Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/uqLYyX7fpTti8-AF-6r_j-EcjDY.roa
File:                     uqLYyX7fpTti8-AF-6r_j-EcjDY.roa (raw, json)
Hash identifier:          UbDlJKnkkpKS4MFq+3EvkRXJ4h5CCs/Q6DUr0IXogUA=
Subject key identifier:   BA:A2:D8:C9:7E:DF:A5:3B:62:F3:E0:05:FB:AA:FF:8F:E1:1C:8C:36
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       01967A977CFD9D9B48E716E15B224B11E5F1
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/uqLYyX7fpTti8-AF-6r_j-EcjDY.roa
Signing time:             Mon 28 Apr 2025 04:11:10 +0000
ROA not before:           Mon 28 Apr 2025 04:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60445
IP address blocks:        2a12:f8c2:600::/40 maxlen: 40
                          2a12:f8c3:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7a:97:7c:fd:9d:9b:48:e7:16:e1:5b:22:4b:11:e5:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Apr 28 04:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=baa2d8c97edfa53b62f3e005fbaaff8fe11c8c36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0c:ec:44:18:6f:15:f7:88:4f:39:8c:c2:99:
                    ee:41:99:b9:07:70:b3:7a:41:b5:48:a5:b9:fe:79:
                    0f:ba:c0:84:8f:8e:08:13:fa:22:b9:3f:07:b7:a2:
                    3b:6b:04:de:dd:fa:02:88:19:7a:c2:cc:8f:85:3c:
                    d5:39:e5:d9:d3:5f:46:50:61:bd:00:1c:62:96:e2:
                    c6:63:4e:0c:5d:f8:5e:60:35:22:80:48:61:2d:73:
                    9f:87:38:e1:fa:fd:10:c3:97:f5:52:64:85:00:d4:
                    fc:fb:e9:ed:76:20:54:82:be:f6:e1:6a:24:6e:a1:
                    c9:9f:f4:98:2a:62:10:74:c1:82:44:77:ea:93:73:
                    da:bb:38:e9:be:c5:6e:f3:6b:1c:7c:e5:cc:57:d8:
                    52:1f:26:f6:46:9f:db:65:3a:d4:5d:be:99:8e:af:
                    72:24:09:f7:ff:3f:aa:b2:33:1d:9c:24:bc:80:3a:
                    f9:a7:fb:1f:85:50:d0:57:51:1e:50:98:1d:b0:c2:
                    25:04:a9:63:14:65:31:40:8e:cf:cd:44:b7:ed:1d:
                    85:40:11:04:20:5e:b5:6c:f0:96:3f:d7:b0:c4:e2:
                    07:52:c0:2b:19:a1:1e:c2:3e:f7:d7:3f:7f:37:8c:
                    6e:86:98:dc:6b:9c:98:87:20:a8:39:2a:e1:f5:28:
                    7a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A2:D8:C9:7E:DF:A5:3B:62:F3:E0:05:FB:AA:FF:8F:E1:1C:8C:36
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/uqLYyX7fpTti8-AF-6r_j-EcjDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c2:600::/40
                  2a12:f8c3:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a8:8d:b3:73:d5:a4:c6:b8:bf:04:2e:82:db:47:5b:f3:ec:67:
         bf:3b:b2:8b:1b:81:07:e3:b8:ea:13:d3:36:1d:e0:9b:f3:be:
         b1:d3:4a:d0:51:39:32:5c:2c:5b:fa:df:ca:1c:c7:d0:d7:53:
         d0:5e:f7:b2:c6:4c:4b:07:eb:0e:73:20:85:74:f8:04:5a:a9:
         23:89:fb:74:74:60:a7:49:27:07:9c:3b:47:a6:82:7f:57:e1:
         e8:5c:87:96:ac:bf:c2:95:d9:30:af:7b:22:0c:3a:04:04:3a:
         82:75:dc:61:17:3d:e2:ee:2c:df:00:29:4d:02:06:c5:da:e6:
         68:49:28:3f:44:59:87:2d:64:ca:f9:2e:e9:55:c2:71:22:87:
         be:0d:22:41:6a:d1:3d:83:77:10:b2:d3:1c:1f:3a:41:37:54:
         60:9e:2d:b5:f0:96:62:da:6b:30:a5:58:da:c4:39:d9:0c:de:
         15:06:12:9c:43:b6:24:01:c8:2c:6e:32:82:6a:45:f6:6c:9a:
         62:c3:4f:9a:6b:5f:43:11:e0:40:be:11:dc:ae:e7:0e:35:cd:
         3d:55:b3:0d:2d:38:cb:a6:ec:eb:a4:4d:03:ea:fa:94:78:ce:
         30:98:f3:0a:5d:1d:44:5a:09:16:52:a3:ea:f1:d9:b8:67:00:
         26:bd:ca:03
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZZ6l3z9nZtI5xbhWyJLEeXxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwNDI4MDQxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWEyZDhjOTdlZGZhNTNiNjJmM2UwMDVmYmFhZmY4ZmUxMWM4YzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswzsRBhvFfeITzmMwpnuQZm5B3Cz
ekG1SKW5/nkPusCEj44IE/oiuT8Ht6I7awTe3foCiBl6wsyPhTzVOeXZ019GUGG9
ABxiluLGY04MXfheYDUigEhhLXOfhzjh+v0Qw5f1UmSFANT8++ntdiBUgr724Wok
bqHJn/SYKmIQdMGCRHfqk3PauzjpvsVu82scfOXMV9hSHyb2Rp/bZTrUXb6Zjq9y
JAn3/z+qsjMdnCS8gDr5p/sfhVDQV1EeUJgdsMIlBKljFGUxQI7PzUS37R2FQBEE
IF61bPCWP9ewxOIHUsArGaEewj731z9/N4xuhpjca5yYhyCoOSrh9Sh6LwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFLqi2Ml+36U7YvPgBfuq/4/hHIw2MB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvdXFMWXlYN2ZwVHRpOC1BRi02cl9qLUVjakRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhL4wgYD
BgQqEvjDIDANBgkqhkiG9w0BAQsFAAOCAQEAqI2zc9Wkxri/BC6C20db8+xnvzuy
ixuBB+O46hPTNh3gm/O+sdNK0FE5MlwsW/rfyhzH0NdT0F73ssZMSwfrDnMghXT4
BFqpI4n7dHRgp0knB5w7R6aCf1fh6FyHlqy/wpXZMK97Igw6BAQ6gnXcYRc94u4s
3wApTQIGxdrmaEkoP0RZhy1kyvku6VXCcSKHvg0iQWrRPYN3ELLTHB86QTdUYJ4t
tfCWYtprMKVY2sQ52QzeFQYSnEO2JAHILG4ygmpF9myaYsNPmmtfQxHgQL4R3K7n
DjXNPVWzDS04y6bs66RNA+r6lHjOMJjzCl0dRFoJFlKj6vHZuGcAJr3KAw==
-----END CERTIFICATE-----