Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/MygoE_jUZqBsScjcZdWAm0kE8gk.roa
File:                     MygoE_jUZqBsScjcZdWAm0kE8gk.roa (raw, json)
Hash identifier:          fHs0IvlW5BY3UiPw/q1n490w7b57j4vXfM7H33JKjfs=
Subject key identifier:   33:28:28:13:F8:D4:66:A0:6C:49:C8:DC:65:D5:80:9B:49:04:F2:09
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019427462848E46DA249D8F6FD1713F0A950
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/MygoE_jUZqBsScjcZdWAm0kE8gk.roa
Signing time:             Thu 02 Jan 2025 13:48:16 +0000
ROA not before:           Thu 02 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24239
IP address blocks:        2a05:1085::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:28:48:e4:6d:a2:49:d8:f6:fd:17:13:f0:a9:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33282813f8d466a06c49c8dc65d5809b4904f209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:29:b6:9b:2c:7d:6c:23:fb:f9:f3:15:83:57:
                    55:d5:07:93:fd:58:3f:e0:11:66:66:d6:2f:12:9e:
                    a8:de:72:2b:8a:af:cf:e8:2c:29:43:ba:5f:0b:9d:
                    38:c8:14:8f:66:05:13:d4:54:7c:a0:9f:40:1f:29:
                    13:f4:2d:82:5e:40:ce:37:a5:2e:ff:7d:60:0c:72:
                    95:78:43:b5:77:22:16:24:57:6e:a2:bf:47:ba:cc:
                    2f:ea:0d:84:b6:04:80:8f:dd:13:ca:43:d3:71:58:
                    8c:23:5e:f1:83:ca:40:08:f5:be:3b:d5:e4:0f:08:
                    77:4b:b7:e1:d2:55:fa:ec:25:89:39:36:35:5d:ab:
                    b8:b7:7d:68:6f:ba:bc:8d:7f:82:c2:e6:69:10:d5:
                    61:0b:b4:eb:2e:d7:25:20:3c:09:38:a7:a7:61:80:
                    cc:21:61:e5:c6:28:47:19:55:30:0c:3a:e3:4e:b1:
                    c5:0f:80:d7:f0:b4:0e:bb:8a:54:d4:39:43:31:db:
                    df:aa:f0:7f:0b:f6:a1:83:f0:37:ba:fb:5c:17:eb:
                    4a:ed:fc:f8:df:07:e6:44:32:b9:6a:6f:cc:df:c1:
                    8a:07:ec:07:96:ee:95:fe:43:35:b4:31:4f:87:56:
                    df:90:5d:9c:2e:8b:57:16:49:15:64:7c:43:f0:fa:
                    1a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:28:28:13:F8:D4:66:A0:6C:49:C8:DC:65:D5:80:9B:49:04:F2:09
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/MygoE_jUZqBsScjcZdWAm0kE8gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1085::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:3f:43:ab:26:1d:c3:fe:a1:73:ea:2f:8c:70:56:bc:86:82:
         0d:8c:ca:e3:6b:a8:55:ae:f6:b2:d5:d4:ca:5d:ca:a4:31:bf:
         7c:34:d8:9a:1c:4d:08:7d:e3:70:a3:7d:eb:7c:55:ac:20:82:
         bb:67:e7:99:97:f8:d8:0b:8f:47:da:83:b5:66:ff:24:1c:68:
         6c:ae:ff:51:d2:fe:89:c5:a7:65:89:1c:d2:4a:60:a4:03:1d:
         2a:51:13:55:d1:8d:a9:6d:76:18:0e:f0:71:4c:6d:40:33:61:
         2d:4e:8f:0c:10:49:d9:e6:e2:33:aa:9b:77:ce:68:88:6f:f3:
         e3:cc:3c:c2:b3:c6:4b:05:c6:57:27:5e:98:0e:01:dd:b8:30:
         df:fd:0a:9f:f3:b7:8d:f7:ad:81:ae:14:5a:21:52:57:c7:25:
         16:bf:68:45:73:a6:d8:94:eb:0a:3a:b4:5b:fe:37:37:ab:4e:
         22:94:c3:97:da:70:b5:26:9a:c4:75:be:73:a5:bd:ff:36:50:
         33:3b:f1:e3:ad:f0:e6:3e:6c:04:fa:5f:fc:a1:17:17:b2:a8:
         40:13:36:79:e0:28:4f:1c:14:e2:34:50:06:d1:8f:3b:5d:6d:
         85:f1:ff:dd:58:76:fa:a9:48:8b:52:dc:f1:6e:bb:a4:93:bc:
         cc:5c:dc:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnRihI5G2iSdj2/RcT8KlQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzI4MjgxM2Y4ZDQ2NmEwNmM0OWM4ZGM2NWQ1ODA5YjQ5MDRmMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlym2myx9bCP7+fMVg1dV1QeT/Vg/
4BFmZtYvEp6o3nIriq/P6CwpQ7pfC504yBSPZgUT1FR8oJ9AHykT9C2CXkDON6Uu
/31gDHKVeEO1dyIWJFduor9Huswv6g2EtgSAj90TykPTcViMI17xg8pACPW+O9Xk
Dwh3S7fh0lX67CWJOTY1Xau4t31ob7q8jX+CwuZpENVhC7TrLtclIDwJOKenYYDM
IWHlxihHGVUwDDrjTrHFD4DX8LQOu4pU1DlDMdvfqvB/C/ahg/A3uvtcF+tK7fz4
3wfmRDK5am/M38GKB+wHlu6V/kM1tDFPh1bfkF2cLotXFkkVZHxD8PoaiQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDMoKBP41GagbEnI3GXVgJtJBPIJMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvTXlnb0VfalVacUJzU2NqY1pkV0FtMGtFOGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQhTAN
BgkqhkiG9w0BAQsFAAOCAQEAhz9DqyYdw/6hc+ovjHBWvIaCDYzK42uoVa72stXU
yl3KpDG/fDTYmhxNCH3jcKN963xVrCCCu2fnmZf42AuPR9qDtWb/JBxobK7/UdL+
icWnZYkc0kpgpAMdKlETVdGNqW12GA7wcUxtQDNhLU6PDBBJ2ebiM6qbd85oiG/z
48w8wrPGSwXGVydemA4B3bgw3/0Kn/O3jfetga4UWiFSV8clFr9oRXOm2JTrCjq0
W/43N6tOIpTDl9pwtSaaxHW+c6W9/zZQMzvx463w5j5sBPpf/KEXF7KoQBM2eeAo
TxwU4jRQBtGPO11thfH/3Vh2+qlIi1Lc8W67pJO8zFzc6A==
-----END CERTIFICATE-----