Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/aaMkKI-izJJ5iIPYImYwD9anTek.roa
File:                     aaMkKI-izJJ5iIPYImYwD9anTek.roa (raw, json)
Hash identifier:          75n8T5uBxSxgEEgX/rrsDJzGHipRjFWBfpfdeHZdSSE=
Subject key identifier:   69:A3:24:28:8F:A2:CC:92:79:88:83:D8:22:66:30:0F:D6:A7:4D:E9
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFAA6DEBF6E884B0ACEE3FD4258E3B9
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/aaMkKI-izJJ5iIPYImYwD9anTek.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203371
IP address blocks:        141.101.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a6:de:bf:6e:88:4b:0a:ce:e3:fd:42:58:e3:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69a324288fa2cc92798883d82266300fd6a74de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:37:f9:eb:74:ad:6a:36:e3:fe:8e:39:58:bd:
                    b4:21:6c:92:9a:34:35:01:d6:28:1a:ca:f3:c3:18:
                    d5:52:03:c4:44:4b:90:7c:a4:1f:0b:46:0e:fb:36:
                    f3:72:22:ff:63:56:fc:5c:6b:85:df:72:38:d3:23:
                    8a:a5:b6:ef:82:85:f9:07:4d:69:de:54:45:47:3a:
                    8b:e8:05:49:d6:c1:68:7d:4e:20:6e:e4:7c:c6:73:
                    da:1b:b3:1f:cf:6a:20:af:42:59:99:ea:75:9b:08:
                    a8:60:d2:e9:b4:c7:1f:6c:f1:94:27:c6:13:bd:22:
                    4c:3f:13:8a:80:a8:94:af:d7:6a:2f:28:c7:d5:25:
                    03:f9:00:dc:46:c4:a7:59:73:e5:df:82:48:b6:c1:
                    9b:95:92:4d:a3:14:26:6f:8d:4f:3e:9a:0e:ac:e2:
                    0c:e7:71:4f:0c:4b:97:e8:ca:9b:75:97:f8:e4:b9:
                    3e:2b:95:03:19:3a:8f:67:6a:19:e8:27:c9:7c:5a:
                    6f:4c:21:ce:9f:d8:29:d6:92:96:1f:d6:55:9e:6f:
                    7b:61:81:9c:e1:5e:c9:21:42:19:46:b3:b1:84:30:
                    20:b9:b1:83:aa:77:a4:85:f6:43:e8:c3:0d:a1:65:
                    f4:4a:c8:3a:0e:03:23:a4:2c:78:a5:6d:e3:9a:59:
                    88:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A3:24:28:8F:A2:CC:92:79:88:83:D8:22:66:30:0F:D6:A7:4D:E9
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/aaMkKI-izJJ5iIPYImYwD9anTek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:b9:77:61:c3:a5:17:b8:7d:85:db:c2:84:72:a7:60:81:e7:
         a3:25:bb:67:16:d2:48:34:ad:24:86:c9:c8:f1:fd:25:29:e7:
         01:3c:4d:a1:19:2a:82:4f:c5:9d:4f:35:21:41:67:99:7a:62:
         0c:aa:0b:2f:24:f9:95:0d:59:84:06:0c:67:33:c0:87:fc:30:
         44:54:20:99:d4:30:79:00:c0:e5:66:1e:cb:45:9f:3d:db:33:
         4a:15:bc:20:35:cd:d3:78:e9:97:13:20:de:64:9f:86:1a:5b:
         b6:4f:fe:5f:5f:2a:14:06:6e:1d:e8:e9:32:95:9c:34:00:43:
         86:a9:6c:e3:af:d5:5e:1e:7f:db:b3:27:f7:6a:3b:e8:5b:fe:
         03:c2:d4:ec:d7:2b:a7:8f:46:a2:53:8e:27:2e:98:04:2c:4d:
         51:cc:7e:5d:9f:de:38:c8:df:8e:89:e0:31:63:d9:6a:1c:42:
         87:ec:4a:e3:9a:86:4e:f5:cb:f1:79:81:b7:3b:57:cd:98:cd:
         93:f4:74:6a:aa:01:4d:cb:5e:76:c3:dc:e7:02:5f:72:9a:bb:
         e0:55:bb:f9:c3:ae:e8:29:14:d1:35:72:bf:e1:21:d0:4b:b9:
         df:c5:7a:dc:88:76:be:fd:68:35:8e:5d:5d:cf:f1:63:63:30:
         5a:65:dc:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qbev26ISwrO4/1CWOO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEzMjQyODhmYTJjYzkyNzk4ODgzZDgyMjY2MzAwZmQ2YTc0ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jf563Stajbj/o45WL20IWySmjQ1
AdYoGsrzwxjVUgPEREuQfKQfC0YO+zbzciL/Y1b8XGuF33I40yOKpbbvgoX5B01p
3lRFRzqL6AVJ1sFofU4gbuR8xnPaG7Mfz2ogr0JZmep1mwioYNLptMcfbPGUJ8YT
vSJMPxOKgKiUr9dqLyjH1SUD+QDcRsSnWXPl34JItsGblZJNoxQmb41PPpoOrOIM
53FPDEuX6MqbdZf45Lk+K5UDGTqPZ2oZ6CfJfFpvTCHOn9gp1pKWH9ZVnm97YYGc
4V7JIUIZRrOxhDAgubGDqnekhfZD6MMNoWX0Ssg6DgMjpCx4pW3jmlmImwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmjJCiPosySeYiD2CJmMA/Wp03pMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvYWFNa0tJLWl6Sko1aUlQWUltWXdEOWFuVGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXgMA0G
CSqGSIb3DQEBCwUAA4IBAQB7uXdhw6UXuH2F28KEcqdggeejJbtnFtJINK0khsnI
8f0lKecBPE2hGSqCT8WdTzUhQWeZemIMqgsvJPmVDVmEBgxnM8CH/DBEVCCZ1DB5
AMDlZh7LRZ892zNKFbwgNc3TeOmXEyDeZJ+GGlu2T/5fXyoUBm4d6OkylZw0AEOG
qWzjr9VeHn/bsyf3ajvoW/4DwtTs1yunj0aiU44nLpgELE1RzH5dn944yN+OieAx
Y9lqHEKH7ErjmoZO9cvxeYG3O1fNmM2T9HRqqgFNy152w9znAl9ymrvgVbv5w67o
KRTRNXK/4SHQS7nfxXrciHa+/Wg1jl1dz/FjYzBaZdzI
-----END CERTIFICATE-----