Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/muqmhHc5LJDDNmNuyuzYLdWHMQU.roa
File:                     muqmhHc5LJDDNmNuyuzYLdWHMQU.roa (raw, json)
Hash identifier:          JTDuVgIbzOw+6btu4GgoUP4Y5BjQsml5n5UXZW+TRgI=
Subject key identifier:   9A:EA:A6:84:77:39:2C:90:C3:36:63:6E:CA:EC:D8:2D:D5:87:31:05
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C16E2AE1496D15BFD035F864BD17A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/muqmhHc5LJDDNmNuyuzYLdWHMQU.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28925
IP address blocks:        81.181.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:16:e2:ae:14:96:d1:5b:fd:03:5f:86:4b:d1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9aeaa68477392c90c336636ecaecd82dd5873105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:2a:77:48:af:22:84:7f:28:8c:78:4e:31:
                    ff:78:18:c0:44:c9:61:c2:32:23:86:93:54:b0:02:
                    09:bf:35:1d:ed:ab:83:d9:07:35:23:47:cf:f3:3c:
                    d3:24:96:2f:4a:44:e5:97:76:18:85:a6:e8:5b:52:
                    74:d3:f4:5b:db:a0:01:ee:42:6b:01:9d:b2:4b:f0:
                    1f:57:df:13:68:09:70:97:49:5e:af:5a:2f:cf:2d:
                    c5:ca:a9:ef:07:e7:78:f4:46:6c:b0:3b:a7:2e:83:
                    b4:02:13:19:b6:cf:79:e5:01:9a:46:68:81:dd:74:
                    60:b1:72:e5:d2:7f:1c:28:c5:58:19:e1:b8:c8:77:
                    c6:fb:ed:78:48:ca:c0:01:19:47:d4:f4:21:3b:bc:
                    2a:e7:60:d1:93:7b:1e:3c:86:4c:17:69:72:3a:10:
                    c3:5b:62:54:2e:e5:4e:2f:62:52:57:4f:f0:08:ad:
                    58:cd:59:44:9d:06:2f:64:21:40:a8:fd:bc:40:22:
                    4e:89:1a:b3:06:48:40:1c:59:8a:18:56:cf:7a:19:
                    0f:8f:ab:82:3f:9a:e3:5c:e5:73:b3:ed:75:04:24:
                    3f:ec:65:0b:9d:02:6e:46:50:5f:e6:d2:4d:87:a8:
                    a2:be:b9:e5:d8:1a:d3:e6:38:2e:65:8b:b7:eb:0b:
                    7f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:EA:A6:84:77:39:2C:90:C3:36:63:6E:CA:EC:D8:2D:D5:87:31:05
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/muqmhHc5LJDDNmNuyuzYLdWHMQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:f8:98:73:12:39:49:41:c2:7c:41:57:07:ef:e7:82:94:47:
         31:f2:c8:14:ee:6f:e5:a4:b1:0b:c8:96:03:45:d8:ac:de:f8:
         14:09:6b:92:bd:8f:96:10:7f:c7:71:4b:94:95:16:12:96:e8:
         72:0a:5b:88:6b:cd:09:79:3f:72:34:b6:72:fd:39:ba:44:94:
         08:48:01:4d:ac:db:5b:52:d2:b6:e3:73:46:58:5e:f0:a0:0c:
         ef:76:f4:27:6d:f4:a8:69:88:05:df:82:1b:66:23:71:9f:1e:
         07:ad:5e:44:e7:c0:fe:03:ca:94:20:2f:1e:c4:0a:1c:5e:32:
         53:87:4e:4a:d9:1e:c0:b5:5d:6c:59:cd:3b:0d:87:74:44:58:
         c3:34:82:90:09:57:6d:99:1a:f4:13:71:06:90:68:26:2d:a2:
         57:51:d5:24:03:45:b6:50:e6:7f:60:7e:21:4d:d5:bc:20:4c:
         8c:8c:14:e4:9a:8a:a6:a0:9a:26:c3:ed:b9:3b:69:75:6c:bd:
         8a:78:8e:84:64:46:2e:b9:6e:5a:24:af:00:04:ef:24:96:75:
         a7:c0:9c:26:88:35:ac:37:12:b9:e5:3a:29:3d:79:6e:db:93:
         f1:ba:58:a6:18:9f:cc:bc:4e:0a:79:2e:f5:72:5e:9e:e1:b8:
         84:74:8d:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBbirhSW0Vv9A1+GS9F6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWVhYTY4NDc3MzkyYzkwYzMzNjYzNmVjYWVjZDgyZGQ1ODczMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5Iqd0ivIoR/KIx4TjH/eBjARMlh
wjIjhpNUsAIJvzUd7auD2Qc1I0fP8zzTJJYvSkTll3YYhaboW1J00/Rb26AB7kJr
AZ2yS/AfV98TaAlwl0ler1ovzy3FyqnvB+d49EZssDunLoO0AhMZts955QGaRmiB
3XRgsXLl0n8cKMVYGeG4yHfG++14SMrAARlH1PQhO7wq52DRk3sePIZMF2lyOhDD
W2JULuVOL2JSV0/wCK1YzVlEnQYvZCFAqP28QCJOiRqzBkhAHFmKGFbPehkPj6uC
P5rjXOVzs+11BCQ/7GULnQJuRlBf5tJNh6iivrnl2BrT5jguZYu36wt/SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrqpoR3OSyQwzZjbsrs2C3VhzEFMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvbXVxbWhIYzVMSkRETm1OdXl1ellMZFdITVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUbXKMA0G
CSqGSIb3DQEBCwUAA4IBAQB4+JhzEjlJQcJ8QVcH7+eClEcx8sgU7m/lpLELyJYD
Rdis3vgUCWuSvY+WEH/HcUuUlRYSluhyCluIa80JeT9yNLZy/Tm6RJQISAFNrNtb
UtK243NGWF7woAzvdvQnbfSoaYgF34IbZiNxnx4HrV5E58D+A8qUIC8exAocXjJT
h05K2R7AtV1sWc07DYd0RFjDNIKQCVdtmRr0E3EGkGgmLaJXUdUkA0W2UOZ/YH4h
TdW8IEyMjBTkmoqmoJomw+25O2l1bL2KeI6EZEYuuW5aJK8ABO8klnWnwJwmiDWs
NxK55TopPXlu25PxulimGJ/MvE4KeS71cl6e4biEdI03
-----END CERTIFICATE-----