Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MOHYZpvO1LNjqCIO6eAzPUIct0w.roa
File:                     MOHYZpvO1LNjqCIO6eAzPUIct0w.roa (raw, json)
Hash identifier:          Ez7aFE3ckbXV5Le4eUzmcJJcLkMFNPvgLm9ZvbuDUTs=
Subject key identifier:   30:E1:D8:66:9B:CE:D4:B3:63:A8:22:0E:E9:E0:33:3D:42:1C:B7:4C
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258ECAC2A1A317747852531DCA54E4EB
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MOHYZpvO1LNjqCIO6eAzPUIct0w.roa
Signing time:             Thu 02 Jan 2025 05:48:22 +0000
ROA not before:           Thu 02 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139589
IP address blocks:        2a0e:aa01:1fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ca:c2:a1:a3:17:74:78:52:53:1d:ca:54:e4:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30e1d8669bced4b363a8220ee9e0333d421cb74c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e3:de:dc:80:ca:5d:e0:67:40:83:53:59:49:
                    80:4b:b9:28:66:ff:1f:20:15:3d:52:7d:4d:35:b6:
                    0d:cd:2e:fd:ac:fa:fb:89:bd:85:43:9f:20:bc:ce:
                    8c:7c:86:0d:ab:2a:1c:73:a4:7a:89:df:25:5e:69:
                    cd:80:45:ab:3c:07:4f:7a:93:f3:50:29:bb:95:bc:
                    0a:1a:ff:8b:75:37:08:7d:82:65:5f:c6:4e:a0:21:
                    ae:ad:d4:21:42:21:a7:a8:ba:ac:76:0b:d3:38:e6:
                    fa:b4:d4:4a:f3:55:66:6f:53:2c:fa:f9:b4:03:1f:
                    c3:96:53:0b:26:ff:dd:a4:75:1d:b6:17:37:a8:b4:
                    25:b5:05:53:ff:75:38:94:1d:1e:52:ce:ad:ce:39:
                    cc:32:eb:17:63:e6:c9:43:b2:d4:70:71:fc:bb:66:
                    c1:25:f9:e6:d0:b8:5e:8c:a9:d4:ea:96:fb:2b:7e:
                    6e:39:8f:d1:c6:20:37:cb:d6:ef:5b:e8:cd:4b:0e:
                    47:e3:36:4a:9f:48:e4:dd:0e:07:03:53:41:79:2b:
                    aa:a7:3f:8e:db:2c:3f:f9:c8:6c:a6:09:ec:ad:0c:
                    01:5b:57:74:d7:57:87:aa:32:02:84:14:4f:85:b7:
                    3f:29:32:ab:d6:d6:2a:18:1c:ed:a2:fc:e6:f9:d6:
                    b9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E1:D8:66:9B:CE:D4:B3:63:A8:22:0E:E9:E0:33:3D:42:1C:B7:4C
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MOHYZpvO1LNjqCIO6eAzPUIct0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:1fff::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:42:f8:77:47:9c:f7:2f:5b:0b:77:1f:97:50:ef:3e:11:a5:
         ed:56:cc:ed:30:8f:f2:9f:02:5c:5f:e1:9e:fe:a0:b2:53:3e:
         c1:e2:7c:c4:4b:ce:08:61:be:32:cb:80:78:cd:b9:db:ea:17:
         15:a6:c1:c6:af:8d:9a:b2:9a:8d:1d:0a:ff:e7:b6:89:ad:88:
         04:12:c4:c2:4d:7d:4e:01:7d:90:9b:52:98:b7:b8:08:18:bc:
         71:84:46:1d:0b:8c:41:cd:69:94:84:e6:6a:32:e4:da:f1:df:
         ff:16:23:be:fa:ae:08:ad:b8:f0:17:31:6b:b0:d3:19:98:f5:
         90:d7:c8:d8:22:40:04:a0:75:0c:a9:63:77:91:ac:8e:e2:c0:
         1b:18:eb:56:23:98:b2:4a:97:7c:3c:d7:84:b4:51:ec:99:02:
         f8:ab:e6:9e:07:27:27:35:2f:11:f0:14:57:67:db:cd:fa:e3:
         b7:23:c8:dc:a3:96:ef:06:30:c2:c7:df:d9:88:e8:a7:16:f4:
         4e:15:74:ee:1b:f5:23:fc:bc:9f:bc:1b:2c:ae:82:66:0b:84:
         39:44:28:e7:d4:b2:c4:d7:53:e8:e3:6c:6b:9f:0f:58:a4:3b:
         8d:e7:f9:6a:62:f3:92:16:90:40:15:9c:ea:a8:19:50:03:29:
         02:0a:e8:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljsrCoaMXdHhSUx3KVOTrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGUxZDg2NjliY2VkNGIzNjNhODIyMGVlOWUwMzMzZDQyMWNiNzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOPe3IDKXeBnQINTWUmAS7koZv8f
IBU9Un1NNbYNzS79rPr7ib2FQ58gvM6MfIYNqyocc6R6id8lXmnNgEWrPAdPepPz
UCm7lbwKGv+LdTcIfYJlX8ZOoCGurdQhQiGnqLqsdgvTOOb6tNRK81Vmb1Ms+vm0
Ax/DllMLJv/dpHUdthc3qLQltQVT/3U4lB0eUs6tzjnMMusXY+bJQ7LUcHH8u2bB
Jfnm0LhejKnU6pb7K35uOY/RxiA3y9bvW+jNSw5H4zZKn0jk3Q4HA1NBeSuqpz+O
2yw/+chspgnsrQwBW1d011eHqjIChBRPhbc/KTKr1tYqGBztovzm+da5NwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDDh2GabztSzY6giDungMz1CHLdMMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvTU9IWVpwdk8xTE5qcUNJTzZlQXpQVUljdDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qAR//
MA0GCSqGSIb3DQEBCwUAA4IBAQCWQvh3R5z3L1sLdx+XUO8+EaXtVsztMI/ynwJc
X+Ge/qCyUz7B4nzES84IYb4yy4B4zbnb6hcVpsHGr42aspqNHQr/57aJrYgEEsTC
TX1OAX2Qm1KYt7gIGLxxhEYdC4xBzWmUhOZqMuTa8d//FiO++q4IrbjwFzFrsNMZ
mPWQ18jYIkAEoHUMqWN3kayO4sAbGOtWI5iySpd8PNeEtFHsmQL4q+aeBycnNS8R
8BRXZ9vN+uO3I8jco5bvBjDCx9/ZiOinFvROFXTuG/Uj/LyfvBssroJmC4Q5RCjn
1LLE11Po42xrnw9YpDuN5/lqYvOSFpBAFZzqqBlQAykCCuiV
-----END CERTIFICATE-----