Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/MmjfxuCzy8RCD_bS0dXma_I3fbg.roa
File:                     MmjfxuCzy8RCD_bS0dXma_I3fbg.roa (raw, json)
Hash identifier:          C27+2sBRov0IsR0wlMJBAiFwS3ECbaTJJ5d3/PH1Lj0=
Subject key identifier:   32:68:DF:C6:E0:B3:CB:C4:42:0F:F6:D2:D1:D5:E6:6B:F2:37:7D:B8
Certificate issuer:       /CN=25e1b659862d15a51cb5ff34de7223c69e48126a
Certificate serial:       01942521BB4CA0D3C2B7BC07852BBEF476FA
Authority key identifier: 25:E1:B6:59:86:2D:15:A5:1C:B5:FF:34:DE:72:23:C6:9E:48:12:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/MmjfxuCzy8RCD_bS0dXma_I3fbg.roa
Signing time:             Thu 02 Jan 2025 03:49:15 +0000
ROA not before:           Thu 02 Jan 2025 03:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204638
IP address blocks:        185.75.56.0/24 maxlen: 24
                          185.75.57.0/24 maxlen: 24
                          185.75.58.0/24 maxlen: 24
                          185.75.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:41:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:bb:4c:a0:d3:c2:b7:bc:07:85:2b:be:f4:76:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e1b659862d15a51cb5ff34de7223c69e48126a
        Validity
            Not Before: Jan  2 03:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3268dfc6e0b3cbc4420ff6d2d1d5e66bf2377db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:86:fd:eb:fe:29:c5:ce:a3:98:b8:7f:e1:6f:
                    d1:82:75:66:b4:19:76:b7:90:f9:64:01:24:6d:5d:
                    8d:0f:97:71:1b:9b:11:51:0f:93:d4:96:c6:28:5b:
                    f0:9f:bc:2a:51:a7:4b:5a:fa:8c:38:6b:d8:eb:27:
                    21:62:d3:b4:e2:b9:19:ce:40:9e:3f:19:10:a1:46:
                    33:5f:da:9d:9e:fa:ca:1a:0a:2d:1e:4e:92:ad:bf:
                    e6:2a:8d:fb:0c:12:ab:6b:a1:69:cb:f9:64:0d:eb:
                    8b:c5:13:60:19:24:b2:c1:e5:bf:cb:36:4e:93:6c:
                    54:cf:cc:96:cd:a9:49:04:09:ed:e2:01:be:28:2b:
                    58:86:be:d0:b6:cc:89:ce:75:db:8a:e2:b1:00:05:
                    09:8c:fd:22:09:a3:bc:91:29:64:cd:54:c1:26:2f:
                    c3:7a:76:7c:43:69:74:19:22:ea:90:ac:81:60:0f:
                    b3:6b:15:3d:10:48:f2:89:d1:ca:f8:5a:22:ed:72:
                    3d:8b:b0:5b:77:b1:97:c1:17:e5:de:0c:e8:a8:5f:
                    7c:26:2b:e7:b2:5b:61:1a:bd:2d:ee:3c:9c:ba:63:
                    21:1f:fb:38:1a:a5:59:44:4b:a8:14:de:57:92:5e:
                    bf:e5:f4:04:bf:03:1f:23:60:78:62:51:61:2c:20:
                    70:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:68:DF:C6:E0:B3:CB:C4:42:0F:F6:D2:D1:D5:E6:6B:F2:37:7D:B8
            X509v3 Authority Key Identifier:
                keyid:25:E1:B6:59:86:2D:15:A5:1C:B5:FF:34:DE:72:23:C6:9E:48:12:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeG2WYYtFaUctf803nIjxp5IEmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/MmjfxuCzy8RCD_bS0dXma_I3fbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ff3b6c-6db3-4821-9a40-e3c7d4e6598f/1/JeG2WYYtFaUctf803nIjxp5IEmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:c1:99:73:74:8f:bb:a7:16:78:b3:a0:7d:75:e3:07:aa:b7:
         d0:cf:28:c6:cb:c6:0c:7d:f7:62:6d:f9:73:4f:3c:fd:f9:b8:
         4f:d8:56:4b:2d:5b:af:a3:39:87:f9:74:1d:77:76:21:80:52:
         f6:cb:8f:e3:8c:8a:e5:e7:96:b4:88:26:6b:8a:8d:81:b9:38:
         4a:8d:30:62:c8:0d:d0:f2:64:ae:b9:eb:a4:9e:e6:2a:02:9b:
         fd:48:56:f2:e1:10:f1:3e:39:54:bc:67:a1:ae:9d:86:19:8b:
         e0:09:25:a8:5e:d8:5b:ad:d1:75:d5:f7:fc:c9:34:c3:0a:13:
         b5:38:44:cb:30:8d:e3:91:87:10:68:d1:a0:58:13:44:f9:a8:
         b2:91:5f:67:a6:b9:ea:8f:a9:19:9c:f1:5a:9d:5c:09:4c:0c:
         f0:93:21:31:29:0d:d4:f7:c0:f9:54:20:f9:16:d3:df:72:c1:
         e5:2a:9c:34:d8:c1:0f:f9:ff:9a:0c:60:c7:e0:12:21:f4:d4:
         46:c6:58:4c:ac:96:bc:27:2e:49:a1:d6:f9:48:83:01:8a:d7:
         6a:79:ff:29:14:5d:41:d0:66:1c:ba:f5:3f:e7:70:f3:ea:91:
         58:8a:5a:f9:75:07:c4:97:dc:3b:6c:c3:7f:d4:fc:ec:29:1a:
         0c:5a:6d:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbtMoNPCt7wHhSu+9Hb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTFiNjU5ODYyZDE1YTUxY2I1ZmYzNGRlNzIyM2M2OWU0
ODEyNmEwHhcNMjUwMTAyMDM0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjY4ZGZjNmUwYjNjYmM0NDIwZmY2ZDJkMWQ1ZTY2YmYyMzc3ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4b96/4pxc6jmLh/4W/RgnVmtBl2
t5D5ZAEkbV2ND5dxG5sRUQ+T1JbGKFvwn7wqUadLWvqMOGvY6ychYtO04rkZzkCe
PxkQoUYzX9qdnvrKGgotHk6Srb/mKo37DBKra6Fpy/lkDeuLxRNgGSSyweW/yzZO
k2xUz8yWzalJBAnt4gG+KCtYhr7QtsyJznXbiuKxAAUJjP0iCaO8kSlkzVTBJi/D
enZ8Q2l0GSLqkKyBYA+zaxU9EEjyidHK+Foi7XI9i7Bbd7GXwRfl3gzoqF98Jivn
slthGr0t7jycumMhH/s4GqVZREuoFN5Xkl6/5fQEvwMfI2B4YlFhLCBwswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJo38bgs8vEQg/20tHV5mvyN324MB8GA1UdIwQY
MBaAFCXhtlmGLRWlHLX/NN5yI8aeSBJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVHMldZWXRGYVVjdGY4MDNuSWp4cDVJRW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mZjNiNmMtNmRiMy00ODIxLTlhNDAt
ZTNjN2Q0ZTY1OThmLzEvTW1qZnh1Q3p5OFJDRF9iUzBkWG1hX0kzZmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mZjNiNmMtNmRiMy00ODIxLTlhNDAtZTNjN2Q0ZTY1OThm
LzEvSmVHMldZWXRGYVVjdGY4MDNuSWp4cDVJRW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUs4MA0G
CSqGSIb3DQEBCwUAA4IBAQCGwZlzdI+7pxZ4s6B9deMHqrfQzyjGy8YMffdibflz
Tzz9+bhP2FZLLVuvozmH+XQdd3YhgFL2y4/jjIrl55a0iCZrio2BuThKjTBiyA3Q
8mSuueuknuYqApv9SFby4RDxPjlUvGehrp2GGYvgCSWoXthbrdF11ff8yTTDChO1
OETLMI3jkYcQaNGgWBNE+aiykV9nprnqj6kZnPFanVwJTAzwkyExKQ3U98D5VCD5
FtPfcsHlKpw02MEP+f+aDGDH4BIh9NRGxlhMrJa8Jy5Jodb5SIMBitdqef8pFF1B
0GYcuvU/53Dz6pFYilr5dQfEl9w7bMN/1PzsKRoMWm06
-----END CERTIFICATE-----