Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/UOUI7y_Dbx9ciUS937r34eS-1Rc.roa
File:                     UOUI7y_Dbx9ciUS937r34eS-1Rc.roa (raw, json)
Hash identifier:          ulGfmosX3rxIRooWhnsygjQ+UXHbEY3QQgwjGQsWCwE=
Subject key identifier:   50:E5:08:EF:2F:C3:6F:1F:5C:89:44:BD:DF:BA:F7:E1:E4:BE:D5:17
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369E1B9B1CB764F790A5EEC223492C9
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/UOUI7y_Dbx9ciUS937r34eS-1Rc.roa
Signing time:             Wed 01 Jan 2025 19:48:49 +0000
ROA not before:           Wed 01 Jan 2025 19:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a0f:7803:db1f::/48 maxlen: 48
                          2a0f:7803:db73::/48 maxlen: 48
                          2a0f:7803:fc50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e1:b9:b1:cb:76:4f:79:0a:5e:ec:22:34:92:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50e508ef2fc36f1f5c8944bddfbaf7e1e4bed517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:26:13:f5:64:e8:87:b4:d1:29:f8:f0:53:67:
                    b8:38:25:a6:22:92:b0:9a:fa:61:e4:46:06:fc:70:
                    0f:ba:51:0b:c1:c7:85:45:f6:2f:00:4e:13:cd:4b:
                    b7:ec:98:65:49:0b:66:01:4d:0c:06:8b:50:e8:79:
                    79:e2:1d:93:6b:ac:77:8a:71:52:c7:8d:ad:7e:25:
                    06:39:bc:26:31:b8:bd:44:69:5b:5b:dd:d6:98:55:
                    23:b8:e5:82:e8:fc:b1:d8:03:69:19:f8:81:30:3e:
                    22:43:48:cc:d2:93:33:00:86:b8:57:06:3b:7c:3b:
                    64:bf:37:b3:19:86:ab:6a:d7:a7:a6:29:9c:9d:5f:
                    c9:b5:42:d6:91:01:3f:3c:61:48:7e:fd:6d:de:f0:
                    53:e1:4f:ac:1d:5c:03:dd:8b:dd:24:3e:23:5c:fe:
                    12:95:69:97:00:09:a0:3d:27:b3:c6:fb:61:89:4a:
                    17:ea:0e:2c:e2:15:ff:ca:89:54:36:f2:bc:92:7f:
                    a5:6d:a6:1d:3a:bc:cb:c1:46:48:eb:b7:73:2b:3a:
                    79:1f:ea:00:5c:c4:ba:09:4c:df:9b:5f:3e:32:e0:
                    ef:60:be:bf:e6:6a:01:98:d2:e9:5c:9d:0b:23:21:
                    5f:91:b4:f9:f2:b9:63:e3:21:a3:f9:f6:f6:7a:e5:
                    42:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E5:08:EF:2F:C3:6F:1F:5C:89:44:BD:DF:BA:F7:E1:E4:BE:D5:17
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/UOUI7y_Dbx9ciUS937r34eS-1Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:db1f::/48
                  2a0f:7803:db73::/48
                  2a0f:7803:fc50::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:4b:33:02:1b:1b:d3:4e:4b:04:ad:d2:59:47:16:8f:c7:f9:
         d6:6f:75:8e:2e:ab:0a:0c:25:9b:c3:23:d0:6f:42:87:4a:0b:
         8c:07:86:04:d6:63:56:4f:96:b2:7b:77:e9:cc:85:ab:8c:70:
         63:37:c6:c9:fe:cf:f8:3f:7a:3a:76:bc:21:53:cc:6a:5a:da:
         6a:d1:42:f8:2e:8f:85:70:9d:c0:fa:81:4c:c6:df:d5:95:13:
         8c:b0:8a:77:b6:76:9c:f7:2d:94:96:90:d1:32:3d:65:be:3a:
         e7:c3:b4:c2:37:25:97:92:e0:8a:20:ac:81:7c:7f:ba:f3:cd:
         ba:87:14:be:17:2d:0c:22:61:6a:dc:4a:1a:17:af:6e:92:b4:
         7c:1a:9b:6b:09:a3:56:30:b8:32:8d:86:80:69:0c:7f:36:ab:
         af:98:ec:0f:a6:d0:73:5b:cb:18:94:fa:84:9d:7a:5c:f0:7c:
         6c:93:a1:31:73:e7:33:7b:3c:2c:14:45:9a:92:36:18:92:ef:
         17:5b:50:2c:7b:b6:6e:c5:26:d0:e6:00:66:38:bd:08:db:26:
         8a:5c:ea:63:54:42:11:c7:d9:97:a1:63:c8:a3:40:67:b5:18:
         13:80:38:63:b9:3c:2c:61:82:6e:e7:33:f6:be:c2:e5:75:d7:
         1c:f4:a0:ac
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQjaeG5sct2T3kKXuwiNJLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGU1MDhlZjJmYzM2ZjFmNWM4OTQ0YmRkZmJhZjdlMWU0YmVkNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSYT9WToh7TRKfjwU2e4OCWmIpKw
mvph5EYG/HAPulELwceFRfYvAE4TzUu37JhlSQtmAU0MBotQ6Hl54h2Ta6x3inFS
x42tfiUGObwmMbi9RGlbW93WmFUjuOWC6Pyx2ANpGfiBMD4iQ0jM0pMzAIa4VwY7
fDtkvzezGYaratenpimcnV/JtULWkQE/PGFIfv1t3vBT4U+sHVwD3YvdJD4jXP4S
lWmXAAmgPSezxvthiUoX6g4s4hX/yolUNvK8kn+lbaYdOrzLwUZI67dzKzp5H+oA
XMS6CUzfm18+MuDvYL6/5moBmNLpXJ0LIyFfkbT58rlj4yGj+fb2euVCawIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFDlCO8vw28fXIlEvd+69+HkvtUXMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvVU9VSTd5X0RieDljaVVTOTM3cjM0ZVMtMVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg94A9sf
AwcAKg94A9tzAwcAKg94A/xQMA0GCSqGSIb3DQEBCwUAA4IBAQAOSzMCGxvTTksE
rdJZRxaPx/nWb3WOLqsKDCWbwyPQb0KHSguMB4YE1mNWT5aye3fpzIWrjHBjN8bJ
/s/4P3o6drwhU8xqWtpq0UL4Lo+FcJ3A+oFMxt/VlROMsIp3tnac9y2UlpDRMj1l
vjrnw7TCNyWXkuCKIKyBfH+68826hxS+Fy0MImFq3EoaF69ukrR8GptrCaNWMLgy
jYaAaQx/NquvmOwPptBzW8sYlPqEnXpc8Hxsk6Exc+czezwsFEWakjYYku8XW1As
e7ZuxSbQ5gBmOL0I2yaKXOpjVEIRx9mXoWPIo0BntRgTgDhjuTwsYYJu5zP2vsLl
ddcc9KCs
-----END CERTIFICATE-----