Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/MRG3_FOrOZR1ycbEYgpzuvXiwwg.roa
File:                     MRG3_FOrOZR1ycbEYgpzuvXiwwg.roa (raw, json)
Hash identifier:          G6Yjq9y1G/KTbpJTj8c9lYG4uMJ+BxAZW7rst977Pck=
Subject key identifier:   31:11:B7:FC:53:AB:39:94:75:C9:C6:C4:62:0A:73:BA:F5:E2:C3:08
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0194258F7ED98711A871E68CC27C65131866
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/MRG3_FOrOZR1ycbEYgpzuvXiwwg.roa
Signing time:             Thu 02 Jan 2025 05:49:08 +0000
ROA not before:           Thu 02 Jan 2025 05:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        195.178.142.0/24 maxlen: 24
                          195.178.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7e:d9:87:11:a8:71:e6:8c:c2:7c:65:13:18:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 05:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3111b7fc53ab399475c9c6c4620a73baf5e2c308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:19:80:65:c5:83:4f:8b:3f:80:ad:fe:78:fa:
                    6a:56:f0:6b:a0:48:58:42:90:e6:f9:fa:34:f7:4d:
                    98:d3:46:68:a0:41:a6:22:05:ab:47:da:31:7e:83:
                    81:42:5a:e4:5d:bf:1d:22:f6:42:c3:77:ec:5f:b4:
                    31:c8:a2:8b:49:91:42:6f:a7:94:bf:88:17:05:30:
                    7e:09:a4:56:18:85:a9:8f:85:48:f6:4b:82:92:06:
                    95:ed:29:34:1c:fe:e1:2f:50:c3:77:05:bb:b5:1c:
                    6d:29:bf:1e:77:e5:1a:9b:7e:d1:56:21:ed:b7:ca:
                    a7:b6:9b:cc:83:e4:8e:b9:c0:2f:93:94:c0:39:1a:
                    87:c8:15:4d:e9:8f:29:7f:58:1a:0b:6e:f4:02:68:
                    53:63:bd:f2:38:f9:a7:7b:b1:56:ac:8f:19:7f:f2:
                    ab:16:cb:0c:aa:35:fa:a4:99:03:a6:49:63:b1:82:
                    61:60:4e:fd:b8:c2:1a:cd:f6:15:ba:31:d6:b1:51:
                    6f:c7:06:d0:fb:c6:8a:20:fa:5b:a2:a4:46:dc:23:
                    17:f9:54:21:28:51:6a:4e:40:8b:8a:20:dd:fe:f0:
                    01:ad:b1:c0:3e:f9:4d:de:3d:7a:5a:92:83:5e:70:
                    10:a6:82:20:e3:db:72:88:48:59:fc:9b:7e:a7:3e:
                    64:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:11:B7:FC:53:AB:39:94:75:C9:C6:C4:62:0A:73:BA:F5:E2:C3:08
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/MRG3_FOrOZR1ycbEYgpzuvXiwwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:7d:7e:ce:e8:21:6e:0e:f2:f6:39:ee:47:de:49:69:d8:1e:
         96:50:8f:9b:ed:65:4a:66:cb:49:23:3c:c0:4d:21:6a:c2:7c:
         c2:e7:34:ce:87:02:06:fd:75:ed:40:c9:32:1c:2d:91:96:b4:
         03:04:a8:56:e8:a3:96:74:e5:45:0e:c4:4b:5e:f9:78:f9:a7:
         2b:d3:50:8d:29:67:16:46:df:44:0d:77:c2:15:18:3a:36:1d:
         92:51:6f:de:e7:32:b1:6c:35:1e:c7:c1:50:aa:9c:86:12:ca:
         d7:15:56:63:08:4c:c7:d6:14:33:cd:87:4b:7c:8f:a3:42:8b:
         d4:c2:37:01:a7:4f:e3:c2:7c:a0:5a:fb:68:24:69:21:7c:3b:
         ff:36:6d:c2:3a:97:86:93:85:51:ca:c7:95:c3:d0:61:d2:78:
         1c:f9:1f:9b:03:56:db:f6:55:cf:67:88:14:24:c8:11:5b:49:
         e3:c3:45:f6:0b:a6:93:68:17:f7:c7:e5:05:8c:b7:e5:aa:d1:
         85:01:91:c1:cc:fc:69:00:6b:cd:82:c8:e1:63:b9:f8:42:40:
         67:e8:3c:b0:51:24:88:22:92:16:89:02:8a:9d:e3:c5:f5:87:
         b2:bd:fc:2d:82:04:3c:33:65:5f:b3:e2:42:28:cb:f9:3e:63:
         64:37:6b:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj37ZhxGoceaMwnxlExhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjUwMTAyMDU0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTExYjdmYzUzYWIzOTk0NzVjOWM2YzQ2MjBhNzNiYWY1ZTJjMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxmAZcWDT4s/gK3+ePpqVvBroEhY
QpDm+fo0902Y00ZooEGmIgWrR9oxfoOBQlrkXb8dIvZCw3fsX7QxyKKLSZFCb6eU
v4gXBTB+CaRWGIWpj4VI9kuCkgaV7Sk0HP7hL1DDdwW7tRxtKb8ed+Uam37RViHt
t8qntpvMg+SOucAvk5TAORqHyBVN6Y8pf1gaC270AmhTY73yOPmne7FWrI8Zf/Kr
FssMqjX6pJkDpkljsYJhYE79uMIazfYVujHWsVFvxwbQ+8aKIPpboqRG3CMX+VQh
KFFqTkCLiiDd/vABrbHAPvlN3j16WpKDXnAQpoIg49tyiEhZ/Jt+pz5k3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDERt/xTqzmUdcnGxGIKc7r14sMIMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvTVJHM19GT3JPWlIxeWNiRVlncHp1dlhpd3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7KOMA0G
CSqGSIb3DQEBCwUAA4IBAQARfX7O6CFuDvL2Oe5H3klp2B6WUI+b7WVKZstJIzzA
TSFqwnzC5zTOhwIG/XXtQMkyHC2RlrQDBKhW6KOWdOVFDsRLXvl4+acr01CNKWcW
Rt9EDXfCFRg6Nh2SUW/e5zKxbDUex8FQqpyGEsrXFVZjCEzH1hQzzYdLfI+jQovU
wjcBp0/jwnygWvtoJGkhfDv/Nm3COpeGk4VRyseVw9Bh0ngc+R+bA1bb9lXPZ4gU
JMgRW0njw0X2C6aTaBf3x+UFjLflqtGFAZHBzPxpAGvNgsjhY7n4QkBn6DywUSSI
IpIWiQKKnePF9YeyvfwtggQ8M2Vfs+JCKMv5PmNkN2sN
-----END CERTIFICATE-----