjGmVdp/Uj6we8Pkmagn2RPHaBI2gpmog
8yhApbmqc55TXkXb4w9cIczXcz/RVka15yeF5xtHxz5MT9v9+kdi51OK/L75l7Fc
tiqsU5mNi2LzP0EO/LsVM0jvMdZAVXVBy5Mo5y3hVQD8qiZm8SV4Iw1/PNRaTjuw
lmXqkiqeTr9B2ULwKhcJ4lyfHTegGynfZ8+TZaYcDynY9uAVILwmXqEjUTZY1R0t
uQjwn3znE5UPfcSLZluMl8AiByAdZyLrn501+UgZ7wtWaCTlj+D30zMEdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLh6NzZZVfit8NRuqeaxu8J8WpcnMB8GA1UdIwQY
MBaAFFLrA9IRmW6ZpJ48P5zks/KhVyPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXVzRDBoR1picG1rbmp3X25PU3o4cUZYSThVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82NjY3NmEtM2JhYy00YjZkLWE2Mzgt
OTZjZDQyZjBmOTViLzEvdUhvM05sbFYtSzN3MUc2cDVyRzd3bnhhbHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82NjY3NmEtM2JhYy00YjZkLWE2MzgtOTZjZDQyZjBmOTVi
LzEvVXVzRDBoR1picG1rbmp3X25PU3o4cUZYSThVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/rgAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCQwroVxHN6n18M4MZQc/jZ5hzgXItuMdS06IWg
XlZkCk3/vRrh2pdp8fxZPEJV0t9Th/AcmX0MX7LlKf+6Zpr+eQWF4FaxJuXxtXZd
kKx9etGLj07+MBaU/+Cc/iiFcy+Wb/X82nRfo5dl9Eyc5AJybrV80zbVE0O1vhHY
8y8wJKa+r98wWU3iNh/FAlOMoPXXtn7Fkc7BAZbJ0VMZOviBo/e3A2E/VL1KXZEF
iD3kPlyoOTSuNX912/YfCz3CVi8IqH0/iQzBoVm4RQZVi605AVSK2G14NbCf7WsC
H+Yp4V8Bv70DacRtivITSUZBp2LSWZtzQxicYKQf5JN7MzAc
-----END CERTIFICATE-----