Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/MFOwRigg7T0IpmuTkK8MdZdacMU.roa
File:                     MFOwRigg7T0IpmuTkK8MdZdacMU.roa (raw, json)
Hash identifier:          ubgFUDBCyQUuTeLWAGuqtZaYRtULxQY/t88lW5WioQE=
Subject key identifier:   30:53:B0:46:28:20:ED:3D:08:A6:6B:93:90:AF:0C:75:97:5A:70:C5
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0196FD3D4CABB2D122ED76C264A9A4D3BEED
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/MFOwRigg7T0IpmuTkK8MdZdacMU.roa
Signing time:             Fri 23 May 2025 13:02:55 +0000
ROA not before:           Fri 23 May 2025 13:02:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        5.102.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:3d:4c:ab:b2:d1:22:ed:76:c2:64:a9:a4:d3:be:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May 23 13:02:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3053b0462820ed3d08a66b9390af0c75975a70c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e7:b5:b7:e1:df:1b:8f:e9:1d:29:68:eb:00:
                    5d:74:41:54:cc:cf:2a:89:9a:19:f0:51:c0:31:88:
                    45:13:b4:6b:82:b6:df:91:91:f8:27:c1:ce:44:57:
                    a7:c8:b2:83:6c:15:6d:1f:fa:2f:82:8d:91:4e:64:
                    9a:78:ea:b7:b9:14:65:f9:ad:fd:bc:a0:83:d4:29:
                    a5:90:b4:bd:d2:95:81:15:bb:e6:6e:36:ca:41:9c:
                    dc:ae:b7:1a:85:ca:ea:e6:60:88:e3:b9:91:eb:72:
                    66:d4:99:21:42:2e:c3:12:21:36:00:2f:34:87:7d:
                    5a:92:ec:e3:f7:f6:c2:aa:67:a1:00:5c:be:d7:95:
                    5f:3a:a0:5d:5f:23:3a:70:58:38:c1:e0:95:71:f9:
                    77:9c:f0:f5:9b:ce:02:9c:7b:ab:e3:b8:3c:26:44:
                    a0:4e:fa:fc:8e:d1:15:fb:e5:18:01:89:3b:25:ad:
                    17:30:3d:14:12:ad:fd:96:d6:80:54:33:70:39:fe:
                    9d:31:a4:83:7e:b5:b4:60:23:0c:6d:bf:50:57:a8:
                    c4:a3:e9:8e:e3:71:90:fe:47:6d:95:db:f8:a4:e2:
                    f9:39:d5:57:14:ee:b2:a1:0d:5a:b9:1b:ac:8c:35:
                    fe:b4:89:f4:a0:0a:f3:12:11:ec:e1:cb:52:be:33:
                    33:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:53:B0:46:28:20:ED:3D:08:A6:6B:93:90:AF:0C:75:97:5A:70:C5
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/MFOwRigg7T0IpmuTkK8MdZdacMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:e9:5e:c5:c7:68:d7:ac:25:a3:10:eb:29:9b:b1:67:b7:80:
         6c:0d:3f:b9:f5:6b:79:a7:ef:a3:00:b0:9f:be:44:e0:3d:24:
         6b:05:cd:58:3a:40:bb:94:ee:2d:bd:3b:4e:c5:46:dc:2e:c2:
         1d:35:94:98:a7:dd:52:eb:af:ad:94:7c:f9:0e:e6:78:a8:8a:
         ac:5a:97:23:d5:b0:fb:85:f6:04:2d:e0:85:b4:7c:61:43:2c:
         d9:70:91:d1:a0:fd:e2:58:20:7b:fc:49:2c:94:75:a2:5d:af:
         2c:62:2d:a0:63:b5:87:3d:ae:70:cd:5e:e1:cf:01:f0:b5:5a:
         0f:d3:79:35:a9:51:db:9a:46:5d:99:1b:9a:24:51:e4:c2:e7:
         c8:5d:ee:f6:9b:27:65:8c:d4:3e:b2:60:42:26:b8:a8:50:f0:
         08:1c:5d:76:1e:37:2f:c3:76:e1:f7:6c:72:7b:02:e8:9e:13:
         af:c2:25:39:b6:a2:b5:9c:31:8a:b4:be:dd:cd:b4:30:f4:f4:
         7e:12:4a:cb:2e:c8:46:b1:c5:f8:58:02:00:fd:b8:64:34:c4:
         62:e3:9a:16:ff:92:ca:af:30:50:c9:78:99:c8:73:79:fd:fe:
         ac:55:c7:22:47:ff:dc:55:6f:2a:7b:5d:fd:56:bc:16:fc:c2:
         7f:06:99:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb9PUyrstEi7XbCZKmk077tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNTIzMTMwMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDUzYjA0NjI4MjBlZDNkMDhhNjZiOTM5MGFmMGM3NTk3NWE3MGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOe1t+HfG4/pHSlo6wBddEFUzM8q
iZoZ8FHAMYhFE7RrgrbfkZH4J8HORFenyLKDbBVtH/ovgo2RTmSaeOq3uRRl+a39
vKCD1CmlkLS90pWBFbvmbjbKQZzcrrcahcrq5mCI47mR63Jm1JkhQi7DEiE2AC80
h31akuzj9/bCqmehAFy+15VfOqBdXyM6cFg4weCVcfl3nPD1m84CnHur47g8JkSg
Tvr8jtEV++UYAYk7Ja0XMD0UEq39ltaAVDNwOf6dMaSDfrW0YCMMbb9QV6jEo+mO
43GQ/kdtldv4pOL5OdVXFO6yoQ1auRusjDX+tIn0oArzEhHs4ctSvjMzlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBTsEYoIO09CKZrk5CvDHWXWnDFMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvTUZPd1JpZ2c3VDBJcG11VGtLOE1kWmRhY01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZoMA0G
CSqGSIb3DQEBCwUAA4IBAQBP6V7Fx2jXrCWjEOspm7Fnt4BsDT+59Wt5p++jALCf
vkTgPSRrBc1YOkC7lO4tvTtOxUbcLsIdNZSYp91S66+tlHz5DuZ4qIqsWpcj1bD7
hfYELeCFtHxhQyzZcJHRoP3iWCB7/EkslHWiXa8sYi2gY7WHPa5wzV7hzwHwtVoP
03k1qVHbmkZdmRuaJFHkwufIXe72mydljNQ+smBCJrioUPAIHF12Hjcvw3bh92xy
ewLonhOvwiU5tqK1nDGKtL7dzbQw9PR+EkrLLshGscX4WAIA/bhkNMRi45oW/5LK
rzBQyXiZyHN5/f6sVcciR//cVW8qe139VrwW/MJ/BpnM
-----END CERTIFICATE-----