Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MbEAXb6_OS8hto1HKKevKIUulZw.roa
File:                     MbEAXb6_OS8hto1HKKevKIUulZw.roa (raw, json)
Hash identifier:          DlxjyDSQcTrf+pgCgAp7B0j3LRM1qjwwMLi8irk4FS8=
Subject key identifier:   31:B1:00:5D:BE:BF:39:2F:21:B6:8D:47:28:A7:AF:28:85:2E:95:9C
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422204009A364E08566D1D869B72B220A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MbEAXb6_OS8hto1HKKevKIUulZw.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216022
IP address blocks:        2a10:7403::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:40:09:a3:64:e0:85:66:d1:d8:69:b7:2b:22:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31b1005dbebf392f21b68d4728a7af28852e959c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:99:03:1e:61:d5:fe:41:41:6e:f5:63:2e:0a:
                    65:2a:9a:4c:0e:dd:10:78:49:74:ee:f5:4b:a9:41:
                    cb:49:9a:fd:61:2b:7f:7f:c4:8a:2f:c4:e8:1a:9c:
                    03:b7:74:d1:7c:ea:98:eb:73:4b:e7:5d:b8:d8:e9:
                    68:23:40:78:6f:03:0d:aa:93:67:0d:d2:ab:19:e7:
                    39:a3:09:0c:4b:51:40:cf:1f:2f:48:3b:ac:2d:fe:
                    26:ce:a7:9b:8d:3b:39:5f:a1:46:8e:13:43:5b:07:
                    ab:67:a0:d5:00:33:49:ba:2b:7d:73:a3:91:b6:b6:
                    ae:23:a4:cf:35:20:6b:cb:8a:48:bd:c4:20:ed:ac:
                    21:86:91:af:53:ee:98:e7:67:53:b3:3d:66:90:ba:
                    dd:58:41:d6:02:1f:fc:02:7b:b0:76:ca:3f:12:c7:
                    97:5f:87:b3:c6:6d:a2:e0:b6:d5:bc:42:be:fd:5f:
                    13:6b:20:2e:a7:de:00:47:65:ab:10:12:09:c7:66:
                    7b:58:4d:da:1c:8a:41:b2:c8:cb:68:60:b1:91:ea:
                    43:8e:1a:f2:f1:0a:66:e8:01:6e:22:6e:e4:6b:71:
                    1c:78:2d:8d:b8:ac:71:7a:e1:58:0e:6b:23:ea:af:
                    70:b3:c9:9b:49:2e:8a:16:45:c2:0d:54:08:24:61:
                    e9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B1:00:5D:BE:BF:39:2F:21:B6:8D:47:28:A7:AF:28:85:2E:95:9C
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MbEAXb6_OS8hto1HKKevKIUulZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7403::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:e7:9c:7b:98:58:5a:29:9f:4b:4f:b2:4d:36:1c:3a:5d:8c:
         c4:62:1e:8b:f1:2f:86:7f:cd:ac:b6:ca:c9:44:b4:ad:8f:37:
         ab:6a:b7:74:18:9b:b8:ea:ea:70:db:bf:bb:de:d7:ec:44:94:
         f3:9a:70:4e:03:dd:c8:ee:d5:2f:60:49:90:32:36:c0:b0:3c:
         86:d5:45:04:3d:e1:c1:72:63:33:f4:55:70:55:90:d9:b8:99:
         30:0f:1c:d3:85:28:97:28:d4:1e:e5:42:6e:b6:83:d3:28:49:
         a2:f5:43:8d:c2:9c:f0:91:e4:8f:c0:50:61:3b:43:4d:ff:21:
         01:dd:4a:e2:9d:bb:42:a1:22:98:04:b6:b3:57:20:71:ae:49:
         c1:22:6c:d2:e3:64:2c:d1:a1:25:b2:bc:66:98:71:d8:c8:53:
         86:3e:6c:b5:de:5e:17:04:36:00:1e:75:78:d4:1c:29:a4:a8:
         42:23:b5:ec:81:e2:52:34:ac:12:f8:27:fb:3b:24:d2:3a:28:
         d1:51:b4:97:5b:a5:c9:fd:74:c5:bb:0d:99:e8:94:80:f7:f5:
         f9:e3:02:df:60:cf:76:c6:fa:85:02:10:dd:6a:da:30:a5:e6:
         0c:dc:8a:51:ee:6f:84:40:6c:e4:c5:ba:89:e3:8d:41:80:42:
         08:fc:1d:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiIEAJo2TghWbR2Gm3KyIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWIxMDA1ZGJlYmYzOTJmMjFiNjhkNDcyOGE3YWYyODg1MmU5NTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJkDHmHV/kFBbvVjLgplKppMDt0Q
eEl07vVLqUHLSZr9YSt/f8SKL8ToGpwDt3TRfOqY63NL51242OloI0B4bwMNqpNn
DdKrGec5owkMS1FAzx8vSDusLf4mzqebjTs5X6FGjhNDWwerZ6DVADNJuit9c6OR
trauI6TPNSBry4pIvcQg7awhhpGvU+6Y52dTsz1mkLrdWEHWAh/8Anuwdso/EseX
X4ezxm2i4LbVvEK+/V8TayAup94AR2WrEBIJx2Z7WE3aHIpBssjLaGCxkepDjhry
8Qpm6AFuIm7ka3EceC2NuKxxeuFYDmsj6q9ws8mbSS6KFkXCDVQIJGHpLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDGxAF2+vzkvIbaNRyinryiFLpWcMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTWJFQVhiNl9PUzhodG8xSEtLZXZLSVV1bFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhB0AzAN
BgkqhkiG9w0BAQsFAAOCAQEADuece5hYWimfS0+yTTYcOl2MxGIei/Evhn/NrLbK
yUS0rY83q2q3dBibuOrqcNu/u97X7ESU85pwTgPdyO7VL2BJkDI2wLA8htVFBD3h
wXJjM/RVcFWQ2biZMA8c04UolyjUHuVCbraD0yhJovVDjcKc8JHkj8BQYTtDTf8h
Ad1K4p27QqEimAS2s1cgca5JwSJs0uNkLNGhJbK8Zphx2MhThj5std5eFwQ2AB51
eNQcKaSoQiO17IHiUjSsEvgn+zsk0joo0VG0l1ulyf10xbsNmeiUgPf1+eMC32DP
dsb6hQIQ3WraMKXmDNyKUe5vhEBs5MW6ieONQYBCCPwdXg==
-----END CERTIFICATE-----