Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/mGTkxLlo5twAB2QgqB5ilQYJtO4.roa
File:                     mGTkxLlo5twAB2QgqB5ilQYJtO4.roa (raw, json)
Hash identifier:          fPA/Yeuja5WOsyOYZlnkzl6hkOwS7/KypdtUouZ8aUg=
Subject key identifier:   98:64:E4:C4:B9:68:E6:DC:00:07:64:20:A8:1E:62:95:06:09:B4:EE
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019721C47DEE630A35E8C98D80460B205B4D
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/mGTkxLlo5twAB2QgqB5ilQYJtO4.roa
Signing time:             Fri 30 May 2025 15:16:54 +0000
ROA not before:           Fri 30 May 2025 15:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        2001:3380::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:21:c4:7d:ee:63:0a:35:e8:c9:8d:80:46:0b:20:5b:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: May 30 15:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9864e4c4b968e6dc00076420a81e62950609b4ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:04:00:41:b8:0e:de:52:b1:28:10:c4:02:6d:
                    af:0e:e1:9c:e2:08:96:f5:b0:46:dd:3c:48:e9:2d:
                    88:5c:2c:46:9e:de:cf:a6:27:8b:65:6b:0d:c4:77:
                    3b:de:bb:38:9b:c1:88:f7:59:4d:2f:a2:40:5e:6d:
                    5e:b7:b0:84:27:c9:03:f0:cd:6e:e7:55:cf:ae:3c:
                    1e:fe:7e:b4:b6:0c:7b:28:d1:40:48:05:c7:09:4d:
                    08:73:9b:e8:97:fd:8a:39:b7:88:52:d6:a0:57:e4:
                    45:bf:9e:5c:ab:3a:75:42:3b:cf:47:c5:7d:c3:c6:
                    ba:4c:ce:49:55:02:60:8a:cd:f9:d8:2b:f4:86:91:
                    bc:f4:3d:22:9d:84:69:9b:bd:7a:5c:59:89:cd:ef:
                    25:cb:71:cc:76:44:83:00:28:6a:42:1e:65:5d:e8:
                    64:4c:1f:3a:71:25:b8:50:14:6a:84:82:89:22:4b:
                    1c:86:18:b3:9c:5f:7a:92:90:55:18:d3:0c:99:2d:
                    c1:23:f6:48:8a:6d:64:79:b2:60:e1:f7:e2:bc:39:
                    ce:75:e2:6b:ed:02:1c:39:56:dc:ff:3e:e1:76:84:
                    34:d6:4b:4c:8f:10:a7:6f:74:4a:61:ca:e7:8d:13:
                    de:30:c2:6c:3b:01:e8:e1:e9:67:bc:0e:14:b9:b9:
                    fd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:64:E4:C4:B9:68:E6:DC:00:07:64:20:A8:1E:62:95:06:09:B4:EE
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/mGTkxLlo5twAB2QgqB5ilQYJtO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3380::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:b9:c1:2b:64:23:f7:42:55:04:5c:d9:42:57:3f:27:b0:23:
         24:f6:8c:ea:a0:dc:d2:86:b0:7e:6d:ba:d8:fe:2e:cf:d0:53:
         8f:b1:3e:c0:54:94:f1:0b:ed:cc:11:cb:19:b3:ce:8f:77:65:
         5b:a5:3c:29:57:da:21:3b:21:05:73:c4:4c:42:90:4c:39:da:
         60:71:e8:02:68:95:20:60:e6:67:02:ea:8c:bd:51:03:97:28:
         5f:b1:4b:1e:b5:5a:ee:91:f1:e3:fe:41:63:dd:a9:4d:e3:09:
         fb:3b:05:b4:b3:1a:78:ef:4c:ca:d7:b8:b1:90:ca:5d:7f:da:
         d2:ee:64:c4:90:ed:fc:3f:ef:eb:28:44:ed:1f:be:0a:f1:95:
         d8:7d:a8:9b:72:d7:e0:6c:85:58:84:31:4e:5a:25:45:06:01:
         8e:cb:e5:ff:3f:71:10:bd:32:cc:63:54:ae:69:db:87:79:31:
         44:79:32:44:7a:93:54:92:71:93:cf:82:de:b0:b8:84:9a:7d:
         ef:91:b0:51:ab:29:dd:2e:df:cc:e0:ea:a6:ce:8b:d0:cd:f0:
         69:48:6d:28:3b:0f:ff:66:1e:c1:7f:54:18:8a:03:af:23:b7:
         53:5f:0a:f3:a6:63:98:1e:c6:78:4e:bf:f6:fb:f5:e8:21:27:
         3b:71:7d:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZchxH3uYwo16MmNgEYLIFtNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNTMwMTUxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY0ZTRjNGI5NjhlNmRjMDAwNzY0MjBhODFlNjI5NTA2MDliNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gQAQbgO3lKxKBDEAm2vDuGc4giW
9bBG3TxI6S2IXCxGnt7PpieLZWsNxHc73rs4m8GI91lNL6JAXm1et7CEJ8kD8M1u
51XPrjwe/n60tgx7KNFASAXHCU0Ic5vol/2KObeIUtagV+RFv55cqzp1QjvPR8V9
w8a6TM5JVQJgis352Cv0hpG89D0inYRpm716XFmJze8ly3HMdkSDAChqQh5lXehk
TB86cSW4UBRqhIKJIkschhiznF96kpBVGNMMmS3BI/ZIim1kebJg4ffivDnOdeJr
7QIcOVbc/z7hdoQ01ktMjxCnb3RKYcrnjRPeMMJsOwHo4elnvA4Uubn9KQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJhk5MS5aObcAAdkIKgeYpUGCbTuMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvbUdUa3hMbG81dHdBQjJRZ3FCNWlsUVlKdE80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAEzgDAN
BgkqhkiG9w0BAQsFAAOCAQEAW7nBK2Qj90JVBFzZQlc/J7AjJPaM6qDc0oawfm26
2P4uz9BTj7E+wFSU8QvtzBHLGbPOj3dlW6U8KVfaITshBXPETEKQTDnaYHHoAmiV
IGDmZwLqjL1RA5coX7FLHrVa7pHx4/5BY92pTeMJ+zsFtLMaeO9Myte4sZDKXX/a
0u5kxJDt/D/v6yhE7R++CvGV2H2om3LX4GyFWIQxTlolRQYBjsvl/z9xEL0yzGNU
rmnbh3kxRHkyRHqTVJJxk8+C3rC4hJp975GwUasp3S7fzODqps6L0M3waUhtKDsP
/2YewX9UGIoDryO3U18K86ZjmB7GeE6/9vv16CEnO3F9hw==
-----END CERTIFICATE-----