Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/BlYJMM4ls15zJ30iXM_Rv84I-d4.roa
File:                     BlYJMM4ls15zJ30iXM_Rv84I-d4.roa (raw, json)
Hash identifier:          MRyw1DsxxSYF8y5F3ROkLuVWefJpMb00uWwfBxmnsGk=
Subject key identifier:   06:56:09:30:CE:25:B3:5E:73:27:7D:22:5C:CF:D1:BF:CE:08:F9:DE
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       019425FD961EFFF8703A16B1B220CA6465DA
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/BlYJMM4ls15zJ30iXM_Rv84I-d4.roa
Signing time:             Thu 02 Jan 2025 07:49:23 +0000
ROA not before:           Thu 02 Jan 2025 07:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50628
IP address blocks:        2a0e:d500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:96:1e:ff:f8:70:3a:16:b1:b2:20:ca:64:65:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Jan  2 07:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06560930ce25b35e73277d225ccfd1bfce08f9de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:40:d8:27:69:88:72:ea:1f:f2:b4:40:85:6c:
                    76:65:5f:c6:04:8c:43:dc:d8:29:e7:74:de:df:a3:
                    8b:65:1f:b7:ea:85:04:33:b4:98:a3:66:b0:50:6f:
                    c9:30:cc:31:f7:76:18:ff:e6:7b:43:52:79:a0:d9:
                    a5:e4:d6:d7:64:30:a3:19:70:ae:9c:d3:4a:90:a0:
                    12:ce:cc:c8:19:68:93:ca:80:d2:70:52:84:08:5c:
                    c5:07:0b:f2:fd:0c:f2:cc:84:06:85:d8:c4:81:00:
                    43:b0:c2:21:95:f3:4d:ce:94:56:ce:0c:8c:04:ba:
                    75:b7:82:e2:69:96:12:dd:88:1a:bc:5b:5a:ba:b7:
                    53:3a:ac:4b:cb:c9:81:0b:da:2c:54:2c:fb:20:e7:
                    48:c8:18:2e:8b:e5:aa:13:e1:c6:61:01:d6:c2:4b:
                    7a:3b:0c:c7:b0:1a:b9:55:6a:9f:68:4b:8c:ba:7b:
                    be:fa:26:49:bf:f1:06:d3:b7:1d:22:54:db:33:cf:
                    2d:ec:da:4a:d7:43:b7:c5:65:85:c0:88:6d:9c:de:
                    16:01:d2:96:8d:cb:30:d7:70:23:6d:8c:ed:f7:5c:
                    62:c7:b6:0d:5b:49:d3:8b:0f:f7:9d:3d:39:80:d8:
                    d2:55:37:26:c3:af:cd:4d:f0:bf:a0:12:f6:70:3a:
                    fe:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:56:09:30:CE:25:B3:5E:73:27:7D:22:5C:CF:D1:BF:CE:08:F9:DE
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/BlYJMM4ls15zJ30iXM_Rv84I-d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         bf:7b:c3:5c:26:39:b4:f0:b1:c0:5c:fb:24:dc:4e:45:3e:c8:
         22:31:75:c4:b7:90:20:08:12:d3:36:6e:ef:8e:89:d4:67:da:
         82:60:4b:f5:f3:37:90:d7:d7:e4:68:a5:d8:66:6f:2c:cc:fb:
         52:0c:61:59:5e:d5:44:b9:02:24:99:8d:d8:2c:67:55:12:18:
         ac:ca:91:9d:8b:a7:fd:74:27:06:35:f7:f3:d6:f6:8c:c9:2f:
         fb:e7:dd:d7:7c:0f:08:2a:9b:68:fb:a6:96:98:02:7e:82:2f:
         ec:77:c1:5a:de:66:24:92:f0:84:41:e9:b7:06:ae:93:75:59:
         76:5b:09:14:8d:28:05:a8:eb:30:f4:f5:44:e6:0a:a4:b7:1d:
         d1:95:d5:e7:61:0c:0a:ee:ec:b5:10:e3:dc:d3:3c:d0:b7:07:
         3a:f0:fb:b8:87:ff:a4:bf:ef:50:d5:09:16:c1:74:de:37:1e:
         07:20:e1:d9:9b:09:99:58:1e:4c:6e:02:20:e9:ab:53:d4:63:
         1f:e2:24:64:f1:60:e4:5d:bb:90:2c:a5:0f:59:86:30:bc:92:
         94:27:d2:ae:9a:16:8c:41:7b:6f:f6:78:07:e8:71:73:11:63:
         80:a2:9d:51:b0:03:38:3f:b6:3a:b2:26:fe:4a:a5:59:89:ae:
         36:a4:61:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQl/ZYe//hwOhaxsiDKZGXaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjUwMTAyMDc0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU2MDkzMGNlMjViMzVlNzMyNzdkMjI1Y2NmZDFiZmNlMDhmOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UDYJ2mIcuof8rRAhWx2ZV/GBIxD
3Ngp53Te36OLZR+36oUEM7SYo2awUG/JMMwx93YY/+Z7Q1J5oNml5NbXZDCjGXCu
nNNKkKASzszIGWiTyoDScFKECFzFBwvy/QzyzIQGhdjEgQBDsMIhlfNNzpRWzgyM
BLp1t4LiaZYS3YgavFtaurdTOqxLy8mBC9osVCz7IOdIyBgui+WqE+HGYQHWwkt6
OwzHsBq5VWqfaEuMunu++iZJv/EG07cdIlTbM88t7NpK10O3xWWFwIhtnN4WAdKW
jcsw13AjbYzt91xix7YNW0nTiw/3nT05gNjSVTcmw6/NTfC/oBL2cDr+uQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAZWCTDOJbNecyd9IlzP0b/OCPneMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvQmxZSk1NNGxzMTV6SjMwaVhNX1J2ODRJLWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg7VADAN
BgkqhkiG9w0BAQsFAAOCAQEAv3vDXCY5tPCxwFz7JNxORT7IIjF1xLeQIAgS0zZu
746J1GfagmBL9fM3kNfX5Gil2GZvLMz7UgxhWV7VRLkCJJmN2CxnVRIYrMqRnYun
/XQnBjX389b2jMkv++fd13wPCCqbaPumlpgCfoIv7HfBWt5mJJLwhEHptwauk3VZ
dlsJFI0oBajrMPT1ROYKpLcd0ZXV52EMCu7stRDj3NM80LcHOvD7uIf/pL/vUNUJ
FsF03jceByDh2ZsJmVgeTG4CIOmrU9RjH+IkZPFg5F27kCylD1mGMLySlCfSrpoW
jEF7b/Z4B+hxcxFjgKKdUbADOD+2OrIm/kqlWYmuNqRhpg==
-----END CERTIFICATE-----