Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/MUKicFTzhC00zdrY_h1AYYxVa-M.roa
File:                     MUKicFTzhC00zdrY_h1AYYxVa-M.roa (raw, json)
Hash identifier:          Ids/SWcSu2QegMrmqZTQrwfmzaSd55FYqNM5CzWSoLA=
Subject key identifier:   31:42:A2:70:54:F3:84:2D:34:CD:DA:D8:FE:1D:40:61:8C:55:6B:E3
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       01941FFA4652BCFA7C86EA6D09DD2A67CB77
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/MUKicFTzhC00zdrY_h1AYYxVa-M.roa
Signing time:             Wed 01 Jan 2025 03:48:03 +0000
ROA not before:           Wed 01 Jan 2025 03:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21734
IP address blocks:        83.126.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:46:52:bc:fa:7c:86:ea:6d:09:dd:2a:67:cb:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 03:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3142a27054f3842d34cddad8fe1d40618c556be3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:78:26:69:be:fe:4f:a0:f0:12:c0:1d:07:05:
                    df:45:9c:43:16:7b:be:76:57:ea:a5:f9:bf:26:2d:
                    e2:e5:e7:46:a9:cf:db:e0:f2:c5:52:c3:01:6a:fb:
                    97:e6:69:52:9d:a1:39:f2:68:38:35:f0:f2:c6:67:
                    a5:8d:f7:ca:47:7d:84:eb:2d:d6:2c:07:71:72:e6:
                    1f:5f:2b:d0:3f:c7:d2:8c:24:94:fe:f5:da:dd:2b:
                    1c:f3:30:af:77:57:9d:93:4a:3e:a9:05:49:5a:10:
                    bd:21:53:21:27:c3:f0:14:22:88:08:2a:d0:da:24:
                    61:58:68:e6:52:b4:35:6b:94:1d:29:12:bc:a9:a3:
                    d7:a3:52:5d:ff:8e:1d:8d:09:8f:7e:b5:3e:b3:b9:
                    24:0c:80:81:1d:92:37:81:ed:00:55:f5:32:cc:44:
                    a7:ef:e3:d7:4b:c9:a3:32:98:3b:d3:cb:82:68:c1:
                    76:7e:05:42:25:85:98:4b:b0:7a:95:de:83:1f:ac:
                    db:52:37:aa:ef:d8:6d:1d:53:10:eb:d2:77:7c:0b:
                    ea:22:e2:5b:ea:52:bc:9c:5a:4d:16:9d:b1:8e:48:
                    ac:8e:6d:fb:97:d4:04:ba:9a:fd:ef:8a:e4:16:69:
                    a6:4b:06:b7:a6:c7:a0:e7:2a:3b:c7:c3:d8:ea:5c:
                    c6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:42:A2:70:54:F3:84:2D:34:CD:DA:D8:FE:1D:40:61:8C:55:6B:E3
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/MUKicFTzhC00zdrY_h1AYYxVa-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.126.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a8:9b:32:4b:0a:0c:81:04:1e:06:53:7e:40:b7:d1:c7:7c:
         16:09:82:82:df:91:74:e3:4b:89:96:80:0e:c2:48:5f:b8:00:
         72:71:6e:ff:69:30:81:db:e5:da:eb:75:4c:fd:9c:20:06:a1:
         9f:bc:91:b7:3b:36:9c:89:ea:c1:35:c0:ab:1d:dc:5e:be:fc:
         ac:5d:1d:93:26:a9:e3:08:05:4f:f6:02:96:0b:3d:72:94:a5:
         da:59:b2:f2:27:73:9a:de:25:da:6c:38:52:93:b5:ca:80:98:
         19:43:1e:a2:33:43:6f:76:70:fc:f2:04:05:06:2c:51:89:85:
         13:fc:4a:92:d0:d4:50:d7:c2:82:8c:b2:52:91:67:57:ab:eb:
         82:13:98:63:69:43:fd:93:b7:73:60:f2:08:99:f2:38:25:d1:
         b4:7a:66:f2:47:c2:b5:45:9b:04:31:bb:e8:00:f2:07:87:2d:
         14:dc:75:b0:dc:cb:09:9c:0b:a2:32:08:6e:e6:f2:e9:68:9d:
         49:55:f7:85:99:5f:46:91:3b:80:6b:63:c9:bc:88:ae:45:3c:
         da:33:20:1b:7c:63:6e:f3:74:df:88:ed:f7:36:d8:f0:f6:39:
         ba:70:0b:28:6f:10:c0:e0:e2:b8:b8:7c:f9:fe:88:e8:e8:10:
         87:ca:45:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+kZSvPp8huptCd0qZ8t3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjUwMTAxMDM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQyYTI3MDU0ZjM4NDJkMzRjZGRhZDhmZTFkNDA2MThjNTU2YmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Xgmab7+T6DwEsAdBwXfRZxDFnu+
dlfqpfm/Ji3i5edGqc/b4PLFUsMBavuX5mlSnaE58mg4NfDyxmeljffKR32E6y3W
LAdxcuYfXyvQP8fSjCSU/vXa3Ssc8zCvd1edk0o+qQVJWhC9IVMhJ8PwFCKICCrQ
2iRhWGjmUrQ1a5QdKRK8qaPXo1Jd/44djQmPfrU+s7kkDICBHZI3ge0AVfUyzESn
7+PXS8mjMpg708uCaMF2fgVCJYWYS7B6ld6DH6zbUjeq79htHVMQ69J3fAvqIuJb
6lK8nFpNFp2xjkisjm37l9QEupr974rkFmmmSwa3pseg5yo7x8PY6lzGzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFConBU84QtNM3a2P4dQGGMVWvjMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvTVVLaWNGVHpoQzAwemRyWV9oMUFZWXhWYS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU34yMA0G
CSqGSIb3DQEBCwUAA4IBAQA+qJsySwoMgQQeBlN+QLfRx3wWCYKC35F040uJloAO
wkhfuABycW7/aTCB2+Xa63VM/ZwgBqGfvJG3OzacierBNcCrHdxevvysXR2TJqnj
CAVP9gKWCz1ylKXaWbLyJ3Oa3iXabDhSk7XKgJgZQx6iM0NvdnD88gQFBixRiYUT
/EqS0NRQ18KCjLJSkWdXq+uCE5hjaUP9k7dzYPIImfI4JdG0embyR8K1RZsEMbvo
APIHhy0U3HWw3MsJnAuiMghu5vLpaJ1JVfeFmV9GkTuAa2PJvIiuRTzaMyAbfGNu
83TfiO33Ntjw9jm6cAsobxDA4OK4uHz5/ojo6BCHykUS
-----END CERTIFICATE-----