Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/Mz05BHBSbafMl08a8_UKVe_gGso.roa
File:                     Mz05BHBSbafMl08a8_UKVe_gGso.roa (raw, json)
Hash identifier:          41KbWqupO1eNtLpQemjc0X3ZgLWHI1W8tciFt0xry74=
Subject key identifier:   33:3D:39:04:70:52:6D:A7:CC:97:4F:1A:F3:F5:0A:55:EF:E0:1A:CA
Certificate issuer:       /CN=6cedf4158ade98f1457cec858955626f161d2aef
Certificate serial:       0196A4AF3E656A366283F030B9D43EB4E72C
Authority key identifier: 6C:ED:F4:15:8A:DE:98:F1:45:7C:EC:85:89:55:62:6F:16:1D:2A:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bO30FYremPFFfOyFiVVibxYdKu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/Mz05BHBSbafMl08a8_UKVe_gGso.roa
Signing time:             Tue 06 May 2025 08:21:10 +0000
ROA not before:           Tue 06 May 2025 08:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42532
IP address blocks:        2a00:1838:9100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/bO30FYremPFFfOyFiVVibxYdKu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/bO30FYremPFFfOyFiVVibxYdKu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bO30FYremPFFfOyFiVVibxYdKu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:af:3e:65:6a:36:62:83:f0:30:b9:d4:3e:b4:e7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cedf4158ade98f1457cec858955626f161d2aef
        Validity
            Not Before: May  6 08:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=333d390470526da7cc974f1af3f50a55efe01aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:17:be:91:bf:f0:f9:ab:bb:91:34:02:53:c5:
                    4d:03:ff:09:3b:5e:b4:0a:c8:17:2a:ac:7b:bd:38:
                    b9:c1:c8:e2:0c:1f:1e:95:5a:aa:31:71:7f:1e:75:
                    ad:b1:49:52:6d:c1:97:ea:1d:cc:d3:f4:47:91:37:
                    0f:86:db:0d:14:ef:5c:75:ee:d2:54:61:9d:ec:c6:
                    f9:74:f5:f8:49:9a:ec:ed:70:fa:2c:8e:30:c9:59:
                    e9:30:36:f7:e0:b5:fb:62:2b:9b:37:5a:b8:33:06:
                    43:a4:cc:55:1c:5b:35:b9:ea:8d:f2:43:14:ad:59:
                    cd:47:1b:5e:47:cb:e7:be:a1:d6:9b:e2:7d:ae:d5:
                    f1:10:ec:df:9a:5a:c5:fc:77:6f:fa:a0:a0:78:62:
                    9e:ad:40:d1:aa:65:c9:07:05:76:13:0d:9d:4f:22:
                    06:78:c8:50:c1:c2:85:85:f1:b7:e6:f8:e8:ce:38:
                    d6:79:da:5c:c1:af:08:0d:8b:f9:09:c0:94:e7:c7:
                    75:ee:a5:bd:a4:0f:fb:de:01:67:50:ec:7c:3a:32:
                    21:6b:23:84:0e:1c:d6:d9:ec:b4:bd:2e:09:3e:53:
                    f4:36:ad:46:d4:57:32:b8:e7:4b:e4:eb:5e:1d:7c:
                    54:41:a1:6a:57:10:ed:29:75:59:03:26:96:d4:76:
                    cf:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:3D:39:04:70:52:6D:A7:CC:97:4F:1A:F3:F5:0A:55:EF:E0:1A:CA
            X509v3 Authority Key Identifier:
                keyid:6C:ED:F4:15:8A:DE:98:F1:45:7C:EC:85:89:55:62:6F:16:1D:2A:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bO30FYremPFFfOyFiVVibxYdKu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/Mz05BHBSbafMl08a8_UKVe_gGso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c4213d-0de0-4db4-a508-822d9f855984/1/bO30FYremPFFfOyFiVVibxYdKu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1838:9100::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:e8:ba:4c:18:07:69:13:dd:00:35:62:82:86:c2:3e:e9:06:
         35:c4:55:14:57:86:17:49:45:5a:dc:3d:cf:40:eb:ac:fa:aa:
         2d:91:81:c2:1f:24:49:68:46:69:a8:cb:f3:00:50:65:1d:1f:
         cf:56:b5:ee:c4:c8:cb:eb:4c:fe:07:f8:b0:38:9d:ce:0e:c1:
         e6:ee:ac:8b:5f:80:57:46:8d:d5:19:84:2b:70:8c:53:bd:76:
         81:ab:b9:19:0f:b8:0c:f3:08:c0:ee:59:2d:a2:b6:10:3f:64:
         6f:7d:0d:e3:fd:5f:01:42:91:a6:58:2d:2f:84:03:18:88:6b:
         d5:ec:8c:51:e0:ad:0f:07:7c:0d:b5:52:0d:44:d8:0b:50:13:
         22:87:4b:13:74:87:84:bb:7a:da:a1:41:97:ee:6f:e6:ec:8f:
         e9:04:d9:72:c1:7a:19:9d:1a:64:9f:99:8d:b8:62:4d:7f:45:
         ff:07:6e:05:b4:d4:73:77:b4:25:fe:09:a4:b4:55:b9:54:69:
         f6:b5:45:4b:30:c7:bc:f1:28:2b:ba:3f:ec:96:93:fd:75:43:
         bc:77:7f:2c:67:18:98:1f:7f:ab:70:2d:e3:80:52:c3:76:ad:
         1e:6e:c4:02:53:71:19:47:1d:87:d1:9d:fa:d9:ae:d5:84:3b:
         c3:31:a7:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZakrz5lajZig/AwudQ+tOcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZWRmNDE1OGFkZTk4ZjE0NTdjZWM4NTg5NTU2MjZmMTYx
ZDJhZWYwHhcNMjUwNTA2MDgyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNkMzkwNDcwNTI2ZGE3Y2M5NzRmMWFmM2Y1MGE1NWVmZTAxYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xe+kb/w+au7kTQCU8VNA/8JO160
CsgXKqx7vTi5wcjiDB8elVqqMXF/HnWtsUlSbcGX6h3M0/RHkTcPhtsNFO9cde7S
VGGd7Mb5dPX4SZrs7XD6LI4wyVnpMDb34LX7YiubN1q4MwZDpMxVHFs1ueqN8kMU
rVnNRxteR8vnvqHWm+J9rtXxEOzfmlrF/Hdv+qCgeGKerUDRqmXJBwV2Ew2dTyIG
eMhQwcKFhfG35vjozjjWedpcwa8IDYv5CcCU58d17qW9pA/73gFnUOx8OjIhayOE
DhzW2ey0vS4JPlP0Nq1G1FcyuOdL5OteHXxUQaFqVxDtKXVZAyaW1HbPAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDM9OQRwUm2nzJdPGvP1ClXv4BrKMB8GA1UdIwQY
MBaAFGzt9BWK3pjxRXzshYlVYm8WHSrvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk8zMEZZcmVtUEZGZk95RmlWVmlieFlkS3U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jNDIxM2QtMGRlMC00ZGI0LWE1MDgt
ODIyZDlmODU1OTg0LzEvTXowNUJIQlNiYWZNbDA4YThfVUtWZV9nR3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jNDIxM2QtMGRlMC00ZGI0LWE1MDgtODIyZDlmODU1OTg0
LzEvYk8zMEZZcmVtUEZGZk95RmlWVmlieFlkS3U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAYOJEA
MA0GCSqGSIb3DQEBCwUAA4IBAQCr6LpMGAdpE90ANWKChsI+6QY1xFUUV4YXSUVa
3D3PQOus+qotkYHCHyRJaEZpqMvzAFBlHR/PVrXuxMjL60z+B/iwOJ3ODsHm7qyL
X4BXRo3VGYQrcIxTvXaBq7kZD7gM8wjA7lktorYQP2RvfQ3j/V8BQpGmWC0vhAMY
iGvV7IxR4K0PB3wNtVINRNgLUBMih0sTdIeEu3raoUGX7m/m7I/pBNlywXoZnRpk
n5mNuGJNf0X/B24FtNRzd7Ql/gmktFW5VGn2tUVLMMe88Sgruj/slpP9dUO8d38s
ZxiYH3+rcC3jgFLDdq0ebsQCU3EZRx2H0Z362a7VhDvDMadz
-----END CERTIFICATE-----