Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/MYXOtoFqqInlayBX5NkCS20Wi14.roa
File:                     MYXOtoFqqInlayBX5NkCS20Wi14.roa (raw, json)
Hash identifier:          DGh8ilGMERgE4lOcfR6ybGWkn9Yn32MF1CfBnbDcqlA=
Subject key identifier:   31:85:CE:B6:81:6A:A8:89:E5:6B:20:57:E4:D9:02:4B:6D:16:8B:5E
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       019512F7C71574A7B719911F4C16DAFF168D
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/MYXOtoFqqInlayBX5NkCS20Wi14.roa
Signing time:             Mon 17 Feb 2025 08:13:03 +0000
ROA not before:           Mon 17 Feb 2025 08:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        178.210.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:12:f7:c7:15:74:a7:b7:19:91:1f:4c:16:da:ff:16:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Feb 17 08:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3185ceb6816aa889e56b2057e4d9024b6d168b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:94:e9:3b:11:f6:4b:57:0a:f1:da:f9:cc:03:
                    95:f6:d9:cb:0f:9a:c7:7f:49:64:e8:f3:9b:0c:4e:
                    91:78:5c:b5:27:f0:d6:e1:b7:3d:6b:b1:e4:e6:92:
                    68:e9:2c:7b:c4:39:ec:3a:16:92:3d:20:fe:3d:52:
                    84:16:1f:96:65:93:88:55:62:01:7a:99:d5:4e:4e:
                    f6:3b:5b:1f:54:24:96:1e:6f:0c:20:46:75:b2:81:
                    b5:4c:74:e4:65:74:e6:ea:86:d5:ec:5a:97:6f:ec:
                    82:9f:2c:71:bc:b4:f4:d0:4a:89:23:9a:2b:97:46:
                    01:34:0c:db:6c:32:4b:45:2c:90:8b:bf:75:8f:c7:
                    d8:44:b4:bb:28:77:ce:bd:d9:bb:4a:1c:00:61:af:
                    00:c8:9b:6e:50:40:01:9c:f4:53:17:ea:55:88:eb:
                    00:7a:f5:8a:08:f5:f9:7f:44:34:cb:98:89:53:10:
                    57:ed:d6:12:54:c8:66:13:2c:0a:cc:66:2d:64:1f:
                    31:03:dd:ec:9a:f3:d9:f7:f6:a3:72:21:5e:83:aa:
                    8c:60:a5:3e:4e:7a:d7:f2:49:e5:1f:4c:2e:4d:97:
                    c5:05:d1:98:ef:0b:8b:4e:37:b7:ef:35:56:9f:22:
                    9c:47:87:06:8b:07:da:0d:9e:76:94:e6:e9:de:f7:
                    64:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:85:CE:B6:81:6A:A8:89:E5:6B:20:57:E4:D9:02:4B:6D:16:8B:5E
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/MYXOtoFqqInlayBX5NkCS20Wi14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d4:f2:d1:bd:a5:24:cd:4c:eb:04:e7:70:ec:6b:71:b8:78:e8:
         fd:75:82:2e:b8:34:a6:fb:93:15:fc:78:10:ff:da:dc:ca:01:
         69:36:e1:af:00:ef:5e:18:25:a4:33:43:7b:68:85:e0:62:98:
         74:78:d6:76:7a:d9:b9:f3:29:06:ea:2d:cd:b6:d5:5b:cf:0d:
         f0:62:9e:f3:7d:77:80:82:51:69:4e:c2:f1:8a:5a:8f:ce:18:
         48:59:bd:78:fd:d0:64:2f:32:8a:58:7d:14:56:c5:b2:5b:45:
         54:c2:7d:17:45:cf:08:51:8a:e3:d3:75:b4:c7:c5:59:df:20:
         f1:4f:a0:fa:77:a5:3b:9d:b6:68:f2:0c:66:c1:b8:91:0a:01:
         b2:34:fa:e4:54:bf:4f:bd:92:39:00:e6:f7:23:5c:43:6c:0b:
         47:97:8e:46:06:38:61:20:51:7c:54:ae:e5:b8:ae:b3:73:39:
         03:fe:a8:5b:17:a9:1f:ef:b1:ae:cd:16:db:4d:1f:0f:d5:93:
         34:e5:01:92:07:14:20:50:2d:6c:33:ac:87:ef:7a:34:a1:71:
         fa:05:96:93:d9:62:51:05:c9:8a:16:cd:11:d2:ef:b7:1f:e8:
         93:d4:a7:56:8a:35:da:97:b8:54:16:e9:5b:08:91:1e:9f:20:
         b0:8c:e1:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUS98cVdKe3GZEfTBba/xaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjUwMjE3MDgxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTg1Y2ViNjgxNmFhODg5ZTU2YjIwNTdlNGQ5MDI0YjZkMTY4YjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5TpOxH2S1cK8dr5zAOV9tnLD5rH
f0lk6PObDE6ReFy1J/DW4bc9a7Hk5pJo6Sx7xDnsOhaSPSD+PVKEFh+WZZOIVWIB
epnVTk72O1sfVCSWHm8MIEZ1soG1THTkZXTm6obV7FqXb+yCnyxxvLT00EqJI5or
l0YBNAzbbDJLRSyQi791j8fYRLS7KHfOvdm7ShwAYa8AyJtuUEABnPRTF+pViOsA
evWKCPX5f0Q0y5iJUxBX7dYSVMhmEywKzGYtZB8xA93smvPZ9/ajciFeg6qMYKU+
TnrX8knlH0wuTZfFBdGY7wuLTje37zVWnyKcR4cGiwfaDZ52lObp3vdksQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGFzraBaqiJ5WsgV+TZAkttFoteMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvTVlYT3RvRnFxSW5sYXlCWDVOa0NTMjBXaTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstL+MA0G
CSqGSIb3DQEBCwUAA4IBAQDU8tG9pSTNTOsE53Dsa3G4eOj9dYIuuDSm+5MV/HgQ
/9rcygFpNuGvAO9eGCWkM0N7aIXgYph0eNZ2etm58ykG6i3NttVbzw3wYp7zfXeA
glFpTsLxilqPzhhIWb14/dBkLzKKWH0UVsWyW0VUwn0XRc8IUYrj03W0x8VZ3yDx
T6D6d6U7nbZo8gxmwbiRCgGyNPrkVL9PvZI5AOb3I1xDbAtHl45GBjhhIFF8VK7l
uK6zczkD/qhbF6kf77GuzRbbTR8P1ZM05QGSBxQgUC1sM6yH73o0oXH6BZaT2WJR
BcmKFs0R0u+3H+iT1KdWijXal7hUFulbCJEenyCwjOHj
-----END CERTIFICATE-----