Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/Mj6kVf-nrE1NYiqJlug5cM5glQE.roa
File:                     Mj6kVf-nrE1NYiqJlug5cM5glQE.roa (raw, json)
Hash identifier:          HcvHVqiz7Km+wIBOpztgtj90hN9vWS8X94zeJWc6MzQ=
Subject key identifier:   32:3E:A4:55:FF:A7:AC:4D:4D:62:2A:89:96:E8:39:70:CE:60:95:01
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5A47B3664FD02F97918FBC3DF1F79
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/Mj6kVf-nrE1NYiqJlug5cM5glQE.roa
Signing time:             Wed 01 Jan 2025 07:47:39 +0000
ROA not before:           Wed 01 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        90.84.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a4:7b:36:64:fd:02:f9:79:18:fb:c3:df:1f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=323ea455ffa7ac4d4d622a8996e83970ce609501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:85:be:79:22:76:9a:65:c2:a3:19:a1:56:5e:
                    be:85:74:92:e3:b9:39:32:5e:92:2b:90:33:1d:22:
                    b7:10:a8:4d:dd:74:a9:85:8e:42:0e:35:4f:83:bd:
                    41:ba:38:33:fb:4e:28:bd:03:61:d1:8b:72:ae:d9:
                    bb:82:5d:6c:ef:6f:f1:2e:a4:fc:9c:99:96:e8:8c:
                    9a:51:22:45:ef:18:8d:c3:41:e1:46:11:8c:96:8a:
                    e7:81:3e:14:13:0c:56:8c:e5:1f:64:87:37:e2:51:
                    37:dc:0e:3a:02:54:fb:93:ab:1d:ce:8a:26:ad:99:
                    1f:41:6f:76:c0:53:19:52:67:fb:94:33:e3:88:38:
                    c0:f7:38:a7:5a:6c:1f:43:e7:f5:e4:4f:da:92:b9:
                    14:fc:45:ef:ed:3a:03:3c:52:3d:10:72:7a:75:9c:
                    15:15:57:8d:fc:67:30:bc:73:29:98:d3:22:ce:b9:
                    28:dd:7b:16:84:19:fd:6f:ad:5c:0f:10:d6:2c:e9:
                    48:b0:05:e2:82:34:8b:84:30:51:f3:2c:f3:dd:c9:
                    36:48:13:cf:72:fa:e2:d0:c9:84:91:06:fd:5b:50:
                    a0:9a:fb:e0:2c:d6:a8:12:c3:b2:09:fc:cd:a9:f7:
                    8c:92:cc:49:97:37:d2:6d:19:5e:04:93:be:85:5c:
                    49:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3E:A4:55:FF:A7:AC:4D:4D:62:2A:89:96:E8:39:70:CE:60:95:01
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/Mj6kVf-nrE1NYiqJlug5cM5glQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.84.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:74:d4:9e:29:85:4e:d6:7d:23:93:86:07:71:37:ff:ba:cd:
         b5:97:f9:29:1e:4d:2f:00:23:14:11:c5:f5:a7:fe:32:23:d4:
         65:88:b9:d4:34:ab:0d:8c:26:78:a0:ef:68:a8:bd:26:e6:44:
         e8:5b:e5:f5:54:01:22:fc:32:d9:ca:81:05:c3:53:9d:52:5a:
         c8:6a:2e:bc:d2:bc:b8:f7:de:e4:0b:57:00:95:97:d2:67:02:
         9f:24:d1:f0:0b:39:4d:5a:81:4c:01:04:c2:aa:63:56:e7:e9:
         c3:8c:7d:9c:a2:97:07:33:63:4c:6d:9f:a0:a8:ec:0f:5d:03:
         36:45:2d:d7:36:4c:5c:c3:4e:e4:88:71:89:4a:20:b8:16:5a:
         cb:3c:35:c6:36:87:65:bf:77:c2:75:06:01:41:1c:ba:09:c0:
         b7:56:2f:df:bd:ef:38:5e:27:8f:bc:bf:1f:7d:b3:d9:52:c6:
         3d:36:11:f6:2d:ac:a6:a2:62:13:2f:89:e0:dd:68:09:46:4c:
         fe:8d:92:22:1c:0b:25:94:20:9a:67:a5:5f:25:64:3f:09:bb:
         9b:01:ae:2f:71:bd:98:a1:34:4b:e3:28:a1:e4:81:bb:2f:0f:
         7d:17:14:88:1b:56:47:e7:f8:86:6d:fa:4a:be:78:e8:f0:e6:
         26:69:e9:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1aR7NmT9Avl5GPvD3x95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNlYTQ1NWZmYTdhYzRkNGQ2MjJhODk5NmU4Mzk3MGNlNjA5NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoW+eSJ2mmXCoxmhVl6+hXSS47k5
Ml6SK5AzHSK3EKhN3XSphY5CDjVPg71Bujgz+04ovQNh0Ytyrtm7gl1s72/xLqT8
nJmW6IyaUSJF7xiNw0HhRhGMlorngT4UEwxWjOUfZIc34lE33A46AlT7k6sdzoom
rZkfQW92wFMZUmf7lDPjiDjA9zinWmwfQ+f15E/akrkU/EXv7ToDPFI9EHJ6dZwV
FVeN/GcwvHMpmNMizrko3XsWhBn9b61cDxDWLOlIsAXigjSLhDBR8yzz3ck2SBPP
cvri0MmEkQb9W1CgmvvgLNaoEsOyCfzNqfeMksxJlzfSbRleBJO+hVxJ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDI+pFX/p6xNTWIqiZboOXDOYJUBMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvTWo2a1ZmLW5yRTFOWWlxSmx1ZzVjTTVnbFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWlQKMA0G
CSqGSIb3DQEBCwUAA4IBAQBVdNSeKYVO1n0jk4YHcTf/us21l/kpHk0vACMUEcX1
p/4yI9RliLnUNKsNjCZ4oO9oqL0m5kToW+X1VAEi/DLZyoEFw1OdUlrIai680ry4
997kC1cAlZfSZwKfJNHwCzlNWoFMAQTCqmNW5+nDjH2copcHM2NMbZ+gqOwPXQM2
RS3XNkxcw07kiHGJSiC4FlrLPDXGNodlv3fCdQYBQRy6CcC3Vi/fve84XiePvL8f
fbPZUsY9NhH2LaymomITL4ng3WgJRkz+jZIiHAsllCCaZ6VfJWQ/CbubAa4vcb2Y
oTRL4yih5IG7Lw99FxSIG1ZH5/iGbfpKvnjo8OYmaelY
-----END CERTIFICATE-----