Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/mGwtUKTp1lrZYeXsHRygkPmeOjs.roa
File:                     mGwtUKTp1lrZYeXsHRygkPmeOjs.roa (raw, json)
Hash identifier:          IXq7ynhykZbaN/EO7syj+TvBCLuqP/D/GJNTwgfgRF4=
Subject key identifier:   98:6C:2D:50:A4:E9:D6:5A:D9:61:E5:EC:1D:1C:A0:90:F9:9E:3A:3B
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       01941FFA675CB20227E747244F11E841FA4E
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/mGwtUKTp1lrZYeXsHRygkPmeOjs.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54103
IP address blocks:        193.201.203.0/24 maxlen: 24
                          194.55.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:67:5c:b2:02:27:e7:47:24:4f:11:e8:41:fa:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=986c2d50a4e9d65ad961e5ec1d1ca090f99e3a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:21:f2:23:8a:d6:b5:e5:e1:73:ca:93:4d:7c:
                    54:8a:1f:0b:db:32:4c:97:0b:03:b7:df:a9:62:c9:
                    9b:0b:ad:ee:ad:9a:c7:c9:13:d7:9e:37:b7:17:aa:
                    e6:a7:a7:88:89:cd:16:b9:3a:15:b6:32:1a:d5:f5:
                    93:05:41:4c:ea:06:a6:6c:83:61:f0:73:ab:79:a2:
                    79:14:50:ac:00:27:0c:1d:26:e2:79:fe:42:9e:cd:
                    76:96:b2:b3:4f:65:89:b6:95:d6:2e:09:9c:9a:73:
                    71:f9:b3:37:75:17:2b:42:77:28:4d:21:0a:b4:96:
                    45:48:63:1d:1e:e9:83:7b:e3:08:7f:28:43:ff:58:
                    11:32:ae:96:19:e2:50:d6:b1:e0:d9:a4:1b:68:34:
                    6f:53:1b:31:a1:53:9a:17:67:f9:9f:0e:39:cc:94:
                    83:a8:62:85:b6:06:62:04:66:af:38:4d:8a:35:13:
                    31:72:f9:1e:7a:e8:0b:a6:af:03:8e:53:e3:8b:fa:
                    d0:8b:fc:8b:53:5b:db:84:43:83:38:0a:ed:d4:5f:
                    b6:b7:eb:ad:ee:06:12:e3:39:86:88:75:3d:c5:2b:
                    8a:a6:ed:e2:88:03:5e:be:0e:d1:77:72:a9:ab:67:
                    0f:4b:14:39:a7:0f:e5:1d:3f:87:30:fe:7d:fe:75:
                    53:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6C:2D:50:A4:E9:D6:5A:D9:61:E5:EC:1D:1C:A0:90:F9:9E:3A:3B
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/mGwtUKTp1lrZYeXsHRygkPmeOjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.203.0/24
                  194.55.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f1:7a:f9:4c:74:57:11:85:31:98:2f:6b:1b:2f:15:06:74:
         e2:61:c7:b0:19:a2:b1:f4:7b:12:67:96:f7:01:bf:05:c5:3f:
         a9:b2:f2:c5:91:fb:59:56:f6:cc:08:9a:58:b3:19:f4:d6:f4:
         14:f6:76:5f:14:fb:c0:90:4c:f7:65:ec:b9:1d:bc:4e:8d:2b:
         f2:4f:74:06:02:4b:02:98:ed:0b:ac:3b:65:34:a1:79:34:1c:
         58:7f:76:32:15:44:aa:7f:74:9f:f8:8d:3e:ef:73:32:e2:e4:
         b6:30:e2:01:fa:ae:7c:dd:5e:f6:26:0c:5f:40:f2:53:f9:03:
         73:89:f9:f5:47:dd:90:ec:ef:a0:e0:84:92:1d:fc:f9:60:b7:
         70:5a:7d:c7:da:e4:7c:ae:fc:ab:11:14:dc:19:b6:ab:80:58:
         02:ca:47:17:eb:da:60:98:86:88:2e:4d:a0:62:4c:8a:ef:6e:
         67:aa:b6:4d:9f:d4:41:7d:c2:d8:4c:c7:d5:54:03:46:9e:2a:
         65:f0:37:65:c6:5c:65:32:23:8e:6d:61:f6:bf:8f:e4:d5:69:
         82:4e:02:ff:54:a7:8c:7a:8d:fd:cb:be:14:78:f3:f3:7a:6a:
         a6:ac:15:cb:eb:95:67:ef:63:54:a5:a6:3d:f6:f0:83:9b:d1:
         75:90:7c:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+mdcsgIn50ckTxHoQfpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZjMmQ1MGE0ZTlkNjVhZDk2MWU1ZWMxZDFjYTA5MGY5OWUzYTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiHyI4rWteXhc8qTTXxUih8L2zJM
lwsDt9+pYsmbC63urZrHyRPXnje3F6rmp6eIic0WuToVtjIa1fWTBUFM6gambINh
8HOreaJ5FFCsACcMHSbief5Cns12lrKzT2WJtpXWLgmcmnNx+bM3dRcrQncoTSEK
tJZFSGMdHumDe+MIfyhD/1gRMq6WGeJQ1rHg2aQbaDRvUxsxoVOaF2f5nw45zJSD
qGKFtgZiBGavOE2KNRMxcvkeeugLpq8DjlPji/rQi/yLU1vbhEODOArt1F+2t+ut
7gYS4zmGiHU9xSuKpu3iiANevg7Rd3Kpq2cPSxQ5pw/lHT+HMP59/nVTjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhsLVCk6dZa2WHl7B0coJD5njo7MB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvbUd3dFVLVHAxbHJaWWVYc0hSeWdrUG1lT2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwcnLAwQA
wjeBMA0GCSqGSIb3DQEBCwUAA4IBAQAE8Xr5THRXEYUxmC9rGy8VBnTiYcewGaKx
9HsSZ5b3Ab8FxT+psvLFkftZVvbMCJpYsxn01vQU9nZfFPvAkEz3Zey5HbxOjSvy
T3QGAksCmO0LrDtlNKF5NBxYf3YyFUSqf3Sf+I0+73My4uS2MOIB+q583V72Jgxf
QPJT+QNzifn1R92Q7O+g4ISSHfz5YLdwWn3H2uR8rvyrERTcGbargFgCykcX69pg
mIaILk2gYkyK725nqrZNn9RBfcLYTMfVVANGnipl8DdlxlxlMiOObWH2v4/k1WmC
TgL/VKeMeo39y74UePPzemqmrBXL65Vn72NUpaY99vCDm9F1kHy6
-----END CERTIFICATE-----