Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mrriTsp_r84VvXOZ9vwCDiafNfA.roa
File:                     mrriTsp_r84VvXOZ9vwCDiafNfA.roa (raw, json)
Hash identifier:          237ftlrT6P/fqAsRok2Wq3N6bqs/PXVVGhXC7gyjJzY=
Subject key identifier:   9A:BA:E2:4E:CA:7F:AF:CE:15:BD:73:99:F6:FC:02:0E:26:9F:35:F0
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019758A59C31D8DAD2C78C70519EAC57F3FD
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mrriTsp_r84VvXOZ9vwCDiafNfA.roa
Signing time:             Tue 10 Jun 2025 07:02:17 +0000
ROA not before:           Tue 10 Jun 2025 07:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        2a0d:d940:1e00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 13:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:58:a5:9c:31:d8:da:d2:c7:8c:70:51:9e:ac:57:f3:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jun 10 07:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9abae24eca7fafce15bd7399f6fc020e269f35f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:64:c8:d7:8d:de:3c:5a:fc:1d:af:c8:8a:06:
                    9b:39:ef:6b:22:0b:4e:de:4d:ee:44:fa:a4:ff:72:
                    d7:5f:3d:8c:16:9a:ed:92:16:17:e6:86:b2:20:c4:
                    1d:2a:f6:2f:30:13:d9:b8:0c:8e:66:a0:75:19:aa:
                    26:c3:86:93:84:e8:59:1b:7f:f0:1f:e1:fc:54:36:
                    69:a5:b3:51:c9:59:8b:0d:9f:9b:5c:fa:99:48:e3:
                    c5:16:6f:6a:ff:83:bc:90:2f:e3:6a:77:86:8f:44:
                    e4:5b:81:b2:0b:bf:4e:a3:2f:4d:51:8a:7f:ec:16:
                    d4:9c:74:37:74:c2:65:76:40:26:f9:ca:cf:db:78:
                    b6:c3:c6:c6:a6:ad:31:1c:81:28:20:3e:dd:71:d8:
                    a4:53:a1:b8:52:4a:58:a7:51:ec:91:5a:8d:77:8e:
                    2a:ad:45:06:8e:01:03:a6:26:9d:c8:b8:49:da:94:
                    5b:ab:ae:01:ca:af:86:a7:3e:e3:96:fb:f9:e2:cf:
                    0e:5f:2b:7f:0e:53:7d:f9:37:b4:ef:01:5e:49:ef:
                    55:ca:89:51:11:99:78:57:12:3e:e2:f8:3b:b5:6c:
                    56:ea:a6:d1:79:9c:8d:40:c6:8d:52:29:50:6c:56:
                    fa:a9:da:2d:bf:b9:35:09:38:d7:96:d3:32:e2:60:
                    ac:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:BA:E2:4E:CA:7F:AF:CE:15:BD:73:99:F6:FC:02:0E:26:9F:35:F0
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mrriTsp_r84VvXOZ9vwCDiafNfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:1e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         3e:52:f3:c9:8a:5a:50:81:cb:10:88:bc:39:16:4f:2e:d2:79:
         22:52:74:5e:59:fd:33:54:1f:b8:8a:a8:94:1c:07:de:ca:a5:
         95:9a:65:21:ac:7c:2a:a1:ea:45:59:b2:da:e1:43:41:ce:ed:
         24:06:41:65:94:a8:53:68:8d:b4:ab:f8:5e:5b:8f:da:ab:0d:
         ce:24:74:35:13:a5:58:a0:de:b4:d8:52:5d:90:56:36:8c:b5:
         7e:71:1b:74:a5:9e:50:c5:49:80:2d:72:db:3a:68:01:e3:dc:
         e8:dc:ce:ba:2f:48:99:84:29:48:a5:72:09:0d:5b:7c:dc:26:
         38:42:f8:4a:01:3d:1c:6f:40:e2:ed:d6:ed:aa:18:4f:51:66:
         ce:2e:d0:c1:1d:39:ab:45:49:09:ea:35:42:09:73:eb:8e:1a:
         a4:7a:6e:01:fc:90:c0:b7:07:98:33:da:eb:af:ec:47:01:d8:
         90:92:e6:4a:bd:d4:40:77:22:c6:e6:40:e1:83:e5:ea:f6:af:
         aa:ec:89:61:77:9d:c3:5c:f5:8f:c2:5f:4f:8e:eb:8b:2a:0f:
         12:0f:a9:60:3f:06:f0:18:18:1f:57:bb:d2:5c:28:56:56:24:
         ed:c5:b7:1b:57:d9:bf:a9:99:7f:12:25:b5:8c:e9:79:5d:b6:
         1f:69:f1:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZdYpZwx2NrSx4xwUZ6sV/P9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNjEwMDcwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWJhZTI0ZWNhN2ZhZmNlMTViZDczOTlmNmZjMDIwZTI2OWYzNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2TI143ePFr8Ha/IigabOe9rIgtO
3k3uRPqk/3LXXz2MFprtkhYX5oayIMQdKvYvMBPZuAyOZqB1Gaomw4aThOhZG3/w
H+H8VDZppbNRyVmLDZ+bXPqZSOPFFm9q/4O8kC/janeGj0TkW4GyC79Ooy9NUYp/
7BbUnHQ3dMJldkAm+crP23i2w8bGpq0xHIEoID7dcdikU6G4UkpYp1HskVqNd44q
rUUGjgEDpiadyLhJ2pRbq64Byq+Gpz7jlvv54s8OXyt/DlN9+Te07wFeSe9VyolR
EZl4VxI+4vg7tWxW6qbReZyNQMaNUilQbFb6qdotv7k1CTjXltMy4mCs8QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJq64k7Kf6/OFb1zmfb8Ag4mnzXwMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbXJyaVRzcF9yODRWdlhPWjl2d0NEaWFmTmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg3ZQB4w
DQYJKoZIhvcNAQELBQADggEBAD5S88mKWlCByxCIvDkWTy7SeSJSdF5Z/TNUH7iK
qJQcB97KpZWaZSGsfCqh6kVZstrhQ0HO7SQGQWWUqFNojbSr+F5bj9qrDc4kdDUT
pVig3rTYUl2QVjaMtX5xG3SlnlDFSYAtcts6aAHj3OjczrovSJmEKUilcgkNW3zc
JjhC+EoBPRxvQOLt1u2qGE9RZs4u0MEdOatFSQnqNUIJc+uOGqR6bgH8kMC3B5gz
2uuv7EcB2JCS5kq91EB3IsbmQOGD5er2r6rsiWF3ncNc9Y/CX0+O64sqDxIPqWA/
BvAYGB9Xu9JcKFZWJO3FtxtX2b+pmX8SJbWM6Xldth9p8ZE=
-----END CERTIFICATE-----