Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/wUhuDMSsBwbclPWnAiFhijhk7qY.roa
File:                     wUhuDMSsBwbclPWnAiFhijhk7qY.roa (raw, json)
Hash identifier:          q7eZn2UzqXEGHVmt/34LCyZFoshnRxuQaC2DK2NKxpI=
Subject key identifier:   C1:48:6E:0C:C4:AC:07:06:DC:94:F5:A7:02:21:61:8A:38:64:EE:A6
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       0196AA8CB632522810D4B05B4216DF67ACFC
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/wUhuDMSsBwbclPWnAiFhijhk7qY.roa
Signing time:             Wed 07 May 2025 11:41:10 +0000
ROA not before:           Wed 07 May 2025 11:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        2a11:68c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:aa:8c:b6:32:52:28:10:d4:b0:5b:42:16:df:67:ac:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: May  7 11:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1486e0cc4ac0706dc94f5a70221618a3864eea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:92:94:2e:51:12:85:c9:36:47:2e:b4:03:49:
                    f3:6b:95:f5:a4:02:54:3e:7a:0d:b3:8f:02:f0:00:
                    d6:07:45:93:3f:36:92:af:27:8e:98:d3:c5:4b:b5:
                    1b:dd:bc:65:3c:20:2f:7f:2a:33:35:3c:d3:5a:c2:
                    9a:88:bd:48:c2:45:3b:0e:25:20:11:55:c4:79:4d:
                    53:2f:72:2f:2c:f6:62:24:cf:38:ea:df:50:cb:b1:
                    33:9b:ac:ab:23:43:a0:70:f3:8b:5c:14:3b:83:6a:
                    b6:b3:b8:82:e2:3b:56:a9:f8:3d:0c:b6:4e:13:a0:
                    79:20:1e:41:8a:48:90:03:c7:82:07:33:6d:20:2b:
                    a5:91:57:be:85:23:87:3b:7b:87:bb:ba:78:f4:e7:
                    ce:91:08:d5:e8:9e:ca:5e:67:da:00:b0:12:6c:9f:
                    24:cf:ab:46:74:97:64:d7:46:de:6f:d7:d7:e7:d6:
                    2f:82:ae:84:26:3d:60:b2:30:b4:05:76:93:97:4e:
                    da:1e:22:19:d4:e4:b7:0e:13:f1:4c:d8:af:f0:03:
                    26:0e:ce:b1:8b:f2:3e:6f:da:e6:57:d7:77:6a:5c:
                    df:08:ab:64:ce:25:e7:7a:e7:af:db:f4:9a:0c:08:
                    b9:b7:86:12:5e:7a:79:4c:39:af:1b:66:a6:2f:c1:
                    4b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:48:6E:0C:C4:AC:07:06:DC:94:F5:A7:02:21:61:8A:38:64:EE:A6
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/wUhuDMSsBwbclPWnAiFhijhk7qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:68c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:f1:76:c8:f5:80:35:44:88:91:bb:4d:fe:f4:b3:2f:72:60:
         d1:f6:70:b1:cf:ab:34:5b:10:83:6b:7a:e1:e3:92:ec:c6:4d:
         03:d8:ad:f7:2c:de:64:fd:f9:5a:c7:b7:0c:66:89:09:91:19:
         c6:4a:f3:f1:32:93:ea:74:e5:c4:00:ab:b8:ab:f1:e6:63:61:
         1b:cf:44:87:59:29:9a:0b:a0:d4:ff:fe:e9:47:03:a1:5b:68:
         02:df:09:74:2d:cd:32:da:1c:2a:1c:26:3f:0f:12:86:84:88:
         79:aa:a4:66:63:50:de:ff:4e:22:1a:48:7e:9b:66:07:d0:f6:
         85:bc:5c:9f:c1:f2:17:c6:fd:42:f2:df:16:41:15:9a:d3:5c:
         01:17:35:3d:2a:9b:0f:43:44:8d:35:1c:a0:5b:4d:34:8e:1f:
         13:a1:fc:6d:cd:60:83:59:05:be:63:ef:d4:1b:40:b7:65:e5:
         4a:ea:dc:3f:a5:12:bc:62:16:4c:34:5c:0b:6a:e1:25:c5:fb:
         48:49:36:38:6f:c8:4b:5f:8f:62:07:15:b2:18:ec:7f:38:b8:
         cb:68:f4:87:d0:09:b3:0a:ec:a9:18:f5:30:db:4c:1c:42:74:
         5f:08:75:d5:b3:54:59:f4:75:5c:4a:58:33:8f:88:f3:c9:44:
         5e:66:92:f8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaqjLYyUigQ1LBbQhbfZ6z8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNTA3MTE0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ4NmUwY2M0YWMwNzA2ZGM5NGY1YTcwMjIxNjE4YTM4NjRlZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpKULlEShck2Ry60A0nza5X1pAJU
PnoNs48C8ADWB0WTPzaSryeOmNPFS7Ub3bxlPCAvfyozNTzTWsKaiL1IwkU7DiUg
EVXEeU1TL3IvLPZiJM846t9Qy7Ezm6yrI0OgcPOLXBQ7g2q2s7iC4jtWqfg9DLZO
E6B5IB5BikiQA8eCBzNtICulkVe+hSOHO3uHu7p49OfOkQjV6J7KXmfaALASbJ8k
z6tGdJdk10beb9fX59Yvgq6EJj1gsjC0BXaTl07aHiIZ1OS3DhPxTNiv8AMmDs6x
i/I+b9rmV9d3alzfCKtkziXneuev2/SaDAi5t4YSXnp5TDmvG2amL8FLkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMFIbgzErAcG3JT1pwIhYYo4ZO6mMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvd1VodURNU3NCd2JjbFBXbkFpRmhpamhrN3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFoxTAN
BgkqhkiG9w0BAQsFAAOCAQEAevF2yPWANUSIkbtN/vSzL3Jg0fZwsc+rNFsQg2t6
4eOS7MZNA9it9yzeZP35Wse3DGaJCZEZxkrz8TKT6nTlxACruKvx5mNhG89Eh1kp
mgug1P/+6UcDoVtoAt8JdC3NMtocKhwmPw8ShoSIeaqkZmNQ3v9OIhpIfptmB9D2
hbxcn8HyF8b9QvLfFkEVmtNcARc1PSqbD0NEjTUcoFtNNI4fE6H8bc1gg1kFvmPv
1BtAt2XlSurcP6USvGIWTDRcC2rhJcX7SEk2OG/IS1+PYgcVshjsfzi4y2j0h9AJ
swrsqRj1MNtMHEJ0Xwh11bNUWfR1XEpYM4+I88lEXmaS+A==
-----END CERTIFICATE-----