Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/MdYXP9JDqyEnQSSpfC3vQstDRu4.roa
File:                     MdYXP9JDqyEnQSSpfC3vQstDRu4.roa (raw, json)
Hash identifier:          9CrtuWJI6l7IbdwDLorSOiVfWXkvbfh9OjjPb0sDWaY=
Subject key identifier:   31:D6:17:3F:D2:43:AB:21:27:41:24:A9:7C:2D:EF:42:CB:43:46:EE
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       019630E6E2CE8F48F2182A56E5CCF96A2F8C
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/MdYXP9JDqyEnQSSpfC3vQstDRu4.roa
Signing time:             Sun 13 Apr 2025 20:45:59 +0000
ROA not before:           Sun 13 Apr 2025 20:45:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44094
IP address blocks:        2a09:7c47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:30:e6:e2:ce:8f:48:f2:18:2a:56:e5:cc:f9:6a:2f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Apr 13 20:45:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31d6173fd243ab21274124a97c2def42cb4346ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d8:e5:f7:9d:45:ff:25:6d:cc:9f:07:fb:83:
                    24:99:79:2f:36:a4:eb:cc:29:a4:fe:6e:7a:6e:92:
                    60:7c:a1:27:f0:04:c7:f8:7e:21:01:a7:69:10:f1:
                    aa:23:88:0f:55:62:9f:d0:7a:fd:73:33:a3:bd:42:
                    e1:1d:a9:8e:ed:9b:06:37:f1:8b:27:5b:6f:4e:4b:
                    0b:18:76:b2:24:a6:7b:24:d3:77:a4:b6:23:42:83:
                    df:1d:c9:5f:c2:af:f2:ac:99:94:54:e4:5c:23:c9:
                    d8:a1:15:df:ef:4b:1c:02:a4:ea:e5:3c:7f:7c:8f:
                    03:98:2c:a9:e6:d0:9b:8d:8d:a7:e3:9e:16:4f:dc:
                    c6:13:17:e6:4d:cd:60:30:8e:9a:bc:f9:40:81:af:
                    a6:90:bf:ec:0c:13:24:37:ef:0b:e4:de:30:cc:0d:
                    c7:58:3e:37:1c:db:67:ce:b1:d7:2a:f8:14:3a:f5:
                    21:83:41:05:69:3d:18:95:9c:01:be:c6:8c:79:09:
                    81:19:a4:74:76:23:ae:07:3d:ef:55:f4:4e:be:69:
                    b7:08:ef:cd:08:c9:2c:74:5c:b3:0c:b1:f2:94:ce:
                    1a:b4:88:6a:6b:57:1d:e0:fe:a1:9c:1b:a9:02:e7:
                    65:26:4d:99:df:74:c8:88:08:4a:51:31:f8:3f:5c:
                    7c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D6:17:3F:D2:43:AB:21:27:41:24:A9:7C:2D:EF:42:CB:43:46:EE
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/MdYXP9JDqyEnQSSpfC3vQstDRu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7c47::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:57:61:df:81:b8:5a:50:8e:e1:cc:55:5e:5f:9c:e1:51:96:
         11:18:16:cc:3b:cc:48:ad:1f:77:bf:89:d6:00:1a:4e:4c:dd:
         d0:ca:90:bc:e4:70:4f:7d:1b:a0:13:4f:2d:73:b3:8d:fc:ff:
         40:f8:fa:d5:bf:33:c1:bd:1f:9d:80:fa:42:9a:66:1a:c4:49:
         6c:59:16:bb:0b:32:a3:85:22:c5:1b:22:32:db:d0:1e:14:80:
         34:97:e9:9d:84:8c:c4:32:53:22:10:ff:d2:de:d6:11:43:ad:
         6b:98:4b:5a:60:3d:b7:78:81:b8:53:bf:2b:fb:e6:2a:54:3d:
         b8:16:69:b5:5a:92:b2:59:ef:96:1b:90:05:5c:da:46:34:40:
         1b:2e:cc:76:2c:44:33:8d:07:e1:4e:31:fd:56:12:12:5e:67:
         c9:ad:46:05:03:e7:f8:a4:33:c0:46:72:ed:5c:f3:61:a4:34:
         15:e2:69:f8:83:7d:ee:72:37:dd:62:a8:c0:36:ec:ae:d2:6b:
         dd:ee:2c:7a:1e:67:56:49:95:78:30:77:8a:36:33:ae:b6:09:
         e1:58:d7:48:2d:cb:59:16:05:8b:9f:61:67:82:94:07:f5:88:
         2e:a0:0c:5e:cf:a1:f9:ba:65:2b:83:48:2d:e8:2f:f7:28:2b:
         1b:93:64:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZYw5uLOj0jyGCpW5cz5ai+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjUwNDEzMjA0NTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQ2MTczZmQyNDNhYjIxMjc0MTI0YTk3YzJkZWY0MmNiNDM0NmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9jl951F/yVtzJ8H+4MkmXkvNqTr
zCmk/m56bpJgfKEn8ATH+H4hAadpEPGqI4gPVWKf0Hr9czOjvULhHamO7ZsGN/GL
J1tvTksLGHayJKZ7JNN3pLYjQoPfHclfwq/yrJmUVORcI8nYoRXf70scAqTq5Tx/
fI8DmCyp5tCbjY2n454WT9zGExfmTc1gMI6avPlAga+mkL/sDBMkN+8L5N4wzA3H
WD43HNtnzrHXKvgUOvUhg0EFaT0YlZwBvsaMeQmBGaR0diOuBz3vVfROvmm3CO/N
CMksdFyzDLHylM4atIhqa1cd4P6hnBupAudlJk2Z33TIiAhKUTH4P1x8ZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDHWFz/SQ6shJ0EkqXwt70LLQ0buMB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvTWRZWFA5SkRxeUVuUVNTcGZDM3ZRc3REUnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgl8RzAN
BgkqhkiG9w0BAQsFAAOCAQEAVFdh34G4WlCO4cxVXl+c4VGWERgWzDvMSK0fd7+J
1gAaTkzd0MqQvORwT30boBNPLXOzjfz/QPj61b8zwb0fnYD6QppmGsRJbFkWuwsy
o4UixRsiMtvQHhSANJfpnYSMxDJTIhD/0t7WEUOta5hLWmA9t3iBuFO/K/vmKlQ9
uBZptVqSslnvlhuQBVzaRjRAGy7MdixEM40H4U4x/VYSEl5nya1GBQPn+KQzwEZy
7VzzYaQ0FeJp+IN97nI33WKowDbsrtJr3e4seh5nVkmVeDB3ijYzrrYJ4VjXSC3L
WRYFi59hZ4KUB/WILqAMXs+h+bplK4NILegv9ygrG5NkcQ==
-----END CERTIFICATE-----