Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/UGEidt7A5RBgDSJN2enYLor_7Sw.roa
File:                     UGEidt7A5RBgDSJN2enYLor_7Sw.roa (raw, json)
Hash identifier:          Ot0TYYvqctoOalqMeGcLH0JJ7jIcv187XU8D5PJV2GY=
Subject key identifier:   50:61:22:76:DE:C0:E5:10:60:0D:22:4D:D9:E9:D8:2E:8A:FF:ED:2C
Certificate issuer:       /CN=64d4e8723450d0a710c32d90ffea18529104e538
Certificate serial:       019672349390B3562C10F3A269506AB1971A
Authority key identifier: 64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/UGEidt7A5RBgDSJN2enYLor_7Sw.roa
Signing time:             Sat 26 Apr 2025 13:06:10 +0000
ROA not before:           Sat 26 Apr 2025 13:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59729
IP address blocks:        176.103.62.0/23 maxlen: 23
                          2a13:f580:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 16:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:72:34:93:90:b3:56:2c:10:f3:a2:69:50:6a:b1:97:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d4e8723450d0a710c32d90ffea18529104e538
        Validity
            Not Before: Apr 26 13:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50612276dec0e510600d224dd9e9d82e8affed2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:58:5a:d0:10:d0:ba:b4:53:ec:14:98:2d:9c:
                    27:12:aa:0c:05:d3:7e:97:6e:6f:57:c5:21:5a:8c:
                    3f:96:31:25:84:7c:93:9c:7b:95:29:aa:17:c7:36:
                    17:6f:64:0c:f4:ad:9a:83:ec:24:f9:22:96:06:7c:
                    4c:e7:a2:13:cc:e2:39:f1:3e:be:b2:7d:98:1b:96:
                    21:4d:42:60:38:74:29:24:e2:52:e8:81:30:c8:4f:
                    65:99:b2:b9:53:3a:a8:0f:42:df:be:35:c2:37:3c:
                    65:32:76:ed:74:b8:f6:b2:3a:8b:1b:3b:71:a7:21:
                    26:19:1d:b8:44:9f:b5:12:86:0e:cc:e3:35:8c:49:
                    a2:51:1f:ab:3d:33:ab:b3:07:1b:67:23:51:eb:22:
                    52:b6:86:8d:2e:75:61:92:13:ae:35:8e:97:4e:66:
                    84:1c:4d:34:0c:57:fc:9f:ae:bc:3a:08:6f:f1:2a:
                    ce:b6:f4:6f:ea:a5:05:0b:56:cc:b3:2c:b0:a5:36:
                    5c:99:d9:57:a3:8c:9a:16:9b:96:cd:26:07:7c:dc:
                    ac:d5:47:35:71:7c:b0:a3:cf:4c:d5:f1:f0:03:e7:
                    a3:33:bf:51:29:6a:f0:d1:43:a3:21:8a:fb:72:02:
                    07:63:ce:47:30:4a:c1:1c:cb:a0:bf:fc:19:a6:a9:
                    81:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:61:22:76:DE:C0:E5:10:60:0D:22:4D:D9:E9:D8:2E:8A:FF:ED:2C
            X509v3 Authority Key Identifier:
                keyid:64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/UGEidt7A5RBgDSJN2enYLor_7Sw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.62.0/23
                IPv6:
                  2a13:f580:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:e0:21:43:f8:27:e4:02:60:a4:94:ed:71:f6:80:62:bf:0f:
         0e:0c:00:61:0c:38:56:f4:e0:22:b4:e1:49:3b:4d:0c:be:1e:
         be:19:75:76:9f:1a:9c:d2:31:ac:00:94:63:2a:e7:3c:f1:77:
         29:8e:e8:27:9e:db:f4:12:4e:0d:fb:78:9b:a5:84:db:fe:6f:
         bf:5a:a1:9e:0e:d7:36:4e:e5:1d:37:32:69:9a:7a:3b:e5:5b:
         24:b4:cc:f4:f5:75:45:03:3d:b7:8b:10:18:3f:33:e6:a0:57:
         6c:dc:20:d1:f6:70:c8:9c:a3:3a:5f:e5:78:cb:71:7e:8a:bb:
         12:2c:45:16:d2:bc:f8:b5:b9:0a:63:21:8d:87:e3:9b:9d:04:
         43:70:45:90:20:3f:d9:35:24:92:6a:61:54:54:2f:38:92:cd:
         fb:bb:f5:a9:cb:55:eb:5f:75:10:b8:06:f8:4b:8d:10:c8:79:
         19:05:08:60:39:2c:64:24:e1:6b:3f:6b:e0:7c:2f:e2:bb:b9:
         83:3a:e4:a2:f4:a6:88:b0:7c:c8:2a:e0:db:9a:46:a1:38:68:
         ce:b2:25:38:b5:ed:8b:97:3d:41:7c:e5:d4:7b:3f:32:58:ac:
         27:07:5d:2f:ab:a4:ef:a0:1f:fa:39:d5:0b:48:92:a8:ef:57:
         1d:cb:bc:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZZyNJOQs1YsEPOiaVBqsZcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDRlODcyMzQ1MGQwYTcxMGMzMmQ5MGZmZWExODUyOTEw
NGU1MzgwHhcNMjUwNDI2MTMwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDYxMjI3NmRlYzBlNTEwNjAwZDIyNGRkOWU5ZDgyZThhZmZlZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolha0BDQurRT7BSYLZwnEqoMBdN+
l25vV8UhWow/ljElhHyTnHuVKaoXxzYXb2QM9K2ag+wk+SKWBnxM56ITzOI58T6+
sn2YG5YhTUJgOHQpJOJS6IEwyE9lmbK5UzqoD0LfvjXCNzxlMnbtdLj2sjqLGztx
pyEmGR24RJ+1EoYOzOM1jEmiUR+rPTOrswcbZyNR6yJStoaNLnVhkhOuNY6XTmaE
HE00DFf8n668Oghv8SrOtvRv6qUFC1bMsyywpTZcmdlXo4yaFpuWzSYHfNys1Uc1
cXywo89M1fHwA+ejM79RKWrw0UOjIYr7cgIHY85HMErBHMugv/wZpqmBWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFBhInbewOUQYA0iTdnp2C6K/+0sMB8GA1UdIwQY
MBaAFGTU6HI0UNCnEMMtkP/qGFKRBOU4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzIt
NDIyYWVkM2E3NzAyLzEvVUdFaWR0N0E1UkJnRFNKTjJlbllMb3JfN1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzItNDIyYWVkM2E3NzAy
LzEvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBsGc+MA8E
AgACMAkDBwAqE/WAAAIwDQYJKoZIhvcNAQELBQADggEBAF3gIUP4J+QCYKSU7XH2
gGK/Dw4MAGEMOFb04CK04Uk7TQy+Hr4ZdXafGpzSMawAlGMq5zzxdymO6Cee2/QS
Tg37eJulhNv+b79aoZ4O1zZO5R03MmmaejvlWyS0zPT1dUUDPbeLEBg/M+agV2zc
INH2cMicozpf5XjLcX6KuxIsRRbSvPi1uQpjIY2H45udBENwRZAgP9k1JJJqYVRU
LziSzfu79anLVetfdRC4BvhLjRDIeRkFCGA5LGQk4Ws/a+B8L+K7uYM65KL0poiw
fMgq4NuaRqE4aM6yJTi17YuXPUF85dR7PzJYrCcHXS+rpO+gH/o51QtIkqjvVx3L
vIw=
-----END CERTIFICATE-----