Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/USwE4wLu1iKf2bHlBGwFFjjG1vg.roa
File:                     USwE4wLu1iKf2bHlBGwFFjjG1vg.roa (raw, json)
Hash identifier:          Ey2Ue8FdBr88zEYn6fPGH7y6x0VhWBZL1dbsaxDL1Dw=
Subject key identifier:   51:2C:04:E3:02:EE:D6:22:9F:D9:B1:E5:04:6C:05:16:38:C6:D6:F8
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       01971CF9AF507571EA58163182931EC14E53
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/USwE4wLu1iKf2bHlBGwFFjjG1vg.roa
Signing time:             Thu 29 May 2025 16:56:54 +0000
ROA not before:           Thu 29 May 2025 16:56:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        2a0e:4346::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:f9:af:50:75:71:ea:58:16:31:82:93:1e:c1:4e:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: May 29 16:56:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=512c04e302eed6229fd9b1e5046c051638c6d6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:5f:ae:b6:92:10:94:09:e8:29:ff:7f:6c:ef:
                    24:a4:00:3b:c4:ce:58:a4:7c:da:93:d7:0b:47:d6:
                    d0:04:bf:0a:b0:c1:65:30:04:2e:76:f8:b5:b9:2f:
                    2e:d0:bc:e6:2d:75:09:d7:61:c4:e2:57:49:94:82:
                    f7:97:6c:59:71:a8:88:21:01:0b:d3:d6:92:29:56:
                    bd:75:1f:ff:47:55:85:47:89:bc:76:83:6d:ba:35:
                    a4:51:be:5e:93:ca:82:4a:09:be:2c:3b:63:ec:43:
                    23:8f:04:a5:12:ea:23:f8:cc:b5:0e:e5:66:c0:3f:
                    22:b7:61:d3:54:b7:3a:a5:d7:b7:aa:76:51:53:48:
                    cc:cc:81:5d:cd:3a:a0:4d:19:36:61:35:29:7d:b1:
                    b8:21:c2:ee:e6:81:fb:b9:3e:bd:cb:72:67:ce:69:
                    24:a1:1d:e0:f0:66:14:07:dd:07:e3:0b:0a:07:b2:
                    fc:96:9a:5d:87:5b:8e:15:a7:a7:05:bb:59:60:8c:
                    82:83:9d:9f:dc:3a:a5:a5:13:4e:ff:3d:1c:4c:14:
                    04:00:5e:ec:03:28:9c:68:d8:93:62:2e:7b:ce:35:
                    08:c0:49:a6:14:3b:12:50:b3:e2:f3:a6:ba:0d:d8:
                    71:5c:24:a6:5b:f1:80:1b:25:e9:42:83:e8:57:28:
                    28:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:2C:04:E3:02:EE:D6:22:9F:D9:B1:E5:04:6C:05:16:38:C6:D6:F8
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/USwE4wLu1iKf2bHlBGwFFjjG1vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4346::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:f8:79:dd:c0:ab:c7:f2:f2:b2:25:9e:b1:ba:e1:80:49:59:
         63:4b:16:50:be:45:38:fd:6c:61:3e:f0:92:2d:71:52:55:d0:
         b8:b0:af:3d:e7:a0:a3:a8:71:05:f5:93:d6:a8:b4:66:69:9b:
         5d:fb:49:63:ee:01:c9:3a:e4:2c:f4:84:71:34:43:51:f0:d5:
         35:66:87:df:c3:02:f9:99:7b:e6:f8:b8:68:3e:f3:ae:ee:9e:
         c4:0e:96:6d:f7:78:59:6a:99:a2:94:29:12:a7:a6:72:73:3d:
         98:92:1e:f0:a7:75:f7:f5:2a:e9:05:09:2c:5d:89:79:4c:1d:
         d6:20:a5:b3:ef:de:ed:b2:b2:85:d0:02:df:03:18:5e:72:8b:
         df:84:e1:56:4d:fc:94:6f:31:d5:08:b2:ca:9d:1b:7b:f3:5f:
         38:aa:66:20:b0:b9:df:83:ae:dd:46:91:b3:38:92:77:88:0f:
         30:e1:fb:0b:65:93:44:79:16:10:25:f7:22:d3:d5:ca:b3:a9:
         76:12:16:80:a5:b8:a1:c2:02:ae:57:1c:53:aa:26:66:ee:35:
         cc:51:08:f3:a2:dc:4f:64:de:a9:fb:33:2a:ff:ea:f9:d7:d1:
         08:b1:7f:ca:ca:82:f6:2a:2d:ba:cf:02:61:3b:14:d6:3c:a7:
         0e:ff:4b:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcc+a9QdXHqWBYxgpMewU5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNTI5MTY1NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTJjMDRlMzAyZWVkNjIyOWZkOWIxZTUwNDZjMDUxNjM4YzZkNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6l+utpIQlAnoKf9/bO8kpAA7xM5Y
pHzak9cLR9bQBL8KsMFlMAQudvi1uS8u0LzmLXUJ12HE4ldJlIL3l2xZcaiIIQEL
09aSKVa9dR//R1WFR4m8doNtujWkUb5ek8qCSgm+LDtj7EMjjwSlEuoj+My1DuVm
wD8it2HTVLc6pde3qnZRU0jMzIFdzTqgTRk2YTUpfbG4IcLu5oH7uT69y3Jnzmkk
oR3g8GYUB90H4wsKB7L8lppdh1uOFaenBbtZYIyCg52f3DqlpRNO/z0cTBQEAF7s
AyicaNiTYi57zjUIwEmmFDsSULPi86a6DdhxXCSmW/GAGyXpQoPoVygoswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFEsBOMC7tYin9mx5QRsBRY4xtb4MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvVVN3RTR3THUxaUtmMmJIbEJHd0ZGampHMXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5DRjAN
BgkqhkiG9w0BAQsFAAOCAQEAsfh53cCrx/LysiWesbrhgElZY0sWUL5FOP1sYT7w
ki1xUlXQuLCvPeego6hxBfWT1qi0ZmmbXftJY+4ByTrkLPSEcTRDUfDVNWaH38MC
+Zl75vi4aD7zru6exA6Wbfd4WWqZopQpEqemcnM9mJIe8Kd19/Uq6QUJLF2JeUwd
1iCls+/e7bKyhdAC3wMYXnKL34ThVk38lG8x1Qiyyp0be/NfOKpmILC534Ou3UaR
sziSd4gPMOH7C2WTRHkWECX3ItPVyrOpdhIWgKW4ocICrlccU6omZu41zFEI86Lc
T2TeqfszKv/q+dfRCLF/ysqC9iotus8CYTsU1jynDv9LwA==
-----END CERTIFICATE-----