Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/UVQCO4c7gPlnbnFsrZBocsgkaAA.roa
File:                     UVQCO4c7gPlnbnFsrZBocsgkaAA.roa (raw, json)
Hash identifier:          V8RmBYoHKxTziStv8rsl1Lst5+68+msyqJhDWqugaio=
Subject key identifier:   51:54:02:3B:87:3B:80:F9:67:6E:71:6C:AD:90:68:72:C8:24:68:00
Certificate issuer:       /CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
Certificate serial:       0197407A7BCF2EE6A38A799FE4F7E41A9CAA
Authority key identifier: 0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/UVQCO4c7gPlnbnFsrZBocsgkaAA.roa
Signing time:             Thu 05 Jun 2025 14:24:18 +0000
ROA not before:           Thu 05 Jun 2025 14:24:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19637
IP address blocks:        2a02:ce8:5ba::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 11:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:7a:7b:cf:2e:e6:a3:8a:79:9f:e4:f7:e4:1a:9c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1c6d0de70cc51805b63a5e2327622525d075b1
        Validity
            Not Before: Jun  5 14:24:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5154023b873b80f9676e716cad906872c8246800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b3:38:b6:12:64:af:6b:f7:f0:f9:bd:b8:2e:
                    e7:4f:5b:11:58:cb:5b:9c:ec:ff:2a:f6:65:de:21:
                    bd:a1:e2:1c:c3:e0:59:60:78:3f:90:85:c4:ab:16:
                    6e:32:85:cf:d5:b0:c4:fe:e3:cc:a0:85:01:c2:ea:
                    00:db:e6:ea:51:c7:64:49:8d:cd:21:31:9a:06:75:
                    d0:48:f6:cd:0e:ce:2c:91:24:aa:46:ca:46:45:23:
                    1a:f0:85:32:1a:d6:ec:34:3c:1f:28:63:51:f4:05:
                    6e:dc:18:b4:bf:f3:2b:29:87:91:83:04:00:3a:ff:
                    1d:b8:8b:53:4b:f8:03:bc:b6:5d:9e:56:a8:d4:93:
                    8e:ec:d8:82:6f:d5:e8:d9:ba:d6:a6:95:57:81:4a:
                    83:68:e8:bf:6f:a7:b7:ca:da:d3:cf:95:3f:6f:d2:
                    6b:4b:4a:85:26:1f:59:1a:cd:00:b8:5e:38:3b:58:
                    24:e0:a1:d8:ec:20:6d:a3:fe:9f:27:d5:b9:5d:59:
                    86:71:bd:ce:4a:b1:47:83:cc:39:23:c5:c0:95:91:
                    2f:de:c2:18:d1:b3:09:72:c7:f0:8c:ef:c2:dd:16:
                    2c:bf:d6:d9:85:9e:86:a1:37:5f:3a:5e:63:c2:fd:
                    99:b3:d0:51:d9:8f:16:0f:18:2f:6f:e5:27:e2:20:
                    31:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:54:02:3B:87:3B:80:F9:67:6E:71:6C:AD:90:68:72:C8:24:68:00
            X509v3 Authority Key Identifier:
                keyid:0B:1C:6D:0D:E7:0C:C5:18:05:B6:3A:5E:23:27:62:25:25:D0:75:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CxxtDecMxRgFtjpeIydiJSXQdbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/UVQCO4c7gPlnbnFsrZBocsgkaAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1972a-9e18-4791-8530-f774f1eafbff/1/CxxtDecMxRgFtjpeIydiJSXQdbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ce8:5ba::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:e9:a5:a3:76:4b:16:96:ec:f5:8a:af:c4:6f:ad:16:43:de:
         4b:9c:26:e1:fd:59:8d:b8:c7:25:a0:5e:af:a5:58:8f:44:3e:
         c9:de:5c:2e:74:25:b8:68:76:2e:c7:59:11:34:ac:51:dc:26:
         af:e9:10:2f:a1:5b:1c:a3:f6:9d:1b:e3:a6:71:6d:ca:da:3b:
         88:a0:d1:4f:55:6a:84:da:60:83:94:40:a5:fd:21:72:e9:04:
         db:5d:8a:40:1d:f6:03:08:2f:44:71:33:c4:57:38:da:28:20:
         5b:9f:e3:07:12:c6:05:5c:ea:9e:f7:05:8e:e2:6f:f6:96:d7:
         22:60:19:20:ad:2d:a4:5a:0f:5d:b7:2d:a7:a3:38:ee:86:e5:
         db:b5:2d:aa:ea:f7:0a:b0:d4:70:d3:99:4f:74:f5:21:30:92:
         2c:99:e2:d9:40:91:19:b9:96:29:1e:9b:b6:3c:0f:d8:b8:7d:
         3d:9f:b6:74:9e:96:4a:37:5b:ec:3c:30:24:07:66:01:9d:00:
         a7:a0:47:05:64:69:cf:b5:e8:be:6a:09:c5:09:c2:fd:82:da:
         0b:37:3e:46:d7:57:63:3e:2e:62:c8:49:62:af:8c:0e:cb:29:
         45:bc:fa:db:63:b9:d5:bb:61:98:cd:f2:22:45:76:92:80:06:
         ba:af:24:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdAenvPLuajinmf5PfkGpyqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWM2ZDBkZTcwY2M1MTgwNWI2M2E1ZTIzMjc2MjI1MjVk
MDc1YjEwHhcNMjUwNjA1MTQyNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTU0MDIzYjg3M2I4MGY5Njc2ZTcxNmNhZDkwNjg3MmM4MjQ2ODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7M4thJkr2v38Pm9uC7nT1sRWMtb
nOz/KvZl3iG9oeIcw+BZYHg/kIXEqxZuMoXP1bDE/uPMoIUBwuoA2+bqUcdkSY3N
ITGaBnXQSPbNDs4skSSqRspGRSMa8IUyGtbsNDwfKGNR9AVu3Bi0v/MrKYeRgwQA
Ov8duItTS/gDvLZdnlao1JOO7NiCb9Xo2brWppVXgUqDaOi/b6e3ytrTz5U/b9Jr
S0qFJh9ZGs0AuF44O1gk4KHY7CBto/6fJ9W5XVmGcb3OSrFHg8w5I8XAlZEv3sIY
0bMJcsfwjO/C3RYsv9bZhZ6GoTdfOl5jwv2Zs9BR2Y8WDxgvb+Un4iAx6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFFUAjuHO4D5Z25xbK2QaHLIJGgAMB8GA1UdIwQY
MBaAFAscbQ3nDMUYBbY6XiMnYiUl0HWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAt
Zjc3NGYxZWFmYmZmLzEvVVZRQ080YzdnUGxuYm5Gc3JaQm9jc2drYUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMTk3MmEtOWUxOC00NzkxLTg1MzAtZjc3NGYxZWFmYmZm
LzEvQ3h4dERlY014UmdGdGpwZUl5ZGlKU1hRZGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIM6AW6
MA0GCSqGSIb3DQEBCwUAA4IBAQCS6aWjdksWluz1iq/Eb60WQ95LnCbh/VmNuMcl
oF6vpViPRD7J3lwudCW4aHYux1kRNKxR3Cav6RAvoVsco/adG+OmcW3K2juIoNFP
VWqE2mCDlECl/SFy6QTbXYpAHfYDCC9EcTPEVzjaKCBbn+MHEsYFXOqe9wWO4m/2
ltciYBkgrS2kWg9dty2nozjuhuXbtS2q6vcKsNRw05lPdPUhMJIsmeLZQJEZuZYp
Hpu2PA/YuH09n7Z0npZKN1vsPDAkB2YBnQCnoEcFZGnPtei+agnFCcL9gtoLNz5G
11djPi5iyElir4wOyylFvPrbY7nVu2GYzfIiRXaSgAa6ryRm
-----END CERTIFICATE-----