Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/MUFzu2CO3wUnHjDyHCkEFpQfdx8.roa
File:                     MUFzu2CO3wUnHjDyHCkEFpQfdx8.roa (raw, json)
Hash identifier:          mg5Q4JtU/+udGgE+RtqmCOfz3HbFM+dCwmGq1tMUKVg=
Subject key identifier:   31:41:73:BB:60:8E:DF:05:27:1E:30:F2:1C:29:04:16:94:1F:77:1F
Certificate issuer:       /CN=53f3590809d187f7b361fb24cd43f93f664b20b3
Certificate serial:       01917488B7A15B44237E4D57584C57FD45A1
Authority key identifier: 53:F3:59:08:09:D1:87:F7:B3:61:FB:24:CD:43:F9:3F:66:4B:20:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/MUFzu2CO3wUnHjDyHCkEFpQfdx8.roa
Signing time:             Wed 21 Aug 2024 10:43:22 +0000
ROA not before:           Wed 21 Aug 2024 10:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203917
IP address blocks:        2a09:6d41::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:88:b7:a1:5b:44:23:7e:4d:57:58:4c:57:fd:45:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f3590809d187f7b361fb24cd43f93f664b20b3
        Validity
            Not Before: Aug 21 10:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=314173bb608edf05271e30f21c290416941f771f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6b:da:f4:75:7b:4c:01:a6:42:54:58:54:c6:
                    3b:1e:43:f8:fb:9f:6b:76:ab:03:f8:48:89:1d:72:
                    4d:d1:f1:37:9e:9b:30:b2:1f:d4:e0:8c:11:90:c2:
                    c6:ed:13:80:6b:5c:21:89:c7:a1:f8:28:5f:f3:54:
                    77:39:09:84:15:9f:ff:17:49:31:6b:c3:16:74:f3:
                    44:64:c4:ab:68:66:d7:ae:b8:7d:46:2c:9b:bf:c8:
                    f2:88:0d:ca:92:4c:09:b9:2f:0f:00:d3:fb:fc:16:
                    de:0c:9c:11:d6:2a:9a:be:29:66:a9:d1:c0:2d:4d:
                    ed:58:aa:f2:8e:fb:5d:b8:bb:7e:3d:74:d1:2a:f0:
                    db:97:c6:98:e8:10:72:4d:cc:58:48:aa:72:99:a2:
                    68:ae:fa:b0:99:b4:14:d0:29:0b:b1:99:1f:eb:5e:
                    fc:6c:9f:c6:71:ac:44:7e:02:d7:a2:dd:b8:ed:0a:
                    42:1a:8f:da:b8:6f:b6:6b:9c:ee:9c:53:20:7d:86:
                    7f:79:32:9a:bd:a1:f2:ec:14:ee:40:cc:86:75:d4:
                    b8:42:b9:4f:05:44:38:c6:50:40:67:c4:d9:cd:7b:
                    35:ce:0c:93:50:5b:03:45:06:1a:b0:20:07:e2:6d:
                    2a:76:99:8b:a9:b3:2b:90:f4:f5:c0:4b:23:32:d7:
                    a4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:41:73:BB:60:8E:DF:05:27:1E:30:F2:1C:29:04:16:94:1F:77:1F
            X509v3 Authority Key Identifier:
                keyid:53:F3:59:08:09:D1:87:F7:B3:61:FB:24:CD:43:F9:3F:66:4B:20:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/MUFzu2CO3wUnHjDyHCkEFpQfdx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6d41::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:b2:6e:97:77:ca:59:86:5c:a2:b1:fb:61:96:ed:39:f3:54:
         79:b3:a8:88:df:85:ac:9a:ca:4b:e5:fc:ff:78:e1:28:3a:de:
         f5:ac:01:6e:6b:16:b8:70:4b:9e:5f:75:14:5a:62:d9:33:ef:
         ff:5a:2d:58:34:fa:59:04:93:30:55:55:e5:30:e5:86:45:d0:
         6b:d3:90:ce:1b:f4:73:5d:ee:bb:0d:c2:a8:98:ca:d9:08:21:
         96:92:bb:bc:81:b8:46:76:b5:c0:33:ee:51:28:56:44:92:e8:
         5a:d6:1a:0a:f4:bd:55:d7:3b:14:f0:c5:ea:c6:5f:3e:eb:2b:
         04:1e:b3:20:da:b6:82:0e:dc:61:59:ac:3a:b6:08:50:69:f6:
         fd:e0:42:f8:4d:47:3f:50:fa:f5:63:f9:ed:d9:6e:01:bb:de:
         48:c0:a1:5d:62:02:d1:e7:79:24:a7:b7:fb:d0:f6:7b:61:e6:
         79:09:d2:6a:35:92:a8:31:6e:a8:cc:1b:f6:c6:82:67:89:6b:
         40:e8:ec:0b:aa:f7:54:bd:68:67:a5:85:8f:7e:67:da:e5:07:
         fb:71:34:93:9f:84:78:83:61:c7:87:2c:24:68:da:7c:1b:5b:
         5b:d1:ef:59:49:52:7c:b6:75:3a:e6:c9:03:a0:24:b3:66:2f:
         55:31:93:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZF0iLehW0Qjfk1XWExX/UWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjM1OTA4MDlkMTg3ZjdiMzYxZmIyNGNkNDNmOTNmNjY0
YjIwYjMwHhcNMjQwODIxMTA0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQxNzNiYjYwOGVkZjA1MjcxZTMwZjIxYzI5MDQxNjk0MWY3NzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGva9HV7TAGmQlRYVMY7HkP4+59r
dqsD+EiJHXJN0fE3npswsh/U4IwRkMLG7ROAa1whiceh+Chf81R3OQmEFZ//F0kx
a8MWdPNEZMSraGbXrrh9Riybv8jyiA3KkkwJuS8PANP7/BbeDJwR1iqavilmqdHA
LU3tWKryjvtduLt+PXTRKvDbl8aY6BByTcxYSKpymaJorvqwmbQU0CkLsZkf6178
bJ/GcaxEfgLXot247QpCGo/auG+2a5zunFMgfYZ/eTKavaHy7BTuQMyGddS4QrlP
BUQ4xlBAZ8TZzXs1zgyTUFsDRQYasCAH4m0qdpmLqbMrkPT1wEsjMteklQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDFBc7tgjt8FJx4w8hwpBBaUH3cfMB8GA1UdIwQY
MBaAFFPzWQgJ0Yf3s2H7JM1D+T9mSyCzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9OWkNBblJoX2V6WWZza3pVUDVQMlpMSUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9kZTYzODMtNGFkNS00NTdiLTk1M2Mt
YTc3NmZlZGU5OTA1LzEvTVVGenUyQ08zd1VuSGpEeUhDa0VGcFFmZHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9kZTYzODMtNGFkNS00NTdiLTk1M2MtYTc3NmZlZGU5OTA1
LzEvVV9OWkNBblJoX2V6WWZza3pVUDVQMlpMSUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgltQTAN
BgkqhkiG9w0BAQsFAAOCAQEARrJul3fKWYZcorH7YZbtOfNUebOoiN+FrJrKS+X8
/3jhKDre9awBbmsWuHBLnl91FFpi2TPv/1otWDT6WQSTMFVV5TDlhkXQa9OQzhv0
c13uuw3CqJjK2QghlpK7vIG4Rna1wDPuUShWRJLoWtYaCvS9Vdc7FPDF6sZfPusr
BB6zINq2gg7cYVmsOrYIUGn2/eBC+E1HP1D69WP57dluAbveSMChXWIC0ed5JKe3
+9D2e2HmeQnSajWSqDFuqMwb9saCZ4lrQOjsC6r3VL1oZ6WFj35n2uUH+3E0k5+E
eINhx4csJGjafBtbW9HvWUlSfLZ1OubJA6Aks2YvVTGTQQ==
-----END CERTIFICATE-----