Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/MzKwgAtz12wzIsjgwju5LaHLtH8.roa
File:                     MzKwgAtz12wzIsjgwju5LaHLtH8.roa (raw, json)
Hash identifier:          DsGzfZzJWXHpJi5oY7AKelnpp/ss483xMhTBHOGogIk=
Subject key identifier:   33:32:B0:80:0B:73:D7:6C:33:22:C8:E0:C2:3B:B9:2D:A1:CB:B4:7F
Certificate issuer:       /CN=0a5318c58bf5ba74324b25d037404dd8dda9ff24
Certificate serial:       0194228D6BF8756973B23A08C823528A6697
Authority key identifier: 0A:53:18:C5:8B:F5:BA:74:32:4B:25:D0:37:40:4D:D8:DD:A9:FF:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ClMYxYv1unQySyXQN0BN2N2p_yQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/MzKwgAtz12wzIsjgwju5LaHLtH8.roa
Signing time:             Wed 01 Jan 2025 15:48:01 +0000
ROA not before:           Wed 01 Jan 2025 15:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24632
IP address blocks:        195.184.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/ClMYxYv1unQySyXQN0BN2N2p_yQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/ClMYxYv1unQySyXQN0BN2N2p_yQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ClMYxYv1unQySyXQN0BN2N2p_yQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:6b:f8:75:69:73:b2:3a:08:c8:23:52:8a:66:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a5318c58bf5ba74324b25d037404dd8dda9ff24
        Validity
            Not Before: Jan  1 15:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3332b0800b73d76c3322c8e0c23bb92da1cbb47f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:88:86:14:39:ea:bc:4a:df:f7:8d:17:e8:d2:
                    b7:34:c7:25:df:9f:d0:47:f6:0c:18:3c:f6:d7:50:
                    4c:0b:3b:bc:20:dd:8a:64:df:ab:c5:6b:59:88:30:
                    46:64:b7:0f:3c:c1:ae:2b:cc:0d:6f:03:f5:19:8b:
                    eb:74:9f:15:17:26:dd:79:12:d0:09:c6:b4:d0:e8:
                    e0:40:28:42:56:c9:3a:74:e9:0b:fb:54:18:6e:71:
                    2d:2e:b4:a8:55:f9:12:31:12:08:1d:a3:f7:92:dc:
                    fc:41:a7:5b:5f:93:30:13:f7:30:86:b6:f9:00:43:
                    f9:16:3b:12:f0:d6:28:76:b2:b2:61:0b:d5:5b:63:
                    fe:e4:58:f3:34:0d:9c:60:27:f9:0a:7e:59:6d:a3:
                    01:e9:e6:ea:fb:8b:16:c8:85:66:b3:95:67:31:79:
                    8d:2e:e1:b8:e4:c2:04:f5:c1:a5:65:a3:51:d3:e0:
                    68:ce:fe:a1:6d:63:b9:e3:0d:e7:45:91:f6:ce:21:
                    0a:73:1e:21:53:1a:d3:e9:b2:4b:f1:c9:b9:70:14:
                    6a:27:9a:17:1d:71:54:e1:dd:9f:30:89:5a:c7:4e:
                    f0:8c:1c:47:59:aa:d4:05:a6:c7:2b:26:3f:2e:d1:
                    e1:7c:f8:29:ec:c9:6e:d3:f8:5a:ab:44:72:ac:a2:
                    26:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:32:B0:80:0B:73:D7:6C:33:22:C8:E0:C2:3B:B9:2D:A1:CB:B4:7F
            X509v3 Authority Key Identifier:
                keyid:0A:53:18:C5:8B:F5:BA:74:32:4B:25:D0:37:40:4D:D8:DD:A9:FF:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ClMYxYv1unQySyXQN0BN2N2p_yQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/MzKwgAtz12wzIsjgwju5LaHLtH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/852cfb-4471-4290-91f4-6bc4905c42d4/1/ClMYxYv1unQySyXQN0BN2N2p_yQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:a6:f0:e1:70:86:66:55:71:ac:86:34:90:86:ce:7c:4b:0b:
         42:9b:69:36:0f:94:09:42:49:6e:6a:5c:a3:0f:77:a1:0d:a7:
         f0:90:05:1b:15:2a:8f:5e:cf:9e:b6:87:47:50:19:fc:fe:0b:
         9c:b1:6e:22:71:58:22:a5:13:78:3b:41:b8:2b:02:3b:9f:32:
         c3:69:45:89:8d:07:a3:d8:75:4a:24:0a:dc:a0:d2:f2:30:8e:
         db:3e:d7:53:a9:5a:e6:09:8c:0d:08:26:7c:bc:5a:52:ba:db:
         01:27:00:82:32:21:fe:4e:85:8e:ba:01:15:c2:48:39:4f:39:
         ea:a7:e1:14:8b:71:0b:a8:9c:22:9e:d0:84:d7:eb:d0:13:d8:
         44:58:7e:f5:f4:70:de:e2:3b:30:fd:44:dd:36:7b:e7:52:63:
         90:5e:cd:c9:0f:3e:76:0a:af:65:6c:48:68:31:4e:a8:4e:a7:
         0b:f0:06:73:c1:87:b8:f8:23:8e:ab:fa:a0:29:a6:49:e5:04:
         f1:d2:4c:6c:4b:d0:dd:16:71:f0:ac:af:03:58:91:b1:8e:ef:
         0d:6f:43:5d:b9:79:45:a3:4f:73:99:c6:4b:f0:75:d6:90:b3:
         e3:64:81:33:9f:50:03:b5:5d:fa:31:2f:62:f8:a4:0a:5c:db:
         c7:84:24:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWv4dWlzsjoIyCNSimaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNTMxOGM1OGJmNWJhNzQzMjRiMjVkMDM3NDA0ZGQ4ZGRh
OWZmMjQwHhcNMjUwMTAxMTU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzMyYjA4MDBiNzNkNzZjMzMyMmM4ZTBjMjNiYjkyZGExY2JiNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4iGFDnqvErf940X6NK3NMcl35/Q
R/YMGDz211BMCzu8IN2KZN+rxWtZiDBGZLcPPMGuK8wNbwP1GYvrdJ8VFybdeRLQ
Cca00OjgQChCVsk6dOkL+1QYbnEtLrSoVfkSMRIIHaP3ktz8QadbX5MwE/cwhrb5
AEP5FjsS8NYodrKyYQvVW2P+5FjzNA2cYCf5Cn5ZbaMB6ebq+4sWyIVms5VnMXmN
LuG45MIE9cGlZaNR0+Bozv6hbWO54w3nRZH2ziEKcx4hUxrT6bJL8cm5cBRqJ5oX
HXFU4d2fMIlax07wjBxHWarUBabHKyY/LtHhfPgp7Mlu0/haq0RyrKImewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMysIALc9dsMyLI4MI7uS2hy7R/MB8GA1UdIwQY
MBaAFApTGMWL9bp0Mksl0DdATdjdqf8kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2xNWXhZdjF1blF5U3lYUU4wQk4yTjJwX3lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84NTJjZmItNDQ3MS00MjkwLTkxZjQt
NmJjNDkwNWM0MmQ0LzEvTXpLd2dBdHoxMnd6SXNqZ3dqdTVMYUhMdEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84NTJjZmItNDQ3MS00MjkwLTkxZjQtNmJjNDkwNWM0MmQ0
LzEvQ2xNWXhZdjF1blF5U3lYUU4wQk4yTjJwX3lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7heMA0G
CSqGSIb3DQEBCwUAA4IBAQCfpvDhcIZmVXGshjSQhs58SwtCm2k2D5QJQklualyj
D3ehDafwkAUbFSqPXs+etodHUBn8/gucsW4icVgipRN4O0G4KwI7nzLDaUWJjQej
2HVKJArcoNLyMI7bPtdTqVrmCYwNCCZ8vFpSutsBJwCCMiH+ToWOugEVwkg5Tznq
p+EUi3ELqJwintCE1+vQE9hEWH719HDe4jsw/UTdNnvnUmOQXs3JDz52Cq9lbEho
MU6oTqcL8AZzwYe4+COOq/qgKaZJ5QTx0kxsS9DdFnHwrK8DWJGxju8Nb0NduXlF
o09zmcZL8HXWkLPjZIEzn1ADtV36MS9i+KQKXNvHhCSb
-----END CERTIFICATE-----