Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/u1fx_e153PBDwPgyvx0qhpf_7-c.roa
File:                     u1fx_e153PBDwPgyvx0qhpf_7-c.roa (raw, json)
Hash identifier:          rIfGEdBSwuolAjKZu/D3tV9dA5ieH7tsIwRBMyCCMhA=
Subject key identifier:   BB:57:F1:FD:ED:79:DC:F0:43:C0:F8:32:BF:1D:2A:86:97:FF:EF:E7
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0194258F10311D361E60F0618D959150A4C6
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/u1fx_e153PBDwPgyvx0qhpf_7-c.roa
Signing time:             Thu 02 Jan 2025 05:48:40 +0000
ROA not before:           Thu 02 Jan 2025 05:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        2a0e:8086::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:10:31:1d:36:1e:60:f0:61:8d:95:91:50:a4:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 05:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb57f1fded79dcf043c0f832bf1d2a8697ffefe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:82:01:5d:91:e2:60:3d:65:20:03:66:ce:a2:
                    3e:a5:48:fd:bb:df:be:83:d6:63:5c:24:a2:c6:d8:
                    8d:0c:73:01:b4:48:b4:de:7b:c6:db:3a:8f:5e:79:
                    d5:bc:25:32:1f:59:62:5f:ea:7c:6b:61:84:ad:1a:
                    fc:cd:47:52:2a:67:7d:76:08:c0:6b:b0:3b:9b:61:
                    71:3e:df:45:88:59:19:fb:90:c4:d5:fe:20:54:3c:
                    4c:09:19:4a:44:d6:ed:c2:13:c7:a5:8b:d0:b5:a9:
                    42:ff:51:aa:e2:27:d4:c3:ec:40:7d:75:31:2f:d3:
                    8e:b7:9b:c4:d2:4f:b0:bf:84:60:cd:cc:2c:80:f7:
                    10:5c:a0:b4:26:97:44:6c:dd:44:9d:09:37:02:a0:
                    0f:03:f1:f5:71:9e:c4:49:08:4c:2b:ae:0f:9f:61:
                    62:74:01:77:bc:13:ff:78:df:5a:dc:38:dd:b8:fd:
                    1d:3f:8f:b4:bc:c7:87:05:72:d8:23:d9:51:db:e5:
                    32:0a:77:bd:f7:7e:b9:4f:65:d2:c2:fb:5a:30:12:
                    6d:14:54:09:6c:a3:43:4d:18:f4:29:86:e5:e0:f6:
                    ea:5e:3a:be:14:bc:61:d1:93:30:2b:0b:08:65:8c:
                    df:5b:f0:3f:33:91:c8:2c:64:75:34:f2:62:58:f4:
                    76:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:57:F1:FD:ED:79:DC:F0:43:C0:F8:32:BF:1D:2A:86:97:FF:EF:E7
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/u1fx_e153PBDwPgyvx0qhpf_7-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8086::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:f3:9c:2a:ab:e0:ac:6b:13:d9:e5:09:e2:10:42:12:c6:6b:
         4f:88:e7:cb:d8:af:dd:d0:85:16:e3:6c:c7:c0:f8:a8:ea:eb:
         a0:30:ff:ae:6c:5c:66:07:0c:29:43:f3:4a:22:a9:67:fb:55:
         41:81:f6:8d:ea:a4:32:67:c8:e8:d0:76:c5:b1:28:b8:fd:2f:
         b7:97:0c:dc:ef:34:d2:37:ad:a3:4d:25:dc:bf:ce:aa:d2:f8:
         8c:d6:02:5c:17:3d:44:18:96:f9:dc:93:61:00:3e:c1:69:a1:
         2c:40:cb:d8:10:88:62:03:9c:9d:5b:c2:03:a3:f0:88:27:38:
         c0:3b:c9:29:2b:34:d3:3f:39:6d:38:02:d3:0a:63:ca:9d:51:
         39:bd:59:7e:5b:81:78:27:17:6e:66:6c:d2:af:68:1a:ea:e6:
         36:76:9b:d6:d7:30:17:c7:61:df:46:d9:d6:eb:6a:4c:20:94:
         69:6c:26:c8:48:ed:66:34:ea:30:b5:ad:90:58:c5:1a:94:1c:
         7a:76:75:aa:d5:b9:ac:db:12:64:a7:be:8f:06:9b:26:a4:ac:
         1a:ed:81:c8:85:09:f1:85:1e:d6:d8:7b:86:57:2c:ed:34:fb:
         b6:47:a2:05:0b:99:42:d0:2d:1b:32:47:0d:76:77:48:ac:46:
         77:96:63:ed
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQljxAxHTYeYPBhjZWRUKTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMTAyMDU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjU3ZjFmZGVkNzlkY2YwNDNjMGY4MzJiZjFkMmE4Njk3ZmZlZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYIBXZHiYD1lIANmzqI+pUj9u9++
g9ZjXCSixtiNDHMBtEi03nvG2zqPXnnVvCUyH1liX+p8a2GErRr8zUdSKmd9dgjA
a7A7m2FxPt9FiFkZ+5DE1f4gVDxMCRlKRNbtwhPHpYvQtalC/1Gq4ifUw+xAfXUx
L9OOt5vE0k+wv4RgzcwsgPcQXKC0JpdEbN1EnQk3AqAPA/H1cZ7ESQhMK64Pn2Fi
dAF3vBP/eN9a3DjduP0dP4+0vMeHBXLYI9lR2+UyCne99365T2XSwvtaMBJtFFQJ
bKNDTRj0KYbl4PbqXjq+FLxh0ZMwKwsIZYzfW/A/M5HILGR1NPJiWPR2MwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLtX8f3tedzwQ8D4Mr8dKoaX/+/nMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvdTFmeF9lMTUzUEJEd1BneXZ4MHFocGZfNy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6AhjAN
BgkqhkiG9w0BAQsFAAOCAQEApvOcKqvgrGsT2eUJ4hBCEsZrT4jny9iv3dCFFuNs
x8D4qOrroDD/rmxcZgcMKUPzSiKpZ/tVQYH2jeqkMmfI6NB2xbEouP0vt5cM3O80
0jeto00l3L/OqtL4jNYCXBc9RBiW+dyTYQA+wWmhLEDL2BCIYgOcnVvCA6PwiCc4
wDvJKSs00z85bTgC0wpjyp1ROb1ZfluBeCcXbmZs0q9oGurmNnab1tcwF8dh30bZ
1utqTCCUaWwmyEjtZjTqMLWtkFjFGpQcenZ1qtW5rNsSZKe+jwabJqSsGu2ByIUJ
8YUe1th7hlcs7TT7tkeiBQuZQtAtGzJHDXZ3SKxGd5Zj7Q==
-----END CERTIFICATE-----