Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MqxJNQusvQZYhaubtD2yNDH8dBs.roa
File:                     MqxJNQusvQZYhaubtD2yNDH8dBs.roa (raw, json)
Hash identifier:          KacK0uyTwESpNmi5s+1Xo2gtbMuA/1rlRe/DkRlXXe4=
Subject key identifier:   32:AC:49:35:0B:AC:BD:06:58:85:AB:9B:B4:3D:B2:34:31:FC:74:1B
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01973526162DFD8D99C7F3E69AAC5EA29757
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MqxJNQusvQZYhaubtD2yNDH8dBs.roa
Signing time:             Tue 03 Jun 2025 09:36:17 +0000
ROA not before:           Tue 03 Jun 2025 09:36:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211747
IP address blocks:        194.31.143.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:26:16:2d:fd:8d:99:c7:f3:e6:9a:ac:5e:a2:97:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jun  3 09:36:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32ac49350bacbd065885ab9bb43db23431fc741b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8e:af:7a:38:f4:1e:6e:d8:91:96:11:4f:0a:
                    91:cf:9e:88:e9:35:9b:26:25:13:26:66:81:92:de:
                    c2:00:fd:89:bf:d7:c1:48:dc:bf:ef:de:3f:c2:23:
                    6b:73:08:38:47:89:b1:c6:58:e1:c2:13:ae:b9:64:
                    94:22:6f:54:66:c9:ca:b5:a5:40:8a:b7:eb:28:e7:
                    29:e0:ea:9d:fd:80:85:ef:ae:85:ca:47:53:23:f7:
                    32:a9:92:1d:d6:5a:87:2f:eb:16:71:a4:fe:0c:d2:
                    54:e6:af:e4:bc:01:03:c7:7c:5e:1f:f5:c5:41:c6:
                    44:6c:de:71:67:a6:cb:90:5b:72:18:44:7a:81:7c:
                    62:38:42:08:39:ac:7b:a7:3d:36:a0:2a:1f:e6:57:
                    d7:83:ca:e0:65:89:c8:19:96:35:3c:76:0e:87:51:
                    fe:02:25:05:2d:f0:c7:b1:b0:f9:52:e9:b6:3b:d9:
                    1b:b5:55:1e:51:5f:17:fa:32:27:2f:13:40:ec:c7:
                    ed:07:45:06:74:74:dd:ed:72:7a:7d:c1:c9:9d:70:
                    ab:ec:cf:90:c1:ea:93:da:5a:c4:7c:e2:8c:f4:07:
                    c3:ee:ca:bd:0c:37:71:e1:6f:7e:ec:c4:0e:86:24:
                    8a:51:ba:3d:f1:7d:d7:ff:94:cf:fb:0a:e4:ee:af:
                    1a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AC:49:35:0B:AC:BD:06:58:85:AB:9B:B4:3D:B2:34:31:FC:74:1B
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/MqxJNQusvQZYhaubtD2yNDH8dBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:f8:c1:33:14:45:45:18:33:4a:14:fe:57:51:7b:8e:74:5c:
         5f:77:e3:69:65:6a:1b:b7:47:20:78:c2:44:79:a8:74:c2:63:
         08:58:ba:9e:a6:43:42:3c:95:fa:8f:a1:cf:6e:d4:aa:b6:ee:
         9a:24:10:19:5c:68:e0:1a:6b:73:ae:2d:08:7e:3d:bd:36:de:
         b2:35:a3:bf:1a:92:0a:ad:a5:af:d0:b5:7b:8c:30:97:99:33:
         e2:c2:1f:db:75:52:ff:b2:6b:cb:84:6f:63:5e:f6:04:37:26:
         65:fe:61:ea:ba:d8:f2:8d:9e:47:2d:fe:39:24:a1:17:41:bb:
         4b:44:80:71:79:b1:be:15:09:24:a2:c7:55:e0:5e:d2:a5:4c:
         46:ff:43:0f:6c:f1:97:57:9b:3e:9f:2c:a6:17:95:f7:6c:3e:
         c4:94:d9:7d:85:32:f4:c7:c7:91:57:bd:23:39:8d:3f:a8:ed:
         93:23:79:a3:00:4d:61:eb:31:ab:c8:3c:ab:ca:fd:bd:c1:56:
         19:32:ac:a3:db:5e:a3:17:ec:33:ff:53:d5:43:fb:70:76:00:
         22:5b:a3:f0:d8:77:b4:4f:0a:50:4f:fd:f0:5a:6c:8b:39:2d:
         c3:28:30:a5:fd:d0:12:13:1b:8d:be:e3:ab:8a:84:83:2c:33:
         3f:55:d0:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1JhYt/Y2Zx/PmmqxeopdXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwNjAzMDkzNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFjNDkzNTBiYWNiZDA2NTg4NWFiOWJiNDNkYjIzNDMxZmM3NDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y6vejj0Hm7YkZYRTwqRz56I6TWb
JiUTJmaBkt7CAP2Jv9fBSNy/794/wiNrcwg4R4mxxljhwhOuuWSUIm9UZsnKtaVA
irfrKOcp4Oqd/YCF766FykdTI/cyqZId1lqHL+sWcaT+DNJU5q/kvAEDx3xeH/XF
QcZEbN5xZ6bLkFtyGER6gXxiOEIIOax7pz02oCof5lfXg8rgZYnIGZY1PHYOh1H+
AiUFLfDHsbD5Uum2O9kbtVUeUV8X+jInLxNA7MftB0UGdHTd7XJ6fcHJnXCr7M+Q
weqT2lrEfOKM9AfD7sq9DDdx4W9+7MQOhiSKUbo98X3X/5TP+wrk7q8ajwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKsSTULrL0GWIWrm7Q9sjQx/HQbMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTXF4Sk5RdXN2UVpZaGF1YnREMnlOREg4ZEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+PMA0G
CSqGSIb3DQEBCwUAA4IBAQCe+MEzFEVFGDNKFP5XUXuOdFxfd+NpZWobt0cgeMJE
eah0wmMIWLqepkNCPJX6j6HPbtSqtu6aJBAZXGjgGmtzri0Ifj29Nt6yNaO/GpIK
raWv0LV7jDCXmTPiwh/bdVL/smvLhG9jXvYENyZl/mHqutjyjZ5HLf45JKEXQbtL
RIBxebG+FQkkosdV4F7SpUxG/0MPbPGXV5s+nyymF5X3bD7ElNl9hTL0x8eRV70j
OY0/qO2TI3mjAE1h6zGryDyryv29wVYZMqyj216jF+wz/1PVQ/twdgAiW6Pw2He0
TwpQT/3wWmyLOS3DKDCl/dASExuNvuOrioSDLDM/VdA0
-----END CERTIFICATE-----