Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/ugpSKfU4cI4BHNBN_7iW8XaPfSI.roa
File:                     ugpSKfU4cI4BHNBN_7iW8XaPfSI.roa (raw, json)
Hash identifier:          db0tkxspHpe7xqGkGEEw5zEcWk0GCNRtkvpsh9z8Yis=
Subject key identifier:   BA:0A:52:29:F5:38:70:8E:01:1C:D0:4D:FF:B8:96:F1:76:8F:7D:22
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019997057B3A65C10FE80250B50F485344A0
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/ugpSKfU4cI4BHNBN_7iW8XaPfSI.roa
Signing time:             Mon 29 Sep 2025 19:49:02 +0000
ROA not before:           Mon 29 Sep 2025 19:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206174
IP address blocks:        2a11:45c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:97:05:7b:3a:65:c1:0f:e8:02:50:b5:0f:48:53:44:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Sep 29 19:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba0a5229f538708e011cd04dffb896f1768f7d22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:24:d7:68:ca:17:2b:7d:92:6e:5a:d4:00:07:
                    ca:7f:ce:ae:81:b1:f8:cc:60:84:8a:bb:d6:c8:56:
                    b2:47:e8:1a:fa:22:c9:4f:0e:a7:0d:a9:c8:17:d1:
                    ff:8a:b1:0f:72:93:f5:48:08:fe:a6:af:c9:e9:c6:
                    a5:d0:84:a7:af:9d:4b:c4:e4:49:ad:c1:01:b9:ee:
                    a2:63:e6:ac:ab:ec:b9:7a:2a:58:91:59:0c:c3:c4:
                    52:1b:82:23:50:49:0d:2c:3b:44:0c:31:02:9c:c2:
                    20:6a:09:17:a7:bb:e9:9c:0b:47:a1:61:c9:6b:bb:
                    3b:f4:10:d1:e7:26:dd:96:50:b8:40:88:ac:15:64:
                    e6:5e:67:d9:6d:7a:04:d8:b0:4a:81:8c:a3:1f:1c:
                    e7:22:29:29:19:7c:06:6f:a8:d3:82:b0:28:74:45:
                    35:23:99:3a:aa:4a:05:d5:e4:2e:1d:45:a4:be:21:
                    1a:f4:66:e2:7f:10:7c:53:e1:97:82:c3:d7:ef:1d:
                    a0:7f:20:79:24:71:30:43:9e:8b:cb:e2:4d:6e:e0:
                    84:ed:d7:6d:0b:f0:48:58:36:f9:22:4f:2d:85:5b:
                    a7:d0:3f:a6:15:1a:12:79:21:4d:14:20:11:fa:c5:
                    0c:10:e9:ad:64:a9:65:77:1a:02:af:4e:8a:fe:32:
                    f4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0A:52:29:F5:38:70:8E:01:1C:D0:4D:FF:B8:96:F1:76:8F:7D:22
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/ugpSKfU4cI4BHNBN_7iW8XaPfSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:45c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:a0:b9:4c:25:c0:d2:ae:66:2e:63:f7:36:a3:8a:00:fe:68:
         2e:09:93:3c:00:3f:52:30:61:2c:7d:92:48:b6:b3:cf:9e:05:
         0e:23:c1:75:9d:8e:fc:25:89:a8:5a:e0:e2:ba:69:e2:7a:7c:
         12:82:16:ea:e6:64:fa:3a:d8:9c:9d:76:5c:b1:29:3d:be:c0:
         13:ad:f0:94:27:d4:9b:26:61:6e:d5:f6:09:35:79:2f:2f:c9:
         93:3e:33:32:81:17:01:30:f5:26:36:4f:fb:10:16:2e:12:2d:
         65:fe:98:9c:ad:48:d4:dc:a0:f0:49:0d:0b:9c:01:b2:d1:b0:
         ff:9e:86:1c:1c:d1:23:6e:61:2a:09:15:82:48:c0:8a:76:66:
         ca:84:7d:c8:b8:c9:d0:7d:6d:b5:da:9f:c0:17:bf:89:9e:17:
         87:a0:1f:e9:a9:42:01:3a:0a:72:c4:01:98:f1:db:5a:e4:25:
         d0:9e:a3:ab:01:8e:65:a4:c8:27:40:41:ff:78:c9:27:92:3e:
         75:50:69:ed:ef:43:36:e7:78:a9:f2:fe:96:80:fd:a5:66:87:
         d5:0d:37:7a:16:4d:ba:e4:06:30:58:5e:d4:31:71:cf:5f:10:
         51:0e:84:30:9b:44:a3:e0:68:7f:fe:8b:64:6b:13:75:1f:61:
         e2:b1:1b:85
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmXBXs6ZcEP6AJQtQ9IU0SgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwOTI5MTk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTBhNTIyOWY1Mzg3MDhlMDExY2QwNGRmZmI4OTZmMTc2OGY3ZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6iTXaMoXK32SblrUAAfKf86ugbH4
zGCEirvWyFayR+ga+iLJTw6nDanIF9H/irEPcpP1SAj+pq/J6cal0ISnr51LxORJ
rcEBue6iY+asq+y5eipYkVkMw8RSG4IjUEkNLDtEDDECnMIgagkXp7vpnAtHoWHJ
a7s79BDR5ybdllC4QIisFWTmXmfZbXoE2LBKgYyjHxznIikpGXwGb6jTgrAodEU1
I5k6qkoF1eQuHUWkviEa9GbifxB8U+GXgsPX7x2gfyB5JHEwQ56Ly+JNbuCE7ddt
C/BIWDb5Ik8thVun0D+mFRoSeSFNFCAR+sUMEOmtZKlldxoCr06K/jL0nQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLoKUin1OHCOARzQTf+4lvF2j30iMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvdWdwU0tmVTRjSTRCSE5CTl83aVc4WGFQZlNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhFFwDAN
BgkqhkiG9w0BAQsFAAOCAQEAd6C5TCXA0q5mLmP3NqOKAP5oLgmTPAA/UjBhLH2S
SLazz54FDiPBdZ2O/CWJqFrg4rpp4np8EoIW6uZk+jrYnJ12XLEpPb7AE63wlCfU
myZhbtX2CTV5Ly/Jkz4zMoEXATD1JjZP+xAWLhItZf6YnK1I1Nyg8EkNC5wBstGw
/56GHBzRI25hKgkVgkjAinZmyoR9yLjJ0H1ttdqfwBe/iZ4Xh6Af6alCAToKcsQB
mPHbWuQl0J6jqwGOZaTIJ0BB/3jJJ5I+dVBp7e9DNud4qfL+loD9pWaH1Q03ehZN
uuQGMFhe1DFxz18QUQ6EMJtEo+Bof/6LZGsTdR9h4rEbhQ==
-----END CERTIFICATE-----