Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/mrfqZX09-GYD22YGA7OHI1KATR0.roa
File:                     mrfqZX09-GYD22YGA7OHI1KATR0.roa (raw, json)
Hash identifier:          iAu2ErUzWfhvcM5+CamqqvdYTRwJsRA5N+3mtIKS/Kc=
Subject key identifier:   9A:B7:EA:65:7D:3D:F8:66:03:DB:66:06:03:B3:87:23:52:80:4D:1D
Certificate issuer:       /CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Certificate serial:       019421B215EE2A1E3D57905F03C6FDC7DD70
Authority key identifier: CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/mrfqZX09-GYD22YGA7OHI1KATR0.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3221
IP address blocks:        171.22.244.0/22 maxlen: 22
                          193.40.0.0/16 maxlen: 16
                          2001:bb8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 02:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:15:ee:2a:1e:3d:57:90:5f:03:c6:fd:c7:dd:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ab7ea657d3df86603db660603b3872352804d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3d:14:a7:6f:c8:6e:c1:7d:39:b3:4a:7b:05:
                    e2:de:50:92:d9:73:05:36:56:46:fb:e1:3d:f9:b6:
                    a9:2b:db:df:aa:62:41:c6:f5:2f:af:b3:f5:5c:74:
                    ff:64:cd:75:96:42:fd:88:f1:32:5c:0f:5e:81:c4:
                    22:6b:f2:d7:0d:d5:39:75:0c:80:20:62:bc:f7:85:
                    52:d3:c2:c6:b5:c9:b2:96:c4:6e:42:2e:e1:d5:cc:
                    b0:79:08:db:8b:8b:a6:d0:21:2e:d5:9d:ef:a6:14:
                    c8:47:fd:c8:63:5f:0b:95:31:e8:d2:c6:d2:91:13:
                    d9:f4:74:6e:d7:69:94:c0:33:bb:c6:2a:22:9f:a7:
                    09:d9:f4:59:01:28:5c:bf:c2:ef:b4:19:55:b8:42:
                    33:ef:93:b4:83:4a:1a:dd:70:f8:63:06:b7:26:6b:
                    05:3a:de:c2:99:c1:72:ff:b3:d7:4e:11:95:06:4d:
                    43:04:b6:32:21:61:1a:ba:59:3a:70:4b:b8:7e:b2:
                    94:c2:99:db:48:16:9e:90:13:c6:82:dc:63:0a:b1:
                    8a:26:0d:94:ee:b9:70:c0:02:10:d6:dc:b9:0f:26:
                    1b:da:8a:cc:cc:64:d8:a6:a2:b6:bd:2b:f3:9f:3c:
                    6a:ce:8e:b7:51:e9:bd:eb:ce:9c:df:ff:85:ca:03:
                    ef:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B7:EA:65:7D:3D:F8:66:03:DB:66:06:03:B3:87:23:52:80:4D:1D
            X509v3 Authority Key Identifier:
                keyid:CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/mrfqZX09-GYD22YGA7OHI1KATR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.244.0/22
                  193.40.0.0/16
                IPv6:
                  2001:bb8::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:fc:6a:48:e4:14:32:7d:71:62:26:20:ec:d1:df:3f:8c:c4:
         01:a8:65:e2:92:d8:d7:be:44:d7:a1:5b:d8:4b:94:ff:e0:0f:
         e3:4f:ab:23:5f:4a:57:25:c5:67:c0:37:b2:2f:c8:07:51:c0:
         2c:48:78:b9:23:cb:44:8c:46:c6:14:ee:40:be:9a:6b:28:ca:
         37:56:c8:41:2f:93:ea:9f:32:f2:fa:6a:3f:ef:74:c3:c6:e0:
         88:8d:6b:7d:4e:83:3b:61:92:d8:9a:64:4a:7e:15:f9:fe:80:
         7e:20:c7:8f:d4:27:62:f3:2b:57:e4:8d:5b:85:e6:0b:a3:ff:
         bc:76:f8:2a:d5:26:8f:aa:fd:d7:90:da:cb:d0:c3:2e:e5:a3:
         74:33:1f:da:bb:42:68:30:f0:62:3c:5f:30:ba:95:e4:ab:f6:
         ac:4c:56:55:7c:1f:c1:32:bb:29:4c:ad:12:be:e2:70:b5:f2:
         9a:b8:2e:c9:f6:f7:a6:cf:e5:92:69:b7:a2:1e:82:f3:1e:0e:
         b4:79:84:af:b2:eb:94:b0:8e:b7:69:c5:23:12:e2:ba:8a:1d:
         09:a2:d6:cb:06:97:ea:99:97:77:2e:95:e4:75:78:7a:43:84:
         cc:26:b5:ca:68:ea:76:43:b1:9e:0b:03:bc:5f:5c:47:1f:69:
         f0:cf:3c:c8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQhshXuKh49V5BfA8b9x91wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTBkZjgyMTIxNDM4MjcxYzkxM2MyNGZmNTBmZDNiNjJk
NDBkYzYwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWI3ZWE2NTdkM2RmODY2MDNkYjY2MDYwM2IzODcyMzUyODA0ZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT0Up2/IbsF9ObNKewXi3lCS2XMF
NlZG++E9+bapK9vfqmJBxvUvr7P1XHT/ZM11lkL9iPEyXA9egcQia/LXDdU5dQyA
IGK894VS08LGtcmylsRuQi7h1cyweQjbi4um0CEu1Z3vphTIR/3IY18LlTHo0sbS
kRPZ9HRu12mUwDO7xioin6cJ2fRZAShcv8LvtBlVuEIz75O0g0oa3XD4Ywa3JmsF
Ot7CmcFy/7PXThGVBk1DBLYyIWEaulk6cEu4frKUwpnbSBaekBPGgtxjCrGKJg2U
7rlwwAIQ1ty5DyYb2orMzGTYpqK2vSvznzxqzo63Uem9686c3/+FygPvpwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJq36mV9PfhmA9tmBgOzhyNSgE0dMB8GA1UdIwQY
MBaAFM/g34ISFDgnHJE8JP9Q/Tti1A3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMt
ZjJjNzkyMmZhZjMyLzEvbXJmcVpYMDktR1lEMjJZR0E3T0hJMUtBVFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMtZjJjNzkyMmZhZjMy
LzEvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwQCqxb0AwMA
wSgwDQQCAAIwBwMFACABC7gwDQYJKoZIhvcNAQELBQADggEBAKv8akjkFDJ9cWIm
IOzR3z+MxAGoZeKS2Ne+RNehW9hLlP/gD+NPqyNfSlclxWfAN7IvyAdRwCxIeLkj
y0SMRsYU7kC+mmsoyjdWyEEvk+qfMvL6aj/vdMPG4IiNa31OgzthktiaZEp+Ffn+
gH4gx4/UJ2LzK1fkjVuF5guj/7x2+CrVJo+q/deQ2svQwy7lo3QzH9q7Qmgw8GI8
XzC6leSr9qxMVlV8H8EyuylMrRK+4nC18pq4Lsn296bP5ZJpt6IegvMeDrR5hK+y
65SwjrdpxSMS4rqKHQmi1ssGl+qZl3culeR1eHpDhMwmtcpo6nZDsZ4LA7xfXEcf
afDPPMg=
-----END CERTIFICATE-----