Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/UHKxbfyeZNA8vfYZxdgz-4yzkq4.roa
File:                     UHKxbfyeZNA8vfYZxdgz-4yzkq4.roa (raw, json)
Hash identifier:          Mb15+/01DxorNLvSHrlSh6ZQx9Xaj6QioFjrKFNgMm4=
Subject key identifier:   50:72:B1:6D:FC:9E:64:D0:3C:BD:F6:19:C5:D8:33:FB:8C:B3:92:AE
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       0194282712CF16A35519C54799517CFC6BDA
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/UHKxbfyeZNA8vfYZxdgz-4yzkq4.roa
Signing time:             Thu 02 Jan 2025 17:53:56 +0000
ROA not before:           Thu 02 Jan 2025 17:53:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38230
IP address blocks:        2a0e:46c4:101::/48 maxlen: 48
                          2a0e:46c4:110::/48 maxlen: 48
                          2a0e:46c4:200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:12:cf:16:a3:55:19:c5:47:99:51:7c:fc:6b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5072b16dfc9e64d03cbdf619c5d833fb8cb392ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:03:d6:2b:45:e3:8d:ac:93:ac:8c:a5:63:0c:
                    c1:95:e0:3e:20:62:71:f1:12:15:5f:9b:5f:ae:52:
                    59:67:8f:64:ad:87:c3:a0:16:4b:7b:00:e0:a3:d0:
                    24:65:2b:18:48:4f:7b:f4:b7:64:fc:a0:05:60:7e:
                    ad:f9:2b:fe:6b:f1:cf:22:73:24:b0:a0:f3:f4:b1:
                    95:2b:8d:e3:81:06:14:7f:ee:2b:34:e8:79:50:84:
                    62:62:27:de:c4:39:a4:f5:d5:1d:7e:4d:aa:f3:b7:
                    e2:ba:bf:4c:05:d4:fd:e3:b8:fa:3f:d1:bf:6c:78:
                    ca:ba:4c:c6:3f:8d:b2:da:7f:f1:ba:f9:9a:45:1f:
                    2c:75:d0:3b:e8:93:fc:09:cf:9c:33:f2:87:1b:97:
                    3c:55:06:31:a2:01:1f:af:f6:43:b1:69:a9:8d:30:
                    e9:3e:86:03:0d:52:f5:8c:aa:ba:6e:37:a5:32:37:
                    d6:fc:1a:67:3f:91:53:ca:e2:d9:69:78:0f:e3:45:
                    da:32:ce:fa:99:4d:f0:19:af:1f:ca:ae:ee:30:24:
                    17:2f:86:81:43:35:8a:e8:72:7d:8b:69:1b:54:80:
                    15:96:fd:57:26:da:07:5e:3d:1c:d0:01:dd:35:32:
                    b5:7f:bd:86:29:45:01:00:3b:0b:52:14:30:30:95:
                    ff:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:72:B1:6D:FC:9E:64:D0:3C:BD:F6:19:C5:D8:33:FB:8C:B3:92:AE
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/UHKxbfyeZNA8vfYZxdgz-4yzkq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:101::/48
                  2a0e:46c4:110::/48
                  2a0e:46c4:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:71:af:d7:3e:fd:80:a7:db:09:15:37:ce:b2:e0:5e:51:87:
         53:c2:a1:86:fb:d6:c9:09:0b:e7:74:0a:21:66:40:fa:02:43:
         ba:64:30:ff:50:a8:34:b9:c5:5a:af:2f:fd:10:72:eb:41:c1:
         36:3c:f6:fe:38:1f:ef:6b:4e:92:d3:9f:83:01:17:6e:21:fc:
         79:0c:b8:00:f1:5a:06:f1:1e:4c:54:2d:12:e6:98:b3:22:e9:
         2c:ec:53:10:97:3f:23:27:f3:eb:06:52:84:9a:98:c7:35:78:
         6a:a6:53:21:5d:5b:1f:a7:7b:62:85:48:6d:34:cc:09:79:68:
         39:60:f2:b2:64:f9:e4:3c:b6:ce:37:6d:e2:40:ae:a5:1b:c8:
         09:e4:0d:9c:4e:c4:cf:97:6a:2b:9f:46:3b:10:99:7d:42:be:
         43:22:c5:2b:ae:3b:4e:8f:a0:54:e6:e6:a5:77:23:3b:b7:90:
         3e:b2:f8:c4:61:c6:b1:ac:6b:f3:c2:83:4e:a2:17:20:ac:5a:
         ca:d1:d2:0a:14:ab:19:d1:86:d1:9d:34:3a:d4:75:ec:ac:89:
         89:c0:71:95:a0:26:22:98:6c:44:22:1d:60:ad:15:9d:1e:3a:
         4e:b4:05:d3:d5:e9:11:42:30:21:d5:da:21:d3:02:69:9f:34:
         2a:8d:4d:ef
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJxLPFqNVGcVHmVF8/GvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDcyYjE2ZGZjOWU2NGQwM2NiZGY2MTljNWQ4MzNmYjhjYjM5MmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwPWK0XjjayTrIylYwzBleA+IGJx
8RIVX5tfrlJZZ49krYfDoBZLewDgo9AkZSsYSE979Ldk/KAFYH6t+Sv+a/HPInMk
sKDz9LGVK43jgQYUf+4rNOh5UIRiYifexDmk9dUdfk2q87fiur9MBdT947j6P9G/
bHjKukzGP42y2n/xuvmaRR8sddA76JP8Cc+cM/KHG5c8VQYxogEfr/ZDsWmpjTDp
PoYDDVL1jKq6bjelMjfW/BpnP5FTyuLZaXgP40XaMs76mU3wGa8fyq7uMCQXL4aB
QzWK6HJ9i2kbVIAVlv1XJtoHXj0c0AHdNTK1f72GKUUBADsLUhQwMJX/XQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFBysW38nmTQPL32GcXYM/uMs5KuMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvVUhLeGJmeWVaTkE4dmZZWnhkZ3otNHl6a3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg5GxAEB
AwcAKg5GxAEQAwcAKg5GxAIAMA0GCSqGSIb3DQEBCwUAA4IBAQCdca/XPv2Ap9sJ
FTfOsuBeUYdTwqGG+9bJCQvndAohZkD6AkO6ZDD/UKg0ucVary/9EHLrQcE2PPb+
OB/va06S05+DARduIfx5DLgA8VoG8R5MVC0S5pizIuks7FMQlz8jJ/PrBlKEmpjH
NXhqplMhXVsfp3tihUhtNMwJeWg5YPKyZPnkPLbON23iQK6lG8gJ5A2cTsTPl2or
n0Y7EJl9Qr5DIsUrrjtOj6BU5ualdyM7t5A+svjEYcaxrGvzwoNOohcgrFrK0dIK
FKsZ0YbRnTQ61HXsrImJwHGVoCYimGxEIh1grRWdHjpOtAXT1ekRQjAh1doh0wJp
nzQqjU3v
-----END CERTIFICATE-----