Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/gMMT4CFkCWRYtDrF3UxIZfPsxKc.roa
File:                     gMMT4CFkCWRYtDrF3UxIZfPsxKc.roa (raw, json)
Hash identifier:          2/OhbtZSnC9mHzUn7UoTXNOmX1wP26fthpipUmjf41Y=
Subject key identifier:   80:C3:13:E0:21:64:09:64:58:B4:3A:C5:DD:4C:48:65:F3:EC:C4:A7
Certificate issuer:       /CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
Certificate serial:       01942669F59B2B598A6AB7A6AB903FD08082
Authority key identifier: C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/gMMT4CFkCWRYtDrF3UxIZfPsxKc.roa
Signing time:             Thu 02 Jan 2025 09:47:45 +0000
ROA not before:           Thu 02 Jan 2025 09:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48972
IP address blocks:        185.107.120.0/22 maxlen: 22
                          2a00:cb40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:f5:9b:2b:59:8a:6a:b7:a6:ab:90:3f:d0:80:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
        Validity
            Not Before: Jan  2 09:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80c313e02164096458b43ac5dd4c4865f3ecc4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a3:97:e4:71:63:d0:21:70:09:71:ae:fb:06:
                    5c:56:c9:81:a4:21:a3:77:51:47:44:06:3a:84:a9:
                    c3:83:a9:76:05:6f:bf:dd:c5:5c:e5:e6:69:c0:8d:
                    f5:7f:08:36:d4:24:b3:ed:a9:41:de:b1:17:d8:a5:
                    a8:0e:53:1e:07:f5:04:e7:79:a7:68:5e:d3:08:3e:
                    97:c5:d9:fc:72:79:0e:43:43:c0:20:66:6c:ce:bb:
                    18:77:3a:69:9f:9b:be:5a:24:27:1e:c6:74:cf:0e:
                    62:25:29:46:78:e4:b7:a8:56:08:63:96:10:80:da:
                    3d:f9:0a:78:66:4f:ca:84:58:19:da:c3:ef:b4:05:
                    d9:03:f7:e1:85:61:4e:83:ff:33:7d:c3:50:92:4b:
                    87:39:63:90:2a:6d:ec:3a:33:3d:2e:0e:aa:29:48:
                    17:05:06:d7:55:07:cf:08:50:08:e3:7b:73:5f:31:
                    65:f8:61:f6:66:e2:0e:2d:dc:54:3b:3f:81:ee:20:
                    9a:1a:fe:05:18:73:b1:59:65:e9:b0:85:8b:e0:2a:
                    22:15:c6:df:f8:d5:bc:72:94:c6:55:04:a0:03:42:
                    19:eb:97:85:43:94:28:7e:64:e6:45:32:25:b0:d0:
                    e4:d6:ef:77:48:1a:c1:9e:a0:af:63:2a:4e:95:5d:
                    05:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C3:13:E0:21:64:09:64:58:B4:3A:C5:DD:4C:48:65:F3:EC:C4:A7
            X509v3 Authority Key Identifier:
                keyid:C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/gMMT4CFkCWRYtDrF3UxIZfPsxKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.120.0/22
                IPv6:
                  2a00:cb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:3f:17:7b:7f:af:30:b6:cd:ed:20:29:ad:a2:35:71:79:18:
         86:84:fd:01:9e:0c:64:95:55:1b:61:dc:4e:bd:8e:59:39:d8:
         fe:48:8d:af:11:37:da:83:a9:b9:b7:ba:fd:3c:76:85:89:f0:
         ce:76:23:00:39:84:63:02:ff:a3:bb:da:f0:40:a5:b8:02:eb:
         63:25:ae:51:2b:d1:5e:f4:81:a0:4b:6f:20:df:a5:47:da:92:
         46:28:92:78:31:f0:f5:e2:c7:8b:c3:b5:1f:96:d6:f8:e2:89:
         ed:ac:39:ce:3f:87:b7:33:69:22:73:3b:e2:27:2f:24:d7:20:
         23:7c:52:c1:47:3b:41:12:98:83:71:74:b0:90:0d:b5:44:19:
         eb:6d:27:f5:1d:5e:c6:c8:4f:7d:61:11:0a:06:57:69:c5:0b:
         23:25:7f:13:a3:f7:19:ac:04:18:37:12:15:9c:ee:82:57:d5:
         a7:38:88:0b:de:55:88:54:e2:d1:a2:09:f0:a7:92:a4:43:5c:
         a7:ae:1e:38:44:1c:df:5e:d2:2c:cb:4e:e5:b4:78:b8:58:ae:
         31:73:b4:79:50:87:67:13:5e:37:34:64:91:52:7f:98:51:6c:
         a6:fe:21:d6:cd:c8:aa:52:ca:6f:52:77:2d:31:4d:7a:e4:ee:
         0b:a7:45:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmafWbK1mKaremq5A/0ICCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmUwM2ZmN2QwYmZkZTMyODM5YzI4ZmVjODFjNjI3NWMw
NGQzM2YwHhcNMjUwMTAyMDk0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMzMTNlMDIxNjQwOTY0NThiNDNhYzVkZDRjNDg2NWYzZWNjNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqOX5HFj0CFwCXGu+wZcVsmBpCGj
d1FHRAY6hKnDg6l2BW+/3cVc5eZpwI31fwg21CSz7alB3rEX2KWoDlMeB/UE53mn
aF7TCD6Xxdn8cnkOQ0PAIGZszrsYdzppn5u+WiQnHsZ0zw5iJSlGeOS3qFYIY5YQ
gNo9+Qp4Zk/KhFgZ2sPvtAXZA/fhhWFOg/8zfcNQkkuHOWOQKm3sOjM9Lg6qKUgX
BQbXVQfPCFAI43tzXzFl+GH2ZuIOLdxUOz+B7iCaGv4FGHOxWWXpsIWL4CoiFcbf
+NW8cpTGVQSgA0IZ65eFQ5QofmTmRTIlsNDk1u93SBrBnqCvYypOlV0FeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIDDE+AhZAlkWLQ6xd1MSGXz7MSnMB8GA1UdIwQY
MBaAFMduA/99C/3jKDnCj+yBxidcBNM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDI0RF8zMExfZU1vT2NLUDdJSEdKMXdFMHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zMzQ3ZjctNTI1OS00MjM4LWFkYjYt
ODM1ZGUwZjU4OTJlLzEvZ01NVDRDRmtDV1JZdERyRjNVeElaZlBzeEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zMzQ3ZjctNTI1OS00MjM4LWFkYjYtODM1ZGUwZjU4OTJl
LzEveDI0RF8zMExfZU1vT2NLUDdJSEdKMXdFMHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWt4MA0E
AgACMAcDBQAqAMtAMA0GCSqGSIb3DQEBCwUAA4IBAQB+Pxd7f68wts3tICmtojVx
eRiGhP0BngxklVUbYdxOvY5ZOdj+SI2vETfag6m5t7r9PHaFifDOdiMAOYRjAv+j
u9rwQKW4AutjJa5RK9Fe9IGgS28g36VH2pJGKJJ4MfD14seLw7Ufltb44ontrDnO
P4e3M2kiczviJy8k1yAjfFLBRztBEpiDcXSwkA21RBnrbSf1HV7GyE99YREKBldp
xQsjJX8To/cZrAQYNxIVnO6CV9WnOIgL3lWIVOLRognwp5KkQ1ynrh44RBzfXtIs
y07ltHi4WK4xc7R5UIdnE143NGSRUn+YUWym/iHWzciqUspvUnctMU165O4Lp0Ul
-----END CERTIFICATE-----