Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/3Uvg-SGM_zlK_SKX6X83CL5pES4.roa
File:                     3Uvg-SGM_zlK_SKX6X83CL5pES4.roa (raw, json)
Hash identifier:          txSz1BVeFo/z2vKlSjUFGN00mKoCcahrUY9+MYjGUZA=
Subject key identifier:   DD:4B:E0:F9:21:8C:FF:39:4A:FD:22:97:E9:7F:37:08:BE:69:11:2E
Certificate issuer:       /CN=b3398b5b1d9a96e4115b7bcf6fca63fbaf639ca7
Certificate serial:       0194236A45FCBC4432937957F6BBAD9638AC
Authority key identifier: B3:39:8B:5B:1D:9A:96:E4:11:5B:7B:CF:6F:CA:63:FB:AF:63:9C:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/3Uvg-SGM_zlK_SKX6X83CL5pES4.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52192
IP address blocks:        2001:678:f40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:45:fc:bc:44:32:93:79:57:f6:bb:ad:96:38:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3398b5b1d9a96e4115b7bcf6fca63fbaf639ca7
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd4be0f9218cff394afd2297e97f3708be69112e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c0:ad:28:44:fd:f6:41:39:cd:19:b7:06:4b:
                    c9:44:41:a3:d9:b0:9a:30:8f:29:cd:3e:e7:3d:af:
                    08:d3:79:0c:f6:94:41:8d:18:3d:fc:d5:bd:42:24:
                    40:de:af:63:b2:1f:82:9d:f1:df:54:b1:ca:56:c0:
                    5e:bc:75:a0:d9:a1:f0:d1:1d:89:bd:45:06:d3:40:
                    96:13:f0:bf:cd:a0:95:84:6f:8b:ab:29:68:c3:82:
                    da:c8:ec:20:93:50:36:c0:30:d0:e9:e8:b8:f1:40:
                    93:6d:a1:82:31:07:83:8e:c1:3c:ba:73:19:a4:f7:
                    8e:5d:b2:d2:9d:84:80:fd:05:f3:19:84:7f:a2:4a:
                    9a:36:69:40:c8:8c:29:3c:10:ee:ad:b1:a5:e3:99:
                    29:a3:d2:de:a8:1c:e1:a0:6e:9c:a4:19:70:b9:b4:
                    c4:9d:3a:8f:d9:b5:62:a2:50:42:96:56:7f:99:fd:
                    30:5e:f0:6d:53:66:44:48:13:a2:49:5e:84:a9:5c:
                    d3:7b:9c:3b:7d:9f:68:20:fe:97:95:d4:03:bf:7d:
                    bd:ad:e6:43:31:6b:b4:c5:99:93:cb:bf:ed:ac:df:
                    bc:53:95:9c:6a:a5:36:01:08:19:2d:3d:04:db:55:
                    6c:ae:77:a8:8d:34:18:11:79:e7:25:b0:a2:21:c0:
                    d1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4B:E0:F9:21:8C:FF:39:4A:FD:22:97:E9:7F:37:08:BE:69:11:2E
            X509v3 Authority Key Identifier:
                keyid:B3:39:8B:5B:1D:9A:96:E4:11:5B:7B:CF:6F:CA:63:FB:AF:63:9C:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/3Uvg-SGM_zlK_SKX6X83CL5pES4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f40::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:89:1e:3a:2a:9d:e8:d1:f8:bc:f2:ff:f8:c0:06:21:4b:e3:
         8d:cd:54:49:3f:25:48:1b:c4:32:6b:1b:cd:99:d0:e2:4c:5a:
         f6:fd:9b:f0:43:c8:1e:e4:cd:0e:53:35:fb:d2:35:bb:ee:f3:
         63:85:c6:60:3a:a5:47:e2:ed:a6:0e:ea:c8:29:9c:c2:38:f0:
         d3:0e:3a:40:fd:0a:d2:47:60:93:6f:26:f6:fd:93:15:67:94:
         c0:9d:07:72:e6:26:95:58:bf:1d:4a:fd:03:e8:2c:06:84:9f:
         42:8a:a9:1a:f7:99:29:6b:60:ef:de:25:9a:cf:0b:6b:b6:1d:
         89:37:c3:a8:2a:d6:d9:95:3d:b0:10:ac:af:6e:e0:d1:5f:cb:
         ca:b6:ee:73:bd:53:1b:17:d0:52:6b:58:0d:ee:95:d8:90:6a:
         e3:48:1b:27:cd:90:f9:08:4c:c0:08:e0:ad:e4:7f:52:65:67:
         09:27:77:cc:45:22:bc:7f:30:a7:b3:2f:c2:66:3a:eb:3c:9b:
         8e:b1:3f:19:c4:4c:91:98:d1:98:ea:4e:03:95:9c:37:ca:49:
         b4:49:99:22:32:69:4b:ed:0b:73:b9:f2:c6:16:06:79:93:91:
         b8:7b:6c:ef:b2:3d:ec:69:2c:03:34:9b:88:5b:3b:7e:cb:09:
         35:79:2e:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjakX8vEQyk3lX9rutljisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMzk4YjViMWQ5YTk2ZTQxMTViN2JjZjZmY2E2M2ZiYWY2
MzljYTcwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDRiZTBmOTIxOGNmZjM5NGFmZDIyOTdlOTdmMzcwOGJlNjkxMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsCtKET99kE5zRm3BkvJREGj2bCa
MI8pzT7nPa8I03kM9pRBjRg9/NW9QiRA3q9jsh+CnfHfVLHKVsBevHWg2aHw0R2J
vUUG00CWE/C/zaCVhG+Lqylow4LayOwgk1A2wDDQ6ei48UCTbaGCMQeDjsE8unMZ
pPeOXbLSnYSA/QXzGYR/okqaNmlAyIwpPBDurbGl45kpo9LeqBzhoG6cpBlwubTE
nTqP2bViolBCllZ/mf0wXvBtU2ZESBOiSV6EqVzTe5w7fZ9oIP6XldQDv329reZD
MWu0xZmTy7/trN+8U5WcaqU2AQgZLT0E21VsrneojTQYEXnnJbCiIcDRpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN1L4PkhjP85Sv0il+l/Nwi+aREuMB8GA1UdIwQY
MBaAFLM5i1sdmpbkEVt7z2/KY/uvY5ynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3ptTFd4MmFsdVFSVzN2UGI4cGotNjlqbktjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80NDQ0MzctNjg0My00YWQ0LWI3NjQt
NzljYzUyYzA2ZDRmLzEvM1V2Zy1TR01femxLX1NLWDZYODNDTDVwRVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80NDQ0MzctNjg0My00YWQ0LWI3NjQtNzljYzUyYzA2ZDRm
LzEvc3ptTFd4MmFsdVFSVzN2UGI4cGotNjlqbktjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA9A
MA0GCSqGSIb3DQEBCwUAA4IBAQBLiR46Kp3o0fi88v/4wAYhS+ONzVRJPyVIG8Qy
axvNmdDiTFr2/ZvwQ8ge5M0OUzX70jW77vNjhcZgOqVH4u2mDurIKZzCOPDTDjpA
/QrSR2CTbyb2/ZMVZ5TAnQdy5iaVWL8dSv0D6CwGhJ9Ciqka95kpa2Dv3iWazwtr
th2JN8OoKtbZlT2wEKyvbuDRX8vKtu5zvVMbF9BSa1gN7pXYkGrjSBsnzZD5CEzA
COCt5H9SZWcJJ3fMRSK8fzCnsy/CZjrrPJuOsT8ZxEyRmNGY6k4DlZw3ykm0SZki
MmlL7QtzufLGFgZ5k5G4e2zvsj3saSwDNJuIWzt+ywk1eS5k
-----END CERTIFICATE-----