Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/yMCWx_vwP00jLW3_uRevvXcRMmk.roa
File:                     yMCWx_vwP00jLW3_uRevvXcRMmk.roa (raw, json)
Hash identifier:          xnNpTecLSpiwvjQT9lRJw8IJFmY7Zwk40Z4AZXbx8O4=
Subject key identifier:   C8:C0:96:C7:FB:F0:3F:4D:23:2D:6D:FF:B9:17:AF:BD:77:11:32:69
Certificate issuer:       /CN=9b08f4e76150309bbd224b01f89ec203c1fc56db
Certificate serial:       0194236A44D0F842E61A0227587F908910D4
Authority key identifier: 9B:08:F4:E7:61:50:30:9B:BD:22:4B:01:F8:9E:C2:03:C1:FC:56:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwj052FQMJu9IksB-J7CA8H8Vts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/yMCWx_vwP00jLW3_uRevvXcRMmk.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.13.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/mwj052FQMJu9IksB-J7CA8H8Vts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/mwj052FQMJu9IksB-J7CA8H8Vts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwj052FQMJu9IksB-J7CA8H8Vts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:44:d0:f8:42:e6:1a:02:27:58:7f:90:89:10:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b08f4e76150309bbd224b01f89ec203c1fc56db
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8c096c7fbf03f4d232d6dffb917afbd77113269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2d:c2:ff:57:08:7a:e0:fb:68:e4:6c:bb:04:
                    b1:e8:3c:fb:da:eb:31:da:1b:33:35:a4:6a:ba:84:
                    db:f8:13:e1:d4:4a:d0:2e:bc:90:34:28:c2:04:7f:
                    b8:a3:6f:e9:f6:3f:49:1f:40:84:c1:d0:dd:90:13:
                    4b:8e:7e:0a:1a:b1:14:9c:6d:f9:5d:75:6b:40:d7:
                    24:76:20:d4:f9:71:08:6c:8d:03:af:7f:6c:b9:4d:
                    6a:06:ee:da:f5:87:fe:ee:13:57:37:24:97:9f:46:
                    83:ea:54:a4:8c:78:8b:fd:03:85:f9:9f:8b:73:2a:
                    7d:1c:91:79:92:d3:dc:72:03:82:aa:3e:25:03:ad:
                    da:05:bd:b8:ff:3d:bd:25:63:98:cd:29:61:6d:4d:
                    e0:01:d6:d8:8b:54:cb:6c:e8:50:4c:7f:13:52:ec:
                    aa:07:50:f6:15:79:0c:02:6e:6e:96:18:56:25:86:
                    c2:5e:48:b4:07:dc:bf:19:db:2d:12:0a:a6:81:e3:
                    3e:f3:12:be:6c:30:4f:97:a8:51:ae:73:9b:dd:53:
                    6b:1c:b9:e8:0a:be:a2:fe:e9:c1:28:be:87:6e:e3:
                    25:ae:21:d2:4c:ac:4d:21:ac:7d:50:2c:ed:2b:63:
                    9a:8d:53:4b:8d:fe:c3:cd:76:a2:73:79:08:85:5f:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C0:96:C7:FB:F0:3F:4D:23:2D:6D:FF:B9:17:AF:BD:77:11:32:69
            X509v3 Authority Key Identifier:
                keyid:9B:08:F4:E7:61:50:30:9B:BD:22:4B:01:F8:9E:C2:03:C1:FC:56:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwj052FQMJu9IksB-J7CA8H8Vts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/yMCWx_vwP00jLW3_uRevvXcRMmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/mwj052FQMJu9IksB-J7CA8H8Vts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.13.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0f:2d:62:3e:32:6d:2c:7b:78:b0:f0:58:64:90:f8:51:eb:3f:
         fa:a7:1b:1c:f3:42:ec:3f:b4:ad:9c:c1:4a:80:8c:eb:52:45:
         d2:a9:f6:63:90:f9:f1:df:ae:b3:e7:3e:80:39:a3:28:35:33:
         60:f5:b5:6c:cd:d5:d8:04:3e:15:1d:4d:8a:b5:3e:27:1b:4b:
         7a:74:dc:22:96:63:14:73:8e:03:d0:b0:6f:2f:6e:3e:7d:8b:
         c1:fc:80:3c:b5:0a:96:21:f3:6a:a0:3a:c0:d0:9f:8d:d6:52:
         f2:c4:89:65:5a:29:69:7c:5b:25:87:e8:9b:9d:08:2f:c0:8a:
         05:52:e3:12:1b:e1:f7:80:17:58:98:65:8e:fb:7d:f9:55:d9:
         c0:5f:84:ea:1d:16:20:5a:6d:0b:40:8b:34:02:f8:14:51:a5:
         2a:2e:99:de:2c:b1:ee:9d:10:f6:18:07:07:fd:4b:4c:5c:ed:
         3b:57:50:34:22:7b:55:4e:fc:2e:b9:ca:dc:ec:80:85:2f:72:
         d9:fc:ee:ae:98:1b:f2:d7:11:68:bf:06:a5:78:62:b2:13:4d:
         e9:ab:1f:ef:c5:28:dd:74:d6:c0:05:4e:6d:d5:7e:4f:d6:96:
         02:5b:4e:71:9e:6d:b2:ab:a6:e6:67:8b:66:53:1f:21:2d:7b:
         27:19:0c:e7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjakTQ+ELmGgInWH+QiRDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMDhmNGU3NjE1MDMwOWJiZDIyNGIwMWY4OWVjMjAzYzFm
YzU2ZGIwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGMwOTZjN2ZiZjAzZjRkMjMyZDZkZmZiOTE3YWZiZDc3MTEzMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy3C/1cIeuD7aORsuwSx6Dz72usx
2hszNaRquoTb+BPh1ErQLryQNCjCBH+4o2/p9j9JH0CEwdDdkBNLjn4KGrEUnG35
XXVrQNckdiDU+XEIbI0Dr39suU1qBu7a9Yf+7hNXNySXn0aD6lSkjHiL/QOF+Z+L
cyp9HJF5ktPccgOCqj4lA63aBb24/z29JWOYzSlhbU3gAdbYi1TLbOhQTH8TUuyq
B1D2FXkMAm5ulhhWJYbCXki0B9y/GdstEgqmgeM+8xK+bDBPl6hRrnOb3VNrHLno
Cr6i/unBKL6HbuMlriHSTKxNIax9UCztK2OajVNLjf7DzXaic3kIhV/E8wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMjAlsf78D9NIy1t/7kXr713ETJpMB8GA1UdIwQY
MBaAFJsI9OdhUDCbvSJLAfiewgPB/FbbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXdqMDUyRlFNSnU5SWtzQi1KN0NBOEg4VnRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNWQ2OTAtZmUxNi00NDljLWE2ZGUt
NjlkZjgxZjJkODNkLzEveU1DV3hfdndQMDBqTFczX3VSZXZ2WGNSTW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNWQ2OTAtZmUxNi00NDljLWE2ZGUtNjlkZjgxZjJkODNk
LzEvbXdqMDUyRlFNSnU5SWtzQi1KN0NBOEg4VnRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQ0wDQYJ
KoZIhvcNAQELBQADggEBAA8tYj4ybSx7eLDwWGSQ+FHrP/qnGxzzQuw/tK2cwUqA
jOtSRdKp9mOQ+fHfrrPnPoA5oyg1M2D1tWzN1dgEPhUdTYq1PicbS3p03CKWYxRz
jgPQsG8vbj59i8H8gDy1CpYh82qgOsDQn43WUvLEiWVaKWl8WyWH6JudCC/AigVS
4xIb4feAF1iYZY77fflV2cBfhOodFiBabQtAizQC+BRRpSoumd4sse6dEPYYBwf9
S0xc7TtXUDQie1VO/C65ytzsgIUvctn87q6YG/LXEWi/BqV4YrITTemrH+/FKN10
1sAFTm3Vfk/WlgJbTnGebbKrpuZni2ZTHyEteycZDOc=
-----END CERTIFICATE-----