Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/pMWYMk5E8apDZjID5xg8ZWI7q2Q.roa
File:                     pMWYMk5E8apDZjID5xg8ZWI7q2Q.roa (raw, json)
Hash identifier:          O8VcfnFdUxkDZWidE7dwEW7N8GO5oTVnEYxaKabhJDo=
Subject key identifier:   A4:C5:98:32:4E:44:F1:AA:43:66:32:03:E7:18:3C:65:62:3B:AB:64
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0195F266FA90291EF991425A21BC53724913
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/pMWYMk5E8apDZjID5xg8ZWI7q2Q.roa
Signing time:             Tue 01 Apr 2025 17:29:49 +0000
ROA not before:           Tue 01 Apr 2025 17:29:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9050
IP address blocks:        94.177.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f2:66:fa:90:29:1e:f9:91:42:5a:21:bc:53:72:49:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Apr  1 17:29:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4c598324e44f1aa43663203e7183c65623bab64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:91:52:15:01:1e:6a:ea:8f:f0:47:c5:32:4f:
                    1f:4c:b9:ef:c8:a4:b7:25:f4:12:99:2f:65:dc:f3:
                    74:a3:40:3e:06:8b:7f:95:2b:3f:ad:54:2b:20:c7:
                    3a:23:b4:35:2b:6a:0d:93:88:4e:c0:2b:66:f3:d4:
                    17:60:8b:e0:f0:d8:0c:26:97:b1:d3:19:b0:a1:52:
                    4f:cf:d4:18:dd:e9:58:b3:2b:80:39:b2:01:99:0f:
                    6e:30:e0:0c:b5:12:c3:b8:4f:e0:93:e8:b5:1c:2b:
                    92:23:2a:31:60:42:be:48:00:d8:3a:49:81:bc:6e:
                    c5:9f:a2:d2:03:f4:07:b9:71:da:f3:30:18:43:2a:
                    73:f9:d8:5d:76:8b:71:77:02:5d:a3:5b:d3:1a:05:
                    33:80:25:e6:d6:33:02:3f:c7:00:1e:8b:ed:d8:46:
                    51:2e:0e:55:ce:b1:7d:02:c4:a7:8c:ad:5d:a9:28:
                    09:24:7d:9b:1f:d1:d2:99:74:f9:e2:02:6a:f5:fc:
                    04:25:f1:83:e3:3d:4b:32:ed:86:0c:83:13:52:5b:
                    2a:63:25:06:fb:d5:00:1b:66:b6:1d:d6:8b:3d:17:
                    a7:5a:9d:49:bf:ad:1f:bd:c6:67:23:85:c6:6d:a2:
                    c0:24:97:57:62:cc:07:60:83:78:6b:6b:7d:b2:4a:
                    30:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C5:98:32:4E:44:F1:AA:43:66:32:03:E7:18:3C:65:62:3B:AB:64
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/pMWYMk5E8apDZjID5xg8ZWI7q2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:d2:f4:39:6e:5c:9f:8c:b2:69:b6:10:47:3b:31:44:5d:a8:
         1f:d4:c5:0f:ba:33:9a:3e:10:a6:24:10:16:4e:f9:9f:3f:ed:
         b0:af:90:99:85:1e:93:a1:63:b6:ab:97:7f:88:f8:55:96:e4:
         17:64:7a:6b:53:10:50:85:31:5f:32:53:3c:f7:ed:80:8f:bc:
         ba:b2:94:0e:a5:b5:41:9f:85:b4:d6:37:32:77:80:19:d0:da:
         a6:85:02:e3:73:47:77:51:0a:e1:76:09:5e:8f:d6:7b:ee:96:
         4d:9d:63:cf:03:40:b5:f7:02:8b:30:bd:ef:ef:0f:06:99:b0:
         ed:66:60:23:ef:19:38:d7:bd:be:58:2e:fd:1e:ed:fd:2a:e0:
         b5:1c:f8:52:4c:08:a5:fe:52:17:8c:b7:38:cd:69:ba:88:2c:
         b2:96:a5:a2:99:6b:4e:f1:60:5f:34:05:f1:c0:c8:f4:4c:c9:
         31:38:e1:c2:36:11:97:b2:bf:6c:81:4a:6a:0c:99:b4:de:1f:
         31:1b:8f:5e:ad:37:0b:be:2d:57:c9:68:69:74:6b:8b:5e:17:
         f0:5d:46:f3:75:9d:fe:32:46:08:1d:c3:7d:f6:b3:93:ea:e8:
         ef:b5:4b:43:7e:87:95:22:ff:53:73:37:ab:b0:55:e7:9f:e4:
         52:70:0c:23
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZXyZvqQKR75kUJaIbxTckkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwNDAxMTcyOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM1OTgzMjRlNDRmMWFhNDM2NjMyMDNlNzE4M2M2NTYyM2JhYjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpFSFQEeauqP8EfFMk8fTLnvyKS3
JfQSmS9l3PN0o0A+Bot/lSs/rVQrIMc6I7Q1K2oNk4hOwCtm89QXYIvg8NgMJpex
0xmwoVJPz9QY3elYsyuAObIBmQ9uMOAMtRLDuE/gk+i1HCuSIyoxYEK+SADYOkmB
vG7Fn6LSA/QHuXHa8zAYQypz+dhddotxdwJdo1vTGgUzgCXm1jMCP8cAHovt2EZR
Lg5VzrF9AsSnjK1dqSgJJH2bH9HSmXT54gJq9fwEJfGD4z1LMu2GDIMTUlsqYyUG
+9UAG2a2HdaLPRenWp1Jv60fvcZnI4XGbaLAJJdXYswHYIN4a2t9skowfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKTFmDJORPGqQ2YyA+cYPGViO6tkMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3BNV1lNazVFOGFwRFpqSUQ1eGc4WldJN3EyUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABesWsw
DQYJKoZIhvcNAQELBQADggEBAGXS9DluXJ+Msmm2EEc7MURdqB/UxQ+6M5o+EKYk
EBZO+Z8/7bCvkJmFHpOhY7arl3+I+FWW5BdkemtTEFCFMV8yUzz37YCPvLqylA6l
tUGfhbTWNzJ3gBnQ2qaFAuNzR3dRCuF2CV6P1nvulk2dY88DQLX3Aoswve/vDwaZ
sO1mYCPvGTjXvb5YLv0e7f0q4LUc+FJMCKX+UheMtzjNabqILLKWpaKZa07xYF80
BfHAyPRMyTE44cI2EZeyv2yBSmoMmbTeHzEbj16tNwu+LVfJaGl0a4teF/BdRvN1
nf4yRggdw332s5Pq6O+1S0N+h5Ui/1NzN6uwVeef5FJwDCM=
-----END CERTIFICATE-----