Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/mDxyiD9X-pKoSpMDHewalWK4frA.roa
File:                     mDxyiD9X-pKoSpMDHewalWK4frA.roa (raw, json)
Hash identifier:          mOBdq9p0ho/s/u99fQ8BxCqlC+u1XlqpRxkj0tREVjY=
Subject key identifier:   98:3C:72:88:3F:57:FA:92:A8:4A:93:03:1D:EC:1A:95:62:B8:7E:B0
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       019440DF898631C1159ECFD31F9DA515971D
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/mDxyiD9X-pKoSpMDHewalWK4frA.roa
Signing time:             Tue 07 Jan 2025 13:06:18 +0000
ROA not before:           Tue 07 Jan 2025 13:06:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215187
IP address blocks:        194.40.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:df:89:86:31:c1:15:9e:cf:d3:1f:9d:a5:15:97:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jan  7 13:06:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=983c72883f57fa92a84a93031dec1a9562b87eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:dd:ee:6b:9e:1b:3d:7d:22:16:57:a8:63:4c:
                    1d:8c:1c:b6:21:27:54:b3:e1:5c:6a:bd:27:64:b5:
                    f4:96:49:3d:53:da:54:dc:f0:47:a2:3c:bc:26:69:
                    28:3f:d6:9e:71:e9:a2:ae:43:44:eb:28:86:b1:9c:
                    7f:2c:c2:8d:73:89:92:13:44:f1:82:a6:89:f7:ba:
                    a2:b3:ef:d6:eb:17:7e:15:3a:b0:a4:ed:e4:77:e2:
                    eb:e6:7e:f6:56:45:0f:6d:39:53:54:f0:3a:0b:c9:
                    de:4a:46:ed:8e:f6:6d:21:4a:54:9e:e0:fa:f1:e2:
                    15:02:75:0c:e7:7f:fe:e3:0b:31:4b:43:bf:86:55:
                    8d:07:84:09:c3:d8:9e:79:c5:9a:1f:44:9c:50:a7:
                    78:d8:5f:f6:d6:f0:49:05:70:3d:7c:6b:ce:b2:16:
                    28:4a:5d:94:58:3f:76:4d:ee:d3:21:b4:3c:13:ff:
                    33:36:6c:58:75:85:b7:ef:a8:a4:75:6d:17:f3:d4:
                    14:a5:2d:9b:8a:85:3e:bf:58:8c:17:4c:6f:bd:ea:
                    6a:ed:f8:e1:43:bd:8d:34:0b:fa:dc:e0:4b:9a:9c:
                    95:e8:6c:02:54:cc:81:1c:ba:11:18:6c:e2:71:bb:
                    8c:08:e3:89:4f:94:f7:2d:ff:08:7b:20:ac:5f:4c:
                    10:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3C:72:88:3F:57:FA:92:A8:4A:93:03:1D:EC:1A:95:62:B8:7E:B0
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/mDxyiD9X-pKoSpMDHewalWK4frA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.40.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:46:42:c1:78:af:d8:93:46:b0:39:a1:bc:9f:ca:e5:2d:71:
         ba:b3:a4:16:2b:87:8b:93:b9:1a:ec:81:12:15:ee:40:55:54:
         d1:15:5e:4e:cd:63:3a:de:64:07:63:5b:e3:52:6d:5f:50:67:
         ff:67:62:b2:91:57:50:60:5f:92:be:24:3a:52:e1:a6:b4:6a:
         4a:e2:76:41:34:99:c8:6d:31:13:23:bf:de:01:93:10:71:cf:
         27:4c:24:86:c8:e3:64:12:4a:13:89:a8:ed:51:d7:6e:44:47:
         1a:38:d4:a7:bc:27:be:d7:51:64:fb:44:f2:89:3a:bf:5e:bf:
         24:6e:a8:3f:b0:cd:fe:66:ae:a9:4c:63:6a:50:3e:a1:bc:9b:
         fb:23:17:72:56:d5:ac:ed:60:3d:20:33:e3:08:ba:43:51:1b:
         9a:27:95:8a:11:61:da:bb:14:b0:be:eb:bf:fc:5d:99:a9:3a:
         5f:13:f8:37:c0:f4:20:41:81:ab:3b:de:99:4f:f3:05:ce:46:
         ee:99:be:5c:e9:16:34:00:94:27:96:03:d8:7a:20:5a:af:70:
         69:de:0a:d3:bc:aa:e3:7d:4f:dd:28:58:3f:92:58:d5:2e:67:
         65:09:73:43:b0:e1:50:cf:e5:aa:9d:95:8b:27:63:bb:bc:60:
         f9:39:9a:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRA34mGMcEVns/TH52lFZcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjUwMTA3MTMwNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNjNzI4ODNmNTdmYTkyYTg0YTkzMDMxZGVjMWE5NTYyYjg3ZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh93ua54bPX0iFleoY0wdjBy2ISdU
s+Fcar0nZLX0lkk9U9pU3PBHojy8JmkoP9aecemirkNE6yiGsZx/LMKNc4mSE0Tx
gqaJ97qis+/W6xd+FTqwpO3kd+Lr5n72VkUPbTlTVPA6C8neSkbtjvZtIUpUnuD6
8eIVAnUM53/+4wsxS0O/hlWNB4QJw9ieecWaH0ScUKd42F/21vBJBXA9fGvOshYo
Sl2UWD92Te7TIbQ8E/8zNmxYdYW376ikdW0X89QUpS2bioU+v1iMF0xvvepq7fjh
Q72NNAv63OBLmpyV6GwCVMyBHLoRGGzicbuMCOOJT5T3Lf8IeyCsX0wQzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJg8cog/V/qSqEqTAx3sGpViuH6wMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvbUR4eWlEOVgtcEtvU3BNREhld2FsV0s0ZnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwijyMA0G
CSqGSIb3DQEBCwUAA4IBAQA/RkLBeK/Yk0awOaG8n8rlLXG6s6QWK4eLk7ka7IES
Fe5AVVTRFV5OzWM63mQHY1vjUm1fUGf/Z2KykVdQYF+SviQ6UuGmtGpK4nZBNJnI
bTETI7/eAZMQcc8nTCSGyONkEkoTiajtUdduREcaONSnvCe+11Fk+0TyiTq/Xr8k
bqg/sM3+Zq6pTGNqUD6hvJv7IxdyVtWs7WA9IDPjCLpDURuaJ5WKEWHauxSwvuu/
/F2ZqTpfE/g3wPQgQYGrO96ZT/MFzkbumb5c6RY0AJQnlgPYeiBar3Bp3grTvKrj
fU/dKFg/kljVLmdlCXNDsOFQz+WqnZWLJ2O7vGD5OZof
-----END CERTIFICATE-----