Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/mKsKKQCdLodyBncOeNIhWtaYAoQ.roa
File:                     mKsKKQCdLodyBncOeNIhWtaYAoQ.roa (raw, json)
Hash identifier:          fizUUsz/TAb+LHuegB83yr/hnzwxKplkZhpso2ufXV4=
Subject key identifier:   98:AB:0A:29:00:9D:2E:87:72:06:77:0E:78:D2:21:5A:D6:98:02:84
Certificate issuer:       /CN=dc8cb4a11cabac204adfb8a5b587e32fee4a1b55
Certificate serial:       019420D65505E1AFBC516528FC91F6152302
Authority key identifier: DC:8C:B4:A1:1C:AB:AC:20:4A:DF:B8:A5:B5:87:E3:2F:EE:4A:1B:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Iy0oRyrrCBK37iltYfjL-5KG1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/mKsKKQCdLodyBncOeNIhWtaYAoQ.roa
Signing time:             Wed 01 Jan 2025 07:48:24 +0000
ROA not before:           Wed 01 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204630
IP address blocks:        2a0d:4280::/29 maxlen: 29
                          2a0d:4280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/3Iy0oRyrrCBK37iltYfjL-5KG1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/3Iy0oRyrrCBK37iltYfjL-5KG1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Iy0oRyrrCBK37iltYfjL-5KG1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:55:05:e1:af:bc:51:65:28:fc:91:f6:15:23:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc8cb4a11cabac204adfb8a5b587e32fee4a1b55
        Validity
            Not Before: Jan  1 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98ab0a29009d2e877206770e78d2215ad6980284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4f:bf:b5:f9:9b:d8:94:42:f2:6f:9e:08:b6:
                    4a:ad:56:9b:8d:20:ca:d6:5b:d8:27:77:e4:d1:20:
                    6d:3b:98:f5:58:74:95:0a:e8:89:20:11:b9:88:1c:
                    83:da:31:45:0a:f7:c8:c0:e1:2a:9e:d2:f6:0f:b7:
                    9b:46:8d:ef:10:e6:8c:f4:f3:76:f5:c5:d6:38:d3:
                    6f:3c:ee:3d:12:7c:8d:19:ea:dd:96:ff:22:70:b2:
                    6a:b2:44:19:8e:f8:a4:6d:08:4a:2a:8a:72:63:5b:
                    2b:c3:19:92:c7:06:6a:9d:75:44:49:8d:0f:8c:e2:
                    9f:6d:3c:c5:0c:c8:bc:97:2b:f1:90:eb:5c:2e:02:
                    72:e9:7b:4c:a3:ba:dc:dd:22:52:07:cf:75:ce:2b:
                    98:9f:3c:a1:02:97:d7:8d:3b:82:08:3d:04:9b:bb:
                    70:2f:28:5f:14:10:db:91:f4:7b:f4:b8:95:cc:32:
                    67:96:26:f4:a3:30:c0:bd:01:65:d7:87:61:2d:31:
                    16:5a:96:c2:02:b9:19:43:b7:1e:95:c5:f6:6d:ea:
                    f8:f0:42:a6:f4:28:d9:27:7b:05:6e:e8:17:08:68:
                    53:fc:71:a5:67:a9:d4:5a:d5:ce:89:59:73:50:75:
                    12:a1:69:b0:95:c0:98:74:df:ba:08:ec:3b:a8:1c:
                    ec:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AB:0A:29:00:9D:2E:87:72:06:77:0E:78:D2:21:5A:D6:98:02:84
            X509v3 Authority Key Identifier:
                keyid:DC:8C:B4:A1:1C:AB:AC:20:4A:DF:B8:A5:B5:87:E3:2F:EE:4A:1B:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Iy0oRyrrCBK37iltYfjL-5KG1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/mKsKKQCdLodyBncOeNIhWtaYAoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/3Iy0oRyrrCBK37iltYfjL-5KG1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:23:e3:54:b3:b6:51:2b:bb:64:9e:2a:3a:55:55:c2:bf:e3:
         07:39:b0:24:3f:38:0f:bd:70:83:7b:f9:e9:46:b0:b5:8c:5f:
         6c:f9:02:81:b3:d3:09:14:94:df:03:50:57:fa:a5:d4:0c:fe:
         04:96:b1:29:63:8f:df:b5:ad:d5:5b:a7:03:38:43:63:b5:e3:
         84:f6:7b:91:bd:76:e1:0d:7a:aa:ea:52:5c:10:db:02:b6:b7:
         3e:57:45:be:2a:74:3d:aa:a1:58:1a:b0:4f:60:69:5b:52:e2:
         16:9b:84:e5:10:5f:b8:ce:d5:99:41:ab:4a:b7:68:b0:4f:d8:
         14:b2:f7:c8:60:db:86:6b:55:ea:18:b1:d8:84:68:25:e5:6b:
         99:a4:bc:55:c2:86:17:59:f9:1d:c9:fa:06:f2:63:4e:0b:35:
         a2:4e:79:fe:cf:3b:84:74:d8:4e:d6:86:19:d1:af:ff:24:e7:
         97:c4:07:7f:3a:f9:40:e5:22:df:bb:79:2c:64:50:ce:de:de:
         a4:17:0d:fe:4b:27:02:63:46:38:a4:d9:66:98:20:37:39:92:
         eb:c8:02:c2:2c:d4:7f:cf:b6:db:b1:18:93:f2:47:f5:f0:4b:
         fe:ba:43:c5:72:b2:4e:fc:b4:9b:c4:30:44:26:a9:c2:7f:3a:
         8b:b7:07:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQg1lUF4a+8UWUo/JH2FSMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOGNiNGExMWNhYmFjMjA0YWRmYjhhNWI1ODdlMzJmZWU0
YTFiNTUwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGFiMGEyOTAwOWQyZTg3NzIwNjc3MGU3OGQyMjE1YWQ2OTgwMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0+/tfmb2JRC8m+eCLZKrVabjSDK
1lvYJ3fk0SBtO5j1WHSVCuiJIBG5iByD2jFFCvfIwOEqntL2D7ebRo3vEOaM9PN2
9cXWONNvPO49EnyNGerdlv8icLJqskQZjvikbQhKKopyY1srwxmSxwZqnXVESY0P
jOKfbTzFDMi8lyvxkOtcLgJy6XtMo7rc3SJSB891ziuYnzyhApfXjTuCCD0Em7tw
LyhfFBDbkfR79LiVzDJnlib0ozDAvQFl14dhLTEWWpbCArkZQ7celcX2ber48EKm
9CjZJ3sFbugXCGhT/HGlZ6nUWtXOiVlzUHUSoWmwlcCYdN+6COw7qBzsAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJirCikAnS6HcgZ3DnjSIVrWmAKEMB8GA1UdIwQY
MBaAFNyMtKEcq6wgSt+4pbWH4y/uShtVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0l5MG9SeXJyQ0JLMzdpbHRZZmpMLTVLRzFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wZDkxOWYtYzBlNi00NzM1LTk4MDIt
OTlkNWUwN2JhZTc2LzEvbUtzS0tRQ2RMb2R5Qm5jT2VOSWhXdGFZQW9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wZDkxOWYtYzBlNi00NzM1LTk4MDItOTlkNWUwN2JhZTc2
LzEvM0l5MG9SeXJyQ0JLMzdpbHRZZmpMLTVLRzFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1CgDAN
BgkqhkiG9w0BAQsFAAOCAQEALCPjVLO2USu7ZJ4qOlVVwr/jBzmwJD84D71wg3v5
6UawtYxfbPkCgbPTCRSU3wNQV/ql1Az+BJaxKWOP37Wt1VunAzhDY7XjhPZ7kb12
4Q16qupSXBDbAra3PldFvip0PaqhWBqwT2BpW1LiFpuE5RBfuM7VmUGrSrdosE/Y
FLL3yGDbhmtV6hix2IRoJeVrmaS8VcKGF1n5Hcn6BvJjTgs1ok55/s87hHTYTtaG
GdGv/yTnl8QHfzr5QOUi37t5LGRQzt7epBcN/ksnAmNGOKTZZpggNzmS68gCwizU
f8+227EYk/JH9fBL/rpDxXKyTvy0m8QwRCapwn86i7cHkg==
-----END CERTIFICATE-----