Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/MDI3PVTTBwcyecs75qaLcWEEgQU.roa
File:                     MDI3PVTTBwcyecs75qaLcWEEgQU.roa (raw, json)
Hash identifier:          J7xJKQP86jfo8IhCdMIH6NbDyPPPNyVklFSD5qYitM0=
Subject key identifier:   30:32:37:3D:54:D3:07:07:32:79:CB:3B:E6:A6:8B:71:61:04:81:05
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       0194AC048BDBA4476994BA666B480A1B4EA1
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/MDI3PVTTBwcyecs75qaLcWEEgQU.roa
Signing time:             Tue 28 Jan 2025 08:26:06 +0000
ROA not before:           Tue 28 Jan 2025 08:26:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        157.97.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:04:8b:db:a4:47:69:94:ba:66:6b:48:0a:1b:4e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan 28 08:26:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3032373d54d307073279cb3be6a68b7161048105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:5f:f6:a3:05:9a:70:34:d1:77:d2:75:d1:7b:
                    94:b5:d8:ba:fd:c1:ee:48:84:33:7f:1e:00:57:41:
                    9b:03:83:09:30:cf:cb:fe:c1:cf:50:bb:40:be:0e:
                    70:a3:57:86:66:f6:b9:6d:9a:e4:fc:a2:f7:5b:13:
                    24:38:07:28:19:33:2b:80:5a:0a:eb:7c:61:02:38:
                    63:14:39:5e:b6:65:b2:9e:12:75:af:fb:4e:d4:fb:
                    d5:c2:ba:01:7c:51:7b:43:40:9d:8f:fb:19:f9:28:
                    fa:78:aa:40:ba:0c:cd:6e:b3:49:fb:2d:aa:ef:36:
                    f3:ca:b9:33:94:2e:2a:ef:dd:1d:06:94:66:2d:df:
                    b5:1a:0c:a7:c5:7b:46:89:c7:6b:40:04:b2:68:20:
                    2f:8b:50:f2:25:27:cb:9b:91:a4:71:1f:be:9e:55:
                    33:95:8b:57:03:2b:3a:3a:57:ee:40:19:76:81:f3:
                    f1:d1:47:68:19:87:35:13:ac:0e:6f:96:6b:79:9d:
                    27:71:5c:3d:09:d9:c9:5b:29:88:88:f1:cc:e1:ad:
                    bc:e9:69:0a:de:bd:ed:e7:dd:6a:1f:34:a9:c3:52:
                    be:56:6d:58:bb:9a:ac:c4:9b:83:43:66:00:b9:b4:
                    77:ca:d1:1d:09:ac:c2:08:6a:4d:7b:3f:b8:5c:11:
                    ae:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:32:37:3D:54:D3:07:07:32:79:CB:3B:E6:A6:8B:71:61:04:81:05
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/MDI3PVTTBwcyecs75qaLcWEEgQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:43:a8:84:e3:e1:b1:a6:5f:17:2a:9e:0d:11:1f:27:1a:b3:
         f9:a6:92:6e:35:55:6f:bd:cc:86:57:7b:b1:de:77:49:c3:ca:
         f7:fe:e1:43:5c:57:67:89:70:b4:71:a9:2f:1b:87:df:e4:f3:
         ee:23:4b:76:53:92:e3:6e:09:ef:75:f0:41:c6:7b:87:cc:16:
         a1:00:63:a6:b3:55:75:80:38:2a:2d:c0:9f:4b:a4:de:f7:e0:
         cb:57:e5:52:e5:ae:c8:dc:34:21:e9:36:f4:14:7e:8f:b5:20:
         12:f5:99:db:82:35:a1:7e:93:35:a8:10:db:d9:36:1a:34:f9:
         70:e2:c2:ab:2a:9e:44:70:2f:20:e5:0b:97:8f:db:bb:92:3d:
         9e:e8:ed:7e:25:ed:4b:28:4f:ef:d1:09:6b:51:03:a8:5d:61:
         64:35:f5:b4:2b:6c:a8:f7:e9:52:6e:f0:0a:3e:cd:1e:5c:f7:
         a9:07:53:b8:66:c8:2b:26:50:8b:cf:34:c0:c8:8b:e7:56:39:
         18:9b:38:cb:a7:29:36:37:b7:4d:ec:90:4a:7c:b9:85:8d:b9:
         c2:87:9c:47:c8:50:9a:98:02:a6:6e:f8:18:0e:80:85:16:15:
         6f:19:af:64:57:a4:32:fe:33:75:7a:cf:75:1f:43:62:db:c5:
         59:04:2d:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsBIvbpEdplLpma0gKG06hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjUwMTI4MDgyNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMyMzczZDU0ZDMwNzA3MzI3OWNiM2JlNmE2OGI3MTYxMDQ4MTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyl/2owWacDTRd9J10XuUtdi6/cHu
SIQzfx4AV0GbA4MJMM/L/sHPULtAvg5wo1eGZva5bZrk/KL3WxMkOAcoGTMrgFoK
63xhAjhjFDletmWynhJ1r/tO1PvVwroBfFF7Q0Cdj/sZ+Sj6eKpAugzNbrNJ+y2q
7zbzyrkzlC4q790dBpRmLd+1GgynxXtGicdrQASyaCAvi1DyJSfLm5GkcR++nlUz
lYtXAys6OlfuQBl2gfPx0UdoGYc1E6wOb5ZreZ0ncVw9CdnJWymIiPHM4a286WkK
3r3t591qHzSpw1K+Vm1Yu5qsxJuDQ2YAubR3ytEdCazCCGpNez+4XBGuvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAyNz1U0wcHMnnLO+ami3FhBIEFMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvTURJM1BWVFRCd2N5ZWNzNzVxYUxjV0VFZ1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnWF6MA0G
CSqGSIb3DQEBCwUAA4IBAQACQ6iE4+Gxpl8XKp4NER8nGrP5ppJuNVVvvcyGV3ux
3ndJw8r3/uFDXFdniXC0cakvG4ff5PPuI0t2U5LjbgnvdfBBxnuHzBahAGOms1V1
gDgqLcCfS6Te9+DLV+VS5a7I3DQh6Tb0FH6PtSAS9ZnbgjWhfpM1qBDb2TYaNPlw
4sKrKp5EcC8g5QuXj9u7kj2e6O1+Je1LKE/v0QlrUQOoXWFkNfW0K2yo9+lSbvAK
Ps0eXPepB1O4ZsgrJlCLzzTAyIvnVjkYmzjLpyk2N7dN7JBKfLmFjbnCh5xHyFCa
mAKmbvgYDoCFFhVvGa9kV6Qy/jN1es91H0Ni28VZBC3x
-----END CERTIFICATE-----