Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MQGE47tEcuH4P3K9p1lGMw4dyqk.roa
File:                     MQGE47tEcuH4P3K9p1lGMw4dyqk.roa (raw, json)
Hash identifier:          yN46SwRifhkSmg5dwsYn26A0m4kd/fUMlJW0wpcRp90=
Subject key identifier:   31:01:84:E3:BB:44:72:E1:F8:3F:72:BD:A7:59:46:33:0E:1D:CA:A9
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0193466DEF0236E428B20A6646D69A3FF470
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MQGE47tEcuH4P3K9p1lGMw4dyqk.roa
Signing time:             Tue 19 Nov 2024 21:57:09 +0000
ROA not before:           Tue 19 Nov 2024 21:57:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        195.177.93.0/24 maxlen: 24
                          2a01:7120:6::/48 maxlen: 48
                          2a01:7120:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:46:6d:ef:02:36:e4:28:b2:0a:66:46:d6:9a:3f:f4:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov 19 21:57:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=310184e3bb4472e1f83f72bda75946330e1dcaa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:b5:b2:6f:e3:17:50:71:f3:1d:5b:0a:b7:a3:
                    b1:fd:16:31:ec:18:67:e4:f6:f7:c2:8b:f2:58:d5:
                    fb:4a:4b:2d:5c:0c:5e:c8:cd:0a:82:28:5a:b2:ba:
                    bd:0f:eb:d6:69:b8:9b:94:b5:ae:1c:44:75:48:1b:
                    16:de:c0:5f:57:6f:51:12:eb:47:f6:d0:5b:cf:74:
                    45:ef:31:d3:b9:32:e2:9c:95:ac:be:dd:82:06:9e:
                    d2:75:e1:29:4b:d8:b5:3c:c9:15:41:74:6c:ab:c2:
                    ee:55:c3:7d:9d:ad:ae:92:b0:79:cd:32:ae:35:c1:
                    07:ed:04:0b:b8:08:16:72:c6:34:1f:a2:b1:a1:d0:
                    39:42:1e:1c:10:da:25:5b:7a:5f:30:70:f9:15:d0:
                    a2:15:f8:f3:09:d3:fd:bd:de:5b:09:70:ba:43:d2:
                    b5:75:8a:2e:0e:e9:38:ce:b3:9a:33:92:a6:aa:6e:
                    91:5d:99:c8:97:7a:55:db:68:c6:0a:b5:63:ab:5d:
                    8b:fe:ef:2a:fa:78:0d:53:d4:34:9e:3c:d9:af:88:
                    50:a0:d1:e5:07:23:66:37:19:55:05:e2:33:fb:fb:
                    13:e1:0d:e3:9c:88:0f:5c:13:af:00:83:e3:d1:dd:
                    f9:72:93:bf:6a:17:75:48:b9:9c:0d:d0:0d:49:fa:
                    ed:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:01:84:E3:BB:44:72:E1:F8:3F:72:BD:A7:59:46:33:0E:1D:CA:A9
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MQGE47tEcuH4P3K9p1lGMw4dyqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.93.0/24
                IPv6:
                  2a01:7120:6::/47

    Signature Algorithm: sha256WithRSAEncryption
         56:c7:ed:e8:63:b0:3c:7f:51:28:f7:5d:bf:64:a7:fe:e5:b8:
         76:2c:ae:c6:aa:53:eb:72:9c:10:16:39:d1:da:98:5d:ee:37:
         fc:94:65:ca:fc:62:fa:96:6a:33:9a:33:55:d5:b9:49:52:35:
         cd:64:22:b3:7e:bb:4b:39:75:58:0b:e0:83:4e:ed:e1:d2:7d:
         3c:75:2b:c0:d7:6a:75:89:24:ff:6f:cc:71:aa:d7:f4:9c:28:
         05:48:92:ae:40:e2:72:18:8b:6f:35:a8:46:d8:90:14:1f:59:
         79:d6:8f:8d:8f:62:ff:bf:ca:9b:3b:25:e2:63:d8:21:19:73:
         a6:6a:13:fc:1f:5a:ed:c8:ce:41:34:45:4b:87:4a:3a:71:60:
         4d:31:48:bc:f2:39:c3:2c:4a:41:fd:67:b9:a4:5d:61:18:44:
         2e:f4:ba:dd:46:d5:72:f6:d7:63:50:de:4c:fc:80:ce:72:43:
         9c:72:16:c5:b7:b0:32:d3:0a:96:8b:0e:74:27:3b:93:4a:1c:
         d1:ef:7c:af:b6:6b:07:ca:9a:23:73:a4:7d:00:b1:41:21:08:
         6e:2d:7d:2e:50:d0:85:6a:c9:9f:11:bd:a8:f1:53:a3:7c:ad:
         36:3b:46:33:64:4e:75:f5:ee:b8:85:a6:83:69:c8:a8:23:31:
         3b:4c:fb:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNGbe8CNuQosgpmRtaaP/RwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQxMTE5MjE1NzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTAxODRlM2JiNDQ3MmUxZjgzZjcyYmRhNzU5NDYzMzBlMWRjYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7rWyb+MXUHHzHVsKt6Ox/RYx7Bhn
5Pb3wovyWNX7SkstXAxeyM0Kgihasrq9D+vWabiblLWuHER1SBsW3sBfV29REutH
9tBbz3RF7zHTuTLinJWsvt2CBp7SdeEpS9i1PMkVQXRsq8LuVcN9na2ukrB5zTKu
NcEH7QQLuAgWcsY0H6KxodA5Qh4cENolW3pfMHD5FdCiFfjzCdP9vd5bCXC6Q9K1
dYouDuk4zrOaM5Kmqm6RXZnIl3pV22jGCrVjq12L/u8q+ngNU9Q0njzZr4hQoNHl
ByNmNxlVBeIz+/sT4Q3jnIgPXBOvAIPj0d35cpO/ahd1SLmcDdANSfrtKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDEBhOO7RHLh+D9yvadZRjMOHcqpMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTVFHRTQ3dEVjdUg0UDNLOXAxbEdNdzRkeXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw7FdMA8E
AgACMAkDBwEqAXEgAAYwDQYJKoZIhvcNAQELBQADggEBAFbH7ehjsDx/USj3Xb9k
p/7luHYsrsaqU+tynBAWOdHamF3uN/yUZcr8YvqWajOaM1XVuUlSNc1kIrN+u0s5
dVgL4INO7eHSfTx1K8DXanWJJP9vzHGq1/ScKAVIkq5A4nIYi281qEbYkBQfWXnW
j42PYv+/yps7JeJj2CEZc6ZqE/wfWu3IzkE0RUuHSjpxYE0xSLzyOcMsSkH9Z7mk
XWEYRC70ut1G1XL212NQ3kz8gM5yQ5xyFsW3sDLTCpaLDnQnO5NKHNHvfK+2awfK
miNzpH0AsUEhCG4tfS5Q0IVqyZ8RvajxU6N8rTY7RjNkTnX17riFpoNpyKgjMTtM
+1I=
-----END CERTIFICATE-----