Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/d6c525-4a39-4db8-8c5d-46810613538a/1/_MQMYx9xEAXNW8G-FxQWiYAJhNI.roa
File:                     _MQMYx9xEAXNW8G-FxQWiYAJhNI.roa (raw, json)
Hash identifier:          meB7Tis9skTim35i/fw86z611JzvNuAdd94+5paFqzE=
Subject key identifier:   FC:C4:0C:63:1F:71:10:05:CD:5B:C1:BE:17:14:16:89:80:09:84:D2
Certificate issuer:       /CN=34958a58d17cab8ff9a79156f66bed5a78799f7e
Certificate serial:       018CC5007A30BAA6C722FA9C38BAB1F880AD
Authority key identifier: 34:95:8A:58:D1:7C:AB:8F:F9:A7:91:56:F6:6B:ED:5A:78:79:9F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJWKWNF8q4_5p5FW9mvtWnh5n34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/d6c525-4a39-4db8-8c5d-46810613538a/1/_MQMYx9xEAXNW8G-FxQWiYAJhNI.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        85.159.16.0/21 maxlen: 21
                          2a01:4d8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/d6c525-4a39-4db8-8c5d-46810613538a/1/NJWKWNF8q4_5p5FW9mvtWnh5n34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/d6c525-4a39-4db8-8c5d-46810613538a/1/NJWKWNF8q4_5p5FW9mvtWnh5n34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJWKWNF8q4_5p5FW9mvtWnh5n34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:7a:30:ba:a6:c7:22:fa:9c:38:ba:b1:f8:80:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34958a58d17cab8ff9a79156f66bed5a78799f7e
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcc40c631f711005cd5bc1be17141689800984d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:24:12:2e:61:a0:07:2f:e9:0e:19:bb:51:25:
                    fe:94:e7:72:42:dd:a5:f6:ce:b9:f3:38:db:b9:9b:
                    8b:19:05:24:23:c8:8b:31:ff:53:d9:45:71:fd:39:
                    88:21:7a:c7:0f:22:46:4a:bc:37:65:86:2d:a1:fe:
                    12:9f:42:db:21:23:d5:14:0b:28:c4:90:64:52:04:
                    7a:76:68:e8:2d:88:f4:c3:53:d1:19:1a:33:94:df:
                    99:10:d0:50:87:49:38:82:b0:d9:ac:bc:83:72:88:
                    14:9a:48:bc:a5:6d:ca:cd:e7:10:8f:17:b1:2d:8c:
                    28:b3:a9:06:3d:4c:f9:b4:77:a5:c4:26:17:29:da:
                    29:43:82:db:d6:3a:7a:82:c6:c4:80:d1:aa:33:f0:
                    d3:8d:f8:c9:c3:07:1f:c5:f7:ea:a6:ae:79:6c:51:
                    4c:b1:7d:11:df:ae:ba:7d:e4:ff:7f:e0:14:3f:ff:
                    0c:c4:e0:60:b2:5b:20:a3:10:2f:f8:c7:a9:27:56:
                    cd:fb:83:a6:51:6b:aa:2e:ab:a7:68:fd:89:ac:71:
                    f1:87:59:8c:b0:84:6c:0f:7e:41:bd:6d:25:6d:d1:
                    36:01:c8:60:5e:17:96:6c:4b:fe:80:91:77:0e:c1:
                    ba:2c:da:e4:f8:e9:02:93:e0:65:63:04:c0:9e:96:
                    e3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:C4:0C:63:1F:71:10:05:CD:5B:C1:BE:17:14:16:89:80:09:84:D2
            X509v3 Authority Key Identifier:
                keyid:34:95:8A:58:D1:7C:AB:8F:F9:A7:91:56:F6:6B:ED:5A:78:79:9F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJWKWNF8q4_5p5FW9mvtWnh5n34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d6c525-4a39-4db8-8c5d-46810613538a/1/_MQMYx9xEAXNW8G-FxQWiYAJhNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/d6c525-4a39-4db8-8c5d-46810613538a/1/NJWKWNF8q4_5p5FW9mvtWnh5n34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.159.16.0/21
                IPv6:
                  2a01:4d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:98:fb:dd:e6:be:c1:26:e1:dd:0f:ee:35:c2:e5:93:f5:5f:
         fd:a3:55:b7:35:3a:f0:ec:3a:9f:01:8d:17:bb:38:8d:49:f2:
         bb:d4:2a:37:66:d9:82:58:b3:20:17:30:23:5b:15:44:37:c5:
         21:13:09:95:01:e5:ae:ab:c9:5b:49:8f:54:9a:38:8b:df:e6:
         69:b0:e7:af:17:a3:c2:14:fd:58:e4:b4:f3:e6:3a:8a:ea:93:
         ae:68:b1:cc:d0:da:58:3c:d9:72:82:ce:23:20:6c:3b:b5:3d:
         ee:4e:88:21:6f:7a:80:95:7d:06:ad:fe:8b:25:62:76:57:43:
         42:d6:07:36:0b:53:de:df:6f:ef:19:ac:9d:26:7f:8b:73:b9:
         b4:4e:0d:13:2c:bc:9e:05:ee:80:19:2c:00:20:d6:0f:ba:85:
         5b:92:b0:1e:5a:75:2d:6a:a0:65:b7:1f:2f:df:78:1a:5f:fd:
         11:5b:20:c7:2f:26:36:72:88:af:40:7b:a0:36:f8:4e:6b:92:
         25:c9:1c:f0:05:e2:de:a7:18:81:a8:ff:98:7c:f6:54:eb:a3:
         5d:0f:b7:84:e2:89:e0:f0:06:11:e2:6f:fc:b3:6f:da:a4:51:
         ef:e9:3b:ce:9e:76:0d:fb:13:bf:5b:14:c5:e7:97:43:38:86:
         ec:59:31:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAHowuqbHIvqcOLqx+ICtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OTU4YTU4ZDE3Y2FiOGZmOWE3OTE1NmY2NmJlZDVhNzg3
OTlmN2UwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2M0MGM2MzFmNzExMDA1Y2Q1YmMxYmUxNzE0MTY4OTgwMDk4NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCQSLmGgBy/pDhm7USX+lOdyQt2l
9s658zjbuZuLGQUkI8iLMf9T2UVx/TmIIXrHDyJGSrw3ZYYtof4Sn0LbISPVFAso
xJBkUgR6dmjoLYj0w1PRGRozlN+ZENBQh0k4grDZrLyDcogUmki8pW3KzecQjxex
LYwos6kGPUz5tHelxCYXKdopQ4Lb1jp6gsbEgNGqM/DTjfjJwwcfxffqpq55bFFM
sX0R3666feT/f+AUP/8MxOBgslsgoxAv+MepJ1bN+4OmUWuqLqunaP2JrHHxh1mM
sIRsD35BvW0lbdE2AchgXheWbEv+gJF3DsG6LNrk+OkCk+BlYwTAnpbjmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzEDGMfcRAFzVvBvhcUFomACYTSMB8GA1UdIwQY
MBaAFDSViljRfKuP+aeRVvZr7Vp4eZ9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpXS1dORjhxNF81cDVGVzltdnRXbmg1bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9kNmM1MjUtNGEzOS00ZGI4LThjNWQt
NDY4MTA2MTM1MzhhLzEvX01RTVl4OXhFQVhOVzhHLUZ4UVdpWUFKaE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9kNmM1MjUtNGEzOS00ZGI4LThjNWQtNDY4MTA2MTM1Mzhh
LzEvTkpXS1dORjhxNF81cDVGVzltdnRXbmg1bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDVZ8QMA0E
AgACMAcDBQAqAQTYMA0GCSqGSIb3DQEBCwUAA4IBAQAwmPvd5r7BJuHdD+41wuWT
9V/9o1W3NTrw7DqfAY0XuziNSfK71Co3ZtmCWLMgFzAjWxVEN8UhEwmVAeWuq8lb
SY9UmjiL3+ZpsOevF6PCFP1Y5LTz5jqK6pOuaLHM0NpYPNlygs4jIGw7tT3uTogh
b3qAlX0Grf6LJWJ2V0NC1gc2C1Pe32/vGaydJn+Lc7m0Tg0TLLyeBe6AGSwAINYP
uoVbkrAeWnUtaqBltx8v33gaX/0RWyDHLyY2coivQHugNvhOa5IlyRzwBeLepxiB
qP+YfPZU66NdD7eE4ong8AYR4m/8s2/apFHv6TvOnnYN+xO/WxTF55dDOIbsWTHN
-----END CERTIFICATE-----