Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/b_MmvUZfA5ZZF4bFCypyK1p5UMI.roa
File:                     b_MmvUZfA5ZZF4bFCypyK1p5UMI.roa (raw, json)
Hash identifier:          9E4PGJ6w5hYLiKvYcuEqwE8eKmB9cOnevFWIyVMZhgE=
Subject key identifier:   6F:F3:26:BD:46:5F:03:96:59:17:86:C5:0B:2A:72:2B:5A:79:50:C2
Certificate issuer:       /CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
Certificate serial:       019428E317E495C7CA1307C154BFDAF8BBB9
Authority key identifier: 23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/b_MmvUZfA5ZZF4bFCypyK1p5UMI.roa
Signing time:             Thu 02 Jan 2025 21:19:18 +0000
ROA not before:           Thu 02 Jan 2025 21:19:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31234
IP address blocks:        93.157.24.0/22 maxlen: 22
                          93.157.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:e3:17:e4:95:c7:ca:13:07:c1:54:bf:da:f8:bb:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
        Validity
            Not Before: Jan  2 21:19:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ff326bd465f0396591786c50b2a722b5a7950c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:83:86:2e:13:3b:8e:5b:ea:f4:c2:ca:36:b9:
                    34:c6:26:4f:f7:b5:31:7f:2a:57:81:46:0c:5e:d0:
                    a7:2d:35:02:dc:e1:08:9a:29:2a:96:2f:ff:7e:de:
                    a0:8a:4f:57:5d:38:b4:11:7e:aa:b6:50:e8:27:c5:
                    a6:26:d8:a6:f7:42:d7:55:aa:2c:08:1a:8d:67:cd:
                    ae:d0:86:c9:53:fa:76:e3:ea:4f:2e:db:87:7b:cb:
                    4e:79:3e:b7:3e:b6:db:f6:a5:09:c4:32:0b:2d:d7:
                    8e:db:4d:ef:5d:1c:0b:5a:17:28:82:49:4c:6d:e4:
                    50:f3:7a:82:ad:89:a7:3b:03:15:70:fd:e9:8b:43:
                    07:98:fb:31:d4:c5:64:6c:ac:55:7e:05:94:df:0c:
                    f4:5d:35:13:a8:64:5c:11:81:2b:8f:78:16:71:a3:
                    38:43:3a:b3:0a:04:02:66:0d:3a:88:2b:95:b5:85:
                    09:30:c3:48:ac:df:0f:bb:6b:f1:7f:9c:84:fb:d2:
                    e1:95:66:ab:67:b2:dd:75:e1:37:09:c4:f3:9f:ef:
                    5f:c6:25:91:c4:3e:83:c9:2d:1b:f6:1e:f5:9c:35:
                    90:17:01:92:67:8a:f5:d2:67:f8:82:76:16:2e:e4:
                    d6:23:3f:3c:3d:70:b5:e1:96:34:aa:6f:80:d3:e3:
                    2e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F3:26:BD:46:5F:03:96:59:17:86:C5:0B:2A:72:2B:5A:79:50:C2
            X509v3 Authority Key Identifier:
                keyid:23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/b_MmvUZfA5ZZF4bFCypyK1p5UMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.24.0/22
                  93.157.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:00:e3:90:10:65:30:de:40:42:a9:e7:0d:1c:3f:91:f8:39:
         2f:e9:ca:98:f8:ee:99:35:52:3f:c8:25:a8:fd:92:c5:6f:50:
         d4:c3:09:79:08:3d:6e:7c:ae:2f:ab:f9:43:12:d6:52:67:86:
         80:95:c8:40:d8:29:2f:f7:d3:8d:08:e3:59:b9:fe:1d:05:3e:
         c8:07:5d:7f:13:1b:d3:5c:95:e9:c3:e8:17:5d:d2:29:9f:7c:
         59:b9:0d:5d:48:24:23:e4:47:03:d8:a6:eb:77:d4:6c:ac:e4:
         a1:39:28:ee:7a:ce:3b:85:68:43:f7:99:68:09:87:5f:62:a2:
         9c:f3:73:19:23:3f:0b:06:6a:ba:ac:a7:80:59:cd:47:b5:dd:
         d3:38:fe:e8:f7:35:57:82:8c:53:59:2e:ec:96:92:d1:11:b8:
         16:97:21:40:9d:35:51:17:a0:69:72:fc:17:ff:1c:22:0a:5c:
         35:9a:d4:9f:51:54:8c:39:a8:b5:72:0e:8c:23:fc:0f:e2:62:
         f2:15:21:59:5a:9d:af:c0:f3:b7:6e:94:3f:50:94:f2:f7:9b:
         21:bc:bf:44:3b:41:c4:91:e9:5f:6e:36:0f:34:76:37:0d:57:
         bc:67:c8:15:26:c1:ff:69:ff:aa:56:7d:ab:87:28:40:7e:56:
         a9:89:9c:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQo4xfklcfKEwfBVL/a+Lu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYmExZWM0ZjAzNWE3MmRmYTM5ZTkzMGFkOGVjNTQzNjhl
YjdhZjQwHhcNMjUwMTAyMjExOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYzMjZiZDQ2NWYwMzk2NTkxNzg2YzUwYjJhNzIyYjVhNzk1MGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYOGLhM7jlvq9MLKNrk0xiZP97Ux
fypXgUYMXtCnLTUC3OEImikqli//ft6gik9XXTi0EX6qtlDoJ8WmJtim90LXVaos
CBqNZ82u0IbJU/p24+pPLtuHe8tOeT63Prbb9qUJxDILLdeO203vXRwLWhcogklM
beRQ83qCrYmnOwMVcP3pi0MHmPsx1MVkbKxVfgWU3wz0XTUTqGRcEYErj3gWcaM4
QzqzCgQCZg06iCuVtYUJMMNIrN8Pu2vxf5yE+9LhlWarZ7LddeE3CcTzn+9fxiWR
xD6DyS0b9h71nDWQFwGSZ4r10mf4gnYWLuTWIz88PXC14ZY0qm+A0+MuNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG/zJr1GXwOWWReGxQsqcitaeVDCMB8GA1UdIwQY
MBaAFCO6HsTwNact+jnpMK2OxUNo63r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDct
YmRlNjQ0OGI3ODZjLzEvYl9NbXZVWmZBNVpaRjRiRkN5cHlLMXA1VU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDctYmRlNjQ0OGI3ODZj
LzEvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXZ0YAwQB
XZ0eMA0GCSqGSIb3DQEBCwUAA4IBAQAEAOOQEGUw3kBCqecNHD+R+Dkv6cqY+O6Z
NVI/yCWo/ZLFb1DUwwl5CD1ufK4vq/lDEtZSZ4aAlchA2Ckv99ONCONZuf4dBT7I
B11/ExvTXJXpw+gXXdIpn3xZuQ1dSCQj5EcD2Kbrd9RsrOShOSjues47hWhD95lo
CYdfYqKc83MZIz8LBmq6rKeAWc1Htd3TOP7o9zVXgoxTWS7slpLREbgWlyFAnTVR
F6BpcvwX/xwiClw1mtSfUVSMOai1cg6MI/wP4mLyFSFZWp2vwPO3bpQ/UJTy95sh
vL9EO0HEkelfbjYPNHY3DVe8Z8gVJsH/af+qVn2rhyhAflapiZz4
-----END CERTIFICATE-----