Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/MgxF_7heYMD80wktONtKXy_JUjw.roa
File:                     MgxF_7heYMD80wktONtKXy_JUjw.roa (raw, json)
Hash identifier:          VSasJsU9l5n4BfJqqcCZXt2bux9xLXSz0Hlw9ESwmwY=
Subject key identifier:   32:0C:45:FF:B8:5E:60:C0:FC:D3:09:2D:38:DB:4A:5F:2F:C9:52:3C
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       019420D65832B441839DCBFAFA6787A15061
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/MgxF_7heYMD80wktONtKXy_JUjw.roa
Signing time:             Wed 01 Jan 2025 07:48:25 +0000
ROA not before:           Wed 01 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201334
IP address blocks:        85.91.116.0/24 maxlen: 24
                          85.91.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:58:32:b4:41:83:9d:cb:fa:fa:67:87:a1:50:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  1 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=320c45ffb85e60c0fcd3092d38db4a5f2fc9523c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:24:6a:13:86:6e:ff:6b:c1:78:6e:c5:79:eb:
                    07:04:1b:91:2b:aa:0a:be:4c:8c:50:2f:1e:af:ef:
                    4d:59:6a:36:cc:7a:64:08:2f:92:3f:53:3d:70:f8:
                    81:e4:b6:d4:39:b7:24:37:d8:ed:31:eb:dd:aa:51:
                    fa:cd:ad:33:e9:2f:56:ca:be:0a:4e:09:93:a5:b3:
                    c4:51:34:94:41:e3:59:2c:57:64:dc:5e:2b:e5:ef:
                    f7:f6:39:1e:3e:80:14:79:76:21:93:a6:ed:17:a9:
                    8d:fe:ee:ed:5e:3d:76:4c:ec:48:ea:d4:b3:b1:b2:
                    15:fa:f3:9d:20:75:4a:90:6c:b2:34:51:65:d0:45:
                    07:da:c7:d6:e5:cd:e0:4d:c7:8b:b5:28:98:fc:22:
                    70:68:ee:75:0c:be:67:08:7c:a4:32:57:18:2d:b6:
                    c0:2b:8e:0a:4e:e4:db:65:74:5f:3b:dd:2e:49:9a:
                    a7:9c:af:00:b9:b6:0d:a0:3e:1e:c4:ea:f3:70:33:
                    91:79:32:a9:67:21:8c:99:5f:57:c3:50:6b:dd:ba:
                    d6:6b:e9:08:32:74:bd:db:03:b5:70:37:a5:95:f8:
                    f0:8d:0c:33:f7:b0:ff:aa:66:00:2f:cb:4d:08:fa:
                    ea:eb:51:24:2e:31:ba:f9:2f:a6:2b:25:88:b4:43:
                    47:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:0C:45:FF:B8:5E:60:C0:FC:D3:09:2D:38:DB:4A:5F:2F:C9:52:3C
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/MgxF_7heYMD80wktONtKXy_JUjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.91.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:92:00:c7:a8:fa:ca:11:62:3b:1f:20:e9:49:0c:97:43:02:
         da:cc:da:4c:dd:9a:1c:00:49:76:de:ef:b0:4a:49:73:07:0f:
         53:a1:0d:3d:22:c3:ec:d9:77:06:c8:30:42:03:bc:49:42:4e:
         1a:53:75:a4:25:32:eb:25:99:5c:f1:e6:55:30:e4:5f:72:2d:
         40:22:e3:2e:33:2e:18:7a:d0:3f:87:ee:46:5a:9f:d9:ca:f6:
         fd:40:8b:ba:4a:00:78:10:bc:e0:f2:50:f8:a7:90:68:da:de:
         cd:8b:54:1c:49:05:69:01:d1:a0:52:fa:71:e2:7a:d3:78:62:
         5c:74:c4:45:8e:78:75:99:8a:e3:7d:30:34:81:23:4f:8d:32:
         22:35:9e:ae:9d:83:af:4b:4b:83:ff:8a:a4:bb:44:a7:10:d7:
         37:62:b1:7d:af:9b:cb:5a:4d:53:23:d9:80:54:9c:bb:3b:a6:
         f7:8b:01:e5:52:7d:22:3a:3e:de:cb:ac:22:27:f2:38:2e:af:
         44:11:c5:96:59:bb:1a:51:9f:7e:40:83:7f:d6:b2:e3:96:d6:
         a8:bd:a2:35:91:d5:c5:c8:f5:8e:70:99:97:81:b3:67:2c:5b:
         92:b2:14:b8:10:62:ad:66:a7:a9:25:e7:d8:88:4b:fd:1b:09:
         b1:a4:9f:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lgytEGDncv6+meHoVBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjUwMTAxMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjBjNDVmZmI4NWU2MGMwZmNkMzA5MmQzOGRiNGE1ZjJmYzk1MjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiRqE4Zu/2vBeG7FeesHBBuRK6oK
vkyMUC8er+9NWWo2zHpkCC+SP1M9cPiB5LbUObckN9jtMevdqlH6za0z6S9Wyr4K
TgmTpbPEUTSUQeNZLFdk3F4r5e/39jkePoAUeXYhk6btF6mN/u7tXj12TOxI6tSz
sbIV+vOdIHVKkGyyNFFl0EUH2sfW5c3gTceLtSiY/CJwaO51DL5nCHykMlcYLbbA
K44KTuTbZXRfO90uSZqnnK8AubYNoD4exOrzcDOReTKpZyGMmV9Xw1Br3brWa+kI
MnS92wO1cDellfjwjQwz97D/qmYAL8tNCPrq61EkLjG6+S+mKyWItENH5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIMRf+4XmDA/NMJLTjbSl8vyVI8MB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvTWd4Rl83aGVZTUQ4MHdrdE9OdEtYeV9KVWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVVt0MA0G
CSqGSIb3DQEBCwUAA4IBAQBokgDHqPrKEWI7HyDpSQyXQwLazNpM3ZocAEl23u+w
SklzBw9ToQ09IsPs2XcGyDBCA7xJQk4aU3WkJTLrJZlc8eZVMORfci1AIuMuMy4Y
etA/h+5GWp/Zyvb9QIu6SgB4ELzg8lD4p5Bo2t7Ni1QcSQVpAdGgUvpx4nrTeGJc
dMRFjnh1mYrjfTA0gSNPjTIiNZ6unYOvS0uD/4qku0SnENc3YrF9r5vLWk1TI9mA
VJy7O6b3iwHlUn0iOj7ey6wiJ/I4Lq9EEcWWWbsaUZ9+QIN/1rLjltaovaI1kdXF
yPWOcJmXgbNnLFuSshS4EGKtZqepJefYiEv9GwmxpJ8z
-----END CERTIFICATE-----