Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/MCsIROpcTR7JKSRfmFoIKjJ_nz4.roa
File:                     MCsIROpcTR7JKSRfmFoIKjJ_nz4.roa (raw, json)
Hash identifier:          R67ARze8qlkUfDP9bKevHmAROQGEYMGNSr3mOqKWMMQ=
Subject key identifier:   30:2B:08:44:EA:5C:4D:1E:C9:29:24:5F:98:5A:08:2A:32:7F:9F:3E
Certificate issuer:       /CN=95ea283635cb3bd1523a85ddc9caf530568d2f81
Certificate serial:       019424B3DD90AD6C4B8BE0EA200A9AF7B9B1
Authority key identifier: 95:EA:28:36:35:CB:3B:D1:52:3A:85:DD:C9:CA:F5:30:56:8D:2F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/leooNjXLO9FSOoXdycr1MFaNL4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/MCsIROpcTR7JKSRfmFoIKjJ_nz4.roa
Signing time:             Thu 02 Jan 2025 01:49:14 +0000
ROA not before:           Thu 02 Jan 2025 01:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24920
IP address blocks:        193.111.122.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/leooNjXLO9FSOoXdycr1MFaNL4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/leooNjXLO9FSOoXdycr1MFaNL4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/leooNjXLO9FSOoXdycr1MFaNL4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:dd:90:ad:6c:4b:8b:e0:ea:20:0a:9a:f7:b9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95ea283635cb3bd1523a85ddc9caf530568d2f81
        Validity
            Not Before: Jan  2 01:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=302b0844ea5c4d1ec929245f985a082a327f9f3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d5:64:2a:d9:49:00:6c:df:85:53:17:14:f4:
                    be:50:04:ce:6f:95:c1:24:ee:dd:17:f2:f1:fc:6e:
                    3e:54:bf:df:c2:d4:65:5c:c5:cd:41:f0:57:2c:a6:
                    e4:72:de:83:f5:2f:1e:19:fd:fd:87:d3:3f:4a:92:
                    ef:c6:fa:69:91:7b:0d:5c:a9:27:c6:4d:e7:29:59:
                    a3:04:41:28:42:80:d3:fa:7f:cf:80:fc:99:d1:6c:
                    f6:cc:6f:3d:bb:65:b8:1d:67:fe:dc:84:a1:44:1b:
                    93:8e:9a:b5:fc:15:02:0e:e7:58:91:51:b7:ed:c0:
                    fb:c1:30:7f:34:17:1e:be:52:82:8c:51:60:15:ba:
                    db:13:55:c3:fa:43:92:4b:8c:06:cc:17:8b:0f:49:
                    d2:7e:79:87:7a:c0:79:27:36:a5:d4:ec:dd:df:53:
                    75:b3:23:07:41:b0:95:1d:b7:d0:ec:03:0c:ba:fb:
                    f9:30:8a:b0:36:1c:c7:38:12:3b:15:92:14:b7:5c:
                    57:3c:e0:d6:89:d7:4d:c3:e5:b9:a7:34:c0:eb:84:
                    86:40:59:8c:9e:46:47:92:d3:91:57:e5:84:9a:63:
                    24:5a:cd:ba:b2:85:d3:1e:3d:29:10:c2:7c:40:92:
                    1c:58:f6:a2:8b:f2:96:ae:92:7f:e3:c8:be:f6:e5:
                    64:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2B:08:44:EA:5C:4D:1E:C9:29:24:5F:98:5A:08:2A:32:7F:9F:3E
            X509v3 Authority Key Identifier:
                keyid:95:EA:28:36:35:CB:3B:D1:52:3A:85:DD:C9:CA:F5:30:56:8D:2F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/leooNjXLO9FSOoXdycr1MFaNL4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/MCsIROpcTR7JKSRfmFoIKjJ_nz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5b46bb-0af4-47d6-a4b8-7ba2686ea518/1/leooNjXLO9FSOoXdycr1MFaNL4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:0b:3c:a5:e8:d9:cc:e9:81:19:e3:d7:bb:1b:3c:f9:f0:be:
         26:21:e9:81:f0:1f:66:c6:53:83:f1:88:9c:a1:35:05:c4:cd:
         cf:a5:f6:7e:8e:fb:3e:3c:d5:5b:50:1f:03:bf:04:9f:85:1d:
         42:94:29:f4:2c:57:fd:b9:4b:e4:10:7b:ae:a0:0f:63:99:be:
         1f:8a:3d:32:f5:f2:49:4b:0c:71:7f:9d:d4:bd:6b:78:39:26:
         b1:5f:1a:4f:8b:9c:81:16:37:b6:7e:3c:41:3a:30:a3:03:53:
         4f:b3:9d:92:ce:0c:3b:ee:ce:fe:61:1c:62:98:36:59:6e:8f:
         48:e4:c1:1c:23:45:c6:a3:f4:11:75:f0:75:d7:55:1a:c4:73:
         99:71:89:5e:20:f3:3a:d2:12:a5:f2:cd:28:5b:6f:f7:6e:db:
         39:f8:fa:1e:d3:4d:2d:b4:5e:12:a9:6a:b4:6b:2d:65:0c:ea:
         76:fe:10:17:e1:41:cd:72:df:d5:00:72:9c:e7:73:1b:13:a7:
         cb:29:28:e8:62:e2:a1:02:40:44:31:20:f3:46:2a:86:ba:de:
         8e:61:41:a8:8b:96:f6:d8:2a:2f:10:8e:fc:9f:3e:76:a7:ec:
         b6:10:1b:2c:9b:25:23:0c:9d:3b:bb:c7:fd:59:e6:07:7a:71:
         90:b1:36:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks92QrWxLi+DqIAqa97mxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZWEyODM2MzVjYjNiZDE1MjNhODVkZGM5Y2FmNTMwNTY4
ZDJmODEwHhcNMjUwMTAyMDE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDJiMDg0NGVhNWM0ZDFlYzkyOTI0NWY5ODVhMDgyYTMyN2Y5ZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodVkKtlJAGzfhVMXFPS+UATOb5XB
JO7dF/Lx/G4+VL/fwtRlXMXNQfBXLKbkct6D9S8eGf39h9M/SpLvxvppkXsNXKkn
xk3nKVmjBEEoQoDT+n/PgPyZ0Wz2zG89u2W4HWf+3IShRBuTjpq1/BUCDudYkVG3
7cD7wTB/NBcevlKCjFFgFbrbE1XD+kOSS4wGzBeLD0nSfnmHesB5Jzal1Ozd31N1
syMHQbCVHbfQ7AMMuvv5MIqwNhzHOBI7FZIUt1xXPODWiddNw+W5pzTA64SGQFmM
nkZHktORV+WEmmMkWs26soXTHj0pEMJ8QJIcWPaii/KWrpJ/48i+9uVklwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDArCETqXE0eySkkX5haCCoyf58+MB8GA1UdIwQY
MBaAFJXqKDY1yzvRUjqF3cnK9TBWjS+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGVvb05qWExPOUZTT29YZHljcjFNRmFOTDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81YjQ2YmItMGFmNC00N2Q2LWE0Yjgt
N2JhMjY4NmVhNTE4LzEvTUNzSVJPcGNUUjdKS1NSZm1Gb0lLakpfbno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81YjQ2YmItMGFmNC00N2Q2LWE0YjgtN2JhMjY4NmVhNTE4
LzEvbGVvb05qWExPOUZTT29YZHljcjFNRmFOTDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW96MA0G
CSqGSIb3DQEBCwUAA4IBAQB1Czyl6NnM6YEZ49e7Gzz58L4mIemB8B9mxlOD8Yic
oTUFxM3PpfZ+jvs+PNVbUB8DvwSfhR1ClCn0LFf9uUvkEHuuoA9jmb4fij0y9fJJ
Swxxf53UvWt4OSaxXxpPi5yBFje2fjxBOjCjA1NPs52Szgw77s7+YRximDZZbo9I
5MEcI0XGo/QRdfB111UaxHOZcYleIPM60hKl8s0oW2/3bts5+Poe000ttF4SqWq0
ay1lDOp2/hAX4UHNct/VAHKc53MbE6fLKSjoYuKhAkBEMSDzRiqGut6OYUGoi5b2
2CovEI78nz52p+y2EBssmyUjDJ07u8f9WeYHenGQsTbo
-----END CERTIFICATE-----