Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/UGR0Nm7XgEo_C52g4hZe_Rs5ZcQ.roa
File:                     UGR0Nm7XgEo_C52g4hZe_Rs5ZcQ.roa (raw, json)
Hash identifier:          LA6rXbOmVl2jO/KpnJDcjc8gvW16w8N7yWXEbyRFi7Q=
Subject key identifier:   50:64:74:36:6E:D7:80:4A:3F:0B:9D:A0:E2:16:5E:FD:1B:39:65:C4
Certificate issuer:       /CN=93503061e1ae503ec63d970b30875dd93ffabbdf
Certificate serial:       019425FBF40C1C8CF6DFD69A9B82BF96FE7A
Authority key identifier: 93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/UGR0Nm7XgEo_C52g4hZe_Rs5ZcQ.roa
Signing time:             Thu 02 Jan 2025 07:47:36 +0000
ROA not before:           Thu 02 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206834
IP address blocks:        2a01:bb20:2000::/36 maxlen: 36
                          2a01:bb20:3000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:f4:0c:1c:8c:f6:df:d6:9a:9b:82:bf:96:fe:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93503061e1ae503ec63d970b30875dd93ffabbdf
        Validity
            Not Before: Jan  2 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=506474366ed7804a3f0b9da0e2165efd1b3965c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ac:a8:c0:33:81:7d:e6:18:e8:31:da:93:e0:
                    91:eb:8d:16:06:c9:1f:3c:20:f4:5a:2b:b8:39:70:
                    84:14:56:e8:35:e8:5f:72:8a:ca:48:54:82:5f:e8:
                    1c:b0:57:24:cd:f2:e7:b7:fe:b0:fa:f8:0a:d3:d7:
                    a0:46:7a:fb:a8:95:9f:0d:dc:8a:63:64:4f:f6:f0:
                    7c:15:e9:c2:bd:1e:e8:97:02:ef:ee:e4:0c:9e:5b:
                    7d:01:06:16:c6:d9:4f:46:b1:1d:d7:4a:64:eb:d3:
                    f7:3d:ea:14:32:e7:87:1b:68:47:67:1e:ad:44:77:
                    1c:42:69:38:03:30:56:b1:ae:da:2b:44:dc:01:ed:
                    a2:bc:da:36:86:35:9b:68:6c:a0:a6:84:5e:45:be:
                    ba:75:58:6e:54:12:c8:d5:4e:38:89:7b:20:ba:64:
                    3f:d9:d9:94:2e:7e:4b:3e:93:b8:5e:97:15:f3:73:
                    39:00:78:bf:c4:1d:17:15:31:1e:7b:62:2e:cc:87:
                    9f:f3:ed:53:d9:bc:66:0f:be:88:3a:5e:7b:ef:0b:
                    06:b9:97:11:f2:9d:56:81:93:6a:9e:41:cb:9a:e5:
                    03:84:47:a8:57:1f:8b:de:aa:c5:ee:49:af:c4:90:
                    ac:da:68:b1:96:34:d7:ef:fa:92:c5:de:76:a2:87:
                    77:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:64:74:36:6E:D7:80:4A:3F:0B:9D:A0:E2:16:5E:FD:1B:39:65:C4
            X509v3 Authority Key Identifier:
                keyid:93:50:30:61:E1:AE:50:3E:C6:3D:97:0B:30:87:5D:D9:3F:FA:BB:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1AwYeGuUD7GPZcLMIdd2T_6u98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/UGR0Nm7XgEo_C52g4hZe_Rs5ZcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a76ac1-5f22-47d1-b8c1-c623ed8f2f28/1/k1AwYeGuUD7GPZcLMIdd2T_6u98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:bb20:2000::/35

    Signature Algorithm: sha256WithRSAEncryption
         b5:72:9b:c9:67:67:9b:5f:fa:08:d6:51:ae:e6:a6:f5:d5:f5:
         5d:89:72:02:0d:0e:f5:cd:9b:93:13:9f:17:17:78:d3:77:09:
         70:7d:40:33:2e:dc:99:8b:22:46:ab:b1:54:a1:26:7d:27:03:
         c8:c7:fd:2b:68:1d:69:49:ab:34:4f:71:af:6e:f7:96:85:8d:
         c2:1c:e5:25:79:7a:aa:f0:73:ea:a4:93:8b:28:02:03:64:35:
         26:77:b9:f7:1b:99:63:90:f1:5f:20:ab:d2:9b:cf:43:c9:89:
         1b:e2:ff:05:0e:bf:fc:e3:2a:56:18:3e:d4:13:64:4d:5d:cd:
         2f:d6:45:41:58:ce:2f:20:75:10:e0:45:a4:84:2d:65:c5:7b:
         ba:30:aa:4a:c4:9e:48:15:6c:64:af:a5:f2:9f:28:93:df:45:
         ad:7b:99:8d:63:cd:d2:8b:7d:40:be:5c:1c:47:03:6f:db:54:
         ac:f3:dd:b1:49:1b:56:58:ca:20:27:1d:11:85:10:fa:ba:f8:
         52:d4:fd:39:16:dd:23:b0:54:21:ce:69:8c:53:26:79:38:97:
         63:20:b6:4a:b2:1b:84:31:50:c9:d7:9a:c0:22:a9:21:46:79:
         75:f9:d3:0b:3f:79:88:52:56:4e:65:52:b4:88:04:b8:48:cc:
         10:3d:9f:83
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl+/QMHIz239aam4K/lv56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNTAzMDYxZTFhZTUwM2VjNjNkOTcwYjMwODc1ZGQ5M2Zm
YWJiZGYwHhcNMjUwMTAyMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDY0NzQzNjZlZDc4MDRhM2YwYjlkYTBlMjE2NWVmZDFiMzk2NWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqyowDOBfeYY6DHak+CR640WBskf
PCD0Wiu4OXCEFFboNehfcorKSFSCX+gcsFckzfLnt/6w+vgK09egRnr7qJWfDdyK
Y2RP9vB8FenCvR7olwLv7uQMnlt9AQYWxtlPRrEd10pk69P3PeoUMueHG2hHZx6t
RHccQmk4AzBWsa7aK0TcAe2ivNo2hjWbaGygpoReRb66dVhuVBLI1U44iXsgumQ/
2dmULn5LPpO4XpcV83M5AHi/xB0XFTEee2IuzIef8+1T2bxmD76IOl577wsGuZcR
8p1WgZNqnkHLmuUDhEeoVx+L3qrF7kmvxJCs2mixljTX7/qSxd52ood3UwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFBkdDZu14BKPwudoOIWXv0bOWXEMB8GA1UdIwQY
MBaAFJNQMGHhrlA+xj2XCzCHXdk/+rvfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEt
YzYyM2VkOGYyZjI4LzEvVUdSME5tN1hnRW9fQzUyZzRoWmVfUnM1WmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hNzZhYzEtNWYyMi00N2QxLWI4YzEtYzYyM2VkOGYyZjI4
LzEvazFBd1llR3VVRDdHUFpjTE1JZGQyVF82dTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgG7ICAw
DQYJKoZIhvcNAQELBQADggEBALVym8lnZ5tf+gjWUa7mpvXV9V2JcgINDvXNm5MT
nxcXeNN3CXB9QDMu3JmLIkarsVShJn0nA8jH/StoHWlJqzRPca9u95aFjcIc5SV5
eqrwc+qkk4soAgNkNSZ3ufcbmWOQ8V8gq9Kbz0PJiRvi/wUOv/zjKlYYPtQTZE1d
zS/WRUFYzi8gdRDgRaSELWXFe7owqkrEnkgVbGSvpfKfKJPfRa17mY1jzdKLfUC+
XBxHA2/bVKzz3bFJG1ZYyiAnHRGFEPq6+FLU/TkW3SOwVCHOaYxTJnk4l2Mgtkqy
G4QxUMnXmsAiqSFGeXX50ws/eYhSVk5lUrSIBLhIzBA9n4M=
-----END CERTIFICATE-----