Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/MTmWvr8uibadZE8o6jRrxqRGRzE.roa
File:                     MTmWvr8uibadZE8o6jRrxqRGRzE.roa (raw, json)
Hash identifier:          0jqsfFy8FlNhCDstxSZBm5rl+QTt+KMOpAYA4a3i8co=
Subject key identifier:   31:39:96:BE:BF:2E:89:B6:9D:64:4F:28:EA:34:6B:C6:A4:46:47:31
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       01942521E386647D8AF769C9D2D3F72749AF
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/MTmWvr8uibadZE8o6jRrxqRGRzE.roa
Signing time:             Thu 02 Jan 2025 03:49:25 +0000
ROA not before:           Thu 02 Jan 2025 03:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203686
IP address blocks:        2a0a:280:3100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e3:86:64:7d:8a:f7:69:c9:d2:d3:f7:27:49:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 03:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=313996bebf2e89b69d644f28ea346bc6a4464731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8e:44:0b:93:5b:21:5a:c0:00:91:f6:37:2f:
                    7a:c8:23:d0:39:66:ee:c5:d7:e5:c1:f7:ea:a2:77:
                    26:37:b8:91:3f:58:60:b5:af:f8:df:e5:e5:26:c9:
                    1c:f9:6a:c8:98:b1:6e:2c:b0:32:35:77:25:1f:85:
                    05:a5:7c:24:3c:78:e1:3a:be:91:74:40:8f:05:ba:
                    82:2a:98:5c:7d:68:1c:07:29:5b:ea:f1:2e:d5:de:
                    73:13:77:d9:86:6b:da:d3:fe:7a:ef:2e:58:0f:92:
                    f4:28:18:e0:27:9d:c2:23:51:82:52:2b:60:3c:e3:
                    11:5f:3f:1e:82:63:5d:c0:54:85:96:ec:b8:e0:8d:
                    69:28:30:c5:9e:aa:ae:3b:50:0e:86:38:7a:a9:3e:
                    73:37:81:6d:60:4a:43:d2:14:b1:08:0b:ef:b1:dd:
                    96:96:c3:a2:9b:5d:03:ef:2d:cc:3e:fd:af:95:f8:
                    a4:00:cb:5e:28:9e:15:40:7c:e1:e9:79:05:4c:6d:
                    e8:11:25:ac:9b:1d:7f:1f:e5:75:a2:f2:85:b5:0b:
                    66:60:bd:6f:b4:56:8a:2a:13:bf:4e:f9:2a:3c:f5:
                    57:23:74:e9:2f:43:ca:8c:d8:71:b9:09:81:88:d4:
                    c4:3e:66:3b:99:b7:d7:71:a8:33:35:4c:a4:43:67:
                    de:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:39:96:BE:BF:2E:89:B6:9D:64:4F:28:EA:34:6B:C6:A4:46:47:31
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/MTmWvr8uibadZE8o6jRrxqRGRzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3100::/40

    Signature Algorithm: sha256WithRSAEncryption
         22:41:6a:48:f0:ef:30:e6:0e:72:10:93:db:bb:a1:1e:b8:12:
         0c:a5:ea:dd:6b:5f:5d:1c:f8:c4:6a:77:2e:8f:52:a3:40:2d:
         7f:ff:f4:c2:a5:f2:90:b7:9d:15:c4:71:9e:d8:68:2e:fc:1b:
         b8:a6:6c:f4:05:54:9e:c4:d5:80:a3:a6:dd:8e:c9:cc:63:bd:
         ae:f6:b9:3e:d0:f5:b2:4f:69:5c:3d:05:e2:e9:5c:ff:60:15:
         6a:65:cd:a7:2a:93:48:7f:22:48:68:58:db:0e:ac:04:fe:fc:
         b2:65:dd:10:ac:45:f4:77:cb:9e:88:cc:ce:bf:ad:bc:f6:83:
         9d:79:d9:49:e1:e7:9c:59:d7:2d:f6:6e:05:b6:f3:7b:c1:54:
         97:52:ec:3a:0a:16:93:2b:e2:3d:8f:f4:53:ff:6a:31:de:ab:
         37:49:23:4a:df:a8:8d:5f:f2:b9:2c:64:c6:ab:08:5b:b9:6b:
         d1:6e:49:b8:3d:82:15:76:9a:f2:53:13:3f:df:0b:e6:43:cb:
         15:e6:66:b5:1b:c4:ce:fd:17:86:88:9d:09:f0:80:c0:8d:50:
         fe:ec:e0:95:de:83:47:52:86:2f:ea:73:e4:51:aa:51:70:3b:
         49:b2:e0:9f:2e:21:5c:b8:97:dc:0e:4e:87:9b:3c:78:b1:0d:
         24:34:b8:de
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIeOGZH2K92nJ0tP3J0mvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjUwMTAyMDM0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM5OTZiZWJmMmU4OWI2OWQ2NDRmMjhlYTM0NmJjNmE0NDY0NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY5EC5NbIVrAAJH2Ny96yCPQOWbu
xdflwffqoncmN7iRP1hgta/43+XlJskc+WrImLFuLLAyNXclH4UFpXwkPHjhOr6R
dECPBbqCKphcfWgcBylb6vEu1d5zE3fZhmva0/567y5YD5L0KBjgJ53CI1GCUitg
POMRXz8egmNdwFSFluy44I1pKDDFnqquO1AOhjh6qT5zN4FtYEpD0hSxCAvvsd2W
lsOim10D7y3MPv2vlfikAMteKJ4VQHzh6XkFTG3oESWsmx1/H+V1ovKFtQtmYL1v
tFaKKhO/TvkqPPVXI3TpL0PKjNhxuQmBiNTEPmY7mbfXcagzNUykQ2feOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDE5lr6/Lom2nWRPKOo0a8akRkcxMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvTVRtV3ZyOHVpYmFkWkU4bzZqUnJ4cVJHUnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDEw
DQYJKoZIhvcNAQELBQADggEBACJBakjw7zDmDnIQk9u7oR64Egyl6t1rX10c+MRq
dy6PUqNALX//9MKl8pC3nRXEcZ7YaC78G7imbPQFVJ7E1YCjpt2Oycxjva72uT7Q
9bJPaVw9BeLpXP9gFWplzacqk0h/IkhoWNsOrAT+/LJl3RCsRfR3y56IzM6/rbz2
g5152Unh55xZ1y32bgW283vBVJdS7DoKFpMr4j2P9FP/ajHeqzdJI0rfqI1f8rks
ZMarCFu5a9FuSbg9ghV2mvJTEz/fC+ZDyxXmZrUbxM79F4aInQnwgMCNUP7s4JXe
g0dShi/qc+RRqlFwO0my4J8uIVy4l9wOToebPHixDSQ0uN4=
-----END CERTIFICATE-----