Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/MUsQigUUD2skKaCxyUsENnVfQc0.roa
File:                     MUsQigUUD2skKaCxyUsENnVfQc0.roa (raw, json)
Hash identifier:          jiSuFC22L+bIpKGlJw58reJLq1BBaex8I+CdJw/e78g=
Subject key identifier:   31:4B:10:8A:05:14:0F:6B:24:29:A0:B1:C9:4B:04:36:75:5F:41:CD
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019850F539E2E022A1934BDA4B248441721B
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/MUsQigUUD2skKaCxyUsENnVfQc0.roa
Signing time:             Mon 28 Jul 2025 12:15:05 +0000
ROA not before:           Mon 28 Jul 2025 12:15:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8359
IP address blocks:        2a12:3d40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:f5:39:e2:e0:22:a1:93:4b:da:4b:24:84:41:72:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Jul 28 12:15:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=314b108a05140f6b2429a0b1c94b0436755f41cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:93:3e:68:16:e4:2c:3a:00:4a:ed:3e:ed:97:
                    b1:39:b1:61:15:c0:0e:16:af:51:e5:08:02:73:48:
                    a0:da:61:dc:1c:86:7a:a9:84:79:ef:b7:66:5f:4b:
                    d3:56:c7:f9:bf:0c:ab:f6:2b:ba:1d:51:1d:04:56:
                    4a:4f:94:2b:f8:30:75:03:e8:4c:cf:1b:86:fd:6e:
                    7e:80:2f:a6:42:9a:a6:78:9d:9b:8e:77:ce:91:d6:
                    fb:a0:0f:1b:4a:89:40:d4:d4:6d:38:3c:78:3e:6e:
                    a3:84:94:a4:c6:5f:b9:3c:a0:a2:d1:fb:1c:d2:44:
                    33:0c:f7:2d:3b:99:8b:e2:d2:30:df:73:71:b5:e4:
                    90:b7:a7:b1:89:67:02:f5:a7:15:ce:3b:25:b7:d6:
                    ac:1b:5a:35:a9:af:e3:c4:94:78:40:56:da:57:b1:
                    04:b2:7c:6e:ac:ce:39:07:02:1b:9e:e3:07:67:a6:
                    7f:2c:cb:76:d2:97:10:ad:e9:e6:fd:d0:68:30:ed:
                    ae:18:04:1a:25:2d:87:73:3a:fb:fb:9d:83:a6:7f:
                    61:4e:aa:08:38:35:2b:9d:b8:dc:c0:11:2b:e8:6a:
                    23:fe:2c:59:98:f1:f9:90:32:bc:6f:01:21:28:fe:
                    a5:45:52:e0:9c:84:0a:f3:75:c7:6e:e7:03:c4:4d:
                    55:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4B:10:8A:05:14:0F:6B:24:29:A0:B1:C9:4B:04:36:75:5F:41:CD
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/MUsQigUUD2skKaCxyUsENnVfQc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:ac:39:5e:17:e3:f3:bd:8b:55:12:ba:24:2c:43:f5:02:70:
         c1:f5:4a:8b:5f:70:3a:b1:67:d9:d2:41:17:cc:97:78:7d:94:
         68:d0:7e:6d:bb:6a:46:9f:3b:4c:57:48:43:ac:d3:47:f7:42:
         31:2a:4f:18:95:ee:00:22:7e:c9:25:ad:e2:00:36:9e:a1:b2:
         c9:c2:e5:94:9e:cd:1a:9a:b6:b9:39:04:4b:6c:bd:83:70:30:
         04:ed:20:1c:0c:46:f2:fa:e4:ef:c5:ee:ff:73:83:57:42:7a:
         f4:c9:a4:ac:1f:78:0d:43:ba:46:2d:a9:92:3e:4a:bf:da:8b:
         22:39:69:62:7c:2c:b7:2f:af:2e:17:da:a0:b2:ef:0e:02:9d:
         45:c7:a0:de:e1:21:20:c5:ba:82:57:00:03:87:d2:f6:97:1f:
         09:80:c1:49:18:19:4e:a5:1e:f6:a3:75:17:65:60:1c:8a:55:
         4d:2b:26:73:60:38:6d:49:67:a1:b7:4e:f0:af:68:32:06:e0:
         b3:32:b5:cd:71:08:8c:d2:47:b8:c0:62:55:fe:71:1e:7e:82:
         d5:15:3d:da:82:f4:0c:61:2c:23:5d:9e:09:fa:b8:fc:21:32:
         a3:17:a8:ab:2c:b1:ff:b6:1e:35:50:03:fa:c4:e4:1f:be:e9:
         13:3a:75:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhQ9Tni4CKhk0vaSySEQXIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNzI4MTIxNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRiMTA4YTA1MTQwZjZiMjQyOWEwYjFjOTRiMDQzNjc1NWY0MWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JM+aBbkLDoASu0+7ZexObFhFcAO
Fq9R5QgCc0ig2mHcHIZ6qYR577dmX0vTVsf5vwyr9iu6HVEdBFZKT5Qr+DB1A+hM
zxuG/W5+gC+mQpqmeJ2bjnfOkdb7oA8bSolA1NRtODx4Pm6jhJSkxl+5PKCi0fsc
0kQzDPctO5mL4tIw33NxteSQt6exiWcC9acVzjslt9asG1o1qa/jxJR4QFbaV7EE
snxurM45BwIbnuMHZ6Z/LMt20pcQrenm/dBoMO2uGAQaJS2Hczr7+52Dpn9hTqoI
ODUrnbjcwBEr6Goj/ixZmPH5kDK8bwEhKP6lRVLgnIQK83XHbucDxE1VTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDFLEIoFFA9rJCmgsclLBDZ1X0HNMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvTVVzUWlnVVVEMnNrS2FDeHlVc0VOblZmUWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhI9QDAN
BgkqhkiG9w0BAQsFAAOCAQEAkqw5Xhfj872LVRK6JCxD9QJwwfVKi19wOrFn2dJB
F8yXeH2UaNB+bbtqRp87TFdIQ6zTR/dCMSpPGJXuACJ+ySWt4gA2nqGyycLllJ7N
Gpq2uTkES2y9g3AwBO0gHAxG8vrk78Xu/3ODV0J69MmkrB94DUO6Ri2pkj5Kv9qL
IjlpYnwsty+vLhfaoLLvDgKdRceg3uEhIMW6glcAA4fS9pcfCYDBSRgZTqUe9qN1
F2VgHIpVTSsmc2A4bUlnobdO8K9oMgbgszK1zXEIjNJHuMBiVf5xHn6C1RU92oL0
DGEsI12eCfq4/CEyoxeoqyyx/7YeNVAD+sTkH77pEzp1EQ==
-----END CERTIFICATE-----