Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/Mr7THJO68NohwknMfTQKnqHV-vc.roa
File:                     Mr7THJO68NohwknMfTQKnqHV-vc.roa (raw, json)
Hash identifier:          knt9VF7cf9YizkNpPo4OGyLEE0z8MhXR+E+kt4mIdVA=
Subject key identifier:   32:BE:D3:1C:93:BA:F0:DA:21:C2:49:CC:7D:34:0A:9E:A1:D5:FA:F7
Certificate issuer:       /CN=c25cb7132c19f7d51f002ed4ad811aecf5b20f57
Certificate serial:       01942444A9410CA0F31197322B72D53A63BE
Authority key identifier: C2:5C:B7:13:2C:19:F7:D5:1F:00:2E:D4:AD:81:1A:EC:F5:B2:0F:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/Mr7THJO68NohwknMfTQKnqHV-vc.roa
Signing time:             Wed 01 Jan 2025 23:47:47 +0000
ROA not before:           Wed 01 Jan 2025 23:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31083
IP address blocks:        193.68.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a9:41:0c:a0:f3:11:97:32:2b:72:d5:3a:63:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c25cb7132c19f7d51f002ed4ad811aecf5b20f57
        Validity
            Not Before: Jan  1 23:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32bed31c93baf0da21c249cc7d340a9ea1d5faf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:20:9d:7b:3c:15:e3:f9:2f:da:b0:d4:ec:ea:
                    02:9c:4f:83:9c:7b:d7:9c:c5:45:0c:92:ff:8e:48:
                    d4:a4:ae:2a:e0:fd:49:5c:9e:22:69:f7:66:15:ce:
                    bf:f2:ea:6f:c6:ef:6f:65:40:28:a2:b5:88:9d:13:
                    f3:ea:31:a3:22:18:99:59:66:44:0b:5c:08:e8:e8:
                    27:09:f6:a5:a7:1b:fc:24:c1:8a:47:90:ed:00:e2:
                    6c:81:78:f3:cf:e2:50:c3:1e:f0:7b:18:5a:9f:b9:
                    46:72:19:cd:c9:3f:6d:d1:68:64:2a:c9:5f:70:d5:
                    40:3f:ac:42:93:8a:db:46:2b:7d:e7:e5:7f:a0:0f:
                    6f:5e:cf:f5:37:55:59:ed:15:8c:d5:7a:6b:66:64:
                    d1:10:94:6b:c2:e6:23:44:97:1d:e3:12:f5:fe:da:
                    79:93:34:0e:15:88:06:33:f2:5f:6d:18:e0:80:e0:
                    79:53:1a:00:05:5e:89:ee:38:ff:24:62:98:28:26:
                    ca:77:12:33:a1:10:98:ad:17:52:96:f9:e0:a9:42:
                    aa:be:51:a9:e3:4c:95:b9:01:db:8b:b3:91:42:55:
                    a9:0e:12:7d:4e:bf:b4:6d:b5:2a:e9:ec:2e:2d:72:
                    f3:09:ab:d0:48:1d:c7:d9:b7:1c:48:92:6a:56:e7:
                    4e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BE:D3:1C:93:BA:F0:DA:21:C2:49:CC:7D:34:0A:9E:A1:D5:FA:F7
            X509v3 Authority Key Identifier:
                keyid:C2:5C:B7:13:2C:19:F7:D5:1F:00:2E:D4:AD:81:1A:EC:F5:B2:0F:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wly3EywZ99UfAC7UrYEa7PWyD1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/Mr7THJO68NohwknMfTQKnqHV-vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/b27203-9d48-49a5-af25-49d40a13cbc2/1/wly3EywZ99UfAC7UrYEa7PWyD1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.68.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:72:e7:a5:34:f8:39:5f:84:aa:d0:7c:6d:1e:1c:fd:97:56:
         54:db:5b:55:82:e2:61:17:c8:16:8a:6f:8e:8b:04:8e:c3:d3:
         66:76:30:f8:b5:9e:07:f6:fd:96:e7:39:ea:78:76:84:9d:d7:
         4c:c4:fa:8d:29:6d:ab:3f:ba:76:9f:0a:28:3d:c3:d5:f4:58:
         b1:18:fb:99:2c:fd:91:84:95:68:11:23:55:f4:9d:1f:7d:a8:
         fc:de:68:de:44:d1:94:05:7a:b8:21:73:c0:32:27:bb:a1:50:
         17:28:b6:82:20:a3:8d:b6:74:30:6b:60:13:48:8e:cd:19:55:
         9e:ec:95:ba:10:0c:62:62:c1:58:fa:4f:cc:43:fe:73:44:97:
         7d:87:82:ee:d8:2c:27:ba:34:c2:f1:9b:93:3b:6c:6b:4f:8e:
         5c:ee:87:ce:c8:08:c9:60:7a:5e:4e:10:27:2b:e7:ab:43:a3:
         58:e8:0d:29:b2:2a:91:69:d4:9e:61:e8:ed:53:01:4d:b6:6b:
         c5:1f:3d:f8:39:31:de:91:ba:32:68:be:55:63:b1:e8:7a:7b:
         7e:78:be:2d:9a:21:cc:d7:15:c6:cb:19:5c:52:df:51:23:09:
         b2:b8:df:c4:4b:3d:62:61:d2:7e:99:92:76:89:23:21:d6:8e:
         7d:81:52:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKlBDKDzEZcyK3LVOmO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNWNiNzEzMmMxOWY3ZDUxZjAwMmVkNGFkODExYWVjZjVi
MjBmNTcwHhcNMjUwMTAxMjM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJlZDMxYzkzYmFmMGRhMjFjMjQ5Y2M3ZDM0MGE5ZWExZDVmYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziCdezwV4/kv2rDU7OoCnE+DnHvX
nMVFDJL/jkjUpK4q4P1JXJ4iafdmFc6/8upvxu9vZUAoorWInRPz6jGjIhiZWWZE
C1wI6OgnCfalpxv8JMGKR5DtAOJsgXjzz+JQwx7wexhan7lGchnNyT9t0WhkKslf
cNVAP6xCk4rbRit95+V/oA9vXs/1N1VZ7RWM1XprZmTREJRrwuYjRJcd4xL1/tp5
kzQOFYgGM/JfbRjggOB5UxoABV6J7jj/JGKYKCbKdxIzoRCYrRdSlvngqUKqvlGp
40yVuQHbi7ORQlWpDhJ9Tr+0bbUq6ewuLXLzCavQSB3H2bccSJJqVudOiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDK+0xyTuvDaIcJJzH00Cp6h1fr3MB8GA1UdIwQY
MBaAFMJctxMsGffVHwAu1K2BGuz1sg9XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2x5M0V5d1o5OVVmQUM3VXJZRWE3UFd5RDFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9iMjcyMDMtOWQ0OC00OWE1LWFmMjUt
NDlkNDBhMTNjYmMyLzEvTXI3VEhKTzY4Tm9od2tuTWZUUUtucUhWLXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9iMjcyMDMtOWQ0OC00OWE1LWFmMjUtNDlkNDBhMTNjYmMy
LzEvd2x5M0V5d1o5OVVmQUM3VXJZRWE3UFd5RDFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwUR3MA0G
CSqGSIb3DQEBCwUAA4IBAQAscuelNPg5X4Sq0HxtHhz9l1ZU21tVguJhF8gWim+O
iwSOw9NmdjD4tZ4H9v2W5znqeHaEnddMxPqNKW2rP7p2nwooPcPV9FixGPuZLP2R
hJVoESNV9J0ffaj83mjeRNGUBXq4IXPAMie7oVAXKLaCIKONtnQwa2ATSI7NGVWe
7JW6EAxiYsFY+k/MQ/5zRJd9h4Lu2CwnujTC8ZuTO2xrT45c7ofOyAjJYHpeThAn
K+erQ6NY6A0psiqRadSeYejtUwFNtmvFHz34OTHekboyaL5VY7Hoent+eL4tmiHM
1xXGyxlcUt9RIwmyuN/ESz1iYdJ+mZJ2iSMh1o59gVL5
-----END CERTIFICATE-----