Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/mgVlb5y6oflmqG3d7ppnuUd0Clo.roa
File:                     mgVlb5y6oflmqG3d7ppnuUd0Clo.roa (raw, json)
Hash identifier:          dzpQ0zn6slEv00KpzZGJezOhzkkJQj1vaHxpsdbRvnE=
Subject key identifier:   9A:05:65:6F:9C:BA:A1:F9:66:A8:6D:DD:EE:9A:67:B9:47:74:0A:5A
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       019421442B1823D6E7ACD17A32C6EC7FFBA6
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/mgVlb5y6oflmqG3d7ppnuUd0Clo.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        185.191.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2b:18:23:d6:e7:ac:d1:7a:32:c6:ec:7f:fb:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a05656f9cbaa1f966a86dddee9a67b947740a5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f2:c5:b8:3a:27:7e:6f:ae:bd:69:3b:84:3b:
                    76:62:de:50:ad:6a:bf:d5:26:41:51:21:4d:f9:5a:
                    a0:cf:d9:8d:3f:9b:b1:33:a9:97:5c:cd:fa:03:3d:
                    57:e6:ce:26:42:27:81:3e:25:9e:19:ba:94:bd:b3:
                    5e:64:e9:52:41:ef:55:5e:f0:b5:9f:51:69:d1:b7:
                    8c:db:a7:69:a1:fa:ac:49:77:c4:40:e3:1c:24:b0:
                    7d:e1:76:27:b4:26:7b:ad:48:78:4a:8e:df:7e:5a:
                    80:35:82:6f:0b:33:87:fa:64:b8:e4:a6:db:ed:ab:
                    34:5c:97:75:44:5e:37:aa:03:56:0f:2b:dd:3a:f6:
                    d6:5e:6b:fb:38:44:79:48:d5:7e:2a:5b:ab:a1:55:
                    84:9c:2a:25:e6:de:36:e3:40:85:e0:0e:fb:a6:8f:
                    2b:51:ab:42:e7:34:44:32:e9:51:0f:d5:4c:c0:b0:
                    95:00:56:cc:f8:aa:fc:66:1b:f8:52:6c:2d:9d:3c:
                    59:c4:68:09:8b:95:ee:2e:ff:4b:c4:4a:1c:a5:53:
                    c1:14:53:64:dd:a1:af:71:c4:1a:e0:a0:e5:7a:c6:
                    d8:ab:f8:fe:90:e7:2c:06:fc:48:3f:38:2a:cd:1c:
                    fd:cf:64:e8:52:c6:35:09:bf:dc:d5:09:22:9a:7b:
                    19:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:05:65:6F:9C:BA:A1:F9:66:A8:6D:DD:EE:9A:67:B9:47:74:0A:5A
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/mgVlb5y6oflmqG3d7ppnuUd0Clo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:77:d5:27:da:df:8c:ea:ca:f8:80:87:1b:e2:9b:8b:9a:c5:
         05:9c:aa:04:ab:c9:e8:be:8a:e2:9e:06:4a:07:b1:2b:3e:72:
         16:8f:7d:c5:84:af:36:62:05:c5:0d:c2:69:58:db:cc:24:bd:
         51:a7:9d:7a:41:f7:9f:99:67:a5:9e:73:c4:70:1a:9a:dc:8b:
         12:a3:24:6d:01:25:6a:5b:0c:31:dc:f6:c8:36:08:1d:1a:ef:
         d2:c3:b8:e9:4d:c1:cf:fe:68:e2:6b:bf:a0:5d:6a:4c:ee:7b:
         98:3f:77:c0:0c:1f:8d:75:0c:1d:3f:b9:29:83:4f:13:7e:1a:
         5e:05:0e:ea:24:c6:af:ab:74:3b:ed:1d:90:82:0a:30:93:a7:
         45:05:a2:bd:4f:9b:f8:88:8b:bd:9b:e0:02:44:c0:a7:1b:bc:
         19:0a:d5:60:ca:fe:fe:bf:e7:6b:29:76:bd:b2:97:6e:20:8b:
         91:fd:1c:19:27:9c:be:1a:17:9e:61:fb:86:ac:66:23:fb:df:
         8d:8a:40:9a:c2:c4:64:2d:d6:91:47:34:d4:e5:bd:bf:55:e3:
         bf:8d:79:fb:a9:3e:c9:5b:69:6c:cf:96:a3:69:a9:82:dd:14:
         69:8b:06:94:90:0b:40:45:c1:bc:e5:b1:f0:b5:be:69:ef:72:
         4e:ba:7e:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCsYI9bnrNF6Msbsf/umMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTA1NjU2ZjljYmFhMWY5NjZhODZkZGRlZTlhNjdiOTQ3NzQwYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPLFuDonfm+uvWk7hDt2Yt5QrWq/
1SZBUSFN+Vqgz9mNP5uxM6mXXM36Az1X5s4mQieBPiWeGbqUvbNeZOlSQe9VXvC1
n1Fp0beM26dpofqsSXfEQOMcJLB94XYntCZ7rUh4So7fflqANYJvCzOH+mS45Kbb
7as0XJd1RF43qgNWDyvdOvbWXmv7OER5SNV+KluroVWEnCol5t4240CF4A77po8r
UatC5zREMulRD9VMwLCVAFbM+Kr8Zhv4UmwtnTxZxGgJi5XuLv9LxEocpVPBFFNk
3aGvccQa4KDlesbYq/j+kOcsBvxIPzgqzRz9z2ToUsY1Cb/c1QkimnsZwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJoFZW+cuqH5Zqht3e6aZ7lHdApaMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvbWdWbGI1eTZvZmxtcUczZDdwcG51VWQwQ2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub8VMA0G
CSqGSIb3DQEBCwUAA4IBAQCUd9Un2t+M6sr4gIcb4puLmsUFnKoEq8novoringZK
B7ErPnIWj33FhK82YgXFDcJpWNvMJL1Rp516QfefmWelnnPEcBqa3IsSoyRtASVq
Wwwx3PbINggdGu/Sw7jpTcHP/mjia7+gXWpM7nuYP3fADB+NdQwdP7kpg08Tfhpe
BQ7qJMavq3Q77R2Qggowk6dFBaK9T5v4iIu9m+ACRMCnG7wZCtVgyv7+v+drKXa9
spduIIuR/RwZJ5y+GheeYfuGrGYj+9+NikCawsRkLdaRRzTU5b2/VeO/jXn7qT7J
W2lsz5ajaamC3RRpiwaUkAtARcG85bHwtb5p73JOun5z
-----END CERTIFICATE-----