Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Uaif5mluHcrJUGbfFQOQv5aGmqo.roa
File:                     Uaif5mluHcrJUGbfFQOQv5aGmqo.roa (raw, json)
Hash identifier:          4GcANOdK85GtkfgKCJ6D/Bc//mwXx0P/TVTNMp8rznY=
Subject key identifier:   51:A8:9F:E6:69:6E:1D:CA:C9:50:66:DF:15:03:90:BF:96:86:9A:AA
Certificate issuer:       /CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
Certificate serial:       019423D74770F7B13389C4A3011AF1B94002
Authority key identifier: 19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Uaif5mluHcrJUGbfFQOQv5aGmqo.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8961
IP address blocks:        2001:8f8:d002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 10:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:47:70:f7:b1:33:89:c4:a3:01:1a:f1:b9:40:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19ee5f16fc144acb98977449faa0ab77de1bdcc9
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51a89fe6696e1dcac95066df150390bf96869aaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:fe:74:24:61:06:9c:0a:ae:e9:84:5e:b9:c8:
                    34:57:28:00:96:31:91:81:0c:4f:77:f4:55:b5:d1:
                    74:eb:7e:56:7d:b9:f8:dd:a3:4d:3f:0f:b4:ff:f0:
                    93:13:aa:e3:42:49:f4:10:e3:ed:d5:ad:76:f0:87:
                    e4:a2:82:9e:f8:b3:6a:1f:4f:a1:05:b5:d5:b5:46:
                    1f:8d:79:e2:08:45:fa:56:51:c8:7f:e5:d1:0a:eb:
                    45:48:5d:71:79:12:ff:dd:d3:c4:28:04:aa:9b:00:
                    d3:27:cc:0e:6f:6a:f4:34:a8:26:a2:d8:45:8a:38:
                    b8:13:14:a9:fe:64:41:a3:a1:cb:7f:7e:db:bd:7e:
                    c3:7f:c2:7d:85:a5:c5:07:52:a9:8a:2a:18:6c:da:
                    36:c1:14:3c:e3:31:06:bb:34:9f:e0:0a:3b:51:15:
                    b0:f4:8d:1a:a7:97:36:4f:43:5e:e2:3c:45:f9:5d:
                    22:51:59:94:25:23:37:ed:f7:92:dc:7e:8d:2a:a0:
                    55:d2:da:83:34:a4:6f:9d:39:9b:85:ba:81:95:c5:
                    b9:0e:07:03:29:f9:a3:9a:14:3a:78:b4:5d:0b:7a:
                    42:d8:b7:22:d6:ac:37:51:8c:a7:cf:eb:2f:4d:54:
                    6c:05:fa:0e:f4:ca:4f:b6:47:08:2e:ba:fe:c7:42:
                    ed:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A8:9F:E6:69:6E:1D:CA:C9:50:66:DF:15:03:90:BF:96:86:9A:AA
            X509v3 Authority Key Identifier:
                keyid:19:EE:5F:16:FC:14:4A:CB:98:97:74:49:FA:A0:AB:77:DE:1B:DC:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Uaif5mluHcrJUGbfFQOQv5aGmqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/742370-e10f-4541-aa6c-61afb66d1e8c/1/Ge5fFvwUSsuYl3RJ-qCrd94b3Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:8f8:d002::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:90:cd:e1:84:e2:48:ee:67:bb:7e:4d:09:a5:e4:bb:26:54:
         a1:75:b6:91:d3:5e:5c:5e:43:32:ed:f1:15:89:7e:5f:ad:ac:
         c7:35:b1:01:be:c3:40:aa:54:fc:ec:06:ca:a0:a2:51:27:24:
         62:6c:18:f1:88:f0:c4:6c:e5:19:ec:8c:50:e4:1b:07:a3:b1:
         bd:7f:c3:d4:65:80:00:e8:b5:a7:3a:b6:80:9b:48:6e:f1:d6:
         6b:f8:3d:1c:4a:c1:e2:a4:45:7b:d0:97:93:0d:d3:f3:41:9f:
         c8:3a:48:b8:51:80:7d:bd:e9:23:98:25:55:ef:4c:1d:76:00:
         49:8c:d4:4e:05:66:dd:b0:3c:e1:f9:6d:25:e5:01:f8:bc:6f:
         b3:f7:43:4a:64:3b:4c:e6:f6:d9:91:60:95:3e:cf:e6:b0:19:
         a6:ee:cf:ad:f1:70:13:42:7f:a2:f4:5e:32:7f:c6:5b:82:07:
         93:c2:5c:38:4d:c6:70:71:48:5c:4b:1a:ad:c3:81:34:68:17:
         9a:7d:a9:66:75:fc:2b:1b:57:97:e5:d2:b7:43:fe:72:55:32:
         43:39:37:41:0c:42:4c:32:79:bf:69:53:5b:3b:bb:5d:d3:c1:
         62:6b:b1:bf:c4:24:3e:6a:2f:84:ae:5c:1d:53:1b:b7:17:1a:
         ca:bb:95:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj10dw97EzicSjARrxuUACMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZWU1ZjE2ZmMxNDRhY2I5ODk3NzQ0OWZhYTBhYjc3ZGUx
YmRjYzkwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWE4OWZlNjY5NmUxZGNhYzk1MDY2ZGYxNTAzOTBiZjk2ODY5YWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6P50JGEGnAqu6YReucg0VygAljGR
gQxPd/RVtdF0635Wfbn43aNNPw+0//CTE6rjQkn0EOPt1a128IfkooKe+LNqH0+h
BbXVtUYfjXniCEX6VlHIf+XRCutFSF1xeRL/3dPEKASqmwDTJ8wOb2r0NKgmothF
iji4ExSp/mRBo6HLf37bvX7Df8J9haXFB1KpiioYbNo2wRQ84zEGuzSf4Ao7URWw
9I0ap5c2T0Ne4jxF+V0iUVmUJSM37feS3H6NKqBV0tqDNKRvnTmbhbqBlcW5DgcD
KfmjmhQ6eLRdC3pC2Lci1qw3UYynz+svTVRsBfoO9MpPtkcILrr+x0LtAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFGon+Zpbh3KyVBm3xUDkL+WhpqqMB8GA1UdIwQY
MBaAFBnuXxb8FErLmJd0Sfqgq3feG9zJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMt
NjFhZmI2NmQxZThjLzEvVWFpZjVtbHVIY3JKVUdiZkZRT1F2NWFHbXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83NDIzNzAtZTEwZi00NTQxLWFhNmMtNjFhZmI2NmQxZThj
LzEvR2U1ZkZ2d1VTc3VZbDNSSi1xQ3JkOTRiM01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEI+NAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBgkM3hhOJI7me7fk0JpeS7JlShdbaR015cXkMy
7fEViX5frazHNbEBvsNAqlT87AbKoKJRJyRibBjxiPDEbOUZ7IxQ5BsHo7G9f8PU
ZYAA6LWnOraAm0hu8dZr+D0cSsHipEV70JeTDdPzQZ/IOki4UYB9vekjmCVV70wd
dgBJjNROBWbdsDzh+W0l5QH4vG+z90NKZDtM5vbZkWCVPs/msBmm7s+t8XATQn+i
9F4yf8ZbggeTwlw4TcZwcUhcSxqtw4E0aBeafalmdfwrG1eX5dK3Q/5yVTJDOTdB
DEJMMnm/aVNbO7td08Fia7G/xCQ+ai+ErlwdUxu3FxrKu5WY
-----END CERTIFICATE-----