Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/M-x2G8Au-BEiFMNxevYsVKYF8I4.roa
File:                     M-x2G8Au-BEiFMNxevYsVKYF8I4.roa (raw, json)
Hash identifier:          j7AgynVh3GwRhlqpHTTZ3ADKHhLkgrB0EPxSDXlRk0s=
Subject key identifier:   33:EC:76:1B:C0:2E:F8:11:22:14:C3:71:7A:F6:2C:54:A6:05:F0:8E
Certificate issuer:       /CN=0b61d0a1d7953cf3b8608adc1020b26a1b6d6ae7
Certificate serial:       0194214409FB8CF2469DDC43B047087E221C
Authority key identifier: 0B:61:D0:A1:D7:95:3C:F3:B8:60:8A:DC:10:20:B2:6A:1B:6D:6A:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C2HQodeVPPO4YIrcECCyahttauc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/M-x2G8Au-BEiFMNxevYsVKYF8I4.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        194.62.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/C2HQodeVPPO4YIrcECCyahttauc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/C2HQodeVPPO4YIrcECCyahttauc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C2HQodeVPPO4YIrcECCyahttauc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:09:fb:8c:f2:46:9d:dc:43:b0:47:08:7e:22:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b61d0a1d7953cf3b8608adc1020b26a1b6d6ae7
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33ec761bc02ef8112214c3717af62c54a605f08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3d:99:18:66:03:5f:b3:d9:c5:2f:68:b5:b9:
                    36:d0:ed:6e:44:a2:01:ac:9b:31:6e:72:f2:cb:11:
                    bb:16:14:7b:db:a2:18:0f:ab:e3:ae:b3:63:5c:dd:
                    2a:8b:ae:b2:e3:a6:bf:c1:4e:dd:3c:bc:5b:0f:92:
                    0c:48:08:b2:de:92:b2:1f:f2:8d:2b:09:4c:b3:b1:
                    e2:9e:cd:ea:5a:5a:68:ce:ad:b9:54:ef:59:b9:88:
                    51:a3:0d:a5:46:d1:a3:a1:16:ef:46:e9:0b:39:20:
                    ee:2e:bd:ab:f0:d3:7c:28:f3:39:2a:55:e5:4c:14:
                    38:9b:6c:8c:c5:33:37:52:8e:8c:bc:fa:90:d8:e0:
                    49:d9:91:f6:4b:91:89:93:60:00:20:a6:e3:3c:e4:
                    42:e7:e3:9b:8a:10:d4:a6:dc:ef:e1:97:33:48:86:
                    65:a2:62:54:83:4f:dd:d0:9a:57:17:9c:34:3b:d8:
                    22:b1:c0:b9:43:c8:23:30:17:af:87:50:dd:3b:22:
                    b6:db:14:91:f1:aa:1c:7b:30:34:2f:0a:e8:81:29:
                    10:d8:30:7a:cc:1a:70:bf:da:e5:19:8b:e7:07:73:
                    3e:b2:38:df:95:79:6f:be:cf:93:66:3e:5e:9b:ae:
                    2e:09:94:0a:b6:50:12:72:4b:f4:23:d8:42:a6:1f:
                    d0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:EC:76:1B:C0:2E:F8:11:22:14:C3:71:7A:F6:2C:54:A6:05:F0:8E
            X509v3 Authority Key Identifier:
                keyid:0B:61:D0:A1:D7:95:3C:F3:B8:60:8A:DC:10:20:B2:6A:1B:6D:6A:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C2HQodeVPPO4YIrcECCyahttauc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/M-x2G8Au-BEiFMNxevYsVKYF8I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/c2c271-171a-4190-bfd5-47220d318b4c/1/C2HQodeVPPO4YIrcECCyahttauc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:f6:c7:72:61:2e:6c:48:2b:67:b1:55:81:0c:fa:1a:6e:81:
         c2:f2:34:c3:bc:39:d9:f9:6e:0d:1e:ad:1d:8f:71:fe:6d:1c:
         c4:7a:03:25:69:62:45:53:0c:af:09:da:d9:b2:9a:a0:0e:19:
         b9:be:2a:6f:88:93:56:74:f8:81:5f:d1:9b:a0:16:5c:eb:7c:
         f4:fd:ba:0a:b2:3d:e7:35:09:e2:22:50:7f:10:16:9a:c1:22:
         37:1f:d2:fd:90:37:ea:5f:ad:ef:80:25:32:97:46:60:ec:ae:
         ec:02:80:74:ff:b3:e8:93:8a:a6:b1:a9:af:39:5b:eb:80:e3:
         27:a9:b3:2b:ec:46:0e:5a:4d:4f:8f:fd:6c:32:56:22:f7:76:
         6d:3c:89:49:a0:bd:cd:31:4b:c4:63:34:58:6f:69:a3:dc:79:
         03:c2:35:bb:29:5e:0e:9c:82:8e:3a:e6:0b:4f:d0:92:b4:15:
         5c:02:e3:f7:24:95:7a:2c:fc:8e:a0:11:67:63:06:98:99:ab:
         6f:25:78:ef:e0:c7:ec:a3:a8:e5:28:43:26:44:b1:f5:89:6b:
         06:8a:d6:91:20:a7:35:63:84:f3:03:3c:d2:9f:8f:e5:c9:72:
         e5:e7:3b:74:43:ff:0d:5e:11:d7:48:dc:23:38:97:0b:45:15:
         3a:86:48:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAn7jPJGndxDsEcIfiIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNjFkMGExZDc5NTNjZjNiODYwOGFkYzEwMjBiMjZhMWI2
ZDZhZTcwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2VjNzYxYmMwMmVmODExMjIxNGMzNzE3YWY2MmM1NGE2MDVmMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj2ZGGYDX7PZxS9otbk20O1uRKIB
rJsxbnLyyxG7FhR726IYD6vjrrNjXN0qi66y46a/wU7dPLxbD5IMSAiy3pKyH/KN
KwlMs7Hins3qWlpozq25VO9ZuYhRow2lRtGjoRbvRukLOSDuLr2r8NN8KPM5KlXl
TBQ4m2yMxTM3Uo6MvPqQ2OBJ2ZH2S5GJk2AAIKbjPORC5+ObihDUptzv4ZczSIZl
omJUg0/d0JpXF5w0O9giscC5Q8gjMBevh1DdOyK22xSR8aocezA0LwrogSkQ2DB6
zBpwv9rlGYvnB3M+sjjflXlvvs+TZj5em64uCZQKtlASckv0I9hCph/QQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPsdhvALvgRIhTDcXr2LFSmBfCOMB8GA1UdIwQY
MBaAFAth0KHXlTzzuGCK3BAgsmobbWrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzJIUW9kZVZQUE80WUlyY0VDQ3lhaHR0YXVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9jMmMyNzEtMTcxYS00MTkwLWJmZDUt
NDcyMjBkMzE4YjRjLzEvTS14Mkc4QXUtQkVpRk1OeGV2WXNWS1lGOEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9jMmMyNzEtMTcxYS00MTkwLWJmZDUtNDcyMjBkMzE4YjRj
LzEvQzJIUW9kZVZQUE80WUlyY0VDQ3lhaHR0YXVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj4rMA0G
CSqGSIb3DQEBCwUAA4IBAQBc9sdyYS5sSCtnsVWBDPoaboHC8jTDvDnZ+W4NHq0d
j3H+bRzEegMlaWJFUwyvCdrZspqgDhm5vipviJNWdPiBX9GboBZc63z0/boKsj3n
NQniIlB/EBaawSI3H9L9kDfqX63vgCUyl0Zg7K7sAoB0/7Pok4qmsamvOVvrgOMn
qbMr7EYOWk1Pj/1sMlYi93ZtPIlJoL3NMUvEYzRYb2mj3HkDwjW7KV4OnIKOOuYL
T9CStBVcAuP3JJV6LPyOoBFnYwaYmatvJXjv4Mfso6jlKEMmRLH1iWsGitaRIKc1
Y4TzAzzSn4/lyXLl5zt0Q/8NXhHXSNwjOJcLRRU6hkg3
-----END CERTIFICATE-----