Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/MmND3DuvCXN1PehXC8z0YAY-0xo.roa
File:                     MmND3DuvCXN1PehXC8z0YAY-0xo.roa (raw, json)
Hash identifier:          WRLrLTysveRvOIFyqs2Tv0LCBQXodbByHKNc+Ys2WQc=
Subject key identifier:   32:63:43:DC:3B:AF:09:73:75:3D:E8:57:0B:CC:F4:60:06:3E:D3:1A
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       0191E5F33BD7D4F15C569B3E2577682825E7
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/MmND3DuvCXN1PehXC8z0YAY-0xo.roa
Signing time:             Thu 12 Sep 2024 11:16:48 +0000
ROA not before:           Thu 12 Sep 2024 11:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.169.181.0/24 maxlen: 24
                          185.174.22.0/24 maxlen: 24
                          185.174.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:f3:3b:d7:d4:f1:5c:56:9b:3e:25:77:68:28:25:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Sep 12 11:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=326343dc3baf0973753de8570bccf460063ed31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8a:e8:6d:f4:07:8a:49:d8:3c:51:c6:70:94:
                    1f:e9:06:2d:f5:9f:42:a7:b6:c1:51:08:ea:36:e4:
                    b6:cd:53:6d:15:94:9c:a0:3f:99:0f:10:cb:01:57:
                    85:58:d8:b2:4d:6c:a1:2f:49:40:cf:e0:48:ca:50:
                    ed:47:c0:84:b8:30:56:26:4a:36:52:8f:2a:aa:96:
                    2d:e9:7d:24:a3:b2:93:6d:c4:5e:f1:13:9d:ca:4f:
                    b6:1a:70:66:b3:5c:4c:43:a1:9d:54:ae:f7:32:1e:
                    ff:72:8e:38:62:ce:cf:1d:cc:61:2b:2b:05:6e:85:
                    1e:b3:2c:ca:47:de:0d:a7:78:b7:a6:25:52:61:fc:
                    92:f7:50:93:ae:ae:a3:8e:7f:a1:35:3c:95:60:5a:
                    7b:33:d8:e8:95:19:b5:8e:8c:da:68:e8:28:96:42:
                    fb:81:b7:d8:92:81:e1:e8:1a:6e:da:8f:dc:61:bc:
                    c9:81:f3:88:71:6d:4f:3a:cb:9b:cd:37:a8:b4:e9:
                    45:7e:02:9d:11:cf:6a:d5:65:66:1d:51:4e:94:5f:
                    e4:ee:b1:d1:62:08:45:21:d2:fb:06:1e:d6:d2:f9:
                    96:2e:70:0a:b3:8e:a3:92:48:62:d1:d7:6e:11:51:
                    50:10:1e:7d:e1:00:59:e0:28:72:12:8d:6b:22:c3:
                    d3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:63:43:DC:3B:AF:09:73:75:3D:E8:57:0B:CC:F4:60:06:3E:D3:1A
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/MmND3DuvCXN1PehXC8z0YAY-0xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.181.0/24
                  185.174.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:6b:b9:2e:84:31:b5:ed:0d:86:da:21:7f:55:a8:54:2b:83:
         d1:3a:01:27:33:bf:c7:ee:28:fa:d8:0e:44:0a:f5:8b:56:19:
         8f:b0:29:c3:9c:07:95:47:5b:94:35:4b:1d:61:49:5f:57:ff:
         38:62:b0:37:49:2b:0e:d3:0f:d4:db:bd:07:a7:b8:a5:4a:8f:
         2a:7a:a2:18:98:fe:5a:9e:53:45:11:19:28:00:cd:69:ea:0d:
         f0:2f:fe:4f:25:27:86:38:22:46:c4:77:06:83:d8:cf:ef:ec:
         ec:bd:77:53:5a:d7:6f:59:4c:b3:30:91:31:90:17:1b:02:97:
         35:9a:ab:89:9c:6e:0e:01:86:b4:d6:e7:3f:8b:b4:57:55:89:
         b0:1a:aa:2f:d7:4b:1c:ad:bb:1e:6e:cb:56:a8:6f:9c:82:2a:
         a1:0c:75:76:14:89:fc:d0:cd:5b:30:30:c7:34:ae:28:70:3e:
         75:64:0e:ae:b5:bf:79:03:0f:55:a6:e0:e1:b0:3f:b7:95:57:
         00:0d:49:08:7c:c8:96:14:17:43:30:80:ff:32:87:9a:25:ad:
         83:89:d9:15:65:c3:5d:25:73:8d:d6:63:a0:26:2d:46:0d:74:
         9d:6e:a1:74:f2:e8:0a:8a:58:9f:c7:72:70:7f:0e:66:6c:9a:
         ca:c9:5f:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHl8zvX1PFcVps+JXdoKCXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwOTEyMTExNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjYzNDNkYzNiYWYwOTczNzUzZGU4NTcwYmNjZjQ2MDA2M2VkMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIrobfQHiknYPFHGcJQf6QYt9Z9C
p7bBUQjqNuS2zVNtFZScoD+ZDxDLAVeFWNiyTWyhL0lAz+BIylDtR8CEuDBWJko2
Uo8qqpYt6X0ko7KTbcRe8ROdyk+2GnBms1xMQ6GdVK73Mh7/co44Ys7PHcxhKysF
boUesyzKR94Np3i3piVSYfyS91CTrq6jjn+hNTyVYFp7M9jolRm1jozaaOgolkL7
gbfYkoHh6Bpu2o/cYbzJgfOIcW1POsubzTeotOlFfgKdEc9q1WVmHVFOlF/k7rHR
YghFIdL7Bh7W0vmWLnAKs46jkkhi0dduEVFQEB594QBZ4ChyEo1rIsPTtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDJjQ9w7rwlzdT3oVwvM9GAGPtMaMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvTW1ORDNEdXZDWE4xUGVoWEM4ejBZQVktMHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuam1AwQB
ua4WMA0GCSqGSIb3DQEBCwUAA4IBAQApa7kuhDG17Q2G2iF/VahUK4PROgEnM7/H
7ij62A5ECvWLVhmPsCnDnAeVR1uUNUsdYUlfV/84YrA3SSsO0w/U270Hp7ilSo8q
eqIYmP5anlNFERkoAM1p6g3wL/5PJSeGOCJGxHcGg9jP7+zsvXdTWtdvWUyzMJEx
kBcbApc1mquJnG4OAYa01uc/i7RXVYmwGqov10scrbsebstWqG+cgiqhDHV2FIn8
0M1bMDDHNK4ocD51ZA6utb95Aw9VpuDhsD+3lVcADUkIfMiWFBdDMID/MoeaJa2D
idkVZcNdJXON1mOgJi1GDXSdbqF08ugKilifx3Jwfw5mbJrKyV/B
-----END CERTIFICATE-----