Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/MUTPs3M7kaTmAS7qsouxN108EXQ.roa
File:                     MUTPs3M7kaTmAS7qsouxN108EXQ.roa (raw, json)
Hash identifier:          LWIWjbRjF3lfsI2Fa/eAa9w0tqQhs8nzAYoC6pOtUH8=
Subject key identifier:   31:44:CF:B3:73:3B:91:A4:E6:01:2E:EA:B2:8B:B1:37:5D:3C:11:74
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019864A3BD24F5CA0957DE7B671A8B67CE75
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/MUTPs3M7kaTmAS7qsouxN108EXQ.roa
Signing time:             Fri 01 Aug 2025 07:58:29 +0000
ROA not before:           Fri 01 Aug 2025 07:58:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42151
IP address blocks:        2a09:d002::/48 maxlen: 48
                          2a09:d003::/48 maxlen: 48
                          2a09:d004::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:a3:bd:24:f5:ca:09:57:de:7b:67:1a:8b:67:ce:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Aug  1 07:58:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3144cfb3733b91a4e6012eeab28bb1375d3c1174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:83:a3:74:ec:5f:51:76:8b:5f:75:0f:cd:60:
                    ad:69:36:54:a4:af:37:3e:10:ba:7d:93:cc:50:b4:
                    8a:70:8d:ff:e9:0f:d9:6e:86:89:0a:c7:da:51:77:
                    f1:a9:6f:cb:b9:30:d2:f4:57:39:ea:46:46:04:ad:
                    ec:b3:c0:8b:fb:f5:50:1f:eb:25:64:c4:c0:9b:80:
                    8c:af:1d:c0:f1:9a:74:55:4b:8b:71:36:62:69:90:
                    74:68:41:5d:f2:ed:aa:c1:9b:94:2e:df:d2:36:6c:
                    3a:84:e6:18:07:46:17:46:22:85:1e:17:e2:95:32:
                    04:f8:4b:9f:5a:65:fe:1a:25:e7:40:5a:8c:12:dc:
                    09:f7:d1:5d:67:7d:43:58:04:3c:4b:88:1c:64:b9:
                    18:02:81:2b:50:d7:b9:24:c0:e2:0d:59:8a:06:a9:
                    77:69:c9:5f:5e:84:57:88:f5:42:c4:32:50:09:4e:
                    6b:90:55:86:b0:c2:a6:74:6a:5c:87:3e:bc:4e:c6:
                    41:5a:c5:21:d2:dc:fb:15:a7:66:3d:11:eb:e5:4e:
                    58:53:13:67:a1:ab:f2:af:db:c8:e4:51:d4:e6:3e:
                    b1:1a:88:a1:fb:53:7c:6f:da:da:3f:81:97:4c:32:
                    9a:af:19:8f:b0:38:c3:38:19:ce:52:80:02:bc:83:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:44:CF:B3:73:3B:91:A4:E6:01:2E:EA:B2:8B:B1:37:5D:3C:11:74
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/MUTPs3M7kaTmAS7qsouxN108EXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d002::/48
                  2a09:d003::/48
                  2a09:d004::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:4a:a8:3e:28:c7:e3:7a:29:40:48:0a:97:44:dc:55:87:7b:
         6c:60:37:54:b7:b0:ec:bd:00:12:f9:da:d8:24:b1:5d:7e:0b:
         2b:b4:3a:50:80:8f:04:7b:60:75:14:19:99:3a:73:2d:2c:2c:
         9b:4f:35:97:de:1c:cb:a8:64:69:96:93:89:37:68:d3:6b:69:
         6e:b1:d6:54:9c:e9:c9:2f:96:a0:1d:ce:8a:6a:eb:57:67:ef:
         ad:3e:22:02:be:0f:90:85:21:5d:9b:73:af:89:85:ff:6d:e5:
         bd:af:24:3c:a3:cc:57:61:e3:df:15:54:9e:06:f8:d1:50:aa:
         29:eb:2b:d7:78:61:2d:33:03:2c:ef:a5:b1:78:14:37:dc:12:
         2f:89:2e:5d:bb:d4:e3:61:9d:85:8a:8f:b6:a9:27:84:ba:8f:
         c6:c4:bc:7c:bd:ea:65:92:9f:fc:6a:94:96:4e:c0:8e:51:4f:
         97:b4:45:9a:30:12:42:69:13:f9:1a:75:3d:2e:81:ef:c5:ce:
         b9:8f:60:da:a0:32:72:b9:b4:d4:3c:a8:0a:55:2b:86:1f:ef:
         1f:70:b8:f9:a8:8b:79:58:66:bb:ea:81:0e:e7:10:8d:ce:86:
         3c:bc:68:40:62:e4:f4:d9:61:e7:00:66:88:b3:5f:f6:d6:65:
         2d:ea:2d:80
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZhko70k9coJV957ZxqLZ851MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUwODAxMDc1ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQ0Y2ZiMzczM2I5MWE0ZTYwMTJlZWFiMjhiYjEzNzVkM2MxMTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYOjdOxfUXaLX3UPzWCtaTZUpK83
PhC6fZPMULSKcI3/6Q/ZboaJCsfaUXfxqW/LuTDS9Fc56kZGBK3ss8CL+/VQH+sl
ZMTAm4CMrx3A8Zp0VUuLcTZiaZB0aEFd8u2qwZuULt/SNmw6hOYYB0YXRiKFHhfi
lTIE+EufWmX+GiXnQFqMEtwJ99FdZ31DWAQ8S4gcZLkYAoErUNe5JMDiDVmKBql3
aclfXoRXiPVCxDJQCU5rkFWGsMKmdGpchz68TsZBWsUh0tz7FadmPRHr5U5YUxNn
oavyr9vI5FHU5j6xGoih+1N8b9raP4GXTDKarxmPsDjDOBnOUoACvIPlVwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDFEz7NzO5Gk5gEu6rKLsTddPBF0MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvTVVUUHMzTTdrYVRtQVM3cXNvdXhOMTA4RVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgnQAgAA
AwcAKgnQAwAAAwcAKgnQBAAAMA0GCSqGSIb3DQEBCwUAA4IBAQA0Sqg+KMfjeilA
SAqXRNxVh3tsYDdUt7DsvQAS+drYJLFdfgsrtDpQgI8Ee2B1FBmZOnMtLCybTzWX
3hzLqGRplpOJN2jTa2lusdZUnOnJL5agHc6KautXZ++tPiICvg+QhSFdm3OviYX/
beW9ryQ8o8xXYePfFVSeBvjRUKop6yvXeGEtMwMs76WxeBQ33BIviS5du9TjYZ2F
io+2qSeEuo/GxLx8veplkp/8apSWTsCOUU+XtEWaMBJCaRP5GnU9LoHvxc65j2Da
oDJyubTUPKgKVSuGH+8fcLj5qIt5WGa76oEO5xCNzoY8vGhAYuT02WHnAGaIs1/2
1mUt6i2A
-----END CERTIFICATE-----