Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/ujnQqcYkw8DTp3TTHKzAXwe78Ws.roa
File:                     ujnQqcYkw8DTp3TTHKzAXwe78Ws.roa (raw, json)
Hash identifier:          wFM6YX8J+HgwhH7ugAfhLxZTumTN8/lCEBbdI40glto=
Subject key identifier:   BA:39:D0:A9:C6:24:C3:C0:D3:A7:74:D3:1C:AC:C0:5F:07:BB:F1:6B
Certificate issuer:       /CN=ae4ad2d4b0b7330e4a9b5afa11a6198fcb651bf7
Certificate serial:       019875B00E67C7A60F620F43527BD1C21BE6
Authority key identifier: AE:4A:D2:D4:B0:B7:33:0E:4A:9B:5A:FA:11:A6:19:8F:CB:65:1B:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/ujnQqcYkw8DTp3TTHKzAXwe78Ws.roa
Signing time:             Mon 04 Aug 2025 15:25:28 +0000
ROA not before:           Mon 04 Aug 2025 15:25:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        2a05:8e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:b0:0e:67:c7:a6:0f:62:0f:43:52:7b:d1:c2:1b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae4ad2d4b0b7330e4a9b5afa11a6198fcb651bf7
        Validity
            Not Before: Aug  4 15:25:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba39d0a9c624c3c0d3a774d31cacc05f07bbf16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6d:0e:99:8f:4b:90:b7:2f:b3:d8:95:b7:c9:
                    a6:8e:22:24:1d:0c:f6:05:50:f8:28:de:66:a2:f4:
                    c2:c4:59:e2:c3:29:d3:e0:25:3d:61:be:2f:f3:83:
                    7a:5b:fa:ad:54:ea:40:8e:20:e9:e2:c1:40:7d:60:
                    8b:4e:ee:23:63:e0:eb:a4:a5:ce:52:33:6a:6e:50:
                    ce:2d:6e:ef:69:cd:d8:73:80:2b:f1:a1:ee:d5:35:
                    d7:e4:b2:33:fd:ea:72:a6:f1:d3:0b:af:99:be:1a:
                    4b:3c:ef:3b:fa:62:f7:93:7e:84:2f:dd:f2:68:b1:
                    9e:b3:d1:93:7b:fc:45:b3:9c:0d:75:e5:c7:7e:35:
                    a5:d5:89:d4:7a:39:75:28:43:5a:99:43:c0:e7:5b:
                    a8:97:29:60:b4:29:a6:79:95:9d:d2:89:0c:fb:8d:
                    0e:05:6a:ef:61:d8:05:b8:50:5e:4d:fc:92:bb:46:
                    d7:03:64:c3:45:9c:8b:4a:12:a0:f4:f1:02:22:60:
                    35:20:34:f0:10:bd:72:c1:0c:40:4c:b3:da:3c:36:
                    f8:30:d1:9e:69:ee:3f:30:d0:80:97:22:9d:8c:36:
                    89:a6:35:6c:b4:ae:b3:e9:5b:cb:f7:e4:ed:1c:3d:
                    15:19:cc:bd:fc:aa:0d:ca:71:40:ea:13:09:75:0b:
                    3b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:39:D0:A9:C6:24:C3:C0:D3:A7:74:D3:1C:AC:C0:5F:07:BB:F1:6B
            X509v3 Authority Key Identifier:
                keyid:AE:4A:D2:D4:B0:B7:33:0E:4A:9B:5A:FA:11:A6:19:8F:CB:65:1B:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/ujnQqcYkw8DTp3TTHKzAXwe78Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:4b:77:85:1a:b5:e6:21:b2:2f:d2:45:7e:f7:31:f7:b9:28:
         a1:c7:11:4d:ab:22:71:f7:f3:72:61:ff:8c:54:bf:da:52:a0:
         b9:d1:14:c9:54:e2:26:37:fe:67:b0:a0:6f:b1:38:e5:8c:52:
         5f:20:3c:da:4a:ce:65:bb:bf:19:99:9d:24:50:4e:09:84:b6:
         3c:86:9e:3e:3b:78:46:7d:c8:b4:b9:a6:84:d7:91:55:cd:3e:
         54:46:21:0b:a9:b8:7e:cc:e1:82:3c:f3:5a:f8:40:8a:73:af:
         7e:32:50:f8:ba:30:24:22:7d:b1:2a:67:9d:c2:65:e5:ad:ba:
         86:3f:65:c9:5c:4b:42:70:2b:48:ac:e4:06:38:a3:15:cc:38:
         b7:a9:74:ca:13:d7:8e:2e:6e:3b:20:48:16:f7:fa:9e:53:54:
         20:e9:1d:69:c0:9f:7f:8a:40:9a:59:20:7d:54:7e:12:dd:83:
         b0:f9:20:7f:26:fc:6b:ea:c2:a3:d5:17:3f:12:4f:30:5d:74:
         19:7d:82:09:5a:0e:38:16:c2:c7:93:2e:dd:15:d8:bc:27:52:
         55:93:00:db:07:3f:e9:c7:0b:4f:f8:41:26:7d:d3:29:4f:b4:
         8a:fa:2a:a3:7b:e8:15:2b:7d:94:42:fc:6c:d1:f9:6d:ee:69:
         1c:55:57:67
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZh1sA5nx6YPYg9DUnvRwhvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNGFkMmQ0YjBiNzMzMGU0YTliNWFmYTExYTYxOThmY2I2
NTFiZjcwHhcNMjUwODA0MTUyNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTM5ZDBhOWM2MjRjM2MwZDNhNzc0ZDMxY2FjYzA1ZjA3YmJmMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum0OmY9LkLcvs9iVt8mmjiIkHQz2
BVD4KN5movTCxFniwynT4CU9Yb4v84N6W/qtVOpAjiDp4sFAfWCLTu4jY+DrpKXO
UjNqblDOLW7vac3Yc4Ar8aHu1TXX5LIz/epypvHTC6+ZvhpLPO87+mL3k36EL93y
aLGes9GTe/xFs5wNdeXHfjWl1YnUejl1KENamUPA51uolylgtCmmeZWd0okM+40O
BWrvYdgFuFBeTfySu0bXA2TDRZyLShKg9PECImA1IDTwEL1ywQxATLPaPDb4MNGe
ae4/MNCAlyKdjDaJpjVstK6z6VvL9+TtHD0VGcy9/KoNynFA6hMJdQs71wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLo50KnGJMPA06d00xyswF8Hu/FrMB8GA1UdIwQY
MBaAFK5K0tSwtzMOSpta+hGmGY/LZRv3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmtyUzFMQzNNdzVLbTFyNkVhWVpqOHRsR19jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy85YzhlNTktYWZkZi00MmE2LTgwZDct
OGE5NjY3ZDc2MmE1LzEvdWpuUXFjWWt3OERUcDNUVEhLekFYd2U3OFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy85YzhlNTktYWZkZi00MmE2LTgwZDctOGE5NjY3ZDc2MmE1
LzEvcmtyUzFMQzNNdzVLbTFyNkVhWVpqOHRsR19jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgWOgDAN
BgkqhkiG9w0BAQsFAAOCAQEAKEt3hRq15iGyL9JFfvcx97kooccRTasicffzcmH/
jFS/2lKgudEUyVTiJjf+Z7Cgb7E45YxSXyA82krOZbu/GZmdJFBOCYS2PIaePjt4
Rn3ItLmmhNeRVc0+VEYhC6m4fszhgjzzWvhAinOvfjJQ+LowJCJ9sSpnncJl5a26
hj9lyVxLQnArSKzkBjijFcw4t6l0yhPXji5uOyBIFvf6nlNUIOkdacCff4pAmlkg
fVR+Et2DsPkgfyb8a+rCo9UXPxJPMF10GX2CCVoOOBbCx5Mu3RXYvCdSVZMA2wc/
6ccLT/hBJn3TKU+0ivoqo3voFSt9lEL8bNH5be5pHFVXZw==
-----END CERTIFICATE-----