Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/MdutrPnIA4jtsUw7J4Yelrok5X0.roa
File:                     MdutrPnIA4jtsUw7J4Yelrok5X0.roa (raw, json)
Hash identifier:          r2kS0LoTxgu8taO5YAtvMzxTwqT6ILx9UD2HUGC3ccI=
Subject key identifier:   31:DB:AD:AC:F9:C8:03:88:ED:B1:4C:3B:27:86:1E:96:BA:24:E5:7D
Certificate issuer:       /CN=28992ebb83eb8b73a2a21e5b033dbdeb1df4f23d
Certificate serial:       019420D5E59BF07EFFD5861E96A1D9E89160
Authority key identifier: 28:99:2E:BB:83:EB:8B:73:A2:A2:1E:5B:03:3D:BD:EB:1D:F4:F2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJkuu4Pri3Oioh5bAz296x308j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/MdutrPnIA4jtsUw7J4Yelrok5X0.roa
Signing time:             Wed 01 Jan 2025 07:47:56 +0000
ROA not before:           Wed 01 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197645
IP address blocks:        185.146.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/KJkuu4Pri3Oioh5bAz296x308j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/KJkuu4Pri3Oioh5bAz296x308j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJkuu4Pri3Oioh5bAz296x308j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e5:9b:f0:7e:ff:d5:86:1e:96:a1:d9:e8:91:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28992ebb83eb8b73a2a21e5b033dbdeb1df4f23d
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31dbadacf9c80388edb14c3b27861e96ba24e57d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:29:41:31:0a:32:07:64:89:ca:5f:0d:9a:65:
                    ea:6e:03:43:97:0f:92:cb:41:e5:a6:1e:35:61:3d:
                    7d:78:cd:5d:72:3f:bf:db:d0:9e:03:42:3b:e8:3a:
                    d0:0f:4c:24:91:f4:5e:14:91:31:92:f2:d4:da:a0:
                    fc:f6:ee:60:fa:43:e8:3f:ec:74:ae:41:c3:70:73:
                    2d:ae:18:55:61:84:ad:be:7e:5e:01:09:a2:89:48:
                    83:36:da:d3:63:b2:4e:f3:b9:63:01:97:ea:83:b9:
                    5a:b7:ae:65:ba:45:6c:71:ae:f2:5c:2c:58:98:28:
                    28:cc:c2:f2:6f:e1:11:c6:96:8f:27:4e:55:20:2b:
                    df:47:ff:66:6f:7c:cb:3b:8a:31:ea:66:36:99:c9:
                    98:7b:7d:86:0e:8d:98:29:4f:84:3a:12:2a:6c:df:
                    ec:ca:41:6b:47:d4:4d:61:fe:11:9c:7b:3a:7f:5a:
                    13:9c:db:2d:e6:69:7d:0b:21:a2:6c:22:09:2d:42:
                    7e:27:ce:87:93:05:49:b1:fc:9a:f1:7b:09:8e:fd:
                    24:52:bd:13:66:ab:91:47:95:41:f6:f8:8f:71:5b:
                    11:f2:2b:a4:00:b0:28:74:e9:66:39:fb:d5:ee:fc:
                    36:2e:3f:9a:3c:01:74:bc:de:64:dd:b4:c2:01:ca:
                    b8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DB:AD:AC:F9:C8:03:88:ED:B1:4C:3B:27:86:1E:96:BA:24:E5:7D
            X509v3 Authority Key Identifier:
                keyid:28:99:2E:BB:83:EB:8B:73:A2:A2:1E:5B:03:3D:BD:EB:1D:F4:F2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJkuu4Pri3Oioh5bAz296x308j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/MdutrPnIA4jtsUw7J4Yelrok5X0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/f98dce-992d-4f64-bc38-b36b8e892c6c/1/KJkuu4Pri3Oioh5bAz296x308j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:3e:71:7d:50:23:5b:b3:cc:24:89:cc:f1:4d:4a:be:67:42:
         3d:84:ce:cc:ef:36:6f:ed:7f:88:f1:3a:db:60:df:08:38:89:
         b8:8f:83:7d:bd:82:c2:5a:1b:47:c5:5a:df:e7:03:53:06:83:
         28:91:90:ac:48:16:6c:58:f3:bb:88:b4:58:4c:b3:e9:7b:e7:
         de:22:25:89:ba:2c:be:74:b5:61:7e:ae:22:d1:95:9d:e2:a9:
         38:89:65:4e:d6:fc:99:f4:8b:ed:00:4c:83:38:d1:9b:20:de:
         26:a2:ad:94:34:f4:40:a8:18:e5:57:50:ff:b0:5f:6d:0d:78:
         df:f9:3f:c9:3e:9a:e1:ee:76:0d:e6:e5:df:ff:f3:22:8b:71:
         c7:38:db:4a:14:6e:60:69:62:e6:70:55:fb:5f:78:a8:48:20:
         ba:54:ab:13:ba:d6:e7:49:77:9d:95:80:64:04:c3:8c:5b:70:
         6f:ea:71:3d:ac:b4:91:cc:bd:d8:c3:03:3a:88:0c:74:23:22:
         c0:26:f1:89:59:91:ff:b1:21:e5:4b:3f:e5:3c:bc:68:63:5b:
         29:cb:c3:ef:49:29:47:d8:5b:45:14:34:bb:ab:8e:b2:3a:ad:
         18:4b:75:8a:5f:42:3e:55:32:53:13:ac:85:b9:d1:ea:23:0d:
         51:2f:69:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1eWb8H7/1YYelqHZ6JFgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTkyZWJiODNlYjhiNzNhMmEyMWU1YjAzM2RiZGViMWRm
NGYyM2QwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRiYWRhY2Y5YzgwMzg4ZWRiMTRjM2IyNzg2MWU5NmJhMjRlNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhylBMQoyB2SJyl8NmmXqbgNDlw+S
y0Hlph41YT19eM1dcj+/29CeA0I76DrQD0wkkfReFJExkvLU2qD89u5g+kPoP+x0
rkHDcHMtrhhVYYStvn5eAQmiiUiDNtrTY7JO87ljAZfqg7lat65lukVsca7yXCxY
mCgozMLyb+ERxpaPJ05VICvfR/9mb3zLO4ox6mY2mcmYe32GDo2YKU+EOhIqbN/s
ykFrR9RNYf4RnHs6f1oTnNst5ml9CyGibCIJLUJ+J86HkwVJsfya8XsJjv0kUr0T
ZquRR5VB9viPcVsR8iukALAodOlmOfvV7vw2Lj+aPAF0vN5k3bTCAcq4IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHbraz5yAOI7bFMOyeGHpa6JOV9MB8GA1UdIwQY
MBaAFCiZLruD64tzoqIeWwM9vesd9PI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0prdXU0UHJpM09pb2g1YkF6Mjk2eDMwOGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9mOThkY2UtOTkyZC00ZjY0LWJjMzgt
YjM2YjhlODkyYzZjLzEvTWR1dHJQbklBNGp0c1V3N0o0WWVscm9rNVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9mOThkY2UtOTkyZC00ZjY0LWJjMzgtYjM2YjhlODkyYzZj
LzEvS0prdXU0UHJpM09pb2g1YkF6Mjk2eDMwOGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZJgMA0G
CSqGSIb3DQEBCwUAA4IBAQCDPnF9UCNbs8wkiczxTUq+Z0I9hM7M7zZv7X+I8Trb
YN8IOIm4j4N9vYLCWhtHxVrf5wNTBoMokZCsSBZsWPO7iLRYTLPpe+feIiWJuiy+
dLVhfq4i0ZWd4qk4iWVO1vyZ9IvtAEyDONGbIN4moq2UNPRAqBjlV1D/sF9tDXjf
+T/JPprh7nYN5uXf//Mii3HHONtKFG5gaWLmcFX7X3ioSCC6VKsTutbnSXedlYBk
BMOMW3Bv6nE9rLSRzL3YwwM6iAx0IyLAJvGJWZH/sSHlSz/lPLxoY1spy8PvSSlH
2FtFFDS7q46yOq0YS3WKX0I+VTJTE6yFudHqIw1RL2l0
-----END CERTIFICATE-----