Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/MpEivG697HSgboMFrW97Gh0ERrk.roa
File:                     MpEivG697HSgboMFrW97Gh0ERrk.roa (raw, json)
Hash identifier:          uDIEv1yFQXrRPLR88MRcozQnDHhbLOz0YK7ewF6y1MQ=
Subject key identifier:   32:91:22:BC:6E:BD:EC:74:A0:6E:83:05:AD:6F:7B:1A:1D:04:46:B9
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       019428271799AE1C7D1B89604046ACACA98A
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/MpEivG697HSgboMFrW97Gh0ERrk.roa
Signing time:             Thu 02 Jan 2025 17:53:57 +0000
ROA not before:           Thu 02 Jan 2025 17:53:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142289
IP address blocks:        2a0e:46c4:106::/48 maxlen: 48
                          2a0e:46c4:2c10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:17:99:ae:1c:7d:1b:89:60:40:46:ac:ac:a9:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=329122bc6ebdec74a06e8305ad6f7b1a1d0446b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:00:4e:b6:8e:bc:b9:4e:b3:c4:ca:a1:00:46:
                    8a:42:69:23:33:d9:24:5e:b2:31:0d:c5:8b:a9:03:
                    ea:a8:a6:47:25:e2:84:ec:9a:ae:6d:0c:47:cd:bf:
                    32:d4:c9:28:78:74:ea:a6:12:a8:be:29:3e:d5:b1:
                    3d:8a:52:b1:17:bc:ec:09:f2:ff:6f:d4:1f:e6:65:
                    58:fe:1b:88:a0:7b:c0:d4:62:ab:72:84:94:04:23:
                    75:77:b6:fa:1b:e2:bf:8d:03:a1:37:2d:8f:eb:cb:
                    5a:9f:4d:56:17:b3:31:13:ff:ea:c1:aa:f8:b3:41:
                    3f:b8:e7:08:75:69:9e:57:d7:89:cc:b2:4f:ee:9d:
                    74:be:37:11:85:18:1c:f7:03:3f:51:a3:8a:e4:57:
                    7c:99:cb:f0:0b:15:04:a0:05:9b:f7:24:c5:fc:2e:
                    76:17:b9:61:14:be:50:7d:c7:42:19:7f:c8:93:ba:
                    7f:08:d6:a7:5a:2c:5f:09:3f:1a:c7:69:47:78:81:
                    2b:ba:e7:10:be:8c:46:ad:59:7c:da:a6:b7:9f:b9:
                    2f:43:bf:58:36:b1:43:2c:5f:6d:d9:5b:1f:51:08:
                    db:fb:a0:d7:b8:d3:97:49:2b:4f:e8:4b:46:12:39:
                    94:5d:d5:c1:3f:9c:6f:82:62:f7:13:99:c8:fa:29:
                    f5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:91:22:BC:6E:BD:EC:74:A0:6E:83:05:AD:6F:7B:1A:1D:04:46:B9
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/MpEivG697HSgboMFrW97Gh0ERrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:106::/48
                  2a0e:46c4:2c10::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:a4:41:fb:61:1f:38:f6:f6:5e:ea:3b:66:3b:27:6e:c2:89:
         26:c5:24:3f:c0:37:42:83:49:39:0f:a0:7c:7b:bd:ac:e9:3f:
         66:85:be:1b:3e:e4:b5:fe:c4:3d:52:c7:fa:1a:93:55:22:7a:
         e0:3f:fc:13:fc:01:b8:67:e9:91:98:99:35:94:98:6f:3a:83:
         e3:31:02:da:38:ac:20:c0:72:49:00:58:f4:c4:c6:ff:bc:ef:
         7c:98:e6:0e:6d:34:79:e0:6c:61:4a:37:da:fb:46:f1:80:19:
         05:6d:01:56:01:a4:b4:64:9f:16:8b:18:43:23:f2:ae:50:0d:
         cd:a5:06:0f:d1:7d:9f:91:d4:9c:17:2b:b3:fd:86:24:34:41:
         de:1a:8b:85:62:f0:27:f9:9e:47:07:9c:27:15:33:d0:a6:58:
         97:cb:2d:5a:c5:ec:d8:37:93:dc:dc:a7:5e:9d:2c:46:f2:6c:
         56:fe:c1:a2:84:eb:95:10:25:ce:e0:32:62:08:9e:72:86:23:
         94:4b:cf:ba:e9:7f:75:19:ae:cf:ad:b3:42:b0:0f:b6:8c:37:
         03:8f:d3:52:29:39:45:8c:ea:a4:b1:fd:a2:cf:00:df:95:51:
         3d:0b:10:7d:80:7c:d4:1f:c7:4d:e9:1c:83:1c:87:3c:a8:58:
         5f:17:68:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJxeZrhx9G4lgQEasrKmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjkxMjJiYzZlYmRlYzc0YTA2ZTgzMDVhZDZmN2IxYTFkMDQ0NmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQBOto68uU6zxMqhAEaKQmkjM9kk
XrIxDcWLqQPqqKZHJeKE7JqubQxHzb8y1MkoeHTqphKovik+1bE9ilKxF7zsCfL/
b9Qf5mVY/huIoHvA1GKrcoSUBCN1d7b6G+K/jQOhNy2P68tan01WF7MxE//qwar4
s0E/uOcIdWmeV9eJzLJP7p10vjcRhRgc9wM/UaOK5Fd8mcvwCxUEoAWb9yTF/C52
F7lhFL5QfcdCGX/Ik7p/CNanWixfCT8ax2lHeIEruucQvoxGrVl82qa3n7kvQ79Y
NrFDLF9t2VsfUQjb+6DXuNOXSStP6EtGEjmUXdXBP5xvgmL3E5nI+in1bQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDKRIrxuvex0oG6DBa1vexodBEa5MB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvTXBFaXZHNjk3SFNnYm9NRnJXOTdHaDBFUnJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg5GxAEG
AwcEKg5GxCwQMA0GCSqGSIb3DQEBCwUAA4IBAQBkpEH7YR849vZe6jtmOyduwokm
xSQ/wDdCg0k5D6B8e72s6T9mhb4bPuS1/sQ9Usf6GpNVInrgP/wT/AG4Z+mRmJk1
lJhvOoPjMQLaOKwgwHJJAFj0xMb/vO98mOYObTR54GxhSjfa+0bxgBkFbQFWAaS0
ZJ8WixhDI/KuUA3NpQYP0X2fkdScFyuz/YYkNEHeGouFYvAn+Z5HB5wnFTPQpliX
yy1axezYN5Pc3KdenSxG8mxW/sGihOuVECXO4DJiCJ5yhiOUS8+66X91Ga7PrbNC
sA+2jDcDj9NSKTlFjOqksf2izwDflVE9CxB9gHzUH8dN6RyDHIc8qFhfF2gj
-----END CERTIFICATE-----