Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uXEAv92OojWVDo1OywkWFuXxGAs.roa
File:                     uXEAv92OojWVDo1OywkWFuXxGAs.roa (raw, json)
Hash identifier:          F32EsoDAnixW1ABJDoWWZoPCzcGl9S7Z/h18Xy1K3H0=
Subject key identifier:   B9:71:00:BF:DD:8E:A2:35:95:0E:8D:4E:CB:09:16:16:E5:F1:18:0B
Certificate issuer:       /CN=b81bb21b5c1889030d365a549f21d5b426f9dda8
Certificate serial:       01942444A7AE9FF855857061617547EBBCC4
Authority key identifier: B8:1B:B2:1B:5C:18:89:03:0D:36:5A:54:9F:21:D5:B4:26:F9:DD:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uBuyG1wYiQMNNlpUnyHVtCb53ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uXEAv92OojWVDo1OywkWFuXxGAs.roa
Signing time:             Wed 01 Jan 2025 23:47:46 +0000
ROA not before:           Wed 01 Jan 2025 23:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29551
IP address blocks:        2001:678:4a8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uBuyG1wYiQMNNlpUnyHVtCb53ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uBuyG1wYiQMNNlpUnyHVtCb53ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uBuyG1wYiQMNNlpUnyHVtCb53ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 20:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a7:ae:9f:f8:55:85:70:61:61:75:47:eb:bc:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b81bb21b5c1889030d365a549f21d5b426f9dda8
        Validity
            Not Before: Jan  1 23:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b97100bfdd8ea235950e8d4ecb091616e5f1180b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:88:28:47:56:3b:cb:65:97:9d:85:aa:56:fc:
                    1b:2d:12:b2:c3:23:87:7f:73:3e:ea:ae:41:b1:d1:
                    e0:9e:64:2f:11:63:25:76:4b:96:fe:dc:a6:8c:3a:
                    28:ac:22:42:61:28:40:3e:63:72:ec:ea:82:f3:33:
                    ee:20:35:f5:8e:63:2c:a7:bc:c9:d5:97:46:1e:81:
                    2b:e5:84:21:80:e9:e0:b8:7a:31:e4:f0:55:89:13:
                    c7:15:47:29:fd:e9:76:f4:0f:95:8c:31:f5:d1:c4:
                    c8:fa:df:88:22:1e:9e:1e:f3:3f:97:42:b0:7b:a4:
                    c0:2e:45:1e:f9:4f:31:b5:f7:1c:f1:a4:d6:a2:59:
                    55:cc:52:c7:2a:43:f3:98:7d:0e:d7:32:11:77:22:
                    87:2c:3b:9a:35:ab:0b:05:1a:38:25:4d:34:96:41:
                    76:f0:c6:77:bc:82:53:75:9b:e5:c4:3a:c3:86:69:
                    cc:d6:bd:c9:57:a5:8b:6d:22:a3:3f:ac:dd:37:f5:
                    96:a3:a5:c3:5e:5a:13:c6:45:45:c4:1a:e7:03:63:
                    b6:ca:f0:ad:10:7f:e5:15:92:93:6c:e8:03:19:d8:
                    4f:06:44:2c:4d:74:f1:e3:f8:69:68:1b:05:67:a8:
                    ab:7a:a8:f5:fe:39:af:85:e5:30:ee:24:9d:1f:b1:
                    53:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:71:00:BF:DD:8E:A2:35:95:0E:8D:4E:CB:09:16:16:E5:F1:18:0B
            X509v3 Authority Key Identifier:
                keyid:B8:1B:B2:1B:5C:18:89:03:0D:36:5A:54:9F:21:D5:B4:26:F9:DD:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uBuyG1wYiQMNNlpUnyHVtCb53ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uXEAv92OojWVDo1OywkWFuXxGAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/0a96c9-18ea-4753-a2c5-ac9acd352842/1/uBuyG1wYiQMNNlpUnyHVtCb53ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:4a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:f4:2e:7c:56:89:4c:07:16:df:60:41:b5:5b:b3:2a:05:14:
         f5:93:29:f5:0f:d5:9e:08:4c:97:93:59:30:eb:d3:4d:83:9b:
         8a:cf:4b:a6:b0:44:09:e1:17:6b:69:9e:a3:41:ca:c2:1a:9e:
         43:5d:a3:7b:41:28:64:37:25:1a:c3:8e:98:81:d1:cf:a1:25:
         f6:95:df:c8:78:31:99:b5:79:70:fa:99:66:42:40:71:c7:2b:
         72:7c:10:69:d1:c1:80:10:02:10:c2:25:db:b0:ab:49:f7:5f:
         7d:09:27:0b:0d:a8:17:65:3b:b2:cd:56:e7:65:b1:44:bd:53:
         02:12:07:07:fe:17:b3:fd:51:93:83:95:92:3e:f4:74:e8:e5:
         2c:25:f5:d5:a1:27:0b:be:96:38:5a:1e:63:21:f2:1e:50:c9:
         fd:33:f3:a3:d8:51:f5:c1:92:d9:5f:6d:93:1b:24:d2:55:09:
         36:57:f3:fc:13:5c:49:e3:cb:7a:27:7e:f1:38:fb:bb:26:2d:
         08:97:0f:e9:2c:a7:fd:60:c4:03:6c:d9:2f:80:51:e6:24:89:
         d8:fb:e8:79:f3:04:cd:3c:a8:90:1b:79:64:e2:80:69:f1:54:
         98:c1:64:b3:5c:e9:b3:a4:7a:79:f6:8d:1e:dd:65:d3:73:07:
         5f:9f:24:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRKeun/hVhXBhYXVH67zEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MWJiMjFiNWMxODg5MDMwZDM2NWE1NDlmMjFkNWI0MjZm
OWRkYTgwHhcNMjUwMTAxMjM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTcxMDBiZmRkOGVhMjM1OTUwZThkNGVjYjA5MTYxNmU1ZjExODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4goR1Y7y2WXnYWqVvwbLRKywyOH
f3M+6q5BsdHgnmQvEWMldkuW/tymjDoorCJCYShAPmNy7OqC8zPuIDX1jmMsp7zJ
1ZdGHoEr5YQhgOnguHox5PBViRPHFUcp/el29A+VjDH10cTI+t+IIh6eHvM/l0Kw
e6TALkUe+U8xtfcc8aTWollVzFLHKkPzmH0O1zIRdyKHLDuaNasLBRo4JU00lkF2
8MZ3vIJTdZvlxDrDhmnM1r3JV6WLbSKjP6zdN/WWo6XDXloTxkVFxBrnA2O2yvCt
EH/lFZKTbOgDGdhPBkQsTXTx4/hpaBsFZ6ireqj1/jmvheUw7iSdH7FTlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLlxAL/djqI1lQ6NTssJFhbl8RgLMB8GA1UdIwQY
MBaAFLgbshtcGIkDDTZaVJ8h1bQm+d2oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUJ1eUcxd1lpUU1OTmxwVW55SFZ0Q2I1M2FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8wYTk2YzktMThlYS00NzUzLWEyYzUt
YWM5YWNkMzUyODQyLzEvdVhFQXY5Mk9valdWRG8xT3l3a1dGdVh4R0FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8wYTk2YzktMThlYS00NzUzLWEyYzUtYWM5YWNkMzUyODQy
LzEvdUJ1eUcxd1lpUU1OTmxwVW55SFZ0Q2I1M2FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeASo
MA0GCSqGSIb3DQEBCwUAA4IBAQA69C58VolMBxbfYEG1W7MqBRT1kyn1D9WeCEyX
k1kw69NNg5uKz0umsEQJ4RdraZ6jQcrCGp5DXaN7QShkNyUaw46YgdHPoSX2ld/I
eDGZtXlw+plmQkBxxytyfBBp0cGAEAIQwiXbsKtJ9199CScLDagXZTuyzVbnZbFE
vVMCEgcH/hez/VGTg5WSPvR06OUsJfXVoScLvpY4Wh5jIfIeUMn9M/Oj2FH1wZLZ
X22TGyTSVQk2V/P8E1xJ48t6J37xOPu7Ji0Ilw/pLKf9YMQDbNkvgFHmJInY++h5
8wTNPKiQG3lk4oBp8VSYwWSzXOmzpHp59o0e3WXTcwdfnyTV
-----END CERTIFICATE-----