Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/MCPNj8vuGzZknoWdqGIIivLkJGU.roa
File:                     MCPNj8vuGzZknoWdqGIIivLkJGU.roa (raw, json)
Hash identifier:          4hhwQet2SGHC4RmJ2ByvcZIanR2/yV/AqfOhLRjbUPM=
Subject key identifier:   30:23:CD:8F:CB:EE:1B:36:64:9E:85:9D:A8:62:08:8A:F2:E4:24:65
Certificate issuer:       /CN=424ab8c7cf7403b5620a1b813e6ad1da0dacb44d
Certificate serial:       0194214395F1B670D75BA157C0A83BAB92AB
Authority key identifier: 42:4A:B8:C7:CF:74:03:B5:62:0A:1B:81:3E:6A:D1:DA:0D:AC:B4:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qkq4x890A7ViChuBPmrR2g2stE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/MCPNj8vuGzZknoWdqGIIivLkJGU.roa
Signing time:             Wed 01 Jan 2025 09:47:44 +0000
ROA not before:           Wed 01 Jan 2025 09:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60522
IP address blocks:        185.188.108.0/22 maxlen: 24
                          2a0b:bf80::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/Qkq4x890A7ViChuBPmrR2g2stE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/Qkq4x890A7ViChuBPmrR2g2stE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qkq4x890A7ViChuBPmrR2g2stE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:95:f1:b6:70:d7:5b:a1:57:c0:a8:3b:ab:92:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424ab8c7cf7403b5620a1b813e6ad1da0dacb44d
        Validity
            Not Before: Jan  1 09:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3023cd8fcbee1b36649e859da862088af2e42465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:84:36:11:23:ff:21:d4:66:e0:7f:c3:3c:c7:
                    2d:5c:d4:b6:ea:fd:22:c8:97:41:f6:67:e5:94:11:
                    ef:1e:d9:c4:f5:99:3b:0e:2d:7a:0d:80:46:c1:e8:
                    9c:64:90:06:37:39:ba:5f:92:3c:8b:c6:d9:ec:87:
                    7d:b4:ae:2b:d5:ec:9c:be:7d:36:c0:8f:81:49:7e:
                    f4:e8:9e:03:5f:2b:67:8e:06:86:5c:53:af:79:d5:
                    cc:f3:45:00:33:f1:1d:f3:82:77:dc:8c:e4:ee:9f:
                    8f:9f:c0:d3:37:2e:43:1c:3b:52:5c:4d:8a:87:f4:
                    d7:e4:fb:8e:be:75:25:67:4c:9f:45:d2:a5:ae:38:
                    04:a3:f6:c3:ea:af:e0:2b:90:51:cc:eb:b4:10:5c:
                    0a:f5:77:45:0a:ce:f3:7d:ea:5e:70:85:43:b2:24:
                    85:66:6c:d1:a6:37:b2:6a:c7:fc:99:62:c0:39:43:
                    6b:aa:fa:bf:82:c5:71:de:43:21:8c:e9:2c:ba:bf:
                    54:5f:8a:7f:db:7e:fb:ff:45:77:58:99:c7:e9:1f:
                    53:c7:80:10:9d:30:13:4a:d2:68:6e:c0:2d:77:60:
                    9a:d3:aa:eb:fd:2f:6b:fa:c6:eb:c1:a8:b1:49:56:
                    01:c9:d8:1c:af:f8:b9:ae:a9:a7:5e:2a:de:4a:a4:
                    54:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:23:CD:8F:CB:EE:1B:36:64:9E:85:9D:A8:62:08:8A:F2:E4:24:65
            X509v3 Authority Key Identifier:
                keyid:42:4A:B8:C7:CF:74:03:B5:62:0A:1B:81:3E:6A:D1:DA:0D:AC:B4:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qkq4x890A7ViChuBPmrR2g2stE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/MCPNj8vuGzZknoWdqGIIivLkJGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3b3215-5721-4345-841b-2ad9308f1f6c/1/Qkq4x890A7ViChuBPmrR2g2stE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.108.0/22
                IPv6:
                  2a0b:bf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:3c:f8:25:1f:ff:61:21:e3:29:8f:51:4d:4a:39:31:f3:99:
         12:30:56:ee:2a:9b:67:59:c3:e6:80:8a:42:66:cd:5d:31:44:
         40:d9:f0:d6:28:af:42:53:1c:20:8d:59:7b:90:83:3d:dc:10:
         91:3b:aa:4e:92:5a:85:a2:b4:f4:da:06:9b:bc:40:fe:0f:fe:
         55:f0:c8:9b:73:5f:99:15:93:61:b1:15:23:cc:4c:4a:66:5c:
         4d:4f:07:d3:56:38:d6:e0:6c:f9:70:ae:6d:79:7c:d3:38:95:
         9f:70:34:a0:99:49:1b:29:11:01:bb:0a:d6:92:1b:d2:07:11:
         78:5d:3f:3b:63:ac:0f:d0:11:be:59:84:61:4b:0a:e0:41:b1:
         9e:04:78:51:6c:b4:1e:f5:dd:eb:77:9b:c3:9a:29:97:0c:42:
         95:97:62:db:e2:89:e7:2f:e2:84:0a:9d:c7:29:3f:d7:0a:9b:
         50:70:02:32:f0:b0:b4:84:4d:57:0b:e4:1a:66:49:90:db:ce:
         fe:1b:f7:91:de:56:7c:d3:c8:ca:e7:02:82:06:36:8b:5a:aa:
         08:05:54:ad:14:6d:0e:9d:52:f9:03:10:58:11:a3:7f:4d:77:
         2a:4d:7b:89:db:1d:1e:16:cf:cf:bc:d0:10:31:2e:36:20:d8:
         42:67:92:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ5XxtnDXW6FXwKg7q5KrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGFiOGM3Y2Y3NDAzYjU2MjBhMWI4MTNlNmFkMWRhMGRh
Y2I0NGQwHhcNMjUwMTAxMDk0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDIzY2Q4ZmNiZWUxYjM2NjQ5ZTg1OWRhODYyMDg4YWYyZTQyNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoQ2ESP/IdRm4H/DPMctXNS26v0i
yJdB9mfllBHvHtnE9Zk7Di16DYBGweicZJAGNzm6X5I8i8bZ7Id9tK4r1eycvn02
wI+BSX706J4DXytnjgaGXFOvedXM80UAM/Ed84J33Izk7p+Pn8DTNy5DHDtSXE2K
h/TX5PuOvnUlZ0yfRdKlrjgEo/bD6q/gK5BRzOu0EFwK9XdFCs7zfepecIVDsiSF
ZmzRpjeyasf8mWLAOUNrqvq/gsVx3kMhjOksur9UX4p/2377/0V3WJnH6R9Tx4AQ
nTATStJobsAtd2Ca06rr/S9r+sbrwaixSVYBydgcr/i5rqmnXireSqRUQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDAjzY/L7hs2ZJ6FnahiCIry5CRlMB8GA1UdIwQY
MBaAFEJKuMfPdAO1YgobgT5q0doNrLRNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtxNHg4OTBBN1ZpQ2h1QlBtclIyZzJzdEUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zYjMyMTUtNTcyMS00MzQ1LTg0MWIt
MmFkOTMwOGYxZjZjLzEvTUNQTmo4dnVHelprbm9XZHFHSUlpdkxrSkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zYjMyMTUtNTcyMS00MzQ1LTg0MWItMmFkOTMwOGYxZjZj
LzEvUWtxNHg4OTBBN1ZpQ2h1QlBtclIyZzJzdEUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubxsMA0E
AgACMAcDBQAqC7+AMA0GCSqGSIb3DQEBCwUAA4IBAQAjPPglH/9hIeMpj1FNSjkx
85kSMFbuKptnWcPmgIpCZs1dMURA2fDWKK9CUxwgjVl7kIM93BCRO6pOklqForT0
2gabvED+D/5V8Mibc1+ZFZNhsRUjzExKZlxNTwfTVjjW4Gz5cK5teXzTOJWfcDSg
mUkbKREBuwrWkhvSBxF4XT87Y6wP0BG+WYRhSwrgQbGeBHhRbLQe9d3rd5vDmimX
DEKVl2Lb4onnL+KECp3HKT/XCptQcAIy8LC0hE1XC+QaZkmQ287+G/eR3lZ808jK
5wKCBjaLWqoIBVStFG0OnVL5AxBYEaN/TXcqTXuJ2x0eFs/PvNAQMS42INhCZ5LZ
-----END CERTIFICATE-----