Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/M3nuXRHV-HSVCrPsQchhdr5_x7Q.roa
File:                     M3nuXRHV-HSVCrPsQchhdr5_x7Q.roa (raw, json)
Hash identifier:          yixO/lM/jrXq6xFtI0OoJ7LnqzWDwB/3Pvi4UUX0Sqg=
Subject key identifier:   33:79:EE:5D:11:D5:F8:74:95:0A:B3:EC:41:C8:61:76:BE:7F:C7:B4
Certificate issuer:       /CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
Certificate serial:       0195044F065978AA38869B6412295AA5154F
Authority key identifier: 97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/M3nuXRHV-HSVCrPsQchhdr5_x7Q.roa
Signing time:             Fri 14 Feb 2025 11:54:02 +0000
ROA not before:           Fri 14 Feb 2025 11:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34425
IP address blocks:        2001:b18:a::112/128 maxlen: 128
                          2001:b18:b::112/128 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:04:4f:06:59:78:aa:38:86:9b:64:12:29:5a:a5:15:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979f5ca8c33f134c3c157d48b9c2ae4e91b630bf
        Validity
            Not Before: Feb 14 11:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3379ee5d11d5f874950ab3ec41c86176be7fc7b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:29:58:06:6d:6b:c0:6e:35:44:8d:d0:e6:fc:
                    51:9c:cd:03:34:df:95:78:62:4e:2e:fb:a3:31:ad:
                    87:a0:7d:62:8a:d2:6b:81:65:46:9d:c2:b2:6f:06:
                    cf:0a:7a:22:ab:09:a1:2f:af:2e:bf:31:92:13:44:
                    9b:df:ea:4c:06:49:ad:02:61:16:fb:d5:6f:c2:7e:
                    61:41:6f:9c:7c:a9:a6:0c:32:13:5d:16:1a:0c:8a:
                    ff:f4:f4:f1:6b:e8:6c:0e:96:8a:2b:cb:9c:4b:a1:
                    79:1a:33:2a:70:90:10:1d:be:b0:a9:36:45:14:09:
                    58:57:01:45:7e:4e:39:5d:e1:10:5a:3b:76:64:88:
                    04:9b:cf:53:76:dd:f2:bc:b2:af:85:6d:26:39:f2:
                    b8:bf:82:5e:88:0e:82:5a:b2:ca:9d:58:4a:ca:c4:
                    17:8a:ca:01:ed:64:e6:79:b3:7d:78:5f:f5:68:cf:
                    24:15:a3:69:1c:cc:52:9b:ba:1e:db:f6:13:09:0c:
                    fd:04:c6:74:fe:b4:c7:66:3d:36:ee:6b:5d:3c:7b:
                    be:72:dc:3b:51:97:e5:ed:6d:5b:5c:60:95:a3:d8:
                    cc:e5:ba:66:e9:d9:8b:ff:66:10:d0:57:4a:51:f1:
                    19:d5:bb:3b:b5:b5:d6:29:8e:e7:76:cf:5d:eb:18:
                    41:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:79:EE:5D:11:D5:F8:74:95:0A:B3:EC:41:C8:61:76:BE:7F:C7:B4
            X509v3 Authority Key Identifier:
                keyid:97:9F:5C:A8:C3:3F:13:4C:3C:15:7D:48:B9:C2:AE:4E:91:B6:30:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l59cqMM_E0w8FX1IucKuTpG2ML8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/M3nuXRHV-HSVCrPsQchhdr5_x7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f65610-59f6-4ad6-a9d8-1470ac364dd2/1/l59cqMM_E0w8FX1IucKuTpG2ML8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:b18:a:0:0:0:0:112/128
                  2001:b18:b:0:0:0:0:112/128

    Signature Algorithm: sha256WithRSAEncryption
         56:32:31:d7:44:b2:10:71:d7:ce:d5:78:da:d7:7c:44:55:df:
         ec:e9:ae:33:1c:2b:18:16:eb:e3:76:96:19:00:6f:27:d2:cd:
         a8:a3:30:08:64:a4:12:20:75:44:5a:ec:16:8e:24:28:ac:41:
         18:44:89:95:c5:09:5c:5c:9d:ca:f2:a7:1f:36:0e:85:cc:e4:
         92:78:76:23:63:78:ff:e0:35:69:2f:bd:c2:90:e2:7c:79:51:
         31:2e:6f:db:e4:9e:8b:11:83:7f:3d:36:19:a9:74:f7:b6:50:
         d6:eb:55:b7:dc:ca:34:3d:60:25:b7:f7:8b:55:97:be:d7:92:
         c1:9f:79:a6:67:fe:d1:c0:94:ed:72:b4:33:ff:23:ef:fa:62:
         97:1d:9a:07:5b:bf:64:0d:cd:4b:72:a8:b4:f3:15:b0:b0:75:
         3a:0b:52:a4:2b:b3:06:ac:87:31:41:71:fd:07:39:87:62:a8:
         7f:fb:74:e4:9d:04:10:1f:73:9c:20:7c:93:33:87:89:db:a5:
         8a:d6:92:3c:43:60:a3:22:1e:56:6d:8d:a1:50:d4:10:7d:1d:
         bd:ea:74:7e:8b:da:ac:0b:fa:ff:6a:a1:0a:d0:3f:1d:a8:6b:
         0e:89:c8:f8:11:8c:6e:a7:f3:28:04:b0:3b:d7:b4:fd:69:d1:
         ab:61:22:96
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZUETwZZeKo4hptkEilapRVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OWY1Y2E4YzMzZjEzNGMzYzE1N2Q0OGI5YzJhZTRlOTFi
NjMwYmYwHhcNMjUwMjE0MTE1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc5ZWU1ZDExZDVmODc0OTUwYWIzZWM0MWM4NjE3NmJlN2ZjN2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmClYBm1rwG41RI3Q5vxRnM0DNN+V
eGJOLvujMa2HoH1iitJrgWVGncKybwbPCnoiqwmhL68uvzGSE0Sb3+pMBkmtAmEW
+9Vvwn5hQW+cfKmmDDITXRYaDIr/9PTxa+hsDpaKK8ucS6F5GjMqcJAQHb6wqTZF
FAlYVwFFfk45XeEQWjt2ZIgEm89Tdt3yvLKvhW0mOfK4v4JeiA6CWrLKnVhKysQX
isoB7WTmebN9eF/1aM8kFaNpHMxSm7oe2/YTCQz9BMZ0/rTHZj027mtdPHu+ctw7
UZfl7W1bXGCVo9jM5bpm6dmL/2YQ0FdKUfEZ1bs7tbXWKY7nds9d6xhBYwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDN57l0R1fh0lQqz7EHIYXa+f8e0MB8GA1UdIwQY
MBaAFJefXKjDPxNMPBV9SLnCrk6RtjC/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgt
MTQ3MGFjMzY0ZGQyLzEvTTNudVhSSFYtSFNWQ3JQc1FjaGhkcjVfeDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mNjU2MTAtNTlmNi00YWQ2LWE5ZDgtMTQ3MGFjMzY0ZGQy
LzEvbDU5Y3FNTV9FMHc4RlgxSXVjS3VUcEcyTUw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmAxEAIAELGAAK
AAAAAAAAAAABEgMRACABCxgACwAAAAAAAAAAARIwDQYJKoZIhvcNAQELBQADggEB
AFYyMddEshBx187VeNrXfERV3+zprjMcKxgW6+N2lhkAbyfSzaijMAhkpBIgdURa
7BaOJCisQRhEiZXFCVxcncrypx82DoXM5JJ4diNjeP/gNWkvvcKQ4nx5UTEub9vk
nosRg389NhmpdPe2UNbrVbfcyjQ9YCW394tVl77XksGfeaZn/tHAlO1ytDP/I+/6
Ypcdmgdbv2QNzUtyqLTzFbCwdToLUqQrswashzFBcf0HOYdiqH/7dOSdBBAfc5wg
fJMzh4nbpYrWkjxDYKMiHlZtjaFQ1BB9Hb3qdH6L2qwL+v9qoQrQPx2oaw6JyPgR
jG6n8ygEsDvXtP1p0athIpY=
-----END CERTIFICATE-----