Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/MWUNq-ftYkXKNHhiuPmUDR8aNAY.roa
File:                     MWUNq-ftYkXKNHhiuPmUDR8aNAY.roa (raw, json)
Hash identifier:          sRHJK0hHdEHRSKSboElSRlINRVoo+ylHVvGY64QPq+U=
Subject key identifier:   31:65:0D:AB:E7:ED:62:45:CA:34:78:62:B8:F9:94:0D:1F:1A:34:06
Certificate issuer:       /CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
Certificate serial:       019426D89BA150F69E1D72C8F2C139180C04
Authority key identifier: FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/MWUNq-ftYkXKNHhiuPmUDR8aNAY.roa
Signing time:             Thu 02 Jan 2025 11:48:37 +0000
ROA not before:           Thu 02 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        195.210.108.0/24 maxlen: 24
                          195.210.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:9b:a1:50:f6:9e:1d:72:c8:f2:c1:39:18:0c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
        Validity
            Not Before: Jan  2 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31650dabe7ed6245ca347862b8f9940d1f1a3406
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:11:ba:35:23:f8:9b:f0:3f:79:a6:6d:63:7e:
                    9b:50:0f:55:ba:e3:32:67:fe:73:31:4d:bc:9f:74:
                    c1:a1:04:c2:ae:b2:77:5a:8d:af:cb:07:68:0d:f2:
                    ba:ff:08:b9:98:77:84:79:ab:73:6d:5a:4e:9e:bd:
                    7b:27:d4:5b:8f:42:72:43:12:cb:a6:27:71:75:83:
                    6f:77:bf:34:6a:f2:c8:b5:8b:6d:c9:ab:6a:35:9a:
                    0f:61:48:91:85:2c:21:8f:b3:9b:d5:92:d0:30:fc:
                    1e:26:95:d8:b3:a9:8c:ab:4e:95:5c:83:66:27:ad:
                    04:bd:0a:cf:05:9f:2a:68:77:6c:86:3f:fb:50:16:
                    35:4b:4b:b0:e3:43:53:b3:70:9f:47:cf:c0:f5:4c:
                    a6:d8:10:55:ac:d8:8d:e0:e5:46:22:e1:66:2a:76:
                    2e:55:20:c0:e9:77:82:73:0c:a3:30:f9:fb:cb:cd:
                    d2:e1:01:8f:ab:28:c8:4c:68:e1:64:48:44:1e:27:
                    c2:f8:d7:30:90:cc:b8:7e:45:2c:89:7c:41:e6:e3:
                    a1:c7:12:7f:18:c8:f6:aa:0b:cf:eb:aa:41:e3:0a:
                    d3:d6:df:77:64:5d:77:20:b5:61:fb:0f:10:e3:f1:
                    18:cc:d5:df:78:e1:d1:80:3f:db:98:e1:5e:55:36:
                    da:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:65:0D:AB:E7:ED:62:45:CA:34:78:62:B8:F9:94:0D:1F:1A:34:06
            X509v3 Authority Key Identifier:
                keyid:FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/MWUNq-ftYkXKNHhiuPmUDR8aNAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:32:1e:c6:00:8d:62:97:d6:4c:f2:53:9d:d1:89:93:66:18:
         f5:b8:df:6d:51:fe:2f:ea:cb:a3:d2:27:15:e2:7b:62:49:82:
         70:bc:4b:bb:05:1c:3b:59:9d:7c:81:2a:83:52:95:cc:6b:8e:
         61:1f:43:dc:e4:50:ec:99:41:60:6d:4f:8c:38:60:7c:9f:78:
         34:83:03:bc:08:81:93:12:d0:e4:d7:99:ba:38:f5:88:c4:d6:
         a4:97:aa:8a:31:11:67:77:fd:f3:4b:7c:c0:b0:97:8e:f1:4b:
         74:52:7c:9f:be:b5:82:44:31:f9:18:84:b2:be:a0:78:4e:6e:
         68:42:dc:c1:00:b1:0b:cb:a2:db:2c:13:38:f1:4b:73:a6:fb:
         aa:8e:5b:30:c0:05:87:04:05:cc:b1:f2:f4:b5:17:12:12:c4:
         b4:81:37:7e:0b:1c:02:2a:49:8c:6c:5f:19:28:1a:c6:60:60:
         50:49:9b:d4:fc:4a:57:a8:88:13:46:c4:75:0e:1e:59:e2:19:
         32:bf:86:90:b8:e5:b7:65:1c:52:b1:e0:cd:b0:6f:4a:d7:67:
         48:8f:b2:57:8d:90:4f:2e:b4:f3:1d:f5:49:0f:a5:b1:0b:ac:
         80:33:5c:45:11:4c:08:81:68:a8:0a:96:71:5a:86:6b:ba:4c:
         5c:bd:1d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2JuhUPaeHXLI8sE5GAwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYjg0ZDlmOGY5ZTMzMTU2NTg5YTVlYmY3MjIyMDNhODk5
ZTBhNTEwHhcNMjUwMTAyMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTY1MGRhYmU3ZWQ2MjQ1Y2EzNDc4NjJiOGY5OTQwZDFmMWEzNDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBG6NSP4m/A/eaZtY36bUA9VuuMy
Z/5zMU28n3TBoQTCrrJ3Wo2vywdoDfK6/wi5mHeEeatzbVpOnr17J9Rbj0JyQxLL
pidxdYNvd780avLItYttyatqNZoPYUiRhSwhj7Ob1ZLQMPweJpXYs6mMq06VXINm
J60EvQrPBZ8qaHdshj/7UBY1S0uw40NTs3CfR8/A9Uym2BBVrNiN4OVGIuFmKnYu
VSDA6XeCcwyjMPn7y83S4QGPqyjITGjhZEhEHifC+NcwkMy4fkUsiXxB5uOhxxJ/
GMj2qgvP66pB4wrT1t93ZF13ILVh+w8Q4/EYzNXfeOHRgD/bmOFeVTbamQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFlDavn7WJFyjR4Yrj5lA0fGjQGMB8GA1UdIwQY
MBaAFP64TZ+PnjMVZYml6/ciIDqJngpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMt
YWYxY2MyMzE3ZTM5LzEvTVdVTnEtZnRZa1hLTkhoaXVQbVVEUjhhTkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMtYWYxY2MyMzE3ZTM5
LzEvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9JsMA0G
CSqGSIb3DQEBCwUAA4IBAQA5Mh7GAI1il9ZM8lOd0YmTZhj1uN9tUf4v6suj0icV
4ntiSYJwvEu7BRw7WZ18gSqDUpXMa45hH0Pc5FDsmUFgbU+MOGB8n3g0gwO8CIGT
EtDk15m6OPWIxNakl6qKMRFnd/3zS3zAsJeO8Ut0UnyfvrWCRDH5GISyvqB4Tm5o
QtzBALELy6LbLBM48UtzpvuqjlswwAWHBAXMsfL0tRcSEsS0gTd+CxwCKkmMbF8Z
KBrGYGBQSZvU/EpXqIgTRsR1Dh5Z4hkyv4aQuOW3ZRxSseDNsG9K12dIj7JXjZBP
LrTzHfVJD6WxC6yAM1xFEUwIgWioCpZxWoZrukxcvR1u
-----END CERTIFICATE-----