Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9ca58e-9e32-428f-8411-1aeb6a4e45ad/1/MbTvipFbe-Fro7yGscX94j34OpQ.roa
File:                     MbTvipFbe-Fro7yGscX94j34OpQ.roa (raw, json)
Hash identifier:          lGgg0U/FzBropaPivoqmUVqyNKPQ65NR2i0gu4fF2i0=
Subject key identifier:   31:B4:EF:8A:91:5B:7B:E1:6B:A3:BC:86:B1:C5:FD:E2:3D:F8:3A:94
Certificate issuer:       /CN=6cc69c3d7030cec19f8fb66e543bde65595708a2
Certificate serial:       0194228E3B46311845B02E8148146093C8D3
Authority key identifier: 6C:C6:9C:3D:70:30:CE:C1:9F:8F:B6:6E:54:3B:DE:65:59:57:08:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bMacPXAwzsGfj7ZuVDveZVlXCKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9ca58e-9e32-428f-8411-1aeb6a4e45ad/1/MbTvipFbe-Fro7yGscX94j34OpQ.roa
Signing time:             Wed 01 Jan 2025 15:48:54 +0000
ROA not before:           Wed 01 Jan 2025 15:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215550
IP address blocks:        185.20.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9ca58e-9e32-428f-8411-1aeb6a4e45ad/1/bMacPXAwzsGfj7ZuVDveZVlXCKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9ca58e-9e32-428f-8411-1aeb6a4e45ad/1/bMacPXAwzsGfj7ZuVDveZVlXCKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bMacPXAwzsGfj7ZuVDveZVlXCKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3b:46:31:18:45:b0:2e:81:48:14:60:93:c8:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cc69c3d7030cec19f8fb66e543bde65595708a2
        Validity
            Not Before: Jan  1 15:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31b4ef8a915b7be16ba3bc86b1c5fde23df83a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3d:e7:8b:ef:3e:e7:69:22:38:b2:b3:83:41:
                    c4:99:c9:c0:e0:6d:64:94:bc:d7:cc:2c:85:21:34:
                    95:02:78:6f:b5:5f:40:bd:86:b8:71:e3:e3:6a:d9:
                    03:b4:2e:11:3b:de:88:44:2b:35:68:fc:1a:4c:c1:
                    86:0d:7a:db:42:a6:56:98:be:4b:db:07:a4:c9:5f:
                    c3:5a:98:e0:3b:ad:8f:2b:b2:e3:71:1b:67:ca:a2:
                    60:2c:ed:64:55:60:c2:e6:fa:89:78:e0:f5:38:06:
                    04:ff:e5:b8:e0:7a:8a:9c:f4:65:75:51:c1:02:83:
                    fb:54:a4:19:c2:d6:52:f2:97:69:12:91:cd:6e:ea:
                    c9:46:e5:15:fd:12:7c:28:1f:2a:31:e5:86:56:03:
                    2d:ed:73:8f:39:a5:33:38:0d:47:9d:ea:fd:ad:99:
                    9b:67:85:b3:ff:a5:03:48:1c:8c:34:61:cb:63:17:
                    a0:15:fc:77:50:b5:a5:6e:16:fd:f2:1b:0f:59:58:
                    18:6d:53:bc:53:26:fc:be:ef:d4:91:a4:4f:3d:60:
                    40:eb:3d:9a:64:dd:8c:f0:69:13:63:d4:43:f0:7b:
                    49:c3:a1:c4:09:42:11:52:d7:84:35:af:63:3e:91:
                    38:67:b9:58:03:9b:c8:c1:38:45:e9:02:61:d2:5b:
                    71:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B4:EF:8A:91:5B:7B:E1:6B:A3:BC:86:B1:C5:FD:E2:3D:F8:3A:94
            X509v3 Authority Key Identifier:
                keyid:6C:C6:9C:3D:70:30:CE:C1:9F:8F:B6:6E:54:3B:DE:65:59:57:08:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bMacPXAwzsGfj7ZuVDveZVlXCKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ca58e-9e32-428f-8411-1aeb6a4e45ad/1/MbTvipFbe-Fro7yGscX94j34OpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ca58e-9e32-428f-8411-1aeb6a4e45ad/1/bMacPXAwzsGfj7ZuVDveZVlXCKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:c8:ee:8b:f7:a0:97:db:bc:91:ef:be:b8:28:f3:18:cc:dc:
         49:60:5b:59:ad:1a:37:cb:40:81:bf:26:ba:07:b0:6a:95:93:
         46:df:39:8e:31:88:46:08:a0:7c:52:75:7c:4e:08:89:bb:84:
         ed:12:f2:25:fb:39:01:13:21:14:d4:c2:ea:44:30:69:65:42:
         65:1b:d6:69:44:43:0e:07:e0:44:a3:a3:b7:1f:9a:4d:0e:b4:
         1e:40:bc:c3:13:19:d9:23:da:99:6d:c9:6a:af:f9:7c:b8:8b:
         29:17:c6:af:ae:97:6d:51:b5:c7:c5:c9:c3:69:5d:70:c0:fa:
         db:9c:2f:dc:5a:49:95:9f:60:46:e0:7f:5a:35:35:05:5c:f6:
         d8:d5:d2:2a:72:92:90:4f:2d:4e:83:4c:f0:ac:8e:80:aa:00:
         fd:7b:d6:53:d1:44:bb:ba:6e:9a:b4:b2:c2:23:c1:a0:56:4d:
         dc:87:ef:01:c6:54:e0:f9:85:98:70:1f:3f:09:97:f8:31:e2:
         ed:17:c6:a7:ef:c6:ca:e4:cb:f2:56:f7:ea:8f:01:d7:f2:de:
         20:38:9c:92:24:5f:d6:50:56:a6:ed:7e:37:d0:ba:0f:2d:3b:
         9d:8c:22:06:b0:ef:2a:1f:a3:6a:40:15:36:79:53:26:c9:64:
         d8:ec:c4:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijjtGMRhFsC6BSBRgk8jTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYzY5YzNkNzAzMGNlYzE5ZjhmYjY2ZTU0M2JkZTY1NTk1
NzA4YTIwHhcNMjUwMTAxMTU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI0ZWY4YTkxNWI3YmUxNmJhM2JjODZiMWM1ZmRlMjNkZjgzYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT3ni+8+52kiOLKzg0HEmcnA4G1k
lLzXzCyFITSVAnhvtV9AvYa4cePjatkDtC4RO96IRCs1aPwaTMGGDXrbQqZWmL5L
2wekyV/DWpjgO62PK7LjcRtnyqJgLO1kVWDC5vqJeOD1OAYE/+W44HqKnPRldVHB
AoP7VKQZwtZS8pdpEpHNburJRuUV/RJ8KB8qMeWGVgMt7XOPOaUzOA1Hner9rZmb
Z4Wz/6UDSByMNGHLYxegFfx3ULWlbhb98hsPWVgYbVO8Uyb8vu/UkaRPPWBA6z2a
ZN2M8GkTY9RD8HtJw6HECUIRUteENa9jPpE4Z7lYA5vIwThF6QJh0ltxCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG074qRW3vha6O8hrHF/eI9+DqUMB8GA1UdIwQY
MBaAFGzGnD1wMM7Bn4+2blQ73mVZVwiiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk1hY1BYQXd6c0dmajdadVZEdmVaVmxYQ0tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85Y2E1OGUtOWUzMi00MjhmLTg0MTEt
MWFlYjZhNGU0NWFkLzEvTWJUdmlwRmJlLUZybzd5R3NjWDk0ajM0T3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85Y2E1OGUtOWUzMi00MjhmLTg0MTEtMWFlYjZhNGU0NWFk
LzEvYk1hY1BYQXd6c0dmajdadVZEdmVaVmxYQ0tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRQHMA0G
CSqGSIb3DQEBCwUAA4IBAQBmyO6L96CX27yR7764KPMYzNxJYFtZrRo3y0CBvya6
B7BqlZNG3zmOMYhGCKB8UnV8TgiJu4TtEvIl+zkBEyEU1MLqRDBpZUJlG9ZpREMO
B+BEo6O3H5pNDrQeQLzDExnZI9qZbclqr/l8uIspF8avrpdtUbXHxcnDaV1wwPrb
nC/cWkmVn2BG4H9aNTUFXPbY1dIqcpKQTy1Og0zwrI6AqgD9e9ZT0US7um6atLLC
I8GgVk3ch+8BxlTg+YWYcB8/CZf4MeLtF8an78bK5MvyVvfqjwHX8t4gOJySJF/W
UFam7X430LoPLTudjCIGsO8qH6NqQBU2eVMmyWTY7MRm
-----END CERTIFICATE-----