Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uawES86QDava2fd-PAyAEWQ2hsc.roa
File:                     uawES86QDava2fd-PAyAEWQ2hsc.roa (raw, json)
Hash identifier:          pl/b4Y/a9DPzF6ZpcckYAaxvf3ZiHRD1Pvm2OyrUScs=
Subject key identifier:   B9:AC:04:4B:CE:90:0D:AB:DA:D9:F7:7E:3C:0C:80:11:64:36:86:C7
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0195CD68C327CBB00E6BD34A153C769E4280
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uawES86QDava2fd-PAyAEWQ2hsc.roa
Signing time:             Tue 25 Mar 2025 13:05:49 +0000
ROA not before:           Tue 25 Mar 2025 13:05:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211265
IP address blocks:        2a03:5840:126::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:68:c3:27:cb:b0:0e:6b:d3:4a:15:3c:76:9e:42:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Mar 25 13:05:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9ac044bce900dabdad9f77e3c0c8011643686c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7f:cd:8a:8a:dd:0a:81:32:16:c8:a1:49:de:
                    5d:dd:4b:63:e9:d6:c1:a1:bd:87:52:66:50:1c:49:
                    2d:c8:da:3b:48:a3:bb:1e:1f:ab:87:76:c7:2e:78:
                    83:3a:13:7c:34:af:c1:59:d7:68:a7:7b:8c:08:d6:
                    5c:39:87:5e:60:e2:47:71:d7:ad:0a:50:46:33:7e:
                    08:b7:e3:8a:8f:14:0c:84:b6:4e:5c:9b:99:e7:8f:
                    b0:83:25:58:7e:2f:76:83:e1:8c:92:17:09:ae:95:
                    6d:a1:99:18:2d:aa:d2:4a:e0:45:40:b5:81:df:5a:
                    e9:fe:f9:3f:29:3f:2f:16:9d:1d:a6:a9:6f:b9:1f:
                    36:24:f9:65:dc:0f:32:3b:61:91:69:1a:0c:1c:98:
                    93:a2:9f:d4:3d:e9:9a:1c:3f:6e:70:29:34:2d:74:
                    5b:d7:4b:e2:85:6e:e7:ab:dc:b9:57:3a:7d:f5:51:
                    9a:00:2b:a1:b0:87:7e:39:8e:f4:ed:d8:d8:3c:1a:
                    41:40:76:8c:f9:e2:b3:50:67:c2:a7:09:24:94:28:
                    9d:74:6f:91:5f:49:25:cd:cc:b3:71:89:73:1c:3f:
                    e8:a2:21:26:45:ed:25:a4:a4:e2:09:87:bf:e5:0c:
                    cd:c9:ef:b7:59:f1:ed:95:e7:0d:70:fe:99:e6:34:
                    65:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AC:04:4B:CE:90:0D:AB:DA:D9:F7:7E:3C:0C:80:11:64:36:86:C7
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/uawES86QDava2fd-PAyAEWQ2hsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:126::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:ec:78:c4:71:70:2a:c2:44:39:6e:e8:b7:d7:e2:7d:ce:f3:
         e4:cb:80:8b:0c:ed:ab:b1:3b:a5:7f:de:89:2e:29:a6:6d:3c:
         49:dd:b9:2e:34:6a:b8:bb:94:ed:59:9f:f2:8f:6a:43:82:50:
         96:42:4b:6e:aa:ba:90:98:7e:48:2c:f8:cd:82:4b:d3:4f:1c:
         b7:64:55:41:79:fc:74:56:72:e8:10:61:3f:60:9d:45:12:5d:
         f6:07:08:2e:4f:a0:66:16:ab:b0:62:7e:84:92:cc:44:48:e3:
         f5:75:39:e1:91:53:b3:68:0b:bd:48:fa:5e:82:c0:03:a2:f2:
         b7:c3:9c:b7:0c:a8:6f:e2:af:a1:dd:68:8e:db:d8:6b:9c:1e:
         db:f0:6b:3a:e2:02:de:99:13:a1:c5:5d:a5:84:cd:0f:df:37:
         44:32:50:08:85:e6:0b:a0:58:c5:39:46:7e:65:6a:fc:6c:5b:
         d6:11:3d:9a:da:1f:87:a3:42:18:b8:1e:97:08:03:d6:f1:58:
         09:06:dc:aa:b8:ea:62:6b:8e:1f:3d:90:3c:de:b4:7f:37:2e:
         43:06:30:6b:8a:57:2d:14:48:2f:4f:cd:44:06:58:d2:a2:49:
         35:ff:c5:0b:aa:70:47:01:ca:56:12:21:95:63:4d:69:4f:31:
         38:8a:c6:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZXNaMMny7AOa9NKFTx2nkKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMzI1MTMwNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWFjMDQ0YmNlOTAwZGFiZGFkOWY3N2UzYzBjODAxMTY0MzY4NmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3/NiordCoEyFsihSd5d3Utj6dbB
ob2HUmZQHEktyNo7SKO7Hh+rh3bHLniDOhN8NK/BWddop3uMCNZcOYdeYOJHcdet
ClBGM34It+OKjxQMhLZOXJuZ54+wgyVYfi92g+GMkhcJrpVtoZkYLarSSuBFQLWB
31rp/vk/KT8vFp0dpqlvuR82JPll3A8yO2GRaRoMHJiTop/UPemaHD9ucCk0LXRb
10vihW7nq9y5Vzp99VGaACuhsId+OY707djYPBpBQHaM+eKzUGfCpwkklCiddG+R
X0klzcyzcYlzHD/ooiEmRe0lpKTiCYe/5QzNye+3WfHtlecNcP6Z5jRlUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLmsBEvOkA2r2tn3fjwMgBFkNobHMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvdWF3RVM4NlFEYXZhMmZkLVBBeUFFV1EyaHNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEm
MA0GCSqGSIb3DQEBCwUAA4IBAQAE7HjEcXAqwkQ5bui31+J9zvPky4CLDO2rsTul
f96JLimmbTxJ3bkuNGq4u5TtWZ/yj2pDglCWQktuqrqQmH5ILPjNgkvTTxy3ZFVB
efx0VnLoEGE/YJ1FEl32BwguT6BmFquwYn6EksxESOP1dTnhkVOzaAu9SPpegsAD
ovK3w5y3DKhv4q+h3WiO29hrnB7b8Gs64gLemROhxV2lhM0P3zdEMlAIheYLoFjF
OUZ+ZWr8bFvWET2a2h+Ho0IYuB6XCAPW8VgJBtyquOpia44fPZA83rR/Ny5DBjBr
ilctFEgvT81EBljSokk1/8ULqnBHAcpWEiGVY01pTzE4isbn
-----END CERTIFICATE-----