Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/MNDWfcZ7THpd1V-JitlFbJJvT2k.roa
File:                     MNDWfcZ7THpd1V-JitlFbJJvT2k.roa (raw, json)
Hash identifier:          8342ttspxabX1GCBeEK5LbRuFU+2GSg8qKL1eSDng9w=
Subject key identifier:   30:D0:D6:7D:C6:7B:4C:7A:5D:D5:5F:89:8A:D9:45:6C:92:6F:4F:69
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       0194266B8AA6368CCC3947713F87D9CB6698
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/MNDWfcZ7THpd1V-JitlFbJJvT2k.roa
Signing time:             Thu 02 Jan 2025 09:49:29 +0000
ROA not before:           Thu 02 Jan 2025 09:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54600
IP address blocks:        193.160.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:8a:a6:36:8c:cc:39:47:71:3f:87:d9:cb:66:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Jan  2 09:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30d0d67dc67b4c7a5dd55f898ad9456c926f4f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:eb:46:ad:fb:d3:7e:ca:35:24:30:14:30:a8:
                    ca:d3:fd:bc:e4:de:71:df:0f:f9:b9:a5:74:a5:0d:
                    e1:ce:1e:5a:67:bf:bf:e8:b3:fc:3e:3b:3e:f1:e8:
                    e5:3b:99:a6:d4:54:e5:09:12:77:c3:79:74:a9:f6:
                    0a:cc:49:10:24:55:38:e9:b4:dd:b7:b6:76:42:ff:
                    d8:76:38:69:08:9b:e5:53:21:8c:d6:98:46:4d:46:
                    03:db:c3:2f:71:52:74:c2:fe:10:8f:a3:a7:8f:08:
                    b8:18:8a:67:3a:d6:2e:e3:8a:5f:3a:b6:c1:d4:9f:
                    94:56:df:03:9d:f7:e9:fd:39:7f:1f:fd:21:4f:c1:
                    22:19:7b:9d:6c:33:4d:94:0e:5f:db:74:7d:33:e9:
                    36:3c:96:c9:70:ee:7f:27:88:d2:56:50:ab:14:9b:
                    e7:51:c0:71:c0:e7:3d:e2:d3:8f:f3:4a:fb:6d:bd:
                    8c:7c:20:1c:26:6f:e7:7a:70:2b:58:12:e2:81:fa:
                    47:5f:92:96:0a:3f:cf:4c:50:55:84:ed:b5:be:8b:
                    fd:61:cb:e7:34:ed:3e:c7:a1:e6:63:a5:5c:03:5f:
                    fd:78:71:e5:d0:0a:ca:ca:47:99:a7:93:46:2f:5b:
                    ce:e6:1d:22:c5:41:63:f1:6b:0e:24:00:d3:8f:9c:
                    90:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D0:D6:7D:C6:7B:4C:7A:5D:D5:5F:89:8A:D9:45:6C:92:6F:4F:69
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/MNDWfcZ7THpd1V-JitlFbJJvT2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:0c:ed:93:5f:5d:9d:38:e6:0e:39:ba:ed:69:6d:9e:e8:70:
         59:17:c9:1f:80:7a:17:f1:c8:e5:28:9e:6f:04:2c:3f:89:04:
         3b:77:e4:36:50:75:b5:61:ef:76:14:14:7c:c4:1e:7c:9c:94:
         ca:0f:99:01:b5:ed:76:b8:40:3c:20:43:15:3e:f0:d0:bd:a0:
         22:9f:1d:77:00:29:18:34:1c:99:55:58:63:73:b3:3e:64:21:
         04:de:2d:36:a2:92:6e:d1:41:fe:38:56:3e:4f:2e:22:df:38:
         ad:9b:7a:10:de:36:a9:1b:47:79:1a:1b:11:63:a7:56:6f:25:
         95:79:92:1e:37:f4:c9:d1:c5:76:b7:3a:d1:6d:9c:7e:0b:e5:
         45:e2:68:18:eb:ae:c0:50:55:35:38:8b:e7:24:a8:d1:ae:72:
         48:bd:93:7f:9c:3c:28:64:cd:09:ab:05:d6:66:b7:4e:65:e9:
         dd:c6:20:a9:3c:fa:35:da:80:9f:07:d6:bd:47:6c:6e:43:8b:
         69:5b:d0:95:d7:8d:b3:5a:74:ce:a4:d8:b3:3b:5b:fb:50:9c:
         8b:66:fd:28:33:55:c0:3d:a8:df:ae:10:ab:03:8f:33:27:d2:
         9d:18:e8:16:27:df:7f:c4:4e:54:fa:80:ee:ae:69:28:c7:49:
         4d:77:86:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4qmNozMOUdxP4fZy2aYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjUwMTAyMDk0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQwZDY3ZGM2N2I0YzdhNWRkNTVmODk4YWQ5NDU2YzkyNmY0ZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+tGrfvTfso1JDAUMKjK0/285N5x
3w/5uaV0pQ3hzh5aZ7+/6LP8Pjs+8ejlO5mm1FTlCRJ3w3l0qfYKzEkQJFU46bTd
t7Z2Qv/YdjhpCJvlUyGM1phGTUYD28MvcVJ0wv4Qj6Onjwi4GIpnOtYu44pfOrbB
1J+UVt8Dnffp/Tl/H/0hT8EiGXudbDNNlA5f23R9M+k2PJbJcO5/J4jSVlCrFJvn
UcBxwOc94tOP80r7bb2MfCAcJm/nenArWBLigfpHX5KWCj/PTFBVhO21vov9Ycvn
NO0+x6HmY6VcA1/9eHHl0ArKykeZp5NGL1vO5h0ixUFj8WsOJADTj5yQTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDQ1n3Ge0x6XdVfiYrZRWySb09pMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvTU5EV2ZjWjdUSHBkMVYtSml0bEZiSkp2VDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAgMA0G
CSqGSIb3DQEBCwUAA4IBAQCODO2TX12dOOYOObrtaW2e6HBZF8kfgHoX8cjlKJ5v
BCw/iQQ7d+Q2UHW1Ye92FBR8xB58nJTKD5kBte12uEA8IEMVPvDQvaAinx13ACkY
NByZVVhjc7M+ZCEE3i02opJu0UH+OFY+Ty4i3zitm3oQ3japG0d5GhsRY6dWbyWV
eZIeN/TJ0cV2tzrRbZx+C+VF4mgY667AUFU1OIvnJKjRrnJIvZN/nDwoZM0JqwXW
ZrdOZendxiCpPPo12oCfB9a9R2xuQ4tpW9CV142zWnTOpNizO1v7UJyLZv0oM1XA
PajfrhCrA48zJ9KdGOgWJ99/xE5U+oDurmkox0lNd4Zk
-----END CERTIFICATE-----