Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/cec119-4c99-4158-99f1-659c671911f1/1/MHGZA5Y3PVpWBImn85tARMZRftQ.roa
File:                     MHGZA5Y3PVpWBImn85tARMZRftQ.roa (raw, json)
Hash identifier:          bnJhZwRrO7KGALVUCy1om+i/htb3dvM6lJ1uAmGl2G8=
Subject key identifier:   30:71:99:03:96:37:3D:5A:56:04:89:A7:F3:9B:40:44:C6:51:7E:D4
Certificate issuer:       /CN=40cd5a5038d5e12fe1c9d9f5c8664074c3dd0ac7
Certificate serial:       019512261D4DE1947434CDD6108BE76ED13F
Authority key identifier: 40:CD:5A:50:38:D5:E1:2F:E1:C9:D9:F5:C8:66:40:74:C3:DD:0A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QM1aUDjV4S_hydn1yGZAdMPdCsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/cec119-4c99-4158-99f1-659c671911f1/1/MHGZA5Y3PVpWBImn85tARMZRftQ.roa
Signing time:             Mon 17 Feb 2025 04:24:02 +0000
ROA not before:           Mon 17 Feb 2025 04:24:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a10:afc0::/29 maxlen: 48
                          2a10:afc1:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/cec119-4c99-4158-99f1-659c671911f1/1/QM1aUDjV4S_hydn1yGZAdMPdCsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/cec119-4c99-4158-99f1-659c671911f1/1/QM1aUDjV4S_hydn1yGZAdMPdCsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QM1aUDjV4S_hydn1yGZAdMPdCsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:12:26:1d:4d:e1:94:74:34:cd:d6:10:8b:e7:6e:d1:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40cd5a5038d5e12fe1c9d9f5c8664074c3dd0ac7
        Validity
            Not Before: Feb 17 04:24:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3071990396373d5a560489a7f39b4044c6517ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5f:8c:cc:ee:6e:3a:92:9f:84:64:58:83:58:
                    2f:a6:ae:80:fd:f6:f8:fb:a5:28:5b:81:75:4f:16:
                    39:52:a7:34:22:83:1d:28:5c:e5:86:46:7f:74:d5:
                    e3:08:56:ed:5e:c1:88:6f:22:a9:76:21:f2:30:54:
                    4e:38:6c:e3:f3:85:cb:a0:fa:cf:e9:29:86:d7:35:
                    b3:0a:a4:6f:d3:70:a0:c4:86:5f:28:98:00:63:0d:
                    8d:7a:90:04:05:7d:41:34:55:66:09:00:b1:a2:5c:
                    56:07:bf:48:52:d7:9d:a9:2a:37:9d:64:7b:06:cb:
                    ac:0f:2f:20:52:b9:e7:b0:9c:09:ba:21:dc:fb:03:
                    5f:62:97:3a:5d:09:f3:2f:41:9f:62:85:4e:93:88:
                    0d:71:b9:49:b2:6f:cb:3a:9a:14:b2:90:7b:3c:d6:
                    33:0b:fe:5d:6d:45:1e:56:48:e8:8f:30:85:4a:2f:
                    29:18:76:1a:40:c0:19:3c:69:9a:b7:8c:a9:c0:da:
                    fc:f1:3e:f6:7e:00:ab:61:f7:ed:7d:3c:ea:c8:50:
                    bf:ef:4b:af:7a:ee:4f:63:43:37:81:fb:03:73:c8:
                    bf:80:73:96:2d:62:11:f7:f5:e9:30:77:e6:0d:9c:
                    43:e2:74:17:4f:a6:0c:4a:98:55:2d:1b:a5:ab:1f:
                    fc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:71:99:03:96:37:3D:5A:56:04:89:A7:F3:9B:40:44:C6:51:7E:D4
            X509v3 Authority Key Identifier:
                keyid:40:CD:5A:50:38:D5:E1:2F:E1:C9:D9:F5:C8:66:40:74:C3:DD:0A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QM1aUDjV4S_hydn1yGZAdMPdCsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cec119-4c99-4158-99f1-659c671911f1/1/MHGZA5Y3PVpWBImn85tARMZRftQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/cec119-4c99-4158-99f1-659c671911f1/1/QM1aUDjV4S_hydn1yGZAdMPdCsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:afc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:64:af:f2:49:a2:ed:79:52:2c:35:e4:00:aa:51:d7:41:da:
         ad:d0:98:00:ed:d5:15:2d:1d:06:01:4b:c7:e2:bf:05:1e:51:
         9c:4d:40:6d:e3:61:19:b5:fa:34:dd:e0:69:1c:01:00:a5:60:
         0e:a0:07:91:1b:ed:00:ac:f1:c9:04:50:88:ec:0c:42:3b:56:
         83:84:18:e3:eb:b5:34:0a:fe:6b:37:8c:ee:6d:96:8c:97:89:
         45:6a:0a:c5:d8:20:ea:2b:32:e4:33:a9:d7:dd:b8:98:c5:7b:
         5c:c9:2e:ce:85:fc:74:61:78:14:a3:10:a9:92:22:4e:1c:02:
         63:9a:b4:38:f0:c2:e3:a4:9f:59:20:76:83:7a:27:15:3e:70:
         6f:bb:6f:d4:40:bd:ba:f2:36:e5:e4:2f:25:05:d3:3d:ba:99:
         e2:4e:d0:4c:7d:56:78:c0:55:2e:2e:dc:63:c8:07:ab:47:4f:
         77:50:59:d6:ed:92:e0:98:82:d7:03:1a:aa:d5:c7:7f:ee:92:
         ee:87:bf:c5:86:61:c8:3e:fa:99:96:43:8a:52:a3:98:33:3b:
         f2:8c:25:23:ed:ad:9d:cc:f9:94:2a:27:72:c6:20:5f:de:4f:
         0a:9d:2a:55:80:05:97:2f:54:f2:aa:29:3c:32:56:01:42:61:
         5b:ab:18:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZUSJh1N4ZR0NM3WEIvnbtE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwY2Q1YTUwMzhkNWUxMmZlMWM5ZDlmNWM4NjY0MDc0YzNk
ZDBhYzcwHhcNMjUwMjE3MDQyNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDcxOTkwMzk2MzczZDVhNTYwNDg5YTdmMzliNDA0NGM2NTE3ZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1V+MzO5uOpKfhGRYg1gvpq6A/fb4
+6UoW4F1TxY5Uqc0IoMdKFzlhkZ/dNXjCFbtXsGIbyKpdiHyMFROOGzj84XLoPrP
6SmG1zWzCqRv03CgxIZfKJgAYw2NepAEBX1BNFVmCQCxolxWB79IUtedqSo3nWR7
BsusDy8gUrnnsJwJuiHc+wNfYpc6XQnzL0GfYoVOk4gNcblJsm/LOpoUspB7PNYz
C/5dbUUeVkjojzCFSi8pGHYaQMAZPGmat4ypwNr88T72fgCrYfftfTzqyFC/70uv
eu5PY0M3gfsDc8i/gHOWLWIR9/XpMHfmDZxD4nQXT6YMSphVLRulqx/8SQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDBxmQOWNz1aVgSJp/ObQETGUX7UMB8GA1UdIwQY
MBaAFEDNWlA41eEv4cnZ9chmQHTD3QrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU0xYVVEalY0U19oeWRuMXlHWkFkTVBkQ3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9jZWMxMTktNGM5OS00MTU4LTk5ZjEt
NjU5YzY3MTkxMWYxLzEvTUhHWkE1WTNQVnBXQkltbjg1dEFSTVpSZnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9jZWMxMTktNGM5OS00MTU4LTk5ZjEtNjU5YzY3MTkxMWYx
LzEvUU0xYVVEalY0U19oeWRuMXlHWkFkTVBkQ3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCvwDAN
BgkqhkiG9w0BAQsFAAOCAQEACmSv8kmi7XlSLDXkAKpR10HardCYAO3VFS0dBgFL
x+K/BR5RnE1AbeNhGbX6NN3gaRwBAKVgDqAHkRvtAKzxyQRQiOwMQjtWg4QY4+u1
NAr+azeM7m2WjJeJRWoKxdgg6isy5DOp1924mMV7XMkuzoX8dGF4FKMQqZIiThwC
Y5q0OPDC46SfWSB2g3onFT5wb7tv1EC9uvI25eQvJQXTPbqZ4k7QTH1WeMBVLi7c
Y8gHq0dPd1BZ1u2S4JiC1wMaqtXHf+6S7oe/xYZhyD76mZZDilKjmDM78owlI+2t
ncz5lConcsYgX95PCp0qVYAFly9U8qopPDJWAUJhW6sYeQ==
-----END CERTIFICATE-----