Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/RipMkwup9NsgAPIlQi1_XcX5wqM.roa
File:                     RipMkwup9NsgAPIlQi1_XcX5wqM.roa (raw, json)
Hash identifier:          PKXzaXWv76nde6R//GV8jsOM053aaHLrBAjby7FXNqk=
Subject key identifier:   46:2A:4C:93:0B:A9:F4:DB:20:00:F2:25:42:2D:7F:5D:C5:F9:C2:A3
Certificate issuer:       /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial:       019421B24DC54A73305B4C4ABE8BEAA731B4
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/RipMkwup9NsgAPIlQi1_XcX5wqM.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29553
IP address blocks:        188.246.128.0/19 maxlen: 19
                          188.246.131.0/24 maxlen: 24
                          217.76.112.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4d:c5:4a:73:30:5b:4c:4a:be:8b:ea:a7:31:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=462a4c930ba9f4db2000f225422d7f5dc5f9c2a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:46:8c:3d:f6:59:1c:62:99:8c:e0:85:ff:4c:
                    04:3b:ec:9e:14:56:90:7f:8a:6b:ff:f8:e9:88:4f:
                    88:65:a5:84:fb:e7:1e:06:47:52:0a:fb:c1:bd:0d:
                    bb:6e:02:b0:36:2e:8a:b1:5e:c3:69:f0:90:a8:cf:
                    51:93:d6:b0:cc:7b:e9:b3:e8:72:2e:32:1b:a1:38:
                    b2:c0:9d:4e:0c:2b:46:ce:0e:e7:ad:36:f2:82:e0:
                    3c:45:2f:a7:7b:2f:30:7d:05:e8:43:e0:90:b1:0f:
                    9d:b3:07:53:a9:66:5b:2c:23:63:42:0a:ee:54:46:
                    03:fc:b1:82:78:9c:73:fa:c3:38:66:1b:4c:fc:a0:
                    9a:d0:29:27:be:3e:cc:6a:3d:fc:cb:7e:6e:2c:82:
                    50:5e:49:a0:e6:ab:47:0b:cc:ec:29:e5:91:57:4d:
                    62:87:4c:7d:fb:10:7d:fe:89:fd:41:8e:f1:f9:76:
                    29:37:82:d8:33:83:ef:6b:4e:d9:22:bd:c9:4b:18:
                    60:63:18:f9:68:06:45:00:3c:b2:0c:da:ce:26:da:
                    fc:a7:84:4a:7e:36:29:f5:d1:7f:81:dd:41:56:60:
                    a3:0c:f6:6a:06:d7:8f:5c:92:ad:69:f3:7e:07:10:
                    3e:cb:19:34:cf:6c:7c:b3:0d:20:d2:64:0d:2a:c3:
                    ab:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:2A:4C:93:0B:A9:F4:DB:20:00:F2:25:42:2D:7F:5D:C5:F9:C2:A3
            X509v3 Authority Key Identifier:
                keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/RipMkwup9NsgAPIlQi1_XcX5wqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.128.0/19
                  217.76.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5c:bf:b0:fb:a0:c8:d9:2e:1b:09:0a:29:0a:b1:06:da:f7:be:
         df:e8:61:b0:c7:88:ca:72:28:d1:31:1d:c7:8b:a5:4b:03:42:
         5e:70:a1:0a:e3:e3:57:be:0b:30:d8:87:c7:2b:ec:89:a3:21:
         20:29:cb:1b:39:ad:33:17:16:55:d1:7b:0b:78:62:13:37:6e:
         5f:ab:6a:5d:99:03:52:09:33:c6:ec:95:46:73:d9:68:92:01:
         ac:43:42:cb:e1:3d:87:ab:b7:79:56:08:6c:54:ea:46:93:26:
         cc:c8:2f:5c:3c:33:5d:54:d9:91:06:8a:00:bb:da:09:24:1c:
         b2:47:e7:d4:42:50:43:a3:cd:74:0b:09:0c:cb:e1:72:0b:dc:
         89:c0:51:81:0c:f2:b3:dd:14:c7:86:e1:b4:7a:21:b7:73:55:
         49:72:10:7b:dc:3d:83:98:77:fa:53:01:9f:9f:2b:1d:b1:d4:
         5e:8c:d6:0b:b8:25:25:a5:d9:bd:ed:34:08:9f:49:18:1e:cf:
         77:16:d2:ba:80:a9:a4:d6:16:c9:0a:1d:3a:b9:d0:24:ca:b0:
         87:1c:a7:d5:1c:e2:82:76:02:44:95:45:b1:ad:9f:07:dc:a8:
         a7:0c:32:cf:1e:e2:33:12:f2:b1:6d:2c:35:e8:c3:90:8b:49:
         4f:31:d5:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsk3FSnMwW0xKvovqpzG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTgzYjNhOTc1OGZjYmU3ODczM2Q5MTU1YWVkMjY2Yzg4
MmEyM2MwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjJhNGM5MzBiYTlmNGRiMjAwMGYyMjU0MjJkN2Y1ZGM1ZjljMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkaMPfZZHGKZjOCF/0wEO+yeFFaQ
f4pr//jpiE+IZaWE++ceBkdSCvvBvQ27bgKwNi6KsV7DafCQqM9Rk9awzHvps+hy
LjIboTiywJ1ODCtGzg7nrTbyguA8RS+ney8wfQXoQ+CQsQ+dswdTqWZbLCNjQgru
VEYD/LGCeJxz+sM4ZhtM/KCa0Cknvj7Maj38y35uLIJQXkmg5qtHC8zsKeWRV01i
h0x9+xB9/on9QY7x+XYpN4LYM4Pva07ZIr3JSxhgYxj5aAZFADyyDNrOJtr8p4RK
fjYp9dF/gd1BVmCjDPZqBtePXJKtafN+BxA+yxk0z2x8sw0g0mQNKsOrlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEYqTJMLqfTbIADyJUItf13F+cKjMB8GA1UdIwQY
MBaAFMeYOzqXWPy+eHM9kVWu0mbIgqI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEt
MjM4NDA1ZjJjZGU5LzEvUmlwTWt3dXA5TnNnQVBJbFFpMV9YY1g1d3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEtMjM4NDA1ZjJjZGU5
LzEveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFvPaAAwQE
2UxwMA0GCSqGSIb3DQEBCwUAA4IBAQBcv7D7oMjZLhsJCikKsQba977f6GGwx4jK
cijRMR3Hi6VLA0JecKEK4+NXvgsw2IfHK+yJoyEgKcsbOa0zFxZV0XsLeGITN25f
q2pdmQNSCTPG7JVGc9lokgGsQ0LL4T2Hq7d5VghsVOpGkybMyC9cPDNdVNmRBooA
u9oJJByyR+fUQlBDo810CwkMy+FyC9yJwFGBDPKz3RTHhuG0eiG3c1VJchB73D2D
mHf6UwGfnysdsdRejNYLuCUlpdm97TQIn0kYHs93FtK6gKmk1hbJCh06udAkyrCH
HKfVHOKCdgJElUWxrZ8H3KinDDLPHuIzEvKxbSw16MOQi0lPMdXG
-----END CERTIFICATE-----