Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/68d348-ab65-415f-9751-ca1fbf7bb8c8/1/mKP-r2WNz-DcN8jHguqt0IynJdI.roa
File:                     mKP-r2WNz-DcN8jHguqt0IynJdI.roa (raw, json)
Hash identifier:          64sCq3JbYFHT/xnTN/Iz1j1wV1/No8n++lWEXivZPic=
Subject key identifier:   98:A3:FE:AF:65:8D:CF:E0:DC:37:C8:C7:82:EA:AD:D0:8C:A7:25:D2
Certificate issuer:       /CN=f2ca4020efee61c3106ac9fece79c7a68f71a9cb
Certificate serial:       01942825227284A841F69E563A0F445764CE
Authority key identifier: F2:CA:40:20:EF:EE:61:C3:10:6A:C9:FE:CE:79:C7:A6:8F:71:A9:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8spAIO_uYcMQasn-znnHpo9xqcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/68d348-ab65-415f-9751-ca1fbf7bb8c8/1/mKP-r2WNz-DcN8jHguqt0IynJdI.roa
Signing time:             Thu 02 Jan 2025 17:51:49 +0000
ROA not before:           Thu 02 Jan 2025 17:51:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        194.165.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/68d348-ab65-415f-9751-ca1fbf7bb8c8/1/8spAIO_uYcMQasn-znnHpo9xqcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/68d348-ab65-415f-9751-ca1fbf7bb8c8/1/8spAIO_uYcMQasn-znnHpo9xqcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8spAIO_uYcMQasn-znnHpo9xqcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 22:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:22:72:84:a8:41:f6:9e:56:3a:0f:44:57:64:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2ca4020efee61c3106ac9fece79c7a68f71a9cb
        Validity
            Not Before: Jan  2 17:51:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98a3feaf658dcfe0dc37c8c782eaadd08ca725d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a5:96:d0:d3:b7:63:7b:f0:a4:2a:f7:78:0c:
                    e8:38:0a:2e:f6:31:72:5e:bc:ce:a2:5b:30:a0:1c:
                    df:c5:06:a7:29:eb:30:3f:8b:50:55:8f:ad:19:0f:
                    17:96:52:a7:e4:04:25:2c:a7:4f:52:e2:db:21:02:
                    55:94:94:fc:e6:ac:21:d5:8c:4c:84:8d:d8:e3:be:
                    6d:ed:72:9c:b7:c8:4a:5e:7f:86:14:7d:d8:76:4c:
                    08:64:34:53:59:88:aa:2f:6a:95:f4:74:f1:3c:35:
                    7d:64:47:7d:c7:a2:d4:04:0b:5f:85:c1:7a:4f:c0:
                    92:be:05:77:1e:c5:a4:6b:55:9e:42:60:df:19:fd:
                    25:c0:54:5a:e6:ec:4a:ec:73:1e:78:5f:7e:2a:77:
                    a5:5f:32:94:1a:8f:19:c0:8e:d5:0f:8b:4b:d0:9a:
                    f6:2a:36:fd:63:ec:02:c9:92:ed:67:c4:98:72:02:
                    7f:5e:e7:ef:e8:d6:98:9e:64:84:4f:22:db:64:f3:
                    65:d9:33:82:92:2a:07:93:b6:17:1b:0b:5f:9d:21:
                    8b:55:58:94:a6:17:de:aa:99:d8:6e:ec:b3:49:59:
                    56:80:11:fa:a2:f9:47:70:c7:38:d8:c9:53:6f:c3:
                    5f:3b:ea:c2:f0:f0:91:a0:e7:07:a1:eb:c1:06:11:
                    3a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A3:FE:AF:65:8D:CF:E0:DC:37:C8:C7:82:EA:AD:D0:8C:A7:25:D2
            X509v3 Authority Key Identifier:
                keyid:F2:CA:40:20:EF:EE:61:C3:10:6A:C9:FE:CE:79:C7:A6:8F:71:A9:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8spAIO_uYcMQasn-znnHpo9xqcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/68d348-ab65-415f-9751-ca1fbf7bb8c8/1/mKP-r2WNz-DcN8jHguqt0IynJdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/68d348-ab65-415f-9751-ca1fbf7bb8c8/1/8spAIO_uYcMQasn-znnHpo9xqcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:14:5a:cd:49:b4:cb:d1:bc:c4:f6:56:57:3c:f3:66:b3:7a:
         45:ea:69:19:14:49:45:50:3f:d8:9b:f2:c3:03:5f:a0:08:f0:
         35:b1:14:ba:8f:8f:1e:96:ac:82:a6:fc:a9:39:68:f0:ae:b0:
         fa:3b:ba:37:54:b6:52:14:9e:63:0b:2a:74:e2:1b:75:2d:52:
         dc:89:46:21:64:d2:d1:b7:1a:b0:2d:90:08:bc:3a:56:f0:c4:
         e2:9a:b6:00:22:b8:56:d0:ec:1f:d6:af:a5:75:16:34:43:d9:
         6d:e9:b0:de:5f:75:63:c1:46:d2:eb:6f:d7:94:91:86:1e:08:
         ef:10:bd:d6:b8:e1:f9:5d:55:b9:82:7a:23:d2:8f:47:a5:e6:
         bb:32:73:63:2c:cd:c3:d1:6d:4b:99:99:d6:b7:c1:b5:69:41:
         ec:ae:4c:3c:d5:9c:25:a3:06:64:6c:c0:00:bb:c5:fe:10:2d:
         84:36:6e:fe:41:3f:b2:d5:60:f5:91:c5:88:5f:4e:ad:6e:35:
         22:5e:84:38:77:88:8d:de:fe:ca:55:0a:21:fb:f6:fa:b9:41:
         ad:21:3b:99:0a:3c:65:cc:3b:60:83:63:e2:ec:63:e4:b9:83:
         82:48:73:35:5a:c1:44:10:0c:4a:1d:b3:64:a2:32:8f:8b:e3:
         7e:89:1b:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJSJyhKhB9p5WOg9EV2TOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyY2E0MDIwZWZlZTYxYzMxMDZhYzlmZWNlNzljN2E2OGY3
MWE5Y2IwHhcNMjUwMTAyMTc1MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGEzZmVhZjY1OGRjZmUwZGMzN2M4Yzc4MmVhYWRkMDhjYTcyNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aWW0NO3Y3vwpCr3eAzoOAou9jFy
XrzOolswoBzfxQanKeswP4tQVY+tGQ8XllKn5AQlLKdPUuLbIQJVlJT85qwh1YxM
hI3Y475t7XKct8hKXn+GFH3YdkwIZDRTWYiqL2qV9HTxPDV9ZEd9x6LUBAtfhcF6
T8CSvgV3HsWka1WeQmDfGf0lwFRa5uxK7HMeeF9+KnelXzKUGo8ZwI7VD4tL0Jr2
Kjb9Y+wCyZLtZ8SYcgJ/Xufv6NaYnmSETyLbZPNl2TOCkioHk7YXGwtfnSGLVViU
phfeqpnYbuyzSVlWgBH6ovlHcMc42MlTb8NfO+rC8PCRoOcHoevBBhE6swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJij/q9ljc/g3DfIx4LqrdCMpyXSMB8GA1UdIwQY
MBaAFPLKQCDv7mHDEGrJ/s55x6aPcanLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHNwQUlPX3VZY01RYXNuLXpubkhwbzl4cWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS82OGQzNDgtYWI2NS00MTVmLTk3NTEt
Y2ExZmJmN2JiOGM4LzEvbUtQLXIyV056LURjTjhqSGd1cXQwSXluSmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS82OGQzNDgtYWI2NS00MTVmLTk3NTEtY2ExZmJmN2JiOGM4
LzEvOHNwQUlPX3VZY01RYXNuLXpubkhwbzl4cWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqU7MA0G
CSqGSIb3DQEBCwUAA4IBAQCpFFrNSbTL0bzE9lZXPPNms3pF6mkZFElFUD/Ym/LD
A1+gCPA1sRS6j48elqyCpvypOWjwrrD6O7o3VLZSFJ5jCyp04ht1LVLciUYhZNLR
txqwLZAIvDpW8MTimrYAIrhW0Owf1q+ldRY0Q9lt6bDeX3VjwUbS62/XlJGGHgjv
EL3WuOH5XVW5gnoj0o9Hpea7MnNjLM3D0W1LmZnWt8G1aUHsrkw81ZwlowZkbMAA
u8X+EC2ENm7+QT+y1WD1kcWIX06tbjUiXoQ4d4iN3v7KVQoh+/b6uUGtITuZCjxl
zDtgg2Pi7GPkuYOCSHM1WsFEEAxKHbNkojKPi+N+iRtt
-----END CERTIFICATE-----