Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/M1aqRzQAx0u0GH1aXLjObYZ4Q7k.roa
File:                     M1aqRzQAx0u0GH1aXLjObYZ4Q7k.roa (raw, json)
Hash identifier:          mN6UichsOlqnG+M84GTpzNqXCEcMKcyFp6FqDGDV0E4=
Subject key identifier:   33:56:AA:47:34:00:C7:4B:B4:18:7D:5A:5C:B8:CE:6D:86:78:43:B9
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       01953CABBD8076112232A1305156BE3F20C3
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/M1aqRzQAx0u0GH1aXLjObYZ4Q7k.roa
Signing time:             Tue 25 Feb 2025 10:34:02 +0000
ROA not before:           Tue 25 Feb 2025 10:34:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212792
IP address blocks:        176.98.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3c:ab:bd:80:76:11:22:32:a1:30:51:56:be:3f:20:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Feb 25 10:34:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3356aa473400c74bb4187d5a5cb8ce6d867843b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:72:a2:4e:e7:c8:32:15:ea:44:b1:98:ef:e3:
                    b8:ec:14:4a:22:c5:55:21:c9:8d:fa:c7:53:51:68:
                    cd:4b:31:af:af:e7:b8:d7:60:d8:7f:01:da:1a:25:
                    d2:5e:fe:d7:ca:08:e7:91:1b:a1:ea:93:55:10:fd:
                    0b:a6:51:fc:11:5a:ca:ca:76:af:fc:21:d8:4a:08:
                    fc:4a:95:72:09:da:dd:92:1e:9c:09:c5:cc:91:c6:
                    41:a6:ee:f1:17:92:05:ea:6f:37:07:f8:83:74:bc:
                    df:db:e9:34:dd:bf:b8:31:e2:3d:52:54:48:b0:57:
                    3b:7e:79:26:df:61:94:9c:13:85:61:8e:c4:1f:2b:
                    17:f9:fc:56:39:61:71:a9:c3:df:8d:ef:97:92:51:
                    c2:ef:d9:08:2b:cc:b2:ea:ad:02:79:1b:af:a9:43:
                    76:ac:3d:df:d8:46:51:9f:88:dd:bc:ca:db:90:60:
                    af:55:39:4b:2f:6d:51:b5:f1:1a:e0:2f:00:46:61:
                    4e:19:23:87:d2:64:5d:30:8f:3c:69:17:02:46:0a:
                    cf:f8:fd:29:d0:9f:a1:05:1b:da:48:cc:1a:6a:57:
                    a0:92:d0:7d:64:47:2a:72:2c:47:c0:dc:3e:49:c1:
                    19:32:bd:92:ba:e9:53:f2:87:01:22:00:d8:bc:ac:
                    52:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:56:AA:47:34:00:C7:4B:B4:18:7D:5A:5C:B8:CE:6D:86:78:43:B9
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/M1aqRzQAx0u0GH1aXLjObYZ4Q7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f5:86:8a:bb:be:cf:d7:65:c3:bc:bd:cd:b3:35:37:a0:b1:
         a1:97:70:fa:30:0b:47:21:ca:95:6c:d4:32:41:7d:80:91:a2:
         15:76:70:f5:90:fc:ee:0f:70:cb:fb:bc:c2:8a:57:6a:96:5a:
         89:95:20:29:80:11:8b:0a:83:0e:fb:70:11:79:50:a4:02:5b:
         1d:00:9e:ab:17:d3:6b:ff:8a:26:20:44:3a:fa:52:9f:ef:ef:
         54:4f:92:62:0f:28:6e:b7:cb:fc:41:0d:fa:f0:70:11:0a:56:
         34:5d:ef:45:5c:0b:91:48:0e:84:96:aa:14:64:c1:34:12:10:
         6d:93:f7:0a:76:2d:e7:37:ab:76:18:67:e6:d1:04:5b:11:26:
         b5:2b:22:e7:92:ca:17:b1:21:b8:c8:de:5c:fa:f5:d5:db:33:
         ef:2c:63:91:55:13:cf:27:fc:28:dc:37:47:cc:d3:3d:af:70:
         eb:b0:76:aa:f9:9c:5b:6f:fa:5b:29:11:d0:7f:2f:f1:15:ed:
         6b:cf:94:8a:0a:b7:c8:cb:d3:82:76:d3:27:a7:0f:57:67:b8:
         38:c9:1b:99:6a:24:3a:28:c3:d4:8b:e4:95:24:82:75:c0:7a:
         d0:99:c3:c8:55:c2:de:79:50:0d:a7:3a:94:2b:4b:8c:fc:f9:
         9e:b7:20:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU8q72AdhEiMqEwUVa+PyDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwMjI1MTAzNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzU2YWE0NzM0MDBjNzRiYjQxODdkNWE1Y2I4Y2U2ZDg2Nzg0M2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6XKiTufIMhXqRLGY7+O47BRKIsVV
IcmN+sdTUWjNSzGvr+e412DYfwHaGiXSXv7XygjnkRuh6pNVEP0LplH8EVrKynav
/CHYSgj8SpVyCdrdkh6cCcXMkcZBpu7xF5IF6m83B/iDdLzf2+k03b+4MeI9UlRI
sFc7fnkm32GUnBOFYY7EHysX+fxWOWFxqcPfje+XklHC79kIK8yy6q0CeRuvqUN2
rD3f2EZRn4jdvMrbkGCvVTlLL21RtfEa4C8ARmFOGSOH0mRdMI88aRcCRgrP+P0p
0J+hBRvaSMwaalegktB9ZEcqcixHwNw+ScEZMr2SuulT8ocBIgDYvKxSHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNWqkc0AMdLtBh9Wly4zm2GeEO5MB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvTTFhcVJ6UUF4MHUwR0gxYVhMak9iWVo0UTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGK+MA0G
CSqGSIb3DQEBCwUAA4IBAQCQ9YaKu77P12XDvL3NszU3oLGhl3D6MAtHIcqVbNQy
QX2AkaIVdnD1kPzuD3DL+7zCildqllqJlSApgBGLCoMO+3AReVCkAlsdAJ6rF9Nr
/4omIEQ6+lKf7+9UT5JiDyhut8v8QQ368HARClY0Xe9FXAuRSA6ElqoUZME0EhBt
k/cKdi3nN6t2GGfm0QRbESa1KyLnksoXsSG4yN5c+vXV2zPvLGORVRPPJ/wo3DdH
zNM9r3DrsHaq+Zxbb/pbKRHQfy/xFe1rz5SKCrfIy9OCdtMnpw9XZ7g4yRuZaiQ6
KMPUi+SVJIJ1wHrQmcPIVcLeeVANpzqUK0uM/PmetyAi
-----END CERTIFICATE-----