Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/mcrooT8zEhCjcEd2hjkbdcAiecg.roa
File:                     mcrooT8zEhCjcEd2hjkbdcAiecg.roa (raw, json)
Hash identifier:          TLSpWmcHsO6LOJS6WrkVxlDYVeOpkTQ484ftSmNfzs4=
Subject key identifier:   99:CA:E8:A1:3F:33:12:10:A3:70:47:76:86:39:1B:75:C0:22:79:C8
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5B3C21512DF2E6784B3979FE41882
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/mcrooT8zEhCjcEd2hjkbdcAiecg.roa
Signing time:             Thu 02 Jan 2025 15:50:07 +0000
ROA not before:           Thu 02 Jan 2025 15:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209813
IP address blocks:        5.8.66.0/24 maxlen: 24
                          5.8.67.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.188.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b3:c2:15:12:df:2e:67:84:b3:97:9f:e4:18:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99cae8a13f331210a370477686391b75c02279c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:24:40:46:66:15:e7:dd:3d:34:c7:f5:aa:
                    60:66:72:68:ad:37:e7:21:ef:0d:8d:35:7c:0e:35:
                    18:29:25:4d:62:39:61:da:f2:11:2a:0b:1f:86:47:
                    ae:30:d8:17:63:58:16:8f:77:c1:6e:a1:d1:cf:d6:
                    44:c6:95:d2:dd:47:35:4d:5b:1c:4e:98:60:78:c7:
                    3e:57:ca:3c:c2:cf:6a:3d:9e:d5:d2:d3:cb:f6:2b:
                    c3:1f:40:c4:dd:16:7c:40:83:b3:89:47:76:17:4c:
                    e6:c7:6f:f3:2b:8c:89:27:93:3e:85:79:1a:37:38:
                    82:2f:cc:ad:9d:89:a6:7a:44:8a:9f:87:4d:56:17:
                    96:b8:79:85:07:4b:37:f1:ee:a5:07:a3:49:c2:b5:
                    9d:71:4f:2f:eb:e6:ba:48:72:97:f9:3e:b7:21:a1:
                    5d:c4:4f:2b:78:c3:66:38:0c:82:d0:95:4c:cc:69:
                    1b:04:89:88:02:68:58:de:3b:1b:99:41:1b:b9:03:
                    a1:83:24:ca:39:e8:02:56:a0:a4:85:b6:d2:e8:00:
                    fb:6b:df:d6:f3:dd:40:48:63:91:8b:1f:97:2b:e0:
                    ae:19:c0:33:ed:4f:1f:07:bc:58:cf:89:81:9b:81:
                    d9:5d:e9:be:f3:2c:68:4b:32:b0:78:38:e1:15:55:
                    5f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CA:E8:A1:3F:33:12:10:A3:70:47:76:86:39:1B:75:C0:22:79:C8
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/mcrooT8zEhCjcEd2hjkbdcAiecg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.188.50.0/24
                  5.188.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:fe:68:75:9e:d9:51:3a:33:02:5f:cb:66:14:ca:1c:79:d7:
         d2:4e:cc:05:81:a7:cb:82:99:10:a3:68:8d:21:04:89:80:31:
         16:8b:5b:e3:11:f9:17:c2:e6:f8:ed:9b:04:57:d6:d8:3f:b4:
         d7:09:d5:b2:44:5c:28:0e:fc:b9:3e:59:ee:f1:b5:ba:8d:7e:
         31:a2:3e:59:93:e0:c8:22:66:17:22:ca:c8:33:51:70:b4:67:
         42:8e:59:93:f2:91:50:80:9b:75:80:24:b5:b6:15:1d:be:5c:
         0a:3b:71:84:83:fd:dc:ad:ec:f9:29:9b:39:d3:56:2b:df:61:
         f4:d1:5e:77:b3:94:bd:c8:f3:43:f4:cc:5f:73:25:35:b3:2e:
         6b:c4:0f:f0:49:39:1b:d2:d0:8d:b2:1d:05:13:30:86:71:27:
         3b:8c:2f:4a:65:35:c9:e3:6c:c6:b4:68:de:be:69:2b:1c:86:
         94:0c:d3:c7:d7:29:1e:93:6e:f4:bf:4d:74:a9:88:6c:a7:e2:
         14:a2:fa:54:cf:81:ad:7c:b7:bb:5d:69:78:3e:fc:5f:06:6f:
         3a:bd:dd:f4:9c:52:d0:c0:f7:d1:89:7f:6b:70:62:ef:12:ab:
         fa:32:46:2f:10:69:19:7b:f8:85:81:06:11:6e:be:ad:cc:1d:
         57:46:f8:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntbPCFRLfLmeEs5ef5BiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNhZThhMTNmMzMxMjEwYTM3MDQ3NzY4NjM5MWI3NWMwMjI3OWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsokQEZmFefdPTTH9apgZnJorTfn
Ie8NjTV8DjUYKSVNYjlh2vIRKgsfhkeuMNgXY1gWj3fBbqHRz9ZExpXS3Uc1TVsc
TphgeMc+V8o8ws9qPZ7V0tPL9ivDH0DE3RZ8QIOziUd2F0zmx2/zK4yJJ5M+hXka
NziCL8ytnYmmekSKn4dNVheWuHmFB0s38e6lB6NJwrWdcU8v6+a6SHKX+T63IaFd
xE8reMNmOAyC0JVMzGkbBImIAmhY3jsbmUEbuQOhgyTKOegCVqCkhbbS6AD7a9/W
891ASGORix+XK+CuGcAz7U8fB7xYz4mBm4HZXem+8yxoSzKweDjhFVVfRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJnK6KE/MxIQo3BHdoY5G3XAInnIMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvbWNyb29UOHpFaENqY0VkMmhqa2JkY0FpZWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBBQhCAwQA
BbwyAwQABbzDMA0GCSqGSIb3DQEBCwUAA4IBAQBH/mh1ntlROjMCX8tmFMocedfS
TswFgafLgpkQo2iNIQSJgDEWi1vjEfkXwub47ZsEV9bYP7TXCdWyRFwoDvy5Plnu
8bW6jX4xoj5Zk+DIImYXIsrIM1FwtGdCjlmT8pFQgJt1gCS1thUdvlwKO3GEg/3c
rez5KZs501Yr32H00V53s5S9yPND9MxfcyU1sy5rxA/wSTkb0tCNsh0FEzCGcSc7
jC9KZTXJ42zGtGjevmkrHIaUDNPH1ykek270v010qYhsp+IUovpUz4GtfLe7XWl4
PvxfBm86vd30nFLQwPfRiX9rcGLvEqv6MkYvEGkZe/iFgQYRbr6tzB1XRvjX
-----END CERTIFICATE-----