Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/McOsQMvjBBddr62PC0udNAkTiZE.roa
File:                     McOsQMvjBBddr62PC0udNAkTiZE.roa (raw, json)
Hash identifier:          XNiDpIia1i2lCsXP0+KatnkvQgNyXMN/LXGQLjKFa4c=
Subject key identifier:   31:C3:AC:40:CB:E3:04:17:5D:AF:AD:8F:0B:4B:9D:34:09:13:89:91
Certificate issuer:       /CN=e718670cc2810e4d18153b6e4e78413c1cf4ef8f
Certificate serial:       019424B3D129F0E46553F8D399FCC8C81F3D
Authority key identifier: E7:18:67:0C:C2:81:0E:4D:18:15:3B:6E:4E:78:41:3C:1C:F4:EF:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/McOsQMvjBBddr62PC0udNAkTiZE.roa
Signing time:             Thu 02 Jan 2025 01:49:11 +0000
ROA not before:           Thu 02 Jan 2025 01:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35328
IP address blocks:        195.68.234.0/23 maxlen: 23
                          195.68.234.0/24 maxlen: 24
                          195.68.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d1:29:f0:e4:65:53:f8:d3:99:fc:c8:c8:1f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e718670cc2810e4d18153b6e4e78413c1cf4ef8f
        Validity
            Not Before: Jan  2 01:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31c3ac40cbe304175dafad8f0b4b9d3409138991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:84:4b:f5:d0:59:87:3b:e7:3d:a1:90:9f:5a:
                    77:3a:56:04:60:13:e9:6b:7d:67:3f:a4:e0:8a:aa:
                    ed:d1:75:1f:78:8b:b6:cd:bc:f4:2f:98:be:7e:02:
                    f7:c5:b8:e0:f8:13:3c:f7:47:85:63:28:c8:75:d1:
                    f2:3a:a2:80:6e:57:28:34:96:3d:0e:73:81:41:3e:
                    9f:f6:d6:c9:6d:40:ef:46:33:82:19:cb:a8:6f:1d:
                    22:ec:61:07:66:01:2a:a8:3d:ce:c5:08:2e:55:92:
                    28:18:e2:95:a8:25:14:7e:bb:07:f8:51:88:a0:e1:
                    90:bb:b7:cd:50:a9:60:fb:3f:c4:2b:7e:e4:6c:b3:
                    77:c9:78:d2:af:b4:b6:1b:6a:c1:12:41:e4:a8:c9:
                    5f:e2:a0:f2:04:a3:96:06:55:1f:cd:c9:df:a8:34:
                    30:d2:56:e2:24:05:95:a9:33:ac:57:e1:15:71:eb:
                    71:6f:0b:cb:53:4c:34:a7:e8:52:62:89:e8:76:ba:
                    36:f9:91:57:e0:4a:c3:2e:d4:aa:c0:12:3f:7e:8b:
                    95:c4:be:c5:44:6a:8a:e7:99:64:da:ab:5d:b7:b9:
                    16:6a:d7:db:ed:a7:08:27:f9:d8:b4:64:40:7b:5e:
                    a9:78:7c:c4:0c:39:46:33:87:65:2d:93:f3:77:1a:
                    e5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C3:AC:40:CB:E3:04:17:5D:AF:AD:8F:0B:4B:9D:34:09:13:89:91
            X509v3 Authority Key Identifier:
                keyid:E7:18:67:0C:C2:81:0E:4D:18:15:3B:6E:4E:78:41:3C:1C:F4:EF:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5xhnDMKBDk0YFTtuTnhBPBz0748.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/McOsQMvjBBddr62PC0udNAkTiZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e5c7e6-a57b-4c57-b5a5-58ac05f4d954/1/5xhnDMKBDk0YFTtuTnhBPBz0748.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.68.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:d4:df:c2:6f:ae:e7:8e:0e:ad:34:72:59:15:4d:52:0f:d1:
         1a:c5:00:7e:82:ab:f7:a4:f3:fc:d8:76:39:68:45:55:33:3b:
         14:48:3a:0c:34:fe:b5:c3:95:bd:4a:4d:1d:fc:7c:30:b1:81:
         e4:cd:ba:72:5a:dd:55:13:dd:cd:82:54:ea:09:46:96:fd:fa:
         26:fb:7a:a7:3d:fe:05:50:ae:9f:39:8d:c2:3d:26:1f:c6:3e:
         ba:25:08:7b:fc:f5:15:bc:fd:8e:cb:e0:58:d2:bd:55:98:8c:
         1e:6f:1f:6b:51:e1:07:ee:13:f1:3c:db:04:cd:fd:fc:cb:04:
         79:14:13:83:ac:77:dc:1e:bd:bd:85:ec:73:c4:4a:1c:85:a3:
         e1:df:7d:c4:82:8f:fa:49:27:3b:a8:fa:e1:f6:27:c1:2d:b5:
         7d:3c:d7:f8:04:b7:7c:7f:e5:d4:84:b2:ff:b0:80:53:d0:10:
         e2:63:a3:02:32:9a:c3:4c:62:1c:1c:3a:c2:9d:d3:66:73:2c:
         0c:ce:6f:41:e6:7c:74:2e:e5:0f:06:e7:77:47:8c:dc:8e:42:
         ee:8e:44:6a:a8:2f:08:8d:b6:12:bc:17:4f:c4:17:8e:e5:b8:
         ad:3f:41:7e:b0:5f:7e:47:92:e0:37:9e:e4:45:09:d1:d5:6d:
         16:bf:95:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks9Ep8ORlU/jTmfzIyB89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MTg2NzBjYzI4MTBlNGQxODE1M2I2ZTRlNzg0MTNjMWNm
NGVmOGYwHhcNMjUwMTAyMDE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWMzYWM0MGNiZTMwNDE3NWRhZmFkOGYwYjRiOWQzNDA5MTM4OTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloRL9dBZhzvnPaGQn1p3OlYEYBPp
a31nP6Tgiqrt0XUfeIu2zbz0L5i+fgL3xbjg+BM890eFYyjIddHyOqKAblcoNJY9
DnOBQT6f9tbJbUDvRjOCGcuobx0i7GEHZgEqqD3OxQguVZIoGOKVqCUUfrsH+FGI
oOGQu7fNUKlg+z/EK37kbLN3yXjSr7S2G2rBEkHkqMlf4qDyBKOWBlUfzcnfqDQw
0lbiJAWVqTOsV+EVcetxbwvLU0w0p+hSYonodro2+ZFX4ErDLtSqwBI/fouVxL7F
RGqK55lk2qtdt7kWatfb7acIJ/nYtGRAe16peHzEDDlGM4dlLZPzdxrl3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHDrEDL4wQXXa+tjwtLnTQJE4mRMB8GA1UdIwQY
MBaAFOcYZwzCgQ5NGBU7bk54QTwc9O+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXhobkRNS0JEazBZRlR0dVRuaEJQQnowNzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lNWM3ZTYtYTU3Yi00YzU3LWI1YTUt
NThhYzA1ZjRkOTU0LzEvTWNPc1FNdmpCQmRkcjYyUEMwdWROQWtUaVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lNWM3ZTYtYTU3Yi00YzU3LWI1YTUtNThhYzA1ZjRkOTU0
LzEvNXhobkRNS0JEazBZRlR0dVRuaEJQQnowNzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0TqMA0G
CSqGSIb3DQEBCwUAA4IBAQCP1N/Cb67njg6tNHJZFU1SD9EaxQB+gqv3pPP82HY5
aEVVMzsUSDoMNP61w5W9Sk0d/HwwsYHkzbpyWt1VE93NglTqCUaW/fom+3qnPf4F
UK6fOY3CPSYfxj66JQh7/PUVvP2Oy+BY0r1VmIwebx9rUeEH7hPxPNsEzf38ywR5
FBODrHfcHr29hexzxEochaPh333Ego/6SSc7qPrh9ifBLbV9PNf4BLd8f+XUhLL/
sIBT0BDiY6MCMprDTGIcHDrCndNmcywMzm9B5nx0LuUPBud3R4zcjkLujkRqqC8I
jbYSvBdPxBeO5bitP0F+sF9+R5LgN57kRQnR1W0Wv5U4
-----END CERTIFICATE-----