Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/e1c80d-a63b-481c-a9f2-9f5b2eb492a0/1/mknzsfXcnWvFn1V5gddZORyQFeo.roa
File:                     mknzsfXcnWvFn1V5gddZORyQFeo.roa (raw, json)
Hash identifier:          IhiYrYObw43cmHgTW/2qehddv45ZvOR3AbTr8bWu11Y=
Subject key identifier:   9A:49:F3:B1:F5:DC:9D:6B:C5:9F:55:79:81:D7:59:39:1C:90:15:EA
Certificate issuer:       /CN=67dcd926bf370d3fa0183a138b57b0983cdaca0a
Certificate serial:       018CC26D78D00CB5B6B6DAF98D470FEEDCC0
Authority key identifier: 67:DC:D9:26:BF:37:0D:3F:A0:18:3A:13:8B:57:B0:98:3C:DA:CA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z9zZJr83DT-gGDoTi1ewmDzaygo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/e1c80d-a63b-481c-a9f2-9f5b2eb492a0/1/mknzsfXcnWvFn1V5gddZORyQFeo.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42750
IP address blocks:        185.195.72.0/22 maxlen: 22
                          185.195.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/e1c80d-a63b-481c-a9f2-9f5b2eb492a0/1/Z9zZJr83DT-gGDoTi1ewmDzaygo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/e1c80d-a63b-481c-a9f2-9f5b2eb492a0/1/Z9zZJr83DT-gGDoTi1ewmDzaygo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z9zZJr83DT-gGDoTi1ewmDzaygo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:78:d0:0c:b5:b6:b6:da:f9:8d:47:0f:ee:dc:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67dcd926bf370d3fa0183a138b57b0983cdaca0a
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a49f3b1f5dc9d6bc59f557981d759391c9015ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:89:c4:f7:01:ff:a3:cf:06:32:c3:d8:bb:10:
                    85:c3:03:c9:e6:0e:96:1d:70:cf:a4:42:c3:e8:9a:
                    49:58:7c:1a:a7:6a:8d:85:54:be:66:80:10:a8:bc:
                    5d:62:06:f4:2e:66:bd:63:a0:b3:67:87:3a:74:fb:
                    ab:eb:dc:82:f0:55:ff:3a:36:ed:ce:ae:dc:02:c2:
                    66:31:12:c8:85:cf:a1:f2:04:97:d2:fa:b0:ca:09:
                    d7:f0:42:ac:8b:ad:7a:03:15:3d:71:ee:0d:49:af:
                    79:90:29:55:a2:f1:cb:5a:c2:7f:6e:35:ed:b5:c5:
                    79:d9:d4:3c:06:36:7e:35:d5:ad:84:2c:d2:80:18:
                    9c:7e:0d:23:5c:88:f2:e7:4b:6a:6a:0b:2e:1a:9d:
                    1a:71:50:1a:ae:bd:22:dd:1f:ac:97:f0:79:e4:6e:
                    32:d9:48:88:8f:2f:18:08:06:d2:2d:8d:4f:13:15:
                    db:77:cf:aa:f5:63:aa:a6:04:63:58:a9:6d:c1:b6:
                    67:28:6a:42:fa:90:ee:bc:5c:35:76:6a:13:54:4c:
                    85:50:a3:db:27:d2:fc:6c:3c:c3:f5:62:86:49:9f:
                    41:59:32:1a:05:49:a2:ed:a5:ad:16:ac:49:b1:4f:
                    e4:20:a7:65:ac:90:b7:d4:30:67:f7:e9:82:ea:66:
                    c5:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:49:F3:B1:F5:DC:9D:6B:C5:9F:55:79:81:D7:59:39:1C:90:15:EA
            X509v3 Authority Key Identifier:
                keyid:67:DC:D9:26:BF:37:0D:3F:A0:18:3A:13:8B:57:B0:98:3C:DA:CA:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z9zZJr83DT-gGDoTi1ewmDzaygo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/e1c80d-a63b-481c-a9f2-9f5b2eb492a0/1/mknzsfXcnWvFn1V5gddZORyQFeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/e1c80d-a63b-481c-a9f2-9f5b2eb492a0/1/Z9zZJr83DT-gGDoTi1ewmDzaygo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:79:29:6d:66:f5:e1:3d:2b:2f:b3:9f:9b:be:2c:3d:77:81:
         85:00:1d:45:70:ab:7e:27:4d:4e:89:93:c0:c9:e1:b6:03:68:
         95:60:72:b8:d2:74:8b:c4:3c:42:c7:52:8d:45:98:61:df:d7:
         6e:20:03:af:0e:63:3f:ae:db:49:93:77:04:2f:e1:fc:9b:d3:
         84:82:46:7d:4d:82:91:38:6a:d0:76:c6:8e:91:a1:a4:97:9c:
         0e:f9:b8:3f:60:db:9c:45:81:42:9a:b3:0b:cf:6c:0f:98:7b:
         43:dc:65:ad:c1:78:b9:d1:70:96:f6:1d:b7:9d:72:02:01:44:
         5a:81:ad:a8:27:06:3a:2b:7f:50:0a:ed:5f:d8:ee:65:09:94:
         dd:05:78:00:64:2b:fd:1c:f3:cc:20:5d:ca:3d:b9:68:99:9d:
         ce:49:fc:dc:03:c0:b4:5c:a7:8d:09:fa:a0:7c:d3:0b:9b:c4:
         2c:40:6a:0d:2d:b7:a0:af:21:1f:70:c1:10:b1:66:77:27:11:
         70:6f:3c:80:8e:74:bf:a7:70:0c:fe:3d:6a:1e:ff:90:ba:df:
         dc:3b:36:d7:5e:48:6b:0e:a1:d5:dd:65:39:48:e4:32:f3:b0:
         29:34:52:44:a8:7e:c5:2c:fe:ef:e7:5b:33:2b:c6:c6:93:45:
         a7:0c:ae:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXjQDLW2ttr5jUcP7tzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZGNkOTI2YmYzNzBkM2ZhMDE4M2ExMzhiNTdiMDk4M2Nk
YWNhMGEwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ5ZjNiMWY1ZGM5ZDZiYzU5ZjU1Nzk4MWQ3NTkzOTFjOTAxNWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjonE9wH/o88GMsPYuxCFwwPJ5g6W
HXDPpELD6JpJWHwap2qNhVS+ZoAQqLxdYgb0Lma9Y6CzZ4c6dPur69yC8FX/Ojbt
zq7cAsJmMRLIhc+h8gSX0vqwygnX8EKsi616AxU9ce4NSa95kClVovHLWsJ/bjXt
tcV52dQ8BjZ+NdWthCzSgBicfg0jXIjy50tqagsuGp0acVAarr0i3R+sl/B55G4y
2UiIjy8YCAbSLY1PExXbd8+q9WOqpgRjWKltwbZnKGpC+pDuvFw1dmoTVEyFUKPb
J9L8bDzD9WKGSZ9BWTIaBUmi7aWtFqxJsU/kIKdlrJC31DBn9+mC6mbFPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpJ87H13J1rxZ9VeYHXWTkckBXqMB8GA1UdIwQY
MBaAFGfc2Sa/Nw0/oBg6E4tXsJg82soKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjl6WkpyODNEVC1nR0RvVGkxZXdtRHpheWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9lMWM4MGQtYTYzYi00ODFjLWE5ZjIt
OWY1YjJlYjQ5MmEwLzEvbWtuenNmWGNuV3ZGbjFWNWdkZFpPUnlRRmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9lMWM4MGQtYTYzYi00ODFjLWE5ZjItOWY1YjJlYjQ5MmEw
LzEvWjl6WkpyODNEVC1nR0RvVGkxZXdtRHpheWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucNIMA0G
CSqGSIb3DQEBCwUAA4IBAQBWeSltZvXhPSsvs5+bviw9d4GFAB1FcKt+J01OiZPA
yeG2A2iVYHK40nSLxDxCx1KNRZhh39duIAOvDmM/rttJk3cEL+H8m9OEgkZ9TYKR
OGrQdsaOkaGkl5wO+bg/YNucRYFCmrMLz2wPmHtD3GWtwXi50XCW9h23nXICAURa
ga2oJwY6K39QCu1f2O5lCZTdBXgAZCv9HPPMIF3KPblomZ3OSfzcA8C0XKeNCfqg
fNMLm8QsQGoNLbegryEfcMEQsWZ3JxFwbzyAjnS/p3AM/j1qHv+Qut/cOzbXXkhr
DqHV3WU5SOQy87ApNFJEqH7FLP7v51szK8bGk0WnDK5z
-----END CERTIFICATE-----