Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MKxp6GRyoNC4xTomf33IkCupUBM.roa
File:                     MKxp6GRyoNC4xTomf33IkCupUBM.roa (raw, json)
Hash identifier:          AGUEVJ6cOVXX+c3ycsHYiibKam80xwAP6W3TDAP+Q1A=
Subject key identifier:   30:AC:69:E8:64:72:A0:D0:B8:C5:3A:26:7F:7D:C8:90:2B:A9:50:13
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198ADBBD69267CB2513031607E12A1306A8
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MKxp6GRyoNC4xTomf33IkCupUBM.roa
Signing time:             Fri 15 Aug 2025 12:37:05 +0000
ROA not before:           Fri 15 Aug 2025 12:37:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205486
IP address blocks:        2a10:3640::/29 maxlen: 29
                          2a13:9f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ad:bb:d6:92:67:cb:25:13:03:16:07:e1:2a:13:06:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 15 12:37:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30ac69e86472a0d0b8c53a267f7dc8902ba95013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bb:53:03:53:73:b7:00:e6:2c:89:8b:84:69:
                    d7:7c:8e:2c:30:38:5d:f5:1b:33:b5:31:ef:fa:b6:
                    26:f6:cb:45:06:d2:5b:5c:8d:37:14:27:45:f8:1c:
                    1b:c9:91:f1:f4:26:ed:08:d6:1f:9d:41:56:d3:1f:
                    26:2b:24:fd:0a:74:85:b9:3c:13:33:05:ee:fa:cb:
                    62:8e:5b:29:5d:5e:fd:cc:b8:73:37:1b:19:a1:fe:
                    c4:04:1f:23:c7:f6:3a:30:25:67:be:4f:5a:92:06:
                    5d:1a:db:8a:29:c8:96:de:fa:91:e1:cb:3a:e7:51:
                    f9:5e:bf:15:25:d0:38:df:15:9b:cf:35:57:71:73:
                    96:39:08:42:21:98:c2:33:f5:27:9c:f7:7c:ca:ce:
                    77:4f:97:aa:e8:b5:d5:c2:8c:d8:ab:05:90:0b:55:
                    a2:d9:9a:41:84:e4:be:1f:c2:1a:6f:33:5d:7b:9d:
                    e3:85:7d:da:ad:fb:fd:01:15:ec:d3:5b:15:84:83:
                    b6:f2:22:3b:5e:11:d2:a5:83:44:b6:b7:7f:ef:fc:
                    b7:91:13:e7:b9:98:0a:ff:23:48:6f:19:4f:f7:ba:
                    ca:bb:45:ea:36:34:7f:4d:92:c0:96:dc:63:bc:c8:
                    b4:19:4b:18:33:b2:b3:f3:ce:e6:13:6f:5f:af:c1:
                    d0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AC:69:E8:64:72:A0:D0:B8:C5:3A:26:7F:7D:C8:90:2B:A9:50:13
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/MKxp6GRyoNC4xTomf33IkCupUBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3640::/29
                  2a13:9f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         cc:4b:7a:f3:63:3f:49:e5:69:7f:db:eb:ee:d1:33:7a:a6:3e:
         c1:be:9d:90:2e:28:ba:c0:12:8a:26:eb:2c:e7:30:e9:92:ed:
         30:40:fa:72:86:26:15:11:af:83:a8:3d:55:45:97:55:dc:49:
         bb:94:6c:1c:64:d2:9d:46:f0:f4:62:2e:f3:ea:f8:33:8c:f2:
         8a:ac:97:4d:a9:85:11:e4:08:d8:e6:4f:e0:f5:cf:55:fa:c0:
         15:8e:da:6d:1f:1e:df:24:9b:7e:12:96:b2:32:f1:a5:cd:d2:
         f0:6a:b8:53:0d:fd:dd:d5:ed:13:ff:21:18:6f:0e:f4:22:14:
         94:cd:05:d5:e8:ba:63:17:8e:44:e3:a3:e8:81:c8:fe:d9:f4:
         bf:48:3a:41:07:3c:84:e9:16:b7:03:07:c2:a5:35:83:60:44:
         53:30:06:9a:1e:47:f9:aa:54:22:b5:84:25:07:c9:75:0d:e8:
         81:11:88:35:ca:5f:51:5d:1f:c7:ea:28:24:04:d0:dd:7c:8e:
         27:85:9e:1a:d6:17:a1:dd:c1:65:6a:75:4f:8d:d8:b7:1f:e6:
         59:b1:10:2d:95:33:cb:e8:2d:e5:37:1c:17:f9:51:6d:8f:6c:
         b1:1a:ee:c6:d5:e3:01:46:99:62:50:34:4d:be:ab:94:b1:f8:
         48:72:f4:9b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZitu9aSZ8slEwMWB+EqEwaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODE1MTIzNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFjNjllODY0NzJhMGQwYjhjNTNhMjY3ZjdkYzg5MDJiYTk1MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7tTA1NztwDmLImLhGnXfI4sMDhd
9RsztTHv+rYm9stFBtJbXI03FCdF+BwbyZHx9CbtCNYfnUFW0x8mKyT9CnSFuTwT
MwXu+stijlspXV79zLhzNxsZof7EBB8jx/Y6MCVnvk9akgZdGtuKKciW3vqR4cs6
51H5Xr8VJdA43xWbzzVXcXOWOQhCIZjCM/UnnPd8ys53T5eq6LXVwozYqwWQC1Wi
2ZpBhOS+H8IabzNde53jhX3arfv9ARXs01sVhIO28iI7XhHSpYNEtrd/7/y3kRPn
uZgK/yNIbxlP97rKu0XqNjR/TZLAltxjvMi0GUsYM7Kz887mE29fr8HQzwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDCsaehkcqDQuMU6Jn99yJArqVATMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTUt4cDZHUnlvTkM0eFRvbWYzM0lrQ3VwVUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhA2QAMF
AyoTnwAwDQYJKoZIhvcNAQELBQADggEBAMxLevNjP0nlaX/b6+7RM3qmPsG+nZAu
KLrAEoom6yznMOmS7TBA+nKGJhURr4OoPVVFl1XcSbuUbBxk0p1G8PRiLvPq+DOM
8oqsl02phRHkCNjmT+D1z1X6wBWO2m0fHt8km34SlrIy8aXN0vBquFMN/d3V7RP/
IRhvDvQiFJTNBdXoumMXjkTjo+iByP7Z9L9IOkEHPITpFrcDB8KlNYNgRFMwBpoe
R/mqVCK1hCUHyXUN6IERiDXKX1FdH8fqKCQE0N18jieFnhrWF6HdwWVqdU+N2Lcf
5lmxEC2VM8voLeU3HBf5UW2PbLEa7sbV4wFGmWJQNE2+q5Sx+Ehy9Js=
-----END CERTIFICATE-----