Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mkmzSBfTmh1927TwjKRzkGSilpo.roa
File:                     mkmzSBfTmh1927TwjKRzkGSilpo.roa (raw, json)
Hash identifier:          ZpaUb66empT2T5gziJ4fvdd/emyVETapR7pDi9FUco0=
Subject key identifier:   9A:49:B3:48:17:D3:9A:1D:7D:DB:B4:F0:8C:A4:73:90:64:A2:96:9A
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0194206838A08EC3FF7FD50091CAEA7D73F2
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mkmzSBfTmh1927TwjKRzkGSilpo.roa
Signing time:             Wed 01 Jan 2025 05:48:08 +0000
ROA not before:           Wed 01 Jan 2025 05:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216157
IP address blocks:        2a12:3bc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:38:a0:8e:c3:ff:7f:d5:00:91:ca:ea:7d:73:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jan  1 05:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a49b34817d39a1d7ddbb4f08ca4739064a2969a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0d:a4:17:7f:37:15:c5:68:51:ac:57:3c:97:
                    40:cb:31:17:ff:1c:1c:40:be:ce:0c:53:d5:7b:36:
                    0d:34:49:5e:53:e7:60:82:23:f1:4b:32:55:14:9d:
                    b8:e9:31:ec:70:47:a9:dc:6d:e3:c4:5e:68:c5:cc:
                    15:cd:1d:06:68:33:70:8f:f3:3a:fc:37:49:3a:40:
                    30:3d:cf:f9:84:09:a2:c1:a6:22:b9:f9:47:d9:be:
                    b1:df:91:8f:c5:da:2b:4d:b9:45:3f:5a:d6:90:8a:
                    38:db:8c:f1:ec:d8:1c:93:05:57:74:55:b8:dd:39:
                    d9:6f:8f:ab:d5:02:8f:36:6d:65:55:29:65:05:85:
                    20:97:d1:e6:f4:53:59:19:28:84:c9:23:7b:32:e0:
                    a8:fa:96:f4:91:c7:b5:5e:7b:51:06:13:d1:82:14:
                    74:56:39:5c:02:00:5b:54:71:7c:b5:6d:e5:1d:9b:
                    b7:47:91:e4:af:c3:ef:26:b2:da:d3:97:02:0f:f7:
                    90:fb:52:cd:a2:d5:e2:1b:db:34:9b:37:59:a0:12:
                    85:6e:b1:fc:59:2d:cf:19:8f:f2:00:71:aa:df:5d:
                    c4:40:95:d5:8a:9f:40:00:ca:12:dd:a9:0f:2e:06:
                    0e:a3:91:d0:9d:82:cf:a8:d0:97:79:09:5e:a7:3f:
                    a4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:49:B3:48:17:D3:9A:1D:7D:DB:B4:F0:8C:A4:73:90:64:A2:96:9A
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/mkmzSBfTmh1927TwjKRzkGSilpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:c8:2e:66:03:ce:26:ae:49:cd:45:3e:52:6d:31:97:79:42:
         94:0b:4d:b2:ff:ca:e1:88:20:08:e7:41:1e:21:e5:c7:09:fd:
         07:bf:43:16:23:93:4e:30:82:5a:5b:05:36:34:2a:e0:a9:8b:
         4e:84:c2:96:08:e4:af:e1:f4:36:65:94:c1:d3:2b:80:3e:00:
         fb:27:e6:ca:78:a0:bc:99:50:b1:ae:c1:e3:69:71:54:a3:c6:
         02:02:0d:a3:79:0b:8d:76:49:67:e9:4e:d2:78:5f:45:9b:b5:
         7e:0c:7b:a6:e0:0c:99:13:7a:25:3f:17:c8:67:0d:43:6b:10:
         95:bc:4e:d5:c6:f1:65:38:6a:fa:a4:49:3d:b8:3c:81:22:59:
         93:a3:f2:80:1b:3e:18:cc:2a:5a:8d:d3:ab:5d:e7:50:a5:66:
         1f:b2:2b:72:ac:07:8b:59:c3:12:47:9f:67:af:14:4f:34:da:
         35:5b:a0:65:39:18:96:4b:ec:ab:75:d8:89:13:ba:a1:be:2d:
         ef:07:e7:ba:39:71:3f:17:95:07:ab:71:74:e2:8e:ad:88:67:
         b6:4f:fc:b3:6d:71:dc:7b:d5:ec:5c:53:6a:74:81:ab:c1:bd:
         13:58:4e:6d:72:8b:b9:32:05:cb:20:3b:a6:25:7e:70:ba:1f:
         b7:97:89:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaDigjsP/f9UAkcrqfXPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwMTAxMDU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ5YjM0ODE3ZDM5YTFkN2RkYmI0ZjA4Y2E0NzM5MDY0YTI5NjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA2kF383FcVoUaxXPJdAyzEX/xwc
QL7ODFPVezYNNEleU+dggiPxSzJVFJ246THscEep3G3jxF5oxcwVzR0GaDNwj/M6
/DdJOkAwPc/5hAmiwaYiuflH2b6x35GPxdorTblFP1rWkIo424zx7NgckwVXdFW4
3TnZb4+r1QKPNm1lVSllBYUgl9Hm9FNZGSiEySN7MuCo+pb0kce1XntRBhPRghR0
VjlcAgBbVHF8tW3lHZu3R5Hkr8PvJrLa05cCD/eQ+1LNotXiG9s0mzdZoBKFbrH8
WS3PGY/yAHGq313EQJXVip9AAMoS3akPLgYOo5HQnYLPqNCXeQlepz+kqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJpJs0gX05odfdu08Iykc5BkopaaMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbWttelNCZlRtaDE5MjdUd2pLUnprR1NpbHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhI7wDAN
BgkqhkiG9w0BAQsFAAOCAQEAk8guZgPOJq5JzUU+Um0xl3lClAtNsv/K4YggCOdB
HiHlxwn9B79DFiOTTjCCWlsFNjQq4KmLToTClgjkr+H0NmWUwdMrgD4A+yfmynig
vJlQsa7B42lxVKPGAgINo3kLjXZJZ+lO0nhfRZu1fgx7puAMmRN6JT8XyGcNQ2sQ
lbxO1cbxZThq+qRJPbg8gSJZk6PygBs+GMwqWo3Tq13nUKVmH7IrcqwHi1nDEkef
Z68UTzTaNVugZTkYlkvsq3XYiRO6ob4t7wfnujlxPxeVB6txdOKOrYhntk/8s21x
3HvV7FxTanSBq8G9E1hObXKLuTIFyyA7piV+cLoft5eJcQ==
-----END CERTIFICATE-----