Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/UVAz1jDT3iVOFvSm2qO2EdM6DgI.roa
File:                     UVAz1jDT3iVOFvSm2qO2EdM6DgI.roa (raw, json)
Hash identifier:          BgGgY29/jzHM3rW+5X9NXDmgQhNrFZgHRGbC0+SNOiA=
Subject key identifier:   51:50:33:D6:30:D3:DE:25:4E:16:F4:A6:DA:A3:B6:11:D3:3A:0E:02
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019957A1F412CE731C34721B6C9E81B3467F
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/UVAz1jDT3iVOFvSm2qO2EdM6DgI.roa
Signing time:             Wed 17 Sep 2025 12:24:15 +0000
ROA not before:           Wed 17 Sep 2025 12:24:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209763
IP address blocks:        2a11:8945::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:57:a1:f4:12:ce:73:1c:34:72:1b:6c:9e:81:b3:46:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep 17 12:24:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=515033d630d3de254e16f4a6daa3b611d33a0e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1e:9d:db:cd:b5:3b:c5:bf:e3:af:87:7d:6d:
                    8a:71:e2:26:b7:d1:ef:5c:70:05:f8:7c:bf:94:79:
                    47:27:c0:c6:35:47:30:04:bc:ee:95:21:38:5b:11:
                    64:9b:35:de:43:dc:8d:6d:9f:ce:0f:71:b1:8e:2f:
                    2f:46:69:4a:f5:4b:1e:a8:56:25:27:1d:c1:67:19:
                    81:c6:8e:a7:c1:ad:a4:55:5f:4a:2e:d2:c0:b4:99:
                    ca:59:ad:65:23:b9:61:77:9e:a1:8e:94:8a:a5:f0:
                    86:a3:24:72:f9:39:6b:92:dc:42:f9:96:7f:09:e3:
                    99:4a:ee:ee:df:0a:cb:28:5d:c2:05:1d:8d:73:1a:
                    be:1b:62:33:db:9e:ab:d9:0b:d6:21:a6:d5:9c:41:
                    f5:7c:c6:ed:a9:91:56:af:88:90:a5:f2:0c:1e:6f:
                    03:09:4a:6d:5c:0d:2e:2b:9d:01:b6:15:6f:e4:12:
                    ab:d6:82:fb:a7:6e:91:f8:5c:7a:f8:ce:1c:5c:22:
                    ad:54:d4:28:be:64:da:d7:89:dc:27:3e:99:f1:b8:
                    16:bf:87:18:46:c0:24:41:de:29:39:b7:e7:0a:c2:
                    b3:67:e5:76:09:41:4e:b8:e7:5d:43:a7:45:e0:98:
                    d4:f8:6e:0b:72:92:e8:53:68:41:7b:19:4e:0e:d2:
                    31:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:50:33:D6:30:D3:DE:25:4E:16:F4:A6:DA:A3:B6:11:D3:3A:0E:02
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/UVAz1jDT3iVOFvSm2qO2EdM6DgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8945::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:28:87:b5:55:67:6b:08:be:99:0e:33:f2:e7:ac:8e:da:23:
         67:70:74:09:8e:3a:e8:3c:65:46:64:b0:92:35:c8:60:8b:d0:
         81:ca:5b:60:06:76:7c:6c:8c:e8:71:77:8c:1c:35:c3:08:df:
         ee:17:51:c3:6b:49:50:74:c1:17:4e:72:60:9d:b0:6f:df:9e:
         ea:c8:76:2d:76:15:c3:d2:d7:63:1f:00:de:26:a0:1f:0a:1f:
         e3:ac:17:a0:52:f5:0d:cd:f1:d2:53:03:59:91:b0:b8:0e:0e:
         4c:00:5f:85:6d:90:e3:de:f9:af:28:2d:5c:c2:c0:91:eb:74:
         c0:cd:04:5a:49:8f:52:f1:2c:9f:3a:f1:9f:73:2c:ff:d2:2c:
         f9:fc:da:ee:da:d5:82:1f:e1:28:10:e9:15:b0:c6:a0:7c:e6:
         35:7c:39:a8:ac:8b:cc:91:ca:44:90:45:72:3c:cc:55:0a:17:
         59:b0:da:fb:8e:16:e8:56:bb:c4:0f:b6:c9:c5:75:a3:d3:13:
         71:e4:bf:b3:d1:79:77:cd:01:97:b3:59:64:37:2a:0e:51:3b:
         e4:48:bc:de:06:fe:8d:75:71:5c:c4:de:17:85:2c:16:51:0b:
         bc:db:c8:4b:75:6c:86:c6:f8:57:b7:02:2c:c9:44:7e:c9:09:
         55:8f:bc:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlXofQSznMcNHIbbJ6Bs0Z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTE3MTIyNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTUwMzNkNjMwZDNkZTI1NGUxNmY0YTZkYWEzYjYxMWQzM2EwZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB6d2821O8W/46+HfW2KceImt9Hv
XHAF+Hy/lHlHJ8DGNUcwBLzulSE4WxFkmzXeQ9yNbZ/OD3Gxji8vRmlK9UseqFYl
Jx3BZxmBxo6nwa2kVV9KLtLAtJnKWa1lI7lhd56hjpSKpfCGoyRy+TlrktxC+ZZ/
CeOZSu7u3wrLKF3CBR2Ncxq+G2Iz256r2QvWIabVnEH1fMbtqZFWr4iQpfIMHm8D
CUptXA0uK50BthVv5BKr1oL7p26R+Fx6+M4cXCKtVNQovmTa14ncJz6Z8bgWv4cY
RsAkQd4pObfnCsKzZ+V2CUFOuOddQ6dF4JjU+G4LcpLoU2hBexlODtIxMQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFFQM9Yw094lThb0ptqjthHTOg4CMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvVVZBejFqRFQzaVZPRnZTbTJxTzJFZE02RGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGJRTAN
BgkqhkiG9w0BAQsFAAOCAQEAUyiHtVVnawi+mQ4z8uesjtojZ3B0CY466DxlRmSw
kjXIYIvQgcpbYAZ2fGyM6HF3jBw1wwjf7hdRw2tJUHTBF05yYJ2wb9+e6sh2LXYV
w9LXYx8A3iagHwof46wXoFL1Dc3x0lMDWZGwuA4OTABfhW2Q4975rygtXMLAket0
wM0EWkmPUvEsnzrxn3Ms/9Is+fza7trVgh/hKBDpFbDGoHzmNXw5qKyLzJHKRJBF
cjzMVQoXWbDa+44W6Fa7xA+2ycV1o9MTceS/s9F5d80Bl7NZZDcqDlE75Ei83gb+
jXVxXMTeF4UsFlELvNvIS3Vshsb4V7cCLMlEfskJVY+8bQ==
-----END CERTIFICATE-----