Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/MKwXFQdhtuQYKRcVzorzsVxuXIw.roa
File:                     MKwXFQdhtuQYKRcVzorzsVxuXIw.roa (raw, json)
Hash identifier:          GZ2oDGi2xK0WgPjyKpmqLx5efaJizRvGxJTHG502Kqs=
Subject key identifier:   30:AC:17:15:07:61:B6:E4:18:29:17:15:CE:8A:F3:B1:5C:6E:5C:8C
Certificate issuer:       /CN=a4cb50e78a3a31e3375cf2aab865e845ff2e99c1
Certificate serial:       01942067D5568D0F2534599F32DA5D60FE00
Authority key identifier: A4:CB:50:E7:8A:3A:31:E3:37:5C:F2:AA:B8:65:E8:45:FF:2E:99:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/MKwXFQdhtuQYKRcVzorzsVxuXIw.roa
Signing time:             Wed 01 Jan 2025 05:47:43 +0000
ROA not before:           Wed 01 Jan 2025 05:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16035
IP address blocks:        185.152.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d5:56:8d:0f:25:34:59:9f:32:da:5d:60:fe:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4cb50e78a3a31e3375cf2aab865e845ff2e99c1
        Validity
            Not Before: Jan  1 05:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30ac17150761b6e418291715ce8af3b15c6e5c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:85:33:23:1b:16:2e:d1:26:37:f4:67:e7:cb:
                    c8:86:b3:a0:57:b8:28:03:b5:93:ab:f7:ca:7e:52:
                    82:ac:f6:eb:2a:0f:75:4b:c0:de:fd:4e:04:96:5d:
                    23:b7:8e:cb:39:36:48:9e:e9:16:ad:09:1f:de:f8:
                    a8:4d:e4:aa:e5:c1:9f:54:d9:24:67:93:e3:80:07:
                    44:c8:5e:33:bc:63:c1:55:6e:d8:3f:c5:b9:40:71:
                    2a:88:9c:63:c7:46:9c:47:f4:3c:ea:ca:dc:20:9a:
                    75:e7:f2:c9:29:bb:fb:20:ad:15:c1:79:00:7f:75:
                    54:2d:25:f7:57:1e:23:7a:d6:b9:92:3c:19:16:c0:
                    da:c1:c6:79:80:ef:fe:f8:ed:cc:09:3c:b8:c4:75:
                    0f:ae:37:14:3b:f5:f0:b0:3e:5e:43:9f:85:84:fb:
                    b9:e5:33:39:62:fb:17:d2:47:8a:8e:be:e1:07:20:
                    51:eb:64:6b:03:57:c4:ac:18:14:33:41:fe:70:2c:
                    06:cb:40:d1:92:00:18:4a:cd:63:a3:7e:f4:d9:cb:
                    d0:18:bc:1d:55:c8:14:6a:b7:bc:70:fe:23:cf:6b:
                    e2:7b:20:5a:3f:7d:46:1a:cb:ca:37:98:44:8e:0c:
                    1d:e7:c9:8f:6a:55:68:93:6c:39:31:c2:91:ad:6f:
                    b7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AC:17:15:07:61:B6:E4:18:29:17:15:CE:8A:F3:B1:5C:6E:5C:8C
            X509v3 Authority Key Identifier:
                keyid:A4:CB:50:E7:8A:3A:31:E3:37:5C:F2:AA:B8:65:E8:45:FF:2E:99:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/MKwXFQdhtuQYKRcVzorzsVxuXIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:1d:09:3c:a0:4f:f2:90:92:86:9a:47:3b:e4:64:97:4e:46:
         33:3e:67:3c:4f:1e:42:b2:d6:0a:c2:1c:af:eb:f9:32:f4:a3:
         0c:c7:b4:9e:45:3b:e9:79:be:22:ea:82:0b:fb:95:4b:04:8e:
         a8:5d:e2:1c:58:49:b4:ad:bf:95:ca:52:2e:4f:46:57:d8:93:
         26:1a:95:3d:43:93:f6:ff:23:63:0c:d8:c7:b3:45:ea:a9:b5:
         f1:7f:37:41:a9:25:6c:f4:7f:44:b2:17:3d:7b:2f:35:75:14:
         b9:43:8f:4d:e0:33:6a:bd:9a:3f:ea:de:80:b4:cf:a3:7d:60:
         af:32:59:47:00:9a:f8:92:50:62:7f:fa:8e:8e:7a:b8:66:1c:
         f5:01:ad:a3:51:c0:10:f9:84:40:1e:8a:89:2c:8f:92:da:a1:
         10:13:84:a9:5e:3d:5b:e7:40:68:2b:88:0a:26:7b:2c:84:6e:
         15:8e:0d:f3:59:3b:61:71:55:e2:16:f8:04:d8:82:8d:2c:74:
         5c:7e:04:9e:85:38:3b:20:70:26:d0:d8:e8:14:ec:b9:f0:ed:
         35:f3:3c:01:13:87:28:4d:a6:a4:ad:34:c4:91:01:65:8d:82:
         59:6c:80:27:25:74:28:f9:0a:d8:5b:23:10:93:48:32:87:eb:
         68:4c:96:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9VWjQ8lNFmfMtpdYP4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2I1MGU3OGEzYTMxZTMzNzVjZjJhYWI4NjVlODQ1ZmYy
ZTk5YzEwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFjMTcxNTA3NjFiNmU0MTgyOTE3MTVjZThhZjNiMTVjNmU1YzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYUzIxsWLtEmN/Rn58vIhrOgV7go
A7WTq/fKflKCrPbrKg91S8De/U4Ell0jt47LOTZInukWrQkf3vioTeSq5cGfVNkk
Z5PjgAdEyF4zvGPBVW7YP8W5QHEqiJxjx0acR/Q86srcIJp15/LJKbv7IK0VwXkA
f3VULSX3Vx4jeta5kjwZFsDawcZ5gO/++O3MCTy4xHUPrjcUO/XwsD5eQ5+FhPu5
5TM5YvsX0keKjr7hByBR62RrA1fErBgUM0H+cCwGy0DRkgAYSs1jo3702cvQGLwd
VcgUare8cP4jz2vieyBaP31GGsvKN5hEjgwd58mPalVok2w5McKRrW+3dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCsFxUHYbbkGCkXFc6K87FcblyMMB8GA1UdIwQY
MBaAFKTLUOeKOjHjN1zyqrhl6EX/LpnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE10UTU0bzZNZU0zWFBLcXVHWG9SZjh1bWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iMWYyZTAtOGE2MC00YzhhLTkwZGMt
NGJlNzk0ZDY0MDZkLzEvTUt3WEZRZGh0dVFZS1JjVnpvcnpzVnh1WEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iMWYyZTAtOGE2MC00YzhhLTkwZGMtNGJlNzk0ZDY0MDZk
LzEvcE10UTU0bzZNZU0zWFBLcXVHWG9SZjh1bWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZicMA0G
CSqGSIb3DQEBCwUAA4IBAQAJHQk8oE/ykJKGmkc75GSXTkYzPmc8Tx5CstYKwhyv
6/ky9KMMx7SeRTvpeb4i6oIL+5VLBI6oXeIcWEm0rb+VylIuT0ZX2JMmGpU9Q5P2
/yNjDNjHs0XqqbXxfzdBqSVs9H9Eshc9ey81dRS5Q49N4DNqvZo/6t6AtM+jfWCv
MllHAJr4klBif/qOjnq4Zhz1Aa2jUcAQ+YRAHoqJLI+S2qEQE4SpXj1b50BoK4gK
JnsshG4Vjg3zWTthcVXiFvgE2IKNLHRcfgSehTg7IHAm0NjoFOy58O018zwBE4co
TaakrTTEkQFljYJZbIAnJXQo+QrYWyMQk0gyh+toTJb3
-----END CERTIFICATE-----