Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MPhZ4_3v9NN-YA4iJgikeLST2qw.roa
File:                     MPhZ4_3v9NN-YA4iJgikeLST2qw.roa (raw, json)
Hash identifier:          onI1xHLaUVLI9LGeUHoHQIHxaIBmJvgu9du4B6vt2Sw=
Subject key identifier:   30:F8:59:E3:FD:EF:F4:D3:7E:60:0E:22:26:08:A4:78:B4:93:DA:AC
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747BE725893FE88439136A15D348C30
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MPhZ4_3v9NN-YA4iJgikeLST2qw.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41500
IP address blocks:        185.17.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:be:72:58:93:fe:88:43:91:36:a1:5d:34:8c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30f859e3fdeff4d37e600e222608a478b493daac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:01:bb:40:f5:5a:70:9c:f3:f1:60:a5:e1:ba:
                    db:1b:25:45:5c:d8:30:6d:23:c6:e2:eb:4d:b9:ac:
                    e1:72:71:40:47:20:9e:f8:83:0e:fe:a2:15:21:ed:
                    07:f6:b6:d8:a1:de:0f:62:55:84:7b:95:5f:dd:09:
                    9e:4b:e0:51:e0:72:b2:ea:d9:e6:ec:23:31:5a:e0:
                    55:a5:1a:e8:15:77:f7:82:a1:f2:62:e5:62:a9:02:
                    da:95:b6:0d:f0:af:df:2b:e5:d8:64:be:e7:e5:6b:
                    89:b0:ea:44:4f:9d:cd:17:0a:35:77:cf:ba:db:66:
                    d4:bb:6f:65:5d:cf:c0:42:cf:44:38:be:44:b1:fc:
                    20:19:4c:d8:f1:bf:86:cc:23:19:eb:93:e7:63:04:
                    31:ca:3d:12:6e:7e:16:5c:52:0c:2a:da:f3:9a:0d:
                    b3:c7:cc:07:ff:9a:59:5c:83:8a:72:81:b7:5e:a1:
                    bb:e0:9d:1f:48:51:ca:73:33:ff:71:3d:12:c7:c9:
                    4e:03:20:c4:e8:b0:7c:34:f6:b3:31:2b:fb:e7:c3:
                    0f:23:23:35:22:1a:47:41:e0:db:bc:52:62:bc:b8:
                    43:c8:6c:ee:dc:b2:01:57:a5:7b:e1:0a:c4:d2:b2:
                    23:79:9b:63:51:b1:32:34:8d:00:2c:50:58:9f:ab:
                    41:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F8:59:E3:FD:EF:F4:D3:7E:60:0E:22:26:08:A4:78:B4:93:DA:AC
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MPhZ4_3v9NN-YA4iJgikeLST2qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:74:05:32:1a:d1:94:88:46:d7:30:1c:7f:ef:80:59:bb:b4:
         9e:5f:54:93:29:ba:cd:a9:84:06:e3:81:7c:cf:86:97:e5:3f:
         c7:a3:97:d8:65:b7:c7:04:12:e1:fe:e8:bf:3e:11:58:32:aa:
         5e:ce:13:d4:87:4a:2c:e1:50:5b:50:1e:ce:32:a6:67:b0:33:
         6f:a9:ba:21:7c:a2:85:5a:86:93:25:c4:8e:6c:7f:c5:ac:3c:
         0f:1b:ef:55:f8:95:6b:9f:c2:64:8a:0b:8c:af:61:55:c2:70:
         f8:75:d8:22:5f:97:9b:23:8c:91:f6:2e:d1:8f:26:ed:76:c3:
         4a:da:f3:b2:8c:d6:d9:a0:9d:1f:df:d8:46:2b:3c:05:e8:52:
         46:74:82:b1:47:29:3c:0f:f6:d1:54:88:ae:7e:35:a4:f0:d6:
         73:eb:cc:ea:56:fb:90:3e:6b:91:f1:ed:b6:da:1b:f5:35:12:
         24:dd:97:c3:cf:9f:e5:c5:76:75:c0:df:42:ad:b2:ef:a1:5b:
         50:66:3a:22:e0:62:1a:d7:d5:1f:6a:22:df:0d:ca:a0:01:fd:
         05:96:64:2d:71:8d:21:9c:38:4c:08:8e:34:1f:75:87:21:d6:
         02:86:db:03:ac:b2:8e:63:e1:9a:7a:68:7d:8c:ec:13:ab:6f:
         cd:37:8b:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR75yWJP+iEORNqFdNIwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGY4NTllM2ZkZWZmNGQzN2U2MDBlMjIyNjA4YTQ3OGI0OTNkYWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QG7QPVacJzz8WCl4brbGyVFXNgw
bSPG4utNuazhcnFARyCe+IMO/qIVIe0H9rbYod4PYlWEe5Vf3QmeS+BR4HKy6tnm
7CMxWuBVpRroFXf3gqHyYuViqQLalbYN8K/fK+XYZL7n5WuJsOpET53NFwo1d8+6
22bUu29lXc/AQs9EOL5EsfwgGUzY8b+GzCMZ65PnYwQxyj0Sbn4WXFIMKtrzmg2z
x8wH/5pZXIOKcoG3XqG74J0fSFHKczP/cT0Sx8lOAyDE6LB8NPazMSv758MPIyM1
IhpHQeDbvFJivLhDyGzu3LIBV6V74QrE0rIjeZtjUbEyNI0ALFBYn6tBjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDD4WeP97/TTfmAOIiYIpHi0k9qsMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvTVBoWjRfM3Y5Tk4tWUE0aUpnaWtlTFNUMnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRFDMA0G
CSqGSIb3DQEBCwUAA4IBAQBRdAUyGtGUiEbXMBx/74BZu7SeX1STKbrNqYQG44F8
z4aX5T/Ho5fYZbfHBBLh/ui/PhFYMqpezhPUh0os4VBbUB7OMqZnsDNvqbohfKKF
WoaTJcSObH/FrDwPG+9V+JVrn8JkiguMr2FVwnD4ddgiX5ebI4yR9i7RjybtdsNK
2vOyjNbZoJ0f39hGKzwF6FJGdIKxRyk8D/bRVIiufjWk8NZz68zqVvuQPmuR8e22
2hv1NRIk3ZfDz5/lxXZ1wN9CrbLvoVtQZjoi4GIa19UfaiLfDcqgAf0FlmQtcY0h
nDhMCI40H3WHIdYChtsDrLKOY+Gaemh9jOwTq2/NN4tw
-----END CERTIFICATE-----