Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/U5jElUfybntVVFc0Xi4mAKLnzHI.roa
File:                     U5jElUfybntVVFc0Xi4mAKLnzHI.roa (raw, json)
Hash identifier:          NrrDZz6zJmQO8TZPUDaJc/kzyH0lsoTEtvlaEiqCXX8=
Subject key identifier:   53:98:C4:95:47:F2:6E:7B:55:54:57:34:5E:2E:26:00:A2:E7:CC:72
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       0194221FE1C3D9D96E485E918D671A7CDDEE
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/U5jElUfybntVVFc0Xi4mAKLnzHI.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0d:b9c4::/32 maxlen: 32
                          2a12:1242::/32 maxlen: 32
                          2a12:1244::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 08:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e1:c3:d9:d9:6e:48:5e:91:8d:67:1a:7c:dd:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5398c49547f26e7b555457345e2e2600a2e7cc72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b0:e9:94:15:c8:d5:dc:47:5b:76:23:f2:a4:
                    b0:46:54:03:16:98:0c:ab:9c:6a:a8:61:0c:d4:aa:
                    03:12:19:34:34:06:eb:27:eb:48:54:8f:de:63:f5:
                    ce:97:71:1a:15:25:7f:84:dc:18:8d:7d:00:fe:b3:
                    51:81:72:75:7b:80:84:0f:c8:00:8e:e8:40:48:0b:
                    11:9e:c5:5b:1f:43:7f:b4:24:9f:a3:52:f3:a9:d8:
                    ff:87:47:82:67:d1:e4:60:38:53:1d:b6:7f:a9:2b:
                    f5:3a:ce:e9:79:c6:82:48:41:63:d1:53:3e:38:f1:
                    19:a2:af:3a:d7:6c:91:21:ce:bd:86:53:67:99:38:
                    be:a9:ef:fa:a0:41:1d:ba:f5:c3:8e:a3:af:00:f1:
                    86:d1:84:13:f6:26:22:5b:28:22:60:06:ba:1c:d4:
                    e6:a9:ef:c3:0b:08:1d:30:a8:9c:59:ff:99:c5:ae:
                    8f:bb:38:ac:bb:2d:e0:d6:9a:51:43:a1:8c:d6:1c:
                    94:80:6d:bf:e9:8a:d4:2e:a2:1f:d7:ab:51:c3:10:
                    32:b8:30:e1:6b:8c:d7:82:19:ca:4f:c1:56:02:f4:
                    26:ee:2c:f7:5c:9a:5d:56:e0:00:6e:48:28:5c:b9:
                    45:9b:76:31:25:80:55:97:7d:ef:3c:95:38:6c:de:
                    e5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:98:C4:95:47:F2:6E:7B:55:54:57:34:5E:2E:26:00:A2:E7:CC:72
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/U5jElUfybntVVFc0Xi4mAKLnzHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b9c4::/32
                  2a12:1242::/32
                  2a12:1244::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:f8:99:c0:c8:83:5b:a9:6e:50:a7:83:fa:2c:58:ba:ab:e3:
         31:af:f6:f8:fc:26:44:91:94:4f:98:c3:3a:25:2c:c9:80:b6:
         16:d1:30:82:8a:3b:ee:d4:8d:71:0d:c2:a0:1e:48:54:d3:f0:
         5d:78:5d:4b:7a:df:d4:8f:af:88:12:f6:d8:da:a7:73:09:bf:
         75:47:73:03:5a:18:83:91:33:c6:d0:ad:cc:de:26:ee:57:60:
         f6:62:07:25:38:08:1b:4f:39:0c:36:ba:c8:2e:fc:a6:1a:dc:
         ed:97:77:4a:9e:2a:28:8f:5b:99:bf:ad:b5:3a:71:54:a3:cb:
         31:66:53:07:05:ca:6b:8b:22:cc:ac:f5:0a:19:d6:92:97:dc:
         24:41:59:61:6f:ee:10:fa:0b:28:b1:0d:ed:36:92:a5:37:af:
         16:8e:ea:2b:39:48:e6:34:45:41:f3:61:e4:67:78:c5:ff:e7:
         63:68:25:d5:b7:ee:f8:18:fe:6f:b9:27:ed:8d:60:27:b7:c1:
         7e:08:f2:0d:44:23:0d:c8:da:b7:fc:44:33:39:ca:e2:2d:f1:
         a8:e0:04:7f:67:de:db:bc:13:9e:5a:89:1a:73:d6:31:6d:f7:
         e7:9b:48:38:0e:56:b1:4b:6a:5e:d3:2a:8d:06:18:bb:da:3e:
         df:a6:00:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH+HD2dluSF6RjWcafN3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzk4YzQ5NTQ3ZjI2ZTdiNTU1NDU3MzQ1ZTJlMjYwMGEyZTdjYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrDplBXI1dxHW3Yj8qSwRlQDFpgM
q5xqqGEM1KoDEhk0NAbrJ+tIVI/eY/XOl3EaFSV/hNwYjX0A/rNRgXJ1e4CED8gA
juhASAsRnsVbH0N/tCSfo1Lzqdj/h0eCZ9HkYDhTHbZ/qSv1Os7pecaCSEFj0VM+
OPEZoq8612yRIc69hlNnmTi+qe/6oEEduvXDjqOvAPGG0YQT9iYiWygiYAa6HNTm
qe/DCwgdMKicWf+Zxa6Puzisuy3g1ppRQ6GM1hyUgG2/6YrULqIf16tRwxAyuDDh
a4zXghnKT8FWAvQm7iz3XJpdVuAAbkgoXLlFm3YxJYBVl33vPJU4bN7lRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFOYxJVH8m57VVRXNF4uJgCi58xyMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvVTVqRWxVZnlibnRWVkZjMFhpNG1BS0xuekhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg25xAMF
ACoSEkIDBQAqEhJEMA0GCSqGSIb3DQEBCwUAA4IBAQB2+JnAyINbqW5Qp4P6LFi6
q+Mxr/b4/CZEkZRPmMM6JSzJgLYW0TCCijvu1I1xDcKgHkhU0/BdeF1Let/Uj6+I
EvbY2qdzCb91R3MDWhiDkTPG0K3M3ibuV2D2YgclOAgbTzkMNrrILvymGtztl3dK
niooj1uZv621OnFUo8sxZlMHBcpriyLMrPUKGdaSl9wkQVlhb+4Q+gsosQ3tNpKl
N68WjuorOUjmNEVB82HkZ3jF/+djaCXVt+74GP5vuSftjWAnt8F+CPINRCMNyNq3
/EQzOcriLfGo4AR/Z97bvBOeWokac9Yxbffnm0g4DlaxS2pe0yqNBhi72j7fpgCw
-----END CERTIFICATE-----