Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/f539cb-14bf-48a2-a835-ce8d2dd43066/1/MciWb60MRTEKYG7nNsdPObcTdFA.roa
File:                     MciWb60MRTEKYG7nNsdPObcTdFA.roa (raw, json)
Hash identifier:          KHNwOaNcZ7u3dM/4d40q21NOgHnTWPbfSPyYUx+Aq9E=
Subject key identifier:   31:C8:96:6F:AD:0C:45:31:0A:60:6E:E7:36:C7:4F:39:B7:13:74:50
Certificate issuer:       /CN=53122e03a841b8878963affff695ca4f9fd0682c
Certificate serial:       01942143E7D8F3D90BA76306A8DB569CE7FB
Authority key identifier: 53:12:2E:03:A8:41:B8:87:89:63:AF:FF:F6:95:CA:4F:9F:D0:68:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxIuA6hBuIeJY6__9pXKT5_QaCw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/f539cb-14bf-48a2-a835-ce8d2dd43066/1/MciWb60MRTEKYG7nNsdPObcTdFA.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59437
IP address blocks:        91.226.226.0/24 maxlen: 24
                          2a0c:3c80::/29 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/f539cb-14bf-48a2-a835-ce8d2dd43066/1/UxIuA6hBuIeJY6__9pXKT5_QaCw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/f539cb-14bf-48a2-a835-ce8d2dd43066/1/UxIuA6hBuIeJY6__9pXKT5_QaCw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxIuA6hBuIeJY6__9pXKT5_QaCw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e7:d8:f3:d9:0b:a7:63:06:a8:db:56:9c:e7:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53122e03a841b8878963affff695ca4f9fd0682c
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31c8966fad0c45310a606ee736c74f39b7137450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:72:ee:bc:b5:6d:b0:1c:ce:f9:53:6c:3e:ee:
                    c5:bb:a4:49:b1:c6:52:36:7d:38:6d:26:53:26:54:
                    ac:61:5e:de:01:ee:ae:01:c5:86:19:26:00:1c:ef:
                    5c:da:03:81:fc:81:99:69:5a:a3:d3:0d:86:96:3d:
                    f6:5b:c0:b0:12:63:73:33:cc:86:1d:30:85:9c:a7:
                    5f:7f:a3:1c:0d:72:44:2a:47:9b:1f:01:7d:74:31:
                    6e:a4:09:6b:36:62:d8:f8:e9:0e:22:9f:b0:ba:4d:
                    f2:a5:36:8d:fb:94:7a:b5:93:24:fd:c7:46:87:bd:
                    b1:1b:c3:3e:06:1a:82:23:49:2c:c4:4f:00:2c:18:
                    41:53:8f:85:f2:49:d4:82:3d:16:22:8d:e9:9e:c6:
                    46:cf:02:bd:58:fb:24:a5:2e:3d:0a:57:e6:ff:b8:
                    03:94:8e:af:5b:0b:2a:4c:74:ce:e4:c3:8b:2e:8d:
                    77:52:0a:24:b2:cd:05:6c:5b:6a:31:ff:dd:47:f0:
                    7c:ca:3b:9b:4b:48:73:71:5e:46:73:75:d6:9b:c4:
                    aa:de:1b:e3:49:1c:c0:aa:a5:b8:0d:bf:96:7c:56:
                    af:0a:1c:45:b6:4d:ee:34:e0:5b:d8:9e:3b:42:98:
                    20:52:91:1a:70:7c:2d:a2:0f:6b:c2:69:44:e1:c0:
                    58:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C8:96:6F:AD:0C:45:31:0A:60:6E:E7:36:C7:4F:39:B7:13:74:50
            X509v3 Authority Key Identifier:
                keyid:53:12:2E:03:A8:41:B8:87:89:63:AF:FF:F6:95:CA:4F:9F:D0:68:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxIuA6hBuIeJY6__9pXKT5_QaCw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f539cb-14bf-48a2-a835-ce8d2dd43066/1/MciWb60MRTEKYG7nNsdPObcTdFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/f539cb-14bf-48a2-a835-ce8d2dd43066/1/UxIuA6hBuIeJY6__9pXKT5_QaCw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.226.0/24
                IPv6:
                  2a0c:3c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:31:a2:b2:e2:01:4d:d3:62:d5:02:ab:91:fe:26:a8:55:a3:
         8a:86:56:cf:fc:3d:80:1d:f1:ef:dc:57:3c:f4:af:b9:ed:57:
         5d:90:da:2e:1b:ca:4e:9c:57:17:02:42:06:12:9a:11:54:6b:
         49:b2:fa:9c:d1:15:08:5d:63:c9:b0:bf:55:78:ce:8d:86:ad:
         9c:71:b5:8c:12:20:4b:3e:3f:d4:86:39:4c:27:ac:49:2f:b4:
         01:32:38:63:72:8d:4b:fe:e1:02:d0:c3:a1:37:5c:4d:17:9c:
         5f:90:0b:78:04:2b:74:02:f8:94:ee:d6:9e:53:69:16:9c:52:
         2e:64:f1:7b:bc:0f:33:fd:f8:fd:1a:95:e9:13:5d:29:48:88:
         04:2e:e9:ab:23:2f:53:3e:b6:8b:ed:2f:dc:08:e2:2c:35:cf:
         df:b4:49:1e:bc:03:b9:e3:17:d9:5a:3f:8f:ba:d1:8b:97:f2:
         ce:9c:66:07:7f:ab:9b:41:97:e4:2b:7b:88:b9:47:93:39:aa:
         9d:fd:48:ec:47:f5:ed:37:18:7b:4b:bc:b8:48:7c:73:45:4b:
         bf:8d:53:7e:f1:6a:d8:17:2a:b5:ca:65:8a:2e:af:c5:66:d5:
         b8:49:1d:ee:63:29:32:0b:7a:08:43:e7:42:b2:69:66:17:72:
         9f:e5:de:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ+fY89kLp2MGqNtWnOf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTIyZTAzYTg0MWI4ODc4OTYzYWZmZmY2OTVjYTRmOWZk
MDY4MmMwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWM4OTY2ZmFkMGM0NTMxMGE2MDZlZTczNmM3NGYzOWI3MTM3NDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3LuvLVtsBzO+VNsPu7Fu6RJscZS
Nn04bSZTJlSsYV7eAe6uAcWGGSYAHO9c2gOB/IGZaVqj0w2Glj32W8CwEmNzM8yG
HTCFnKdff6McDXJEKkebHwF9dDFupAlrNmLY+OkOIp+wuk3ypTaN+5R6tZMk/cdG
h72xG8M+BhqCI0ksxE8ALBhBU4+F8knUgj0WIo3pnsZGzwK9WPskpS49Clfm/7gD
lI6vWwsqTHTO5MOLLo13Ugokss0FbFtqMf/dR/B8yjubS0hzcV5Gc3XWm8Sq3hvj
SRzAqqW4Db+WfFavChxFtk3uNOBb2J47QpggUpEacHwtog9rwmlE4cBYywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDHIlm+tDEUxCmBu5zbHTzm3E3RQMB8GA1UdIwQY
MBaAFFMSLgOoQbiHiWOv//aVyk+f0GgsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhJdUE2aEJ1SWVKWTZfXzlwWEtUNV9RYUN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mNTM5Y2ItMTRiZi00OGEyLWE4MzUt
Y2U4ZDJkZDQzMDY2LzEvTWNpV2I2ME1SVEVLWUc3bk5zZFBPYmNUZEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mNTM5Y2ItMTRiZi00OGEyLWE4MzUtY2U4ZDJkZDQzMDY2
LzEvVXhJdUE2aEJ1SWVKWTZfXzlwWEtUNV9RYUN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+LiMA0E
AgACMAcDBQMqDDyAMA0GCSqGSIb3DQEBCwUAA4IBAQASMaKy4gFN02LVAquR/iao
VaOKhlbP/D2AHfHv3Fc89K+57VddkNouG8pOnFcXAkIGEpoRVGtJsvqc0RUIXWPJ
sL9VeM6Nhq2ccbWMEiBLPj/UhjlMJ6xJL7QBMjhjco1L/uEC0MOhN1xNF5xfkAt4
BCt0AviU7taeU2kWnFIuZPF7vA8z/fj9GpXpE10pSIgELumrIy9TPraL7S/cCOIs
Nc/ftEkevAO54xfZWj+PutGLl/LOnGYHf6ubQZfkK3uIuUeTOaqd/UjsR/XtNxh7
S7y4SHxzRUu/jVN+8WrYFyq1ymWKLq/FZtW4SR3uYykyC3oIQ+dCsmlmF3Kf5d4L
-----END CERTIFICATE-----