Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/MBJXD_zFW9aI1-FakwyfSE1lyZE.roa
File:                     MBJXD_zFW9aI1-FakwyfSE1lyZE.roa (raw, json)
Hash identifier:          Z/ipiMlii0qdUHpEZW4O+JSHQ5fbPSCwF2GC5O5sknU=
Subject key identifier:   30:12:57:0F:FC:C5:5B:D6:88:D7:E1:5A:93:0C:9F:48:4D:65:C9:91
Certificate issuer:       /CN=ea93edfc2aa748e4981050ec06e3a66920265e17
Certificate serial:       019424B37875594B7DA0A3F615742895E1B8
Authority key identifier: EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/MBJXD_zFW9aI1-FakwyfSE1lyZE.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     378
IP address blocks:        132.72.0.0/15 maxlen: 15
                          132.72.0.0/16 maxlen: 16
                          132.73.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:78:75:59:4b:7d:a0:a3:f6:15:74:28:95:e1:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea93edfc2aa748e4981050ec06e3a66920265e17
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3012570ffcc55bd688d7e15a930c9f484d65c991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e9:bf:e7:6e:4f:09:64:1b:f8:f0:a8:ce:fe:
                    09:a7:57:df:65:c9:35:e6:cb:04:45:4e:4e:5e:21:
                    24:19:ef:16:2e:5f:91:2b:ae:ef:f6:23:84:b2:98:
                    46:85:04:40:b0:70:0e:ed:a8:d5:c1:72:a5:ee:93:
                    a1:42:2a:ac:7d:c9:97:47:89:8c:b2:91:f0:ae:25:
                    e7:d0:23:31:a0:92:6f:4c:bb:92:f1:ea:7e:6d:c1:
                    30:cb:23:3c:c4:ad:be:ab:a1:ac:29:b6:e1:e9:91:
                    0b:2d:3d:c9:38:88:e0:21:09:8e:7b:46:ee:f9:a1:
                    d3:87:7f:8a:6d:bb:7c:7f:f5:fb:4f:fb:11:11:68:
                    4c:48:da:bf:b2:25:75:5e:4a:b7:71:f9:36:5b:c1:
                    c5:6d:6c:ce:e6:ad:f6:27:57:be:c0:70:b5:32:1d:
                    d7:32:39:00:94:38:b8:97:c4:79:1d:11:a7:40:e9:
                    5f:f6:39:ac:98:fb:d9:1b:e1:61:ab:ea:28:1c:f7:
                    d7:db:99:35:00:7c:9d:e4:ec:90:89:57:c1:97:14:
                    89:91:25:e7:d7:5f:96:e9:60:d2:8c:bd:c1:24:da:
                    d1:56:63:df:18:eb:7d:9d:8d:b7:15:cb:dd:f4:3d:
                    5b:91:e3:6d:67:54:d3:b5:77:76:ea:6e:04:b2:cc:
                    69:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:12:57:0F:FC:C5:5B:D6:88:D7:E1:5A:93:0C:9F:48:4D:65:C9:91
            X509v3 Authority Key Identifier:
                keyid:EA:93:ED:FC:2A:A7:48:E4:98:10:50:EC:06:E3:A6:69:20:26:5E:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6pPt_CqnSOSYEFDsBuOmaSAmXhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/MBJXD_zFW9aI1-FakwyfSE1lyZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/0fd5f4-56c0-48ba-b02b-d138a9c4e43f/1/6pPt_CqnSOSYEFDsBuOmaSAmXhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2d:5f:2f:68:74:1d:a3:1d:ab:d7:64:1a:95:ea:f2:4a:4e:0e:
         39:06:ce:66:1d:23:86:6e:23:83:d2:af:e7:0b:25:cf:ad:85:
         4c:f0:0b:3b:9c:14:c9:67:a7:5c:0a:46:49:6c:eb:03:80:c4:
         34:60:38:93:f1:51:a9:f3:15:48:5f:5b:fc:18:37:bf:6a:66:
         ec:55:0b:5f:b0:e0:fe:3b:0e:49:8a:03:ce:e4:31:ec:48:8d:
         af:5a:cf:99:6d:8d:63:ed:44:ed:6c:83:0d:db:59:69:24:31:
         d4:27:c5:a7:fa:4e:23:99:bf:9b:16:b0:92:c4:a4:16:fb:33:
         0c:31:71:89:7e:aa:98:fa:10:79:fa:b6:4e:92:5c:77:ac:cc:
         1a:5c:9d:77:4b:73:3c:f5:a1:be:85:14:d8:e3:c4:06:cd:ec:
         3a:df:29:45:c2:30:da:37:f5:ef:10:5c:c2:0a:65:a0:55:68:
         f4:b8:ae:49:c1:c9:93:83:45:4c:ce:a1:16:f5:16:fe:56:d7:
         7c:27:e1:cd:08:07:6e:6f:f3:98:13:01:de:41:73:a2:43:5c:
         5f:53:0d:ec:84:1e:2e:c8:c4:72:83:ce:5c:25:4b:28:60:2d:
         64:fd:85:07:e7:ee:93:2a:40:fe:da:6a:aa:22:24:20:b6:1f:
         12:7f:9e:7c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks3h1WUt9oKP2FXQoleG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOTNlZGZjMmFhNzQ4ZTQ5ODEwNTBlYzA2ZTNhNjY5MjAy
NjVlMTcwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDEyNTcwZmZjYzU1YmQ2ODhkN2UxNWE5MzBjOWY0ODRkNjVjOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+m/525PCWQb+PCozv4Jp1ffZck1
5ssERU5OXiEkGe8WLl+RK67v9iOEsphGhQRAsHAO7ajVwXKl7pOhQiqsfcmXR4mM
spHwriXn0CMxoJJvTLuS8ep+bcEwyyM8xK2+q6GsKbbh6ZELLT3JOIjgIQmOe0bu
+aHTh3+Kbbt8f/X7T/sREWhMSNq/siV1Xkq3cfk2W8HFbWzO5q32J1e+wHC1Mh3X
MjkAlDi4l8R5HRGnQOlf9jmsmPvZG+Fhq+ooHPfX25k1AHyd5OyQiVfBlxSJkSXn
11+W6WDSjL3BJNrRVmPfGOt9nY23Fcvd9D1bkeNtZ1TTtXd26m4EssxpPQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDASVw/8xVvWiNfhWpMMn0hNZcmRMB8GA1UdIwQY
MBaAFOqT7fwqp0jkmBBQ7AbjpmkgJl4XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmIt
ZDEzOGE5YzRlNDNmLzEvTUJKWERfekZXOWFJMS1GYWt3eWZTRTFseVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wZmQ1ZjQtNTZjMC00OGJhLWIwMmItZDEzOGE5YzRlNDNm
LzEvNnBQdF9DcW5TT1NZRUZEc0J1T21hU0FtWGhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEgwDQYJ
KoZIhvcNAQELBQADggEBAC1fL2h0HaMdq9dkGpXq8kpODjkGzmYdI4ZuI4PSr+cL
Jc+thUzwCzucFMlnp1wKRkls6wOAxDRgOJPxUanzFUhfW/wYN79qZuxVC1+w4P47
DkmKA87kMexIja9az5ltjWPtRO1sgw3bWWkkMdQnxaf6TiOZv5sWsJLEpBb7Mwwx
cYl+qpj6EHn6tk6SXHeszBpcnXdLczz1ob6FFNjjxAbN7DrfKUXCMNo39e8QXMIK
ZaBVaPS4rknByZODRUzOoRb1Fv5W13wn4c0IB25v85gTAd5Bc6JDXF9TDeyEHi7I
xHKDzlwlSyhgLWT9hQfn7pMqQP7aaqoiJCC2HxJ/nnw=
-----END CERTIFICATE-----