Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/23cbdd-139f-468d-88c3-f7942ca328f9/1/mcWI4GIqipBUvrnwIHMQKmS2RCg.roa
File:                     mcWI4GIqipBUvrnwIHMQKmS2RCg.roa (raw, json)
Hash identifier:          RNQDLaE2tgJjxnmWK+M407e+BB24q00+oDFiCmR/ZNI=
Subject key identifier:   99:C5:88:E0:62:2A:8A:90:54:BE:B9:F0:20:73:10:2A:64:B6:44:28
Certificate issuer:       /CN=fd2a983858c685ae30ee035e8a030542488c5f0b
Certificate serial:       01941FFA7A9033C52CBA786A69023722F7D7
Authority key identifier: FD:2A:98:38:58:C6:85:AE:30:EE:03:5E:8A:03:05:42:48:8C:5F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SqYOFjGha4w7gNeigMFQkiMXws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/23cbdd-139f-468d-88c3-f7942ca328f9/1/mcWI4GIqipBUvrnwIHMQKmS2RCg.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201049
IP address blocks:        185.87.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/23cbdd-139f-468d-88c3-f7942ca328f9/1/_SqYOFjGha4w7gNeigMFQkiMXws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/23cbdd-139f-468d-88c3-f7942ca328f9/1/_SqYOFjGha4w7gNeigMFQkiMXws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SqYOFjGha4w7gNeigMFQkiMXws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7a:90:33:c5:2c:ba:78:6a:69:02:37:22:f7:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd2a983858c685ae30ee035e8a030542488c5f0b
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99c588e0622a8a9054beb9f02073102a64b64428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:03:35:87:b5:29:b5:ce:f8:f8:c6:92:15:ff:
                    34:94:ad:50:ef:03:90:00:c6:e2:da:6f:6b:0d:cd:
                    f4:82:87:57:7b:5b:5e:b4:63:ef:8c:89:fd:6a:4c:
                    3f:2b:f2:3d:96:d4:1e:a1:31:b2:8d:e6:cb:49:e1:
                    88:6e:54:34:1e:59:33:6f:da:ce:2b:f3:6b:2b:86:
                    c6:9d:29:c6:6a:c5:a5:7c:d3:49:93:f6:f1:41:2c:
                    73:7a:a0:59:f1:be:d8:51:71:be:a3:c2:d8:18:b6:
                    a1:22:ab:ed:12:2c:b9:4c:11:19:41:78:81:d0:9a:
                    9c:78:28:76:cb:24:40:87:c4:7d:4a:2c:4e:83:9e:
                    b1:a7:5d:63:d4:51:5d:f5:87:c0:b7:ba:37:5b:14:
                    8f:ae:b6:42:6d:43:97:b1:52:5c:b2:be:36:dc:6d:
                    df:0d:a3:6d:64:b0:8c:21:8d:10:d5:3e:be:ac:ab:
                    3f:08:9d:be:9a:ce:70:1c:6b:9c:18:da:8a:71:39:
                    43:15:d1:b7:35:76:20:ce:1b:d1:f9:c5:9a:c2:2d:
                    42:11:43:02:b0:31:e7:e3:e6:3f:74:06:49:88:5b:
                    50:7e:fa:1c:ba:6b:97:ed:d4:31:60:56:ab:84:ef:
                    5d:c2:1f:f2:30:7d:47:f0:a7:45:fc:7b:96:e2:23:
                    81:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C5:88:E0:62:2A:8A:90:54:BE:B9:F0:20:73:10:2A:64:B6:44:28
            X509v3 Authority Key Identifier:
                keyid:FD:2A:98:38:58:C6:85:AE:30:EE:03:5E:8A:03:05:42:48:8C:5F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SqYOFjGha4w7gNeigMFQkiMXws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/23cbdd-139f-468d-88c3-f7942ca328f9/1/mcWI4GIqipBUvrnwIHMQKmS2RCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/23cbdd-139f-468d-88c3-f7942ca328f9/1/_SqYOFjGha4w7gNeigMFQkiMXws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:72:9c:4d:99:10:f9:f1:b1:ab:63:de:7e:26:af:fb:d2:0a:
         0e:72:98:dc:75:b2:c6:52:b2:bb:8f:18:6f:bb:76:b2:00:bf:
         5a:23:a5:c8:e0:1f:03:69:0d:d5:60:ea:a0:86:f8:36:f4:a2:
         87:f6:fe:08:5d:d4:ad:9f:ef:f3:76:93:35:cf:d2:11:72:ea:
         17:53:cd:12:1c:78:6f:43:77:43:a0:17:94:20:41:9d:f2:1a:
         45:16:b5:67:1b:7a:d4:bf:98:c9:8b:ca:98:da:9a:b6:63:6f:
         21:5b:f6:4c:5b:1c:a4:50:02:28:39:c2:cd:a9:49:f7:51:0f:
         93:92:d5:d2:b9:14:38:68:04:fd:da:27:59:0f:9e:33:c4:08:
         2a:8c:03:ed:6e:38:a9:c3:e2:42:79:a6:79:88:3c:5d:bd:84:
         81:4d:ab:2a:a2:8b:ae:65:b2:18:ac:ed:52:12:63:da:5f:1f:
         8a:e0:f5:89:69:9e:1d:ed:70:8b:39:fd:d1:d1:36:bd:62:0b:
         2e:3f:79:f0:2b:09:7e:4c:13:4e:e7:6f:b2:5f:29:c7:eb:21:
         62:76:76:40:f5:dc:c6:94:ff:c8:ea:f7:c7:a4:fa:51:64:80:
         4b:1f:37:72:08:d6:5d:68:29:3f:de:2f:5e:f5:79:64:9b:e6:
         3b:3d:83:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nqQM8UsunhqaQI3IvfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMmE5ODM4NThjNjg1YWUzMGVlMDM1ZThhMDMwNTQyNDg4
YzVmMGIwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWM1ODhlMDYyMmE4YTkwNTRiZWI5ZjAyMDczMTAyYTY0YjY0NDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAM1h7Uptc74+MaSFf80lK1Q7wOQ
AMbi2m9rDc30godXe1tetGPvjIn9akw/K/I9ltQeoTGyjebLSeGIblQ0Hlkzb9rO
K/NrK4bGnSnGasWlfNNJk/bxQSxzeqBZ8b7YUXG+o8LYGLahIqvtEiy5TBEZQXiB
0JqceCh2yyRAh8R9SixOg56xp11j1FFd9YfAt7o3WxSPrrZCbUOXsVJcsr423G3f
DaNtZLCMIY0Q1T6+rKs/CJ2+ms5wHGucGNqKcTlDFdG3NXYgzhvR+cWawi1CEUMC
sDHn4+Y/dAZJiFtQfvocumuX7dQxYFarhO9dwh/yMH1H8KdF/HuW4iOBcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnFiOBiKoqQVL658CBzECpktkQoMB8GA1UdIwQY
MBaAFP0qmDhYxoWuMO4DXooDBUJIjF8LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NxWU9GakdoYTR3N2dOZWlnTUZRa2lNWHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yM2NiZGQtMTM5Zi00NjhkLTg4YzMt
Zjc5NDJjYTMyOGY5LzEvbWNXSTRHSXFpcEJVdnJud0lITVFLbVMyUkNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yM2NiZGQtMTM5Zi00NjhkLTg4YzMtZjc5NDJjYTMyOGY5
LzEvX1NxWU9GakdoYTR3N2dOZWlnTUZRa2lNWHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVeIMA0G
CSqGSIb3DQEBCwUAA4IBAQBscpxNmRD58bGrY95+Jq/70goOcpjcdbLGUrK7jxhv
u3ayAL9aI6XI4B8DaQ3VYOqghvg29KKH9v4IXdStn+/zdpM1z9IRcuoXU80SHHhv
Q3dDoBeUIEGd8hpFFrVnG3rUv5jJi8qY2pq2Y28hW/ZMWxykUAIoOcLNqUn3UQ+T
ktXSuRQ4aAT92idZD54zxAgqjAPtbjipw+JCeaZ5iDxdvYSBTasqoouuZbIYrO1S
EmPaXx+K4PWJaZ4d7XCLOf3R0Ta9YgsuP3nwKwl+TBNO52+yXynH6yFidnZA9dzG
lP/I6vfHpPpRZIBLHzdyCNZdaCk/3i9e9Xlkm+Y7PYNS
-----END CERTIFICATE-----