Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/MJcx88_HCQr0GMiSkumKh_bLImU.roa
File:                     MJcx88_HCQr0GMiSkumKh_bLImU.roa (raw, json)
Hash identifier:          LTExJ0hwpcPyyZlqFnxWdebDXwIqnlB2PBCd2NeS1VA=
Subject key identifier:   30:97:31:F3:CF:C7:09:0A:F4:18:C8:92:92:E9:8A:87:F6:CB:22:65
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019425FDC54B7A6F2B51F6E7E660E904BE15
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/MJcx88_HCQr0GMiSkumKh_bLImU.roa
Signing time:             Thu 02 Jan 2025 07:49:35 +0000
ROA not before:           Thu 02 Jan 2025 07:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212778
IP address blocks:        2a07:3500:12c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c5:4b:7a:6f:2b:51:f6:e7:e6:60:e9:04:be:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 07:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=309731f3cfc7090af418c89292e98a87f6cb2265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:60:ce:cc:3e:26:4c:3c:7d:48:82:e9:2a:81:
                    92:cc:9b:1c:5b:35:15:3f:21:06:61:43:c4:3b:d0:
                    e2:6d:fa:eb:b6:f6:4b:bc:88:2b:b7:61:cd:26:2d:
                    28:7b:4b:44:d8:0f:ce:4b:ac:fe:99:20:a4:72:60:
                    18:48:c0:55:3b:8b:3c:1f:08:f8:e0:52:c7:53:bf:
                    48:50:c2:76:59:67:75:63:d9:46:3c:50:a9:d5:b3:
                    c2:e8:74:5e:36:cd:07:54:14:bd:56:74:6d:ea:e3:
                    bb:4c:a4:96:3b:6c:73:cf:21:f5:04:f6:d5:59:38:
                    da:5d:86:e8:93:59:59:40:62:83:b4:79:62:8b:45:
                    d0:46:92:19:cb:1c:77:40:77:00:8a:57:e3:bc:f0:
                    1a:f1:b1:3a:0f:82:bd:14:80:89:28:7d:6c:68:1a:
                    d8:2e:dd:1b:65:4b:ac:c8:3a:82:8e:f5:97:bb:c9:
                    28:68:a4:88:8b:e0:f5:5d:6d:a9:2a:41:bb:0f:21:
                    03:ba:01:c5:96:4e:d8:63:81:25:0f:81:7f:f9:2d:
                    a9:5d:43:1c:a5:7a:0b:5b:a2:6f:68:b0:38:23:44:
                    e2:fa:82:df:e0:90:e0:17:49:10:cc:2c:9d:f2:3d:
                    4e:a4:0c:cc:26:69:c9:38:22:6a:83:fc:68:93:c7:
                    ea:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:97:31:F3:CF:C7:09:0A:F4:18:C8:92:92:E9:8A:87:F6:CB:22:65
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/MJcx88_HCQr0GMiSkumKh_bLImU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:12c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:9e:c4:66:3a:3d:2f:0d:a2:71:f8:47:43:40:69:57:c0:2e:
         7c:55:ac:c6:3a:2a:8c:37:9e:ba:5b:fe:6b:b6:21:e8:d6:ef:
         9f:c0:d8:8a:d4:f6:f2:51:39:d1:2e:12:36:37:b0:11:32:90:
         50:c9:41:36:66:6f:17:6b:a9:9e:6c:10:d2:8f:03:09:d6:bf:
         ab:63:b9:c0:fd:ed:9f:86:db:6e:1d:16:23:32:89:5b:b1:06:
         0f:f9:d9:df:f7:12:a4:28:d9:a1:fa:84:3f:3d:86:86:e8:fa:
         f8:76:d0:41:e4:2e:60:d1:32:e5:ea:42:e6:b3:ba:b7:05:f5:
         0b:18:12:b9:fe:2b:1b:a1:0e:cc:ec:7b:79:7e:30:bb:0a:8c:
         ae:af:94:9a:7f:1e:1f:9f:62:0b:e7:a9:a2:8b:d2:6d:91:d9:
         a4:14:b1:e8:bc:8c:94:0b:0a:4a:98:3d:81:80:19:8f:d4:58:
         9f:20:8a:53:c9:ca:58:9f:67:90:8b:95:e6:01:0a:d4:f4:1e:
         ad:a9:ac:fd:f4:00:3f:aa:59:a5:7c:6d:19:09:f1:84:33:58:
         e1:f9:6b:de:b9:1e:00:32:5a:d6:e9:4d:82:d9:a4:74:7e:07:
         09:c8:b0:07:91:e1:bf:7e:72:d3:e2:fd:13:0b:1a:78:0f:a3:
         af:ef:75:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/cVLem8rUfbn5mDpBL4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk3MzFmM2NmYzcwOTBhZjQxOGM4OTI5MmU5OGE4N2Y2Y2IyMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGDOzD4mTDx9SILpKoGSzJscWzUV
PyEGYUPEO9DibfrrtvZLvIgrt2HNJi0oe0tE2A/OS6z+mSCkcmAYSMBVO4s8Hwj4
4FLHU79IUMJ2WWd1Y9lGPFCp1bPC6HReNs0HVBS9VnRt6uO7TKSWO2xzzyH1BPbV
WTjaXYbok1lZQGKDtHlii0XQRpIZyxx3QHcAilfjvPAa8bE6D4K9FICJKH1saBrY
Lt0bZUusyDqCjvWXu8koaKSIi+D1XW2pKkG7DyEDugHFlk7YY4ElD4F/+S2pXUMc
pXoLW6JvaLA4I0Ti+oLf4JDgF0kQzCyd8j1OpAzMJmnJOCJqg/xok8fq2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDCXMfPPxwkK9BjIkpLpiof2yyJlMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvTUpjeDg4X0hDUXIwR01pU2t1bUtoX2JMSW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABLA
MA0GCSqGSIb3DQEBCwUAA4IBAQAznsRmOj0vDaJx+EdDQGlXwC58VazGOiqMN566
W/5rtiHo1u+fwNiK1PbyUTnRLhI2N7ARMpBQyUE2Zm8Xa6mebBDSjwMJ1r+rY7nA
/e2fhttuHRYjMolbsQYP+dnf9xKkKNmh+oQ/PYaG6Pr4dtBB5C5g0TLl6kLms7q3
BfULGBK5/isboQ7M7Ht5fjC7Coyur5Safx4fn2IL56mii9JtkdmkFLHovIyUCwpK
mD2BgBmP1FifIIpTycpYn2eQi5XmAQrU9B6tqaz99AA/qlmlfG0ZCfGEM1jh+Wve
uR4AMlrW6U2C2aR0fgcJyLAHkeG/fnLT4v0TCxp4D6Ov73X0
-----END CERTIFICATE-----