Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/_MIxuIS-LegaBL97znvg1WzabyU.roa
File:                     _MIxuIS-LegaBL97znvg1WzabyU.roa (raw, json)
Hash identifier:          5RtCBYPc+OYibomGBA55iEQFagUqeM3We+U1ld2I49M=
Subject key identifier:   FC:C2:31:B8:84:BE:2D:E8:1A:04:BF:7B:CE:7B:E0:D5:6C:DA:6F:25
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC821C47E198E4BD444AB6D20F8475
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/_MIxuIS-LegaBL97znvg1WzabyU.roa
Signing time:             Thu 02 Jan 2025 07:48:12 +0000
ROA not before:           Thu 02 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209178
IP address blocks:        202.133.88.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:82:1c:47:e1:98:e4:bd:44:4a:b6:d2:0f:84:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcc231b884be2de81a04bf7bce7be0d56cda6f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:83:1c:44:fa:0e:61:59:6c:95:70:37:0e:60:
                    ed:f4:cc:b5:c9:5f:ac:4b:2b:88:1d:07:b7:d1:67:
                    07:9e:6e:63:20:5b:11:a1:94:4d:81:90:ad:f2:e8:
                    23:cd:87:35:db:46:a0:8b:d2:a4:c6:d9:38:49:2b:
                    d1:97:22:22:2d:cf:d0:5f:bf:e2:09:02:7d:85:5d:
                    0b:fc:33:2d:1a:c5:1e:90:d2:7f:22:c5:4c:73:44:
                    77:44:8a:00:66:af:2d:00:84:04:8c:6f:e6:b8:3d:
                    cb:b8:af:be:73:30:89:ec:79:d9:d9:4e:9f:cf:73:
                    d9:b3:29:64:7a:97:09:f5:ef:c0:a9:d6:52:30:bd:
                    ac:0b:f2:db:77:dd:71:35:23:66:bb:9e:d7:36:a1:
                    e5:86:9b:e3:bb:69:0d:e8:b0:69:c1:06:e9:7d:b9:
                    1f:ba:75:ba:b4:0b:74:09:36:14:9d:47:18:50:5b:
                    db:f8:6f:47:3e:fb:9a:fc:cb:17:79:88:9a:70:1b:
                    92:48:9b:56:60:6e:0c:89:cd:28:fd:d7:bc:a8:28:
                    0e:e4:c3:98:0f:1c:b7:08:88:1f:8f:94:42:44:f5:
                    51:5c:7c:66:7c:1a:1a:48:e7:1a:8b:71:1c:13:c2:
                    7e:28:35:c7:18:51:70:de:42:51:9d:ce:7f:cc:b8:
                    18:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:C2:31:B8:84:BE:2D:E8:1A:04:BF:7B:CE:7B:E0:D5:6C:DA:6F:25
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/_MIxuIS-LegaBL97znvg1WzabyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.133.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cf:fb:c9:9f:80:f8:b3:fc:0b:1c:ad:1b:99:e2:db:66:11:0a:
         61:b6:25:70:40:8a:b7:20:f9:ba:0f:15:62:d0:53:4f:7d:17:
         d1:e2:62:e9:d0:76:c9:28:2f:31:92:d1:6b:84:40:35:32:e9:
         72:a6:c6:94:ac:18:ea:71:b6:7b:d4:21:3f:04:65:7c:af:a2:
         15:34:1d:a5:61:81:70:11:d4:6b:8a:af:7a:9d:67:fa:59:43:
         92:1c:e0:13:ce:e5:cb:b3:47:31:e0:85:86:8e:9b:aa:de:c3:
         b4:f6:52:f9:5d:4a:e9:a4:e6:5d:40:1a:4d:24:ab:ad:14:67:
         bd:0a:f6:2d:5b:90:1f:81:3f:67:e9:e3:f7:8f:6b:ba:71:07:
         0e:ee:d0:4f:1f:68:28:a2:94:34:78:e4:6a:e9:7f:19:de:4f:
         bc:e4:a5:48:b4:1a:c3:cf:ec:ad:06:36:2f:78:ea:db:57:c8:
         cf:26:55:c1:2f:24:a0:40:96:cb:44:f1:22:f0:d5:95:a3:dc:
         f7:88:7c:de:3a:7e:56:16:e8:b9:89:11:61:58:1f:a2:d4:03:
         85:ce:82:a4:76:93:a1:02:2f:19:13:d1:dc:65:8d:01:b2:d9:
         41:36:03:19:99:ee:c3:9c:6d:80:f8:3f:75:67:9c:c4:70:08:
         27:5c:80:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/IIcR+GY5L1ESrbSD4R1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2MyMzFiODg0YmUyZGU4MWEwNGJmN2JjZTdiZTBkNTZjZGE2ZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIMcRPoOYVlslXA3DmDt9My1yV+s
SyuIHQe30WcHnm5jIFsRoZRNgZCt8ugjzYc120agi9Kkxtk4SSvRlyIiLc/QX7/i
CQJ9hV0L/DMtGsUekNJ/IsVMc0R3RIoAZq8tAIQEjG/muD3LuK++czCJ7HnZ2U6f
z3PZsylkepcJ9e/AqdZSML2sC/Lbd91xNSNmu57XNqHlhpvju2kN6LBpwQbpfbkf
unW6tAt0CTYUnUcYUFvb+G9HPvua/MsXeYiacBuSSJtWYG4Mic0o/de8qCgO5MOY
Dxy3CIgfj5RCRPVRXHxmfBoaSOcai3EcE8J+KDXHGFFw3kJRnc5/zLgYnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzCMbiEvi3oGgS/e8574NVs2m8lMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvX01JeHVJUy1MZWdhQkw5N3pudmcxV3phYnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCyoVYMA0G
CSqGSIb3DQEBCwUAA4IBAQDP+8mfgPiz/AscrRuZ4ttmEQphtiVwQIq3IPm6DxVi
0FNPfRfR4mLp0HbJKC8xktFrhEA1MulypsaUrBjqcbZ71CE/BGV8r6IVNB2lYYFw
EdRriq96nWf6WUOSHOATzuXLs0cx4IWGjpuq3sO09lL5XUrppOZdQBpNJKutFGe9
CvYtW5AfgT9n6eP3j2u6cQcO7tBPH2goopQ0eORq6X8Z3k+85KVItBrDz+ytBjYv
eOrbV8jPJlXBLySgQJbLRPEi8NWVo9z3iHzeOn5WFui5iRFhWB+i1AOFzoKkdpOh
Ai8ZE9HcZY0BstlBNgMZme7DnG2A+D91Z5zEcAgnXIDS
-----END CERTIFICATE-----