Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/mRAfm0IZYw0nRXqNIiFpIobrRMA.roa
File:                     mRAfm0IZYw0nRXqNIiFpIobrRMA.roa (raw, json)
Hash identifier:          jXzmxSRtcIuABS2OjXhRLcyIJLcL7GBbvC3pkqmKMi0=
Subject key identifier:   99:10:1F:9B:42:19:63:0D:27:45:7A:8D:22:21:69:22:86:EB:44:C0
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FE75B9A9F6BDFC6F112D9AE5EE707
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/mRAfm0IZYw0nRXqNIiFpIobrRMA.roa
Signing time:             Thu 02 Jan 2025 05:49:35 +0000
ROA not before:           Thu 02 Jan 2025 05:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199011
IP address blocks:        92.38.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:e7:5b:9a:9f:6b:df:c6:f1:12:d9:ae:5e:e7:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99101f9b4219630d27457a8d2221692286eb44c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cc:97:47:6c:6a:1c:e9:34:c4:83:29:ea:05:
                    7b:57:1d:1b:71:68:ee:24:c9:5f:80:aa:fa:c0:7f:
                    28:9c:e1:e8:c2:c7:a1:b2:38:c2:be:ae:41:df:93:
                    e1:42:b5:1e:5b:2b:77:47:e5:18:5a:82:01:c6:93:
                    72:dc:57:07:98:95:94:a7:c5:3a:39:b4:6b:5d:1a:
                    18:3f:c0:08:83:76:0b:81:6d:1f:05:10:67:7d:3e:
                    10:c1:9c:82:cd:a5:98:63:70:d1:be:9e:25:44:8d:
                    65:3a:18:73:f4:52:aa:b7:03:51:52:3f:d9:4e:6c:
                    9b:b3:01:40:a2:65:65:75:4a:94:1c:64:2e:72:98:
                    cf:ac:27:f1:69:7f:75:02:15:89:01:af:43:43:eb:
                    1d:a5:3e:f5:dc:ef:fe:0b:c9:51:a0:29:9a:45:ef:
                    45:e3:d8:1f:cf:c1:8b:a3:b5:0e:83:30:77:21:bc:
                    5e:ac:34:d3:0d:20:29:81:fe:2c:a0:37:3a:b5:a5:
                    7b:d0:fe:5a:43:8f:93:fa:23:e1:28:35:14:95:6a:
                    33:63:5b:94:cd:40:1b:52:44:c3:3a:6d:23:a8:b3:
                    45:ce:a7:5a:28:29:6c:76:3e:22:52:fc:6b:96:58:
                    59:b1:f4:78:a4:b9:c2:22:3b:22:a7:4f:56:84:a1:
                    1f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:10:1F:9B:42:19:63:0D:27:45:7A:8D:22:21:69:22:86:EB:44:C0
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/mRAfm0IZYw0nRXqNIiFpIobrRMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:9f:fe:b6:76:f4:4b:2e:43:2e:31:e8:8d:c6:e1:b0:43:a1:
         c1:66:78:11:75:72:34:fd:b5:37:12:7b:83:4a:20:26:24:a2:
         43:c9:96:4b:37:c3:ff:1f:30:70:48:8c:04:0c:09:f1:3c:04:
         b8:1d:4a:91:a9:87:96:ea:c4:97:d8:94:6e:ba:60:0f:5c:e9:
         c1:1f:3a:5c:8d:d6:d1:d4:8d:c4:1b:54:54:6e:a1:1f:c3:69:
         34:37:22:99:ac:69:a2:ef:98:86:73:39:b4:35:f0:17:83:8a:
         c4:17:a2:e7:d5:d9:15:01:bf:00:50:d9:9d:28:0c:04:69:8f:
         4e:f7:05:97:39:8a:1f:55:16:ee:f6:52:08:80:d8:8c:a3:d8:
         62:dd:7f:44:db:86:23:04:4e:5b:51:4f:be:7f:c4:7a:66:eb:
         7b:55:f8:1a:8b:73:0e:df:e8:ff:08:d4:59:f4:27:6e:71:43:
         d7:db:a3:53:57:0a:23:38:67:b2:60:30:29:d7:e1:1d:94:a8:
         2b:4e:00:39:e3:47:fb:85:bf:03:0b:a3:64:b1:34:85:49:bd:
         21:46:41:41:31:57:b8:36:f6:1c:45:31:d2:d7:70:0e:7e:3f:
         82:2c:54:4d:32:5e:2a:fb:35:2b:6f:4e:67:11:1a:1a:5d:41:
         6d:ac:74:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj+dbmp9r38bxEtmuXucHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTEwMWY5YjQyMTk2MzBkMjc0NTdhOGQyMjIxNjkyMjg2ZWI0NGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8yXR2xqHOk0xIMp6gV7Vx0bcWju
JMlfgKr6wH8onOHowsehsjjCvq5B35PhQrUeWyt3R+UYWoIBxpNy3FcHmJWUp8U6
ObRrXRoYP8AIg3YLgW0fBRBnfT4QwZyCzaWYY3DRvp4lRI1lOhhz9FKqtwNRUj/Z
TmybswFAomVldUqUHGQucpjPrCfxaX91AhWJAa9DQ+sdpT713O/+C8lRoCmaRe9F
49gfz8GLo7UOgzB3IbxerDTTDSApgf4soDc6taV70P5aQ4+T+iPhKDUUlWozY1uU
zUAbUkTDOm0jqLNFzqdaKClsdj4iUvxrllhZsfR4pLnCIjsip09WhKEfvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkQH5tCGWMNJ0V6jSIhaSKG60TAMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvbVJBZm0wSVpZdzBuUlhxTklpRnBJb2JyUk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCYoMA0G
CSqGSIb3DQEBCwUAA4IBAQBBn/62dvRLLkMuMeiNxuGwQ6HBZngRdXI0/bU3EnuD
SiAmJKJDyZZLN8P/HzBwSIwEDAnxPAS4HUqRqYeW6sSX2JRuumAPXOnBHzpcjdbR
1I3EG1RUbqEfw2k0NyKZrGmi75iGczm0NfAXg4rEF6Ln1dkVAb8AUNmdKAwEaY9O
9wWXOYofVRbu9lIIgNiMo9hi3X9E24YjBE5bUU++f8R6Zut7Vfgai3MO3+j/CNRZ
9CducUPX26NTVwojOGeyYDAp1+EdlKgrTgA540f7hb8DC6NksTSFSb0hRkFBMVe4
NvYcRTHS13AOfj+CLFRNMl4q+zUrb05nERoaXUFtrHSJ
-----END CERTIFICATE-----