Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/MQ2EgPtIqGeY6J-TWaJXDqs9Nug.roa
File:                     MQ2EgPtIqGeY6J-TWaJXDqs9Nug.roa (raw, json)
Hash identifier:          DTWQ1BaF1eB35acgiW005UdG4BqBQvAvS2KuGYP/fIY=
Subject key identifier:   31:0D:84:80:FB:48:A8:67:98:E8:9F:93:59:A2:57:0E:AB:3D:36:E8
Certificate issuer:       /CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
Certificate serial:       0194266B48406231A21A6B92EE0212B44390
Authority key identifier: 63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/MQ2EgPtIqGeY6J-TWaJXDqs9Nug.roa
Signing time:             Thu 02 Jan 2025 09:49:12 +0000
ROA not before:           Thu 02 Jan 2025 09:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45691
IP address blocks:        2a12:f8c6::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:48:40:62:31:a2:1a:6b:92:ee:02:12:b4:43:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63392e929317ae6bde08a5a3b98a2b701ddb893a
        Validity
            Not Before: Jan  2 09:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=310d8480fb48a86798e89f9359a2570eab3d36e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:91:e0:6a:fc:8f:7e:e7:2d:a8:d1:c3:ff:9f:
                    47:68:8d:91:92:10:87:e2:fe:e9:ac:cc:24:c5:98:
                    dc:3a:12:39:09:af:b6:66:d4:03:f6:75:02:11:f2:
                    90:2b:c7:13:07:ac:38:f2:0e:7f:54:55:26:3b:61:
                    37:36:c7:67:dd:b5:63:9e:28:05:22:d1:98:8c:8f:
                    af:21:2a:f6:9a:4d:18:d1:d1:2c:4d:2b:c8:cb:fd:
                    38:0e:0c:2b:9c:7b:48:34:81:c8:47:ca:97:a7:dd:
                    9a:7b:ad:ba:87:98:0b:fc:87:4e:bc:03:80:96:c3:
                    f0:64:bf:f1:f4:cc:90:9c:aa:db:5c:f6:4e:ec:27:
                    45:46:94:ea:d7:bd:5e:9a:38:ae:53:a3:2e:3e:92:
                    ef:bb:ef:c6:c6:18:8c:43:55:ec:bc:f6:5a:0d:83:
                    0c:01:6d:83:a1:b7:a1:8e:57:63:6e:30:72:f5:e3:
                    c6:07:24:aa:e0:b9:9a:c2:e5:e3:17:7b:3a:d4:07:
                    23:d2:12:41:7f:b2:2a:aa:52:5f:39:8a:08:4c:63:
                    a3:ad:7d:11:b0:94:94:4b:65:82:61:fd:35:e9:0c:
                    db:ef:74:15:67:e5:b4:24:a9:f6:8e:c3:d0:7a:c2:
                    30:09:18:50:ce:a2:5c:89:7e:24:72:49:3c:86:1a:
                    a4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0D:84:80:FB:48:A8:67:98:E8:9F:93:59:A2:57:0E:AB:3D:36:E8
            X509v3 Authority Key Identifier:
                keyid:63:39:2E:92:93:17:AE:6B:DE:08:A5:A3:B9:8A:2B:70:1D:DB:89:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YzkukpMXrmveCKWjuYorcB3biTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/MQ2EgPtIqGeY6J-TWaJXDqs9Nug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/fe702e-c26b-4429-99c1-87250f5a07cc/1/YzkukpMXrmveCKWjuYorcB3biTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f8c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:84:55:96:be:1d:21:41:03:dc:0d:06:50:13:f7:8c:54:d9:
         44:16:13:5c:d0:9d:7a:62:d5:7a:3d:b0:97:96:3a:11:13:cf:
         f6:d4:74:98:98:a4:b0:25:e5:d9:f1:c0:61:0b:4f:17:af:5f:
         fd:2f:55:08:9c:b1:08:df:b3:28:d1:99:ee:22:13:da:26:c0:
         ed:c5:a2:f0:2c:7b:29:09:0c:f2:db:73:ca:ce:7e:4a:a4:6c:
         28:b4:1f:b7:c5:54:70:92:cb:a5:49:60:bb:61:56:fb:22:0f:
         f8:6f:3f:21:40:03:71:7e:e8:a1:c4:c8:13:18:db:87:78:fd:
         cb:bc:b2:6f:46:dd:72:64:2a:55:b7:a5:2e:99:e2:fa:33:9b:
         be:a5:85:68:93:42:e0:61:04:45:6e:92:39:03:f9:db:66:d5:
         9b:00:a0:97:31:03:b5:08:9f:4b:dd:05:8f:ad:2f:12:fd:c5:
         87:e6:4a:3f:ae:cf:b4:33:3e:7a:fd:be:af:0f:70:d6:ee:fc:
         6e:90:ee:13:b5:1f:05:1b:e0:33:a7:c6:23:a3:fb:e0:2a:ef:
         32:66:f9:11:97:bf:ad:80:aa:24:52:62:c5:8f:c3:c2:97:b7:
         71:81:4d:fa:4f:ad:11:e4:4d:a8:be:c2:10:3b:8d:5f:33:fb:
         4c:9d:5b:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma0hAYjGiGmuS7gIStEOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMzkyZTkyOTMxN2FlNmJkZTA4YTVhM2I5OGEyYjcwMWRk
Yjg5M2EwHhcNMjUwMTAyMDk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBkODQ4MGZiNDhhODY3OThlODlmOTM1OWEyNTcwZWFiM2QzNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JHgavyPfuctqNHD/59HaI2RkhCH
4v7prMwkxZjcOhI5Ca+2ZtQD9nUCEfKQK8cTB6w48g5/VFUmO2E3Nsdn3bVjnigF
ItGYjI+vISr2mk0Y0dEsTSvIy/04DgwrnHtINIHIR8qXp92ae626h5gL/IdOvAOA
lsPwZL/x9MyQnKrbXPZO7CdFRpTq171emjiuU6MuPpLvu+/GxhiMQ1XsvPZaDYMM
AW2DobehjldjbjBy9ePGBySq4LmawuXjF3s61Acj0hJBf7IqqlJfOYoITGOjrX0R
sJSUS2WCYf016Qzb73QVZ+W0JKn2jsPQesIwCRhQzqJciX4kckk8hhqkAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDENhID7SKhnmOifk1miVw6rPTboMB8GA1UdIwQY
MBaAFGM5LpKTF65r3gilo7mKK3Ad24k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEt
ODcyNTBmNWEwN2NjLzEvTVEyRWdQdElxR2VZNkotVFdhSlhEcXM5TnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mZTcwMmUtYzI2Yi00NDI5LTk5YzEtODcyNTBmNWEwN2Nj
LzEvWXprdWtwTVhybXZlQ0tXanVZb3JjQjNiaVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhL4xjAN
BgkqhkiG9w0BAQsFAAOCAQEAS4RVlr4dIUED3A0GUBP3jFTZRBYTXNCdemLVej2w
l5Y6ERPP9tR0mJiksCXl2fHAYQtPF69f/S9VCJyxCN+zKNGZ7iIT2ibA7cWi8Cx7
KQkM8ttzys5+SqRsKLQft8VUcJLLpUlgu2FW+yIP+G8/IUADcX7oocTIExjbh3j9
y7yyb0bdcmQqVbelLpni+jObvqWFaJNC4GEERW6SOQP522bVmwCglzEDtQifS90F
j60vEv3Fh+ZKP67PtDM+ev2+rw9w1u78bpDuE7UfBRvgM6fGI6P74CrvMmb5EZe/
rYCqJFJixY/Dwpe3cYFN+k+tEeRNqL7CEDuNXzP7TJ1bwg==
-----END CERTIFICATE-----