Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/MFslxU9jklG_nlHqOQzlLoO-78s.roa
File:                     MFslxU9jklG_nlHqOQzlLoO-78s.roa (raw, json)
Hash identifier:          ufgeo3WhjRd2JmkZkV7qDxvZtz1IkleRju1hy5drCk4=
Subject key identifier:   30:5B:25:C5:4F:63:92:51:BF:9E:51:EA:39:0C:E5:2E:83:BE:EF:CB
Certificate issuer:       /CN=d588212bf5dace1080dc45e2c55b92ff85c6c192
Certificate serial:       019465EF077FB9CF910CA2470A944ACC4ECE
Authority key identifier: D5:88:21:2B:F5:DA:CE:10:80:DC:45:E2:C5:5B:92:FF:85:C6:C1:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YghK_XazhCA3EXixVuS_4XGwZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/MFslxU9jklG_nlHqOQzlLoO-78s.roa
Signing time:             Tue 14 Jan 2025 17:49:11 +0000
ROA not before:           Tue 14 Jan 2025 17:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207266
IP address blocks:        2a01:8840:cd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/1YghK_XazhCA3EXixVuS_4XGwZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/1YghK_XazhCA3EXixVuS_4XGwZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YghK_XazhCA3EXixVuS_4XGwZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:ef:07:7f:b9:cf:91:0c:a2:47:0a:94:4a:cc:4e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d588212bf5dace1080dc45e2c55b92ff85c6c192
        Validity
            Not Before: Jan 14 17:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=305b25c54f639251bf9e51ea390ce52e83beefcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c5:7b:82:9b:7d:0d:d9:06:9d:81:33:e0:9d:
                    49:62:59:7b:d0:ad:f4:50:3b:1d:bf:5e:43:e6:3f:
                    f9:03:2c:69:bf:55:5b:43:3c:a6:2b:cb:67:80:c1:
                    8e:12:13:9c:86:5e:2d:f3:a0:49:dd:c5:54:18:ec:
                    96:8c:e9:22:71:84:69:d0:3d:87:b3:9c:b3:4e:f2:
                    37:c9:49:cc:3f:af:e6:e7:dd:d7:de:e4:09:d1:c9:
                    5a:70:58:b4:a5:59:83:b9:77:36:6e:8a:2c:40:00:
                    46:7c:5e:2a:df:77:5b:70:0f:3a:4e:76:3d:47:2b:
                    bd:84:01:20:dd:30:80:75:c7:18:b3:12:c5:f1:60:
                    ea:f5:69:a1:38:67:af:2a:38:dd:79:56:22:38:a7:
                    38:dc:b8:c7:40:e6:b3:d6:8b:c1:c8:ee:5f:ca:4b:
                    de:d4:bc:a4:da:aa:c0:46:1b:a4:44:8e:ff:0f:3f:
                    f6:6c:56:58:c4:5c:64:d8:c3:89:b8:3a:96:ce:06:
                    93:1f:fc:d9:15:d7:a8:c6:5c:6b:18:2f:f7:3c:05:
                    5f:8d:27:1d:82:39:3a:c9:4b:57:e7:c8:a0:f4:9a:
                    f8:8c:41:b1:01:66:0e:1b:e0:9c:6e:e2:8b:66:d9:
                    d7:47:03:b2:13:82:5d:c7:8f:1a:b7:b8:e7:94:79:
                    ef:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:5B:25:C5:4F:63:92:51:BF:9E:51:EA:39:0C:E5:2E:83:BE:EF:CB
            X509v3 Authority Key Identifier:
                keyid:D5:88:21:2B:F5:DA:CE:10:80:DC:45:E2:C5:5B:92:FF:85:C6:C1:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YghK_XazhCA3EXixVuS_4XGwZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/MFslxU9jklG_nlHqOQzlLoO-78s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/1YghK_XazhCA3EXixVuS_4XGwZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8840:cd::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:25:e0:60:ca:b9:59:9f:79:a8:32:6b:18:4c:76:ac:2d:57:
         b9:5e:25:08:69:4f:94:02:a6:6b:6a:dc:de:81:d6:42:ba:d1:
         14:fe:97:07:9d:8a:cd:62:90:34:69:49:fd:7c:74:86:40:1e:
         74:91:03:74:9a:9f:00:f3:50:65:05:52:e9:ff:dd:d2:9e:ca:
         90:4d:02:f4:cb:8b:65:34:2b:4d:68:b7:23:41:71:48:6f:a3:
         59:14:b4:55:e4:c1:58:8d:50:aa:41:e4:81:01:3a:64:b5:94:
         e4:81:b4:5a:1f:a8:59:bf:14:e3:1e:e9:11:ed:9d:9b:54:34:
         a5:6a:af:57:cf:66:d1:43:3c:ff:98:84:95:9a:7b:98:4c:16:
         2d:41:a3:56:b8:99:6c:2f:cf:fa:42:3b:66:24:a0:fc:a6:5c:
         01:12:cc:93:56:7d:d6:94:b3:45:7c:df:8e:e0:87:5e:5c:13:
         86:68:d5:a8:ae:74:6e:b3:42:50:f4:ac:00:04:06:c6:ea:1d:
         f3:c8:18:9a:93:60:f3:fc:6b:cf:d5:be:26:a1:55:c0:d0:26:
         f3:d0:f7:68:83:35:38:62:c4:a3:97:72:7b:2c:6e:52:5e:5f:
         3e:b7:44:27:0c:0d:60:cc:81:2f:8c:d5:65:7c:c2:db:b4:d5:
         98:78:ea:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRl7wd/uc+RDKJHCpRKzE7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODgyMTJiZjVkYWNlMTA4MGRjNDVlMmM1NWI5MmZmODVj
NmMxOTIwHhcNMjUwMTE0MTc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDViMjVjNTRmNjM5MjUxYmY5ZTUxZWEzOTBjZTUyZTgzYmVlZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8V7gpt9DdkGnYEz4J1JYll70K30
UDsdv15D5j/5Ayxpv1VbQzymK8tngMGOEhOchl4t86BJ3cVUGOyWjOkicYRp0D2H
s5yzTvI3yUnMP6/m593X3uQJ0clacFi0pVmDuXc2boosQABGfF4q33dbcA86TnY9
Ryu9hAEg3TCAdccYsxLF8WDq9WmhOGevKjjdeVYiOKc43LjHQOaz1ovByO5fykve
1Lyk2qrARhukRI7/Dz/2bFZYxFxk2MOJuDqWzgaTH/zZFdeoxlxrGC/3PAVfjScd
gjk6yUtX58ig9Jr4jEGxAWYOG+CcbuKLZtnXRwOyE4Jdx48at7jnlHnvQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDBbJcVPY5JRv55R6jkM5S6Dvu/LMB8GA1UdIwQY
MBaAFNWIISv12s4QgNxF4sVbkv+FxsGSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlnaEtfWGF6aENBM0VYaXhWdVNfNFhHd1pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8yMTEzNTQtZWJlNC00Nzk3LTk4ZjMt
MWIyYWMzNWMwOWFhLzEvTUZzbHhVOWprbEdfbmxIcU9RemxMb08tNzhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8yMTEzNTQtZWJlNC00Nzk3LTk4ZjMtMWIyYWMzNWMwOWFh
LzEvMVlnaEtfWGF6aENBM0VYaXhWdVNfNFhHd1pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgGIQADN
MA0GCSqGSIb3DQEBCwUAA4IBAQCXJeBgyrlZn3moMmsYTHasLVe5XiUIaU+UAqZr
atzegdZCutEU/pcHnYrNYpA0aUn9fHSGQB50kQN0mp8A81BlBVLp/93SnsqQTQL0
y4tlNCtNaLcjQXFIb6NZFLRV5MFYjVCqQeSBATpktZTkgbRaH6hZvxTjHukR7Z2b
VDSlaq9Xz2bRQzz/mISVmnuYTBYtQaNWuJlsL8/6QjtmJKD8plwBEsyTVn3WlLNF
fN+O4IdeXBOGaNWornRus0JQ9KwABAbG6h3zyBiak2Dz/GvP1b4moVXA0Cbz0Pdo
gzU4YsSjl3J7LG5SXl8+t0QnDA1gzIEvjNVlfMLbtNWYeOpm
-----END CERTIFICATE-----