Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MpA4R8kSrwBlsf7IDzqT8pNVj2g.roa
File:                     MpA4R8kSrwBlsf7IDzqT8pNVj2g.roa (raw, json)
Hash identifier:          fmI2pD6m8VOA0vFPE13FaGbmEkOp15im5LG8J6CBvNE=
Subject key identifier:   32:90:38:47:C9:12:AF:00:65:B1:FE:C8:0F:3A:93:F2:93:55:8F:68
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EF0EDD68D5A16FAB5376D316CBABC
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MpA4R8kSrwBlsf7IDzqT8pNVj2g.roa
Signing time:             Thu 02 Jan 2025 05:48:32 +0000
ROA not before:           Thu 02 Jan 2025 05:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215373
IP address blocks:        2a0e:aa07:e170::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:f0:ed:d6:8d:5a:16:fa:b5:37:6d:31:6c:ba:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32903847c912af0065b1fec80f3a93f293558f68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1a:43:55:c3:c0:4b:5a:bc:0b:b5:44:97:b2:
                    5c:45:f3:77:8c:e4:07:c2:95:1b:da:cb:3c:6d:08:
                    68:f1:d7:e3:e3:94:de:ef:6d:38:4f:69:8a:8f:52:
                    31:62:04:f3:cd:0f:e9:2f:68:89:bd:f2:9b:1b:d8:
                    da:96:b6:fd:d1:e5:65:a8:56:bb:3a:cd:aa:f4:03:
                    81:b6:e2:23:c8:ff:8c:f7:ea:5c:0f:1a:ed:e9:54:
                    ff:eb:87:b9:26:b0:43:ea:77:51:f7:bc:89:1c:24:
                    24:a8:c0:d1:c9:08:a5:09:9f:b5:d1:35:cf:73:d9:
                    5b:84:2e:69:f2:de:25:f3:b2:23:0a:fc:9e:76:78:
                    8a:64:f3:06:69:ab:b5:22:d2:7d:3a:d0:13:df:d5:
                    3a:5e:89:e3:b8:2f:a3:a0:74:61:37:2e:30:65:8b:
                    4c:b3:79:3a:ee:ce:82:84:8b:51:86:95:55:4c:ba:
                    59:ad:1e:f7:50:60:0d:a3:99:b2:a0:7d:b2:f4:ec:
                    98:69:eb:1e:eb:28:ea:78:6d:f5:95:a7:5e:65:fb:
                    0e:69:ef:03:92:90:e4:60:e2:89:bd:57:4a:65:d8:
                    38:9b:3c:cd:e2:c3:22:e3:fb:de:11:59:f8:b0:9c:
                    89:6a:74:d9:1d:45:0b:dc:0e:09:ec:33:a9:68:a7:
                    8d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:90:38:47:C9:12:AF:00:65:B1:FE:C8:0F:3A:93:F2:93:55:8F:68
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/MpA4R8kSrwBlsf7IDzqT8pNVj2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e170::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:25:47:86:ef:7b:14:80:1c:41:f4:25:c8:2b:31:04:0c:91:
         20:0b:24:78:e2:15:9c:ac:03:ff:62:39:84:da:09:6c:e2:f5:
         ed:6e:b1:f5:33:e0:af:c6:7a:e7:08:57:bf:22:f9:93:97:b5:
         b1:d7:62:b6:e5:9f:db:31:a9:a4:ed:9b:81:2f:db:fb:c8:7c:
         a2:8d:c8:d0:53:b3:f5:8e:65:f4:c1:2d:94:90:db:52:d6:9e:
         20:d8:b5:6a:d3:ec:bc:44:f8:87:b2:34:3d:ab:15:11:ce:7f:
         1d:fe:5b:54:ff:d0:87:a1:e0:74:af:ac:35:8e:b2:b7:42:19:
         f2:4c:92:10:e8:e5:02:55:59:79:46:ec:a8:90:da:eb:ca:f8:
         bc:3b:09:3f:4e:32:a2:dd:44:23:56:fd:e5:63:63:4e:15:e8:
         33:7c:40:ce:30:9d:62:36:58:d9:9a:a4:18:d9:af:de:e5:74:
         0c:cd:06:7e:16:2d:47:c9:95:25:22:ee:5d:1e:45:6b:a3:b4:
         66:34:3e:6e:6d:54:33:f6:51:94:f9:07:c8:1c:78:fe:23:d9:
         f2:a8:ef:00:f0:22:0d:47:a7:d2:29:cd:ea:b2:30:e6:f9:7d:
         dd:a6:e6:e1:9d:4e:78:96:95:1d:39:c7:66:1f:af:92:2c:03:
         04:54:91:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljvDt1o1aFvq1N20xbLq8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjkwMzg0N2M5MTJhZjAwNjViMWZlYzgwZjNhOTNmMjkzNTU4ZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRpDVcPAS1q8C7VEl7JcRfN3jOQH
wpUb2ss8bQho8dfj45Te7204T2mKj1IxYgTzzQ/pL2iJvfKbG9jalrb90eVlqFa7
Os2q9AOBtuIjyP+M9+pcDxrt6VT/64e5JrBD6ndR97yJHCQkqMDRyQilCZ+10TXP
c9lbhC5p8t4l87IjCvyedniKZPMGaau1ItJ9OtAT39U6XonjuC+joHRhNy4wZYtM
s3k67s6ChItRhpVVTLpZrR73UGANo5myoH2y9OyYaese6yjqeG31ladeZfsOae8D
kpDkYOKJvVdKZdg4mzzN4sMi4/veEVn4sJyJanTZHUUL3A4J7DOpaKeNsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDKQOEfJEq8AZbH+yA86k/KTVY9oMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvTXBBNFI4a1Nyd0Jsc2Y3SUR6cVQ4cE5WajJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Fw
MA0GCSqGSIb3DQEBCwUAA4IBAQBkJUeG73sUgBxB9CXIKzEEDJEgCyR44hWcrAP/
YjmE2gls4vXtbrH1M+CvxnrnCFe/IvmTl7Wx12K25Z/bMamk7ZuBL9v7yHyijcjQ
U7P1jmX0wS2UkNtS1p4g2LVq0+y8RPiHsjQ9qxURzn8d/ltU/9CHoeB0r6w1jrK3
QhnyTJIQ6OUCVVl5RuyokNrryvi8Owk/TjKi3UQjVv3lY2NOFegzfEDOMJ1iNljZ
mqQY2a/e5XQMzQZ+Fi1HyZUlIu5dHkVro7RmND5ubVQz9lGU+QfIHHj+I9nyqO8A
8CINR6fSKc3qsjDm+X3dpubhnU54lpUdOcdmH6+SLAMEVJGg
-----END CERTIFICATE-----