Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/uPdsoPPsIplTvcCyAbcJMwYg9pQ.roa
File:                     uPdsoPPsIplTvcCyAbcJMwYg9pQ.roa (raw, json)
Hash identifier:          csIN1YT5O+6UepoAW4L5bp8f0Qp/luUK9hGbpbp+j+I=
Subject key identifier:   B8:F7:6C:A0:F3:EC:22:99:53:BD:C0:B2:01:B7:09:33:06:20:F6:94
Certificate issuer:       /CN=12520f8b2af8a1453089a620d2392f66b0a3ebf4
Certificate serial:       01973C6D2EFA6AFBEED7AB28ED3F9030613B
Authority key identifier: 12:52:0F:8B:2A:F8:A1:45:30:89:A6:20:D2:39:2F:66:B0:A3:EB:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/uPdsoPPsIplTvcCyAbcJMwYg9pQ.roa
Signing time:             Wed 04 Jun 2025 19:31:17 +0000
ROA not before:           Wed 04 Jun 2025 19:31:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a07:eb80::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:6d:2e:fa:6a:fb:ee:d7:ab:28:ed:3f:90:30:61:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12520f8b2af8a1453089a620d2392f66b0a3ebf4
        Validity
            Not Before: Jun  4 19:31:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8f76ca0f3ec229953bdc0b201b709330620f694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f3:94:90:8a:dc:6d:64:4b:6b:c9:aa:f3:6f:
                    41:7c:6c:8f:c2:90:e2:2e:84:48:88:56:92:ca:04:
                    e4:80:90:0b:1b:1b:77:5b:cc:08:5d:d5:93:ae:80:
                    aa:62:35:44:49:b2:bd:ac:30:0a:42:f3:06:db:12:
                    f2:92:e9:3b:89:7d:2d:d3:11:69:de:93:b2:da:2e:
                    fa:22:e5:52:4a:69:3a:54:ad:21:4a:c1:f5:3b:76:
                    26:9a:d6:8b:27:9e:97:ce:49:3e:57:f3:a8:59:e0:
                    29:58:83:c0:0f:2c:d2:ab:b4:c3:bb:9d:19:de:3c:
                    c9:a3:00:96:d2:f1:c3:14:d9:aa:a9:8d:78:b7:18:
                    6c:4e:e0:22:08:8f:ef:8d:ac:2b:93:33:4a:68:bf:
                    f6:36:ee:e1:7f:3d:6c:f8:6f:43:a6:a1:5a:a0:ff:
                    18:c5:96:06:36:e0:f4:0f:0d:06:e9:c7:31:5d:bd:
                    1b:09:77:8e:6d:d9:77:80:af:ee:6e:51:f7:91:0f:
                    a8:36:8d:b8:01:23:75:f4:1c:75:c1:7f:c1:6f:94:
                    82:d2:b7:33:57:65:db:45:5b:19:f0:1a:d6:b9:98:
                    56:da:9a:b9:69:fc:51:69:f4:ff:cb:65:54:c6:ad:
                    0b:6a:45:85:c3:2b:08:da:ae:9c:ba:95:51:c6:26:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F7:6C:A0:F3:EC:22:99:53:BD:C0:B2:01:B7:09:33:06:20:F6:94
            X509v3 Authority Key Identifier:
                keyid:12:52:0F:8B:2A:F8:A1:45:30:89:A6:20:D2:39:2F:66:B0:A3:EB:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/uPdsoPPsIplTvcCyAbcJMwYg9pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/976565-a699-4d88-8117-3421ea41df36/1/ElIPiyr4oUUwiaYg0jkvZrCj6_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:eb80::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:cb:13:d7:15:6d:b0:b4:16:30:c9:31:fd:eb:f6:96:09:cf:
         be:fb:70:c3:04:ee:7b:76:d2:dd:88:b5:51:57:b0:1b:96:2b:
         19:9f:f9:ff:b3:42:b4:ff:84:33:62:be:19:29:14:b7:da:8e:
         60:4c:33:76:c8:05:b4:f1:ba:fb:ae:63:ee:9d:8f:04:96:0a:
         e7:26:46:41:e4:79:ba:ee:ae:e1:49:33:05:27:4d:d1:88:9f:
         92:33:58:78:6f:4d:db:b7:00:a0:c9:04:d3:65:57:77:fe:76:
         42:be:2a:7f:02:43:af:f5:b1:03:73:74:c6:27:9b:17:af:9b:
         a9:4c:cf:ec:13:06:0d:9b:d6:d2:f0:7c:df:c7:39:86:14:f5:
         35:a9:cb:22:f7:b8:09:09:86:69:6c:85:55:03:b6:0a:98:80:
         1a:73:0b:53:09:3b:55:10:e0:f4:e5:b9:2f:9b:4b:7a:15:10:
         99:23:45:58:18:72:99:59:3a:6e:41:84:ad:cd:aa:9f:fe:49:
         b2:39:78:6c:3d:e4:7f:4a:ec:90:61:80:0a:c8:20:b7:58:ac:
         ac:09:d6:8c:dd:43:85:29:f6:98:17:27:86:13:5b:9a:46:b7:
         ff:a2:c3:8a:dd:f8:7b:28:94:10:62:5a:91:56:1d:6a:14:ec:
         65:dc:30:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZc8bS76avvu16so7T+QMGE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNTIwZjhiMmFmOGExNDUzMDg5YTYyMGQyMzkyZjY2YjBh
M2ViZjQwHhcNMjUwNjA0MTkzMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGY3NmNhMGYzZWMyMjk5NTNiZGMwYjIwMWI3MDkzMzA2MjBmNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfOUkIrcbWRLa8mq829BfGyPwpDi
LoRIiFaSygTkgJALGxt3W8wIXdWTroCqYjVESbK9rDAKQvMG2xLykuk7iX0t0xFp
3pOy2i76IuVSSmk6VK0hSsH1O3YmmtaLJ56Xzkk+V/OoWeApWIPADyzSq7TDu50Z
3jzJowCW0vHDFNmqqY14txhsTuAiCI/vjawrkzNKaL/2Nu7hfz1s+G9DpqFaoP8Y
xZYGNuD0Dw0G6ccxXb0bCXeObdl3gK/ublH3kQ+oNo24ASN19Bx1wX/Bb5SC0rcz
V2XbRVsZ8BrWuZhW2pq5afxRafT/y2VUxq0LakWFwysI2q6cupVRxiajlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLj3bKDz7CKZU73AsgG3CTMGIPaUMB8GA1UdIwQY
MBaAFBJSD4sq+KFFMImmINI5L2awo+v0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWxJUGl5cjRvVVV3aWFZZzBqa3ZackNqNl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85NzY1NjUtYTY5OS00ZDg4LTgxMTct
MzQyMWVhNDFkZjM2LzEvdVBkc29QUHNJcGxUdmNDeUFiY0pNd1lnOXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85NzY1NjUtYTY5OS00ZDg4LTgxMTctMzQyMWVhNDFkZjM2
LzEvRWxJUGl5cjRvVVV3aWFZZzBqa3ZackNqNl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgfrgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAGyxPXFW2wtBYwyTH96/aWCc+++3DDBO57dtLd
iLVRV7AblisZn/n/s0K0/4QzYr4ZKRS32o5gTDN2yAW08br7rmPunY8ElgrnJkZB
5Hm67q7hSTMFJ03RiJ+SM1h4b03btwCgyQTTZVd3/nZCvip/AkOv9bEDc3TGJ5sX
r5upTM/sEwYNm9bS8HzfxzmGFPU1qcsi97gJCYZpbIVVA7YKmIAacwtTCTtVEOD0
5bkvm0t6FRCZI0VYGHKZWTpuQYStzaqf/kmyOXhsPeR/SuyQYYAKyCC3WKysCdaM
3UOFKfaYFyeGE1uaRrf/osOK3fh7KJQQYlqRVh1qFOxl3DAQ
-----END CERTIFICATE-----