Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/mo5JK6v6R0SlbhL9bpJDUSnP2o0.roa
File:                     mo5JK6v6R0SlbhL9bpJDUSnP2o0.roa (raw, json)
Hash identifier:          727Fnu3PPIa8ngtI0/OvrhrO6bIcmHl3XFKfTHPbhNk=
Subject key identifier:   9A:8E:49:2B:AB:FA:47:44:A5:6E:12:FD:6E:92:43:51:29:CF:DA:8D
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       0195DD6B949C741C56AD443AEA6C75F0EF4C
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/mo5JK6v6R0SlbhL9bpJDUSnP2o0.roa
Signing time:             Fri 28 Mar 2025 15:42:49 +0000
ROA not before:           Fri 28 Mar 2025 15:42:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6908
IP address blocks:        185.120.72.0/22 maxlen: 22
                          2a06:9800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:dd:6b:94:9c:74:1c:56:ad:44:3a:ea:6c:75:f0:ef:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Mar 28 15:42:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a8e492babfa4744a56e12fd6e92435129cfda8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f6:74:cb:33:f6:a6:fe:e2:f3:89:4e:62:7f:
                    05:8d:55:4f:0b:6e:2a:8f:27:39:28:0d:e8:9e:51:
                    60:27:57:75:f6:c5:38:4b:42:f3:ee:9d:3e:ae:fa:
                    47:a6:54:c6:a0:5c:85:95:f2:3d:0b:07:39:53:7d:
                    4c:66:3c:72:59:e9:3f:e0:d8:c0:40:a9:31:3d:73:
                    99:02:d9:f6:25:4c:9f:d7:cb:fe:fd:14:f8:91:bd:
                    e2:dd:8b:96:64:d8:34:c5:ee:a3:83:11:56:b4:ad:
                    ec:7a:32:25:63:5d:51:5d:c9:1e:6c:af:51:46:3d:
                    0d:8d:b3:2a:a8:18:19:01:06:99:ef:f0:50:6e:2f:
                    98:bb:4a:45:f6:0d:41:ff:45:09:15:65:ad:40:3e:
                    b6:47:0c:83:3a:f2:bb:e8:f9:69:1e:41:8a:bd:6c:
                    0a:49:9f:1a:e6:0f:36:ee:cc:59:be:b4:df:85:e5:
                    b9:ca:2c:b4:81:bf:76:73:c6:f5:45:39:4e:eb:eb:
                    2c:26:57:0a:27:57:cb:d0:b0:0b:68:eb:02:78:80:
                    bc:b3:73:a9:6f:a8:75:f4:58:d8:7f:c2:d8:4b:bf:
                    ff:b1:c0:60:31:ce:70:30:3e:a4:68:b1:af:1e:2f:
                    c3:43:7d:1b:b2:63:c4:24:67:c0:ce:02:d6:71:76:
                    ee:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:8E:49:2B:AB:FA:47:44:A5:6E:12:FD:6E:92:43:51:29:CF:DA:8D
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/mo5JK6v6R0SlbhL9bpJDUSnP2o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.72.0/22
                IPv6:
                  2a06:9800::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:4a:39:5e:32:b9:99:0a:68:36:88:ba:d1:bc:46:38:42:00:
         e0:7b:06:ff:bc:f5:2c:42:56:67:26:0e:ca:cd:61:57:c1:3a:
         f8:53:36:bb:db:cc:44:93:ab:9b:ee:85:ee:1e:ff:42:64:8c:
         57:25:98:6b:cb:74:5c:60:4e:e1:e4:76:ca:15:ff:40:f8:22:
         9f:b3:b6:1c:be:23:e5:ac:72:fe:98:ab:fe:d8:6c:5c:f2:da:
         5d:87:ab:d0:65:4c:b5:56:c7:37:c6:2c:6c:57:8f:43:c5:54:
         77:fa:2c:0e:36:b9:a5:0c:be:83:f2:c1:53:d3:5b:c2:c5:e7:
         c9:f3:2c:f5:aa:aa:f0:86:32:ca:77:fe:77:b2:ae:3c:26:2b:
         85:28:d0:76:60:ce:32:ef:00:b8:55:fe:55:c6:9c:6e:35:d9:
         7d:51:ed:76:1d:b0:f1:51:e6:c3:01:e5:48:df:f4:2f:a0:b6:
         aa:88:8a:a0:92:fc:5e:0f:79:52:d2:13:da:c8:05:7f:30:8b:
         a7:97:ce:f8:db:4e:78:d3:fc:8e:24:04:01:41:3a:96:b8:b4:
         ee:c9:32:6b:2a:57:6d:86:9a:26:e7:90:52:61:e4:13:c8:cf:
         35:03:17:39:b4:71:18:4a:1b:d2:3c:5c:07:d3:5f:6e:55:e7:
         35:0d:ef:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZXda5ScdBxWrUQ66mx18O9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMzI4MTU0MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YThlNDkyYmFiZmE0NzQ0YTU2ZTEyZmQ2ZTkyNDM1MTI5Y2ZkYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPZ0yzP2pv7i84lOYn8FjVVPC24q
jyc5KA3onlFgJ1d19sU4S0Lz7p0+rvpHplTGoFyFlfI9Cwc5U31MZjxyWek/4NjA
QKkxPXOZAtn2JUyf18v+/RT4kb3i3YuWZNg0xe6jgxFWtK3sejIlY11RXckebK9R
Rj0NjbMqqBgZAQaZ7/BQbi+Yu0pF9g1B/0UJFWWtQD62RwyDOvK76PlpHkGKvWwK
SZ8a5g827sxZvrTfheW5yiy0gb92c8b1RTlO6+ssJlcKJ1fL0LALaOsCeIC8s3Op
b6h19FjYf8LYS7//scBgMc5wMD6kaLGvHi/DQ30bsmPEJGfAzgLWcXbuUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJqOSSur+kdEpW4S/W6SQ1Epz9qNMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvbW81Sks2djZSMFNsYmhMOWJwSkRVU25QMm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXhIMA0E
AgACMAcDBQMqBpgAMA0GCSqGSIb3DQEBCwUAA4IBAQBQSjleMrmZCmg2iLrRvEY4
QgDgewb/vPUsQlZnJg7KzWFXwTr4Uza728xEk6ub7oXuHv9CZIxXJZhry3RcYE7h
5HbKFf9A+CKfs7YcviPlrHL+mKv+2Gxc8tpdh6vQZUy1Vsc3xixsV49DxVR3+iwO
NrmlDL6D8sFT01vCxefJ8yz1qqrwhjLKd/53sq48JiuFKNB2YM4y7wC4Vf5Vxpxu
Ndl9Ue12HbDxUebDAeVI3/QvoLaqiIqgkvxeD3lS0hPayAV/MIunl87420540/yO
JAQBQTqWuLTuyTJrKldthpom55BSYeQTyM81Axc5tHEYShvSPFwH019uVec1De8D
-----END CERTIFICATE-----