Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/UtFNVFUJ7GBINstaRtrKf70y5QQ.roa
File:                     UtFNVFUJ7GBINstaRtrKf70y5QQ.roa (raw, json)
Hash identifier:          J3htDOGoNbFTYG4677s80h2F8nTfWvNlcL+CigE4XzQ=
Subject key identifier:   52:D1:4D:54:55:09:EC:60:48:36:CB:5A:46:DA:CA:7F:BD:32:E5:04
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019A2F5975304C6EB12164EFAAE3561B5FAF
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/UtFNVFUJ7GBINstaRtrKf70y5QQ.roa
Signing time:             Wed 29 Oct 2025 09:43:03 +0000
ROA not before:           Wed 29 Oct 2025 09:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204687
IP address blocks:        2a00:7d80:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:59:75:30:4c:6e:b1:21:64:ef:aa:e3:56:1b:5f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct 29 09:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52d14d545509ec604836cb5a46daca7fbd32e504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ee:d9:e2:d7:5c:cf:9d:ff:81:07:25:ed:1b:
                    47:9b:1b:60:87:7a:e8:1e:fd:36:d1:c3:4a:23:b9:
                    b9:67:60:8e:14:42:0b:d5:10:8f:78:9e:78:e0:84:
                    c7:e3:79:c0:be:95:d7:bf:fd:41:a7:c4:f9:77:ca:
                    09:74:a3:f9:7b:cc:bd:95:59:74:51:d7:c7:90:2c:
                    98:df:9b:63:09:1f:d9:c1:6b:ee:d4:ee:10:75:2c:
                    58:47:f1:06:f6:29:7f:65:03:79:db:3d:db:ef:9c:
                    91:e3:fa:11:d6:f4:ea:6c:11:90:79:08:96:42:80:
                    f7:2d:ef:2d:91:52:2a:81:5c:d3:32:12:ff:19:b0:
                    03:0a:5a:da:c1:16:4f:e1:23:b4:3f:9f:3e:a7:e1:
                    4e:5c:9f:62:80:0b:bd:cd:f7:62:a7:8f:31:f7:60:
                    ab:52:e5:75:56:83:a3:60:0b:61:fd:d1:7c:a6:6d:
                    ed:cf:fc:da:8f:da:16:09:1a:df:06:99:ae:a1:37:
                    2d:df:28:22:f4:7d:a6:96:19:23:03:34:57:e4:ad:
                    9b:e8:14:a3:68:02:30:db:1a:40:71:6c:9e:83:aa:
                    d1:20:31:3b:eb:5a:cb:09:91:9a:3e:ff:fa:6b:66:
                    f5:5d:1e:51:09:3e:a0:c0:0d:24:75:1a:c4:8f:0b:
                    10:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D1:4D:54:55:09:EC:60:48:36:CB:5A:46:DA:CA:7F:BD:32:E5:04
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/UtFNVFUJ7GBINstaRtrKf70y5QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7d80:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:06:26:27:cf:4c:11:ee:55:60:e3:e9:61:98:71:5a:5c:9b:
         96:62:9d:5c:61:b8:59:bc:9b:4a:6b:fe:f5:62:a6:3c:f9:aa:
         1d:8a:f2:30:81:b6:34:cc:aa:76:bb:c9:12:8e:12:2b:9d:b7:
         dc:30:33:9e:a3:e4:ae:ef:31:11:fc:5a:0e:53:4e:40:3d:9d:
         b4:8a:01:ac:c1:34:08:f3:77:c4:be:cd:50:65:3e:1e:85:c9:
         f1:ad:86:01:d1:43:4e:7d:5d:5e:c4:7a:cf:a0:23:cd:a6:10:
         6e:0c:aa:fc:0d:1d:37:29:96:95:50:6e:dd:d9:bb:f5:80:a0:
         11:e1:2e:61:12:8c:13:86:dd:92:4a:6a:58:06:45:30:96:ed:
         7e:ba:ee:4d:6d:9b:5c:d7:5a:c7:6f:f3:3a:89:51:37:09:28:
         e1:8f:fd:92:08:35:24:e5:98:57:ff:a1:57:61:26:a7:43:c2:
         99:b5:61:83:8a:79:01:2e:4c:11:44:a6:03:66:c1:07:8c:07:
         33:22:4e:a1:4b:d9:96:f5:b0:34:0c:40:b7:d7:aa:65:0c:c9:
         ce:69:d8:5d:ce:0e:cf:c3:2c:e2:97:c2:c3:73:4b:e6:34:d5:
         d1:8f:11:62:09:a4:75:97:8d:76:c0:f0:bd:2c:f0:e9:11:fc:
         31:fa:77:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZovWXUwTG6xIWTvquNWG1+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUxMDI5MDk0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQxNGQ1NDU1MDllYzYwNDgzNmNiNWE0NmRhY2E3ZmJkMzJlNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu7Z4tdcz53/gQcl7RtHmxtgh3ro
Hv020cNKI7m5Z2COFEIL1RCPeJ544ITH43nAvpXXv/1Bp8T5d8oJdKP5e8y9lVl0
UdfHkCyY35tjCR/ZwWvu1O4QdSxYR/EG9il/ZQN52z3b75yR4/oR1vTqbBGQeQiW
QoD3Le8tkVIqgVzTMhL/GbADClrawRZP4SO0P58+p+FOXJ9igAu9zfdip48x92Cr
UuV1VoOjYAth/dF8pm3tz/zaj9oWCRrfBpmuoTct3ygi9H2mlhkjAzRX5K2b6BSj
aAIw2xpAcWyeg6rRIDE761rLCZGaPv/6a2b1XR5RCT6gwA0kdRrEjwsQ8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFLRTVRVCexgSDbLWkbayn+9MuUEMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvVXRGTlZGVUo3R0JJTnN0YVJ0cktmNzB5NVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgB9gAAS
MA0GCSqGSIb3DQEBCwUAA4IBAQCgBiYnz0wR7lVg4+lhmHFaXJuWYp1cYbhZvJtK
a/71YqY8+aodivIwgbY0zKp2u8kSjhIrnbfcMDOeo+Su7zER/FoOU05APZ20igGs
wTQI83fEvs1QZT4ehcnxrYYB0UNOfV1exHrPoCPNphBuDKr8DR03KZaVUG7d2bv1
gKAR4S5hEowTht2SSmpYBkUwlu1+uu5NbZtc11rHb/M6iVE3CSjhj/2SCDUk5ZhX
/6FXYSanQ8KZtWGDinkBLkwRRKYDZsEHjAczIk6hS9mW9bA0DEC316plDMnOadhd
zg7Pwyzil8LDc0vmNNXRjxFiCaR1l412wPC9LPDpEfwx+ndb
-----END CERTIFICATE-----