Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/uuK2CvjDB1elMTvaPuzNpmsW9KY.roa
File:                     uuK2CvjDB1elMTvaPuzNpmsW9KY.roa (raw, json)
Hash identifier:          S75QfkrkhNbGGxbOdQrVjlRuXr4OJ2AaZXwkQhwwcQI=
Subject key identifier:   BA:E2:B6:0A:F8:C3:07:57:A5:31:3B:DA:3E:EC:CD:A6:6B:16:F4:A6
Certificate issuer:       /CN=4f32b9eff9f02c7cabe1995a2db509d8258d35fc
Certificate serial:       01942369CC1CA639E29C4A6BE38A46DDFF04
Authority key identifier: 4F:32:B9:EF:F9:F0:2C:7C:AB:E1:99:5A:2D:B5:09:D8:25:8D:35:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/uuK2CvjDB1elMTvaPuzNpmsW9KY.roa
Signing time:             Wed 01 Jan 2025 19:48:43 +0000
ROA not before:           Wed 01 Jan 2025 19:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35280
IP address blocks:        132.76.0.0/16 maxlen: 16
                          132.77.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:cc:1c:a6:39:e2:9c:4a:6b:e3:8a:46:dd:ff:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f32b9eff9f02c7cabe1995a2db509d8258d35fc
        Validity
            Not Before: Jan  1 19:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bae2b60af8c30757a5313bda3eeccda66b16f4a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3e:17:31:d1:b1:d4:a5:a4:32:aa:17:9a:b6:
                    75:84:1e:14:b7:11:b6:63:e1:1e:29:ea:8d:88:e8:
                    df:71:5b:7e:69:07:63:d0:f1:0f:4f:7c:a7:f5:6b:
                    24:fd:4d:69:30:49:c1:d6:cf:e4:5e:e3:34:7f:5d:
                    8f:29:df:2e:6c:a8:30:0c:c4:34:b3:1a:75:9f:e5:
                    b9:7b:b6:4a:49:da:d7:96:4b:78:1a:14:77:b4:fb:
                    3d:e7:de:4d:74:cd:4d:5a:99:a2:ff:c3:29:ba:29:
                    2c:a8:90:4f:42:83:eb:77:ce:8c:67:70:87:f5:ba:
                    32:1c:01:71:be:83:5c:f8:51:18:52:16:b4:3c:34:
                    2e:93:2e:a0:5c:48:b8:6f:19:59:c4:c3:4f:ad:5d:
                    ee:8b:af:38:ea:85:a2:fe:87:45:60:ec:14:0c:3c:
                    57:c2:3b:6b:22:cf:ee:67:34:49:cf:e8:e4:4c:c4:
                    0d:ed:06:ae:b6:7a:14:cf:e5:97:d4:39:1c:fa:96:
                    15:c0:1d:f1:61:2b:9a:76:50:35:f3:09:cd:17:01:
                    aa:06:f5:c8:45:8a:e3:29:1c:04:0d:76:09:4d:ed:
                    f4:a6:bf:25:8a:00:cc:e9:8b:97:53:d7:ba:a1:01:
                    80:e3:48:3e:b2:07:92:e6:78:97:37:fd:7e:3a:cc:
                    b0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E2:B6:0A:F8:C3:07:57:A5:31:3B:DA:3E:EC:CD:A6:6B:16:F4:A6
            X509v3 Authority Key Identifier:
                keyid:4F:32:B9:EF:F9:F0:2C:7C:AB:E1:99:5A:2D:B5:09:D8:25:8D:35:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/uuK2CvjDB1elMTvaPuzNpmsW9KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.76.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         26:9c:e5:a1:5f:58:14:21:ad:02:cc:1d:1c:08:73:74:b9:ea:
         48:c4:98:4e:4e:66:53:f6:cb:0b:c9:97:b8:cd:1e:d3:0b:30:
         8b:f6:09:c1:4d:a8:2b:15:31:0b:51:b5:ff:e0:40:79:ed:5c:
         d2:e2:c0:36:64:60:bb:7f:5f:24:15:33:c4:cb:2c:e5:49:27:
         58:a3:b5:93:84:91:28:fd:37:84:0a:57:bb:19:58:b6:3c:47:
         c0:bc:a9:24:e4:d0:7d:41:1e:9f:9d:68:4c:eb:85:d9:6d:11:
         d9:77:d5:7f:ff:47:8f:25:fe:ca:a3:58:05:9f:b2:a6:08:18:
         db:8c:4c:da:8a:6b:12:f7:4a:35:1d:f1:1a:96:a3:48:ff:a1:
         46:34:36:a9:80:46:73:cf:80:34:42:43:00:e4:48:f4:b7:da:
         39:a7:02:a0:1d:89:b7:bd:00:72:0a:18:2d:5c:fd:cd:7e:2c:
         c2:a3:b8:54:7c:0f:97:6d:1e:5c:4b:40:19:e4:65:6f:63:4f:
         5a:a0:2d:16:7c:c5:53:4b:a6:02:a4:d8:8e:a8:43:c6:1a:a8:
         40:df:08:56:68:f0:a2:78:8f:f1:67:3e:db:19:f6:fc:27:04:
         1e:19:6d:c3:3f:3d:a9:28:ce:3c:25:82:2a:83:71:12:c6:24:
         9e:b4:78:b3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjacwcpjninEpr44pG3f8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzJiOWVmZjlmMDJjN2NhYmUxOTk1YTJkYjUwOWQ4MjU4
ZDM1ZmMwHhcNMjUwMTAxMTk0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWUyYjYwYWY4YzMwNzU3YTUzMTNiZGEzZWVjY2RhNjZiMTZmNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j4XMdGx1KWkMqoXmrZ1hB4UtxG2
Y+EeKeqNiOjfcVt+aQdj0PEPT3yn9Wsk/U1pMEnB1s/kXuM0f12PKd8ubKgwDMQ0
sxp1n+W5e7ZKSdrXlkt4GhR3tPs9595NdM1NWpmi/8MpuiksqJBPQoPrd86MZ3CH
9boyHAFxvoNc+FEYUha0PDQuky6gXEi4bxlZxMNPrV3ui6846oWi/odFYOwUDDxX
wjtrIs/uZzRJz+jkTMQN7QautnoUz+WX1Dkc+pYVwB3xYSuadlA18wnNFwGqBvXI
RYrjKRwEDXYJTe30pr8ligDM6YuXU9e6oQGA40g+sgeS5niXN/1+OsywKwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLritgr4wwdXpTE72j7szaZrFvSmMB8GA1UdIwQY
MBaAFE8yue/58Cx8q+GZWi21CdgljTX8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpLNTdfbndMSHlyNFpsYUxiVUoyQ1dOTmZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8xNzJjNGUtNmY1ZC00NzVlLTliZTkt
YzQwNzNjMTNmZjdjLzEvdXVLMkN2akRCMWVsTVR2YVB1ek5wbXNXOUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8xNzJjNGUtNmY1ZC00NzVlLTliZTktYzQwNzNjMTNmZjdj
LzEvVHpLNTdfbndMSHlyNFpsYUxiVUoyQ1dOTmZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEwwDQYJ
KoZIhvcNAQELBQADggEBACac5aFfWBQhrQLMHRwIc3S56kjEmE5OZlP2ywvJl7jN
HtMLMIv2CcFNqCsVMQtRtf/gQHntXNLiwDZkYLt/XyQVM8TLLOVJJ1ijtZOEkSj9
N4QKV7sZWLY8R8C8qSTk0H1BHp+daEzrhdltEdl31X//R48l/sqjWAWfsqYIGNuM
TNqKaxL3SjUd8RqWo0j/oUY0NqmARnPPgDRCQwDkSPS32jmnAqAdibe9AHIKGC1c
/c1+LMKjuFR8D5dtHlxLQBnkZW9jT1qgLRZ8xVNLpgKk2I6oQ8YaqEDfCFZo8KJ4
j/FnPtsZ9vwnBB4ZbcM/PakozjwlgiqDcRLGJJ60eLM=
-----END CERTIFICATE-----