Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/MOUd9P1Za8GRPdMhCv16TQcZqEA.roa
File:                     MOUd9P1Za8GRPdMhCv16TQcZqEA.roa (raw, json)
Hash identifier:          8oyYfQSDjCb57ReEl42i/Xt+XFMdZ0eQkDpTIRHnmxA=
Subject key identifier:   30:E5:1D:F4:FD:59:6B:C1:91:3D:D3:21:0A:FD:7A:4D:07:19:A8:40
Certificate issuer:       /CN=a2074339bb216b85bdc83d61778821adf9149d56
Certificate serial:       01941FFA97B60FB60A8BEDC9A6C3FB5DD06A
Authority key identifier: A2:07:43:39:BB:21:6B:85:BD:C8:3D:61:77:88:21:AD:F9:14:9D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogdDObsha4W9yD1hd4ghrfkUnVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/MOUd9P1Za8GRPdMhCv16TQcZqEA.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        185.124.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/ogdDObsha4W9yD1hd4ghrfkUnVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/ogdDObsha4W9yD1hd4ghrfkUnVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogdDObsha4W9yD1hd4ghrfkUnVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:97:b6:0f:b6:0a:8b:ed:c9:a6:c3:fb:5d:d0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2074339bb216b85bdc83d61778821adf9149d56
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30e51df4fd596bc1913dd3210afd7a4d0719a840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b3:b8:ba:bb:c9:8f:64:72:8b:94:40:96:51:
                    f3:d1:98:ce:ab:98:f6:fa:5c:9a:3c:67:28:3f:4b:
                    23:25:33:6f:46:06:38:dc:72:5f:b0:b1:ea:0b:40:
                    11:ab:c7:a7:1a:4b:3e:73:7d:cc:be:cd:ee:57:10:
                    d8:f9:7b:92:bd:35:59:fd:56:10:1d:cc:b9:ee:b4:
                    a0:fb:32:26:86:9a:7c:ab:07:4d:ac:f9:11:41:78:
                    c0:5b:4b:a4:13:55:a0:44:35:3a:ec:71:57:c2:cb:
                    87:d6:24:87:e0:a3:d6:a8:83:bf:93:7c:73:90:dd:
                    01:e0:d8:17:eb:1d:02:81:48:f5:e7:38:c1:b4:51:
                    f7:03:f4:85:54:2e:92:e5:5a:72:b2:54:64:d3:5a:
                    e8:82:51:0c:f3:d9:0b:0c:9f:0a:9d:9a:81:05:bc:
                    74:44:6f:b9:1f:d9:be:fd:59:ef:ee:77:eb:d9:ce:
                    14:7c:ce:1f:30:44:a4:0c:b1:1b:4c:13:7c:5a:2b:
                    ae:51:f8:17:c4:f7:70:5b:f7:af:48:ca:fc:d1:91:
                    da:78:f3:dc:24:91:4f:c8:99:f9:b2:ab:a7:be:0c:
                    62:90:f2:4e:38:ca:de:ef:8a:c0:d6:cf:f8:86:31:
                    67:c2:0d:dc:b7:14:b4:26:44:9e:f4:14:68:68:64:
                    cf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E5:1D:F4:FD:59:6B:C1:91:3D:D3:21:0A:FD:7A:4D:07:19:A8:40
            X509v3 Authority Key Identifier:
                keyid:A2:07:43:39:BB:21:6B:85:BD:C8:3D:61:77:88:21:AD:F9:14:9D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogdDObsha4W9yD1hd4ghrfkUnVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/MOUd9P1Za8GRPdMhCv16TQcZqEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/571b34-acf9-4ebf-988b-0feb66e7f28a/1/ogdDObsha4W9yD1hd4ghrfkUnVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:95:25:4c:26:5a:c3:af:de:44:1b:4c:ea:1b:41:0c:6b:2e:
         c0:91:f5:1d:ff:f6:37:71:2b:cb:9d:32:15:f7:da:f1:37:b7:
         a8:f8:8d:43:f0:f9:ad:f6:00:6d:1b:06:30:a9:a5:a7:da:0d:
         fa:d2:fc:bf:ce:e6:e6:23:eb:ca:21:15:12:0d:d7:5b:29:30:
         20:1a:73:36:6e:91:24:8e:cc:2e:a6:c0:79:b8:6f:54:41:18:
         02:6c:a1:ba:a9:d0:57:83:ac:0f:7f:75:67:53:6d:c3:dc:79:
         17:af:31:d0:9e:b9:0c:59:8d:f2:1c:f0:68:e2:a2:7c:90:41:
         39:e9:6f:bb:be:98:ef:44:3e:fa:32:da:7e:f8:75:c4:fc:de:
         98:06:17:ef:3f:9c:b5:7c:73:73:e0:bd:7a:f5:17:59:cf:e6:
         f3:50:4d:c4:e9:a7:f4:f2:2c:f8:c1:5a:62:3b:ca:2a:b8:42:
         91:eb:46:bb:a3:7e:13:f7:3c:c2:ab:58:fe:64:3a:51:9a:36:
         9c:9a:08:5c:12:71:ec:6b:a9:d7:0e:26:8f:7d:7d:14:f4:a9:
         2c:76:36:c1:c7:4e:e1:b5:6e:2c:5f:39:11:8b:b8:73:54:de:
         3e:19:95:f5:f1:48:3e:63:3b:b9:32:c1:d9:a8:c0:cc:ef:97:
         da:2b:d0:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pe2D7YKi+3JpsP7XdBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDc0MzM5YmIyMTZiODViZGM4M2Q2MTc3ODgyMWFkZjkx
NDlkNTYwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGU1MWRmNGZkNTk2YmMxOTEzZGQzMjEwYWZkN2E0ZDA3MTlhODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLO4urvJj2Ryi5RAllHz0ZjOq5j2
+lyaPGcoP0sjJTNvRgY43HJfsLHqC0ARq8enGks+c33Mvs3uVxDY+XuSvTVZ/VYQ
Hcy57rSg+zImhpp8qwdNrPkRQXjAW0ukE1WgRDU67HFXwsuH1iSH4KPWqIO/k3xz
kN0B4NgX6x0CgUj15zjBtFH3A/SFVC6S5VpyslRk01roglEM89kLDJ8KnZqBBbx0
RG+5H9m+/Vnv7nfr2c4UfM4fMESkDLEbTBN8WiuuUfgXxPdwW/evSMr80ZHaePPc
JJFPyJn5squnvgxikPJOOMre74rA1s/4hjFnwg3ctxS0JkSe9BRoaGTP7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDlHfT9WWvBkT3TIQr9ek0HGahAMB8GA1UdIwQY
MBaAFKIHQzm7IWuFvcg9YXeIIa35FJ1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dkRE9ic2hhNFc5eUQxaGQ0Z2hyZmtVblZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy81NzFiMzQtYWNmOS00ZWJmLTk4OGIt
MGZlYjY2ZTdmMjhhLzEvTU9VZDlQMVphOEdSUGRNaEN2MTZUUWNacUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy81NzFiMzQtYWNmOS00ZWJmLTk4OGItMGZlYjY2ZTdmMjhh
LzEvb2dkRE9ic2hhNFc5eUQxaGQ0Z2hyZmtVblZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXwwMA0G
CSqGSIb3DQEBCwUAA4IBAQBelSVMJlrDr95EG0zqG0EMay7AkfUd//Y3cSvLnTIV
99rxN7eo+I1D8Pmt9gBtGwYwqaWn2g360vy/zubmI+vKIRUSDddbKTAgGnM2bpEk
jswupsB5uG9UQRgCbKG6qdBXg6wPf3VnU23D3HkXrzHQnrkMWY3yHPBo4qJ8kEE5
6W+7vpjvRD76Mtp++HXE/N6YBhfvP5y1fHNz4L169RdZz+bzUE3E6af08iz4wVpi
O8oquEKR60a7o34T9zzCq1j+ZDpRmjacmghcEnHsa6nXDiaPfX0U9KksdjbBx07h
tW4sXzkRi7hzVN4+GZX18Ug+Yzu5MsHZqMDM75faK9Cg
-----END CERTIFICATE-----