Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/MybCmB4b1BFDPTACJ5YE-7C3a3E.roa
File:                     MybCmB4b1BFDPTACJ5YE-7C3a3E.roa (raw, json)
Hash identifier:          wDv5owiZFkNYSTe+2a532nAjJGNE7mvoA0ctW2ktRc0=
Subject key identifier:   33:26:C2:98:1E:1B:D4:11:43:3D:30:02:27:96:04:FB:B0:B7:6B:71
Certificate issuer:       /CN=ae83f7879c2c74a11652b5e08af64aac90800b04
Certificate serial:       019427B616FC5E1542B85BB8D5ED5A6DE446
Authority key identifier: AE:83:F7:87:9C:2C:74:A1:16:52:B5:E0:8A:F6:4A:AC:90:80:0B:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/MybCmB4b1BFDPTACJ5YE-7C3a3E.roa
Signing time:             Thu 02 Jan 2025 15:50:32 +0000
ROA not before:           Thu 02 Jan 2025 15:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1213
IP address blocks:        136.206.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:16:fc:5e:15:42:b8:5b:b8:d5:ed:5a:6d:e4:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae83f7879c2c74a11652b5e08af64aac90800b04
        Validity
            Not Before: Jan  2 15:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3326c2981e1bd411433d3002279604fbb0b76b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d2:ad:e1:5c:e0:da:75:08:bc:9f:8d:23:f0:
                    2f:8a:6d:06:fe:c4:7b:8c:68:45:73:64:3e:21:26:
                    5e:db:47:d3:57:91:ef:2f:54:83:62:0e:e0:77:2d:
                    38:1d:ae:50:88:e9:f7:77:3d:f2:7e:a6:ae:52:62:
                    7d:7e:f9:10:89:b7:d7:9d:51:a1:24:35:9a:aa:e1:
                    09:12:8c:22:ea:1c:6b:72:18:74:ae:db:fd:b1:a6:
                    cd:ca:b6:6f:6e:90:01:37:51:1d:e7:30:e4:74:5a:
                    d3:77:c9:f8:5e:57:89:c2:1d:6f:e4:67:47:09:42:
                    6b:1b:78:9a:7d:ff:9c:f1:bd:c3:4b:06:01:10:6e:
                    b9:f5:3d:e8:a1:91:d4:a4:8b:d5:e0:1c:c6:2e:19:
                    86:e8:b7:9e:f9:a3:78:34:ff:9d:59:a6:c6:e9:32:
                    7f:5a:1f:af:98:d9:07:67:eb:d9:77:9d:44:a9:1d:
                    60:ec:3f:31:50:9e:6d:60:5b:53:22:2c:e3:de:c4:
                    46:3f:ee:59:93:df:6b:d8:5c:c0:bb:e9:94:27:50:
                    7f:9b:41:fa:cd:ee:aa:ac:84:c2:3a:f0:3b:e1:e6:
                    eb:4e:22:ba:28:24:66:17:c1:da:42:ee:80:85:0e:
                    f1:e8:6e:77:06:3f:8f:5c:ed:f2:39:dc:2c:c7:41:
                    02:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:26:C2:98:1E:1B:D4:11:43:3D:30:02:27:96:04:FB:B0:B7:6B:71
            X509v3 Authority Key Identifier:
                keyid:AE:83:F7:87:9C:2C:74:A1:16:52:B5:E0:8A:F6:4A:AC:90:80:0B:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/MybCmB4b1BFDPTACJ5YE-7C3a3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:c6:2b:6a:74:02:82:35:7a:ff:3d:68:2a:8d:bf:e4:57:22:
         92:8e:e7:87:36:29:f1:06:15:2d:d7:c9:b5:6a:bd:9b:d3:cb:
         3d:14:a3:0e:fc:a9:75:31:31:3a:47:bc:48:70:da:4d:e8:9d:
         13:f1:dc:f7:50:46:1d:65:5b:56:ca:fc:42:38:e5:47:7b:ce:
         c8:18:49:10:2f:9e:ef:af:e4:19:36:83:9e:ce:0c:9d:47:11:
         41:88:cb:c2:5a:f6:32:2a:36:be:96:e1:c6:d8:5b:c7:6d:ca:
         53:22:01:5c:07:a7:ab:80:00:42:18:ba:b4:a1:fe:73:ca:7c:
         5f:22:db:1f:82:da:2b:6e:28:c4:63:1f:4f:4e:a2:05:a8:bd:
         68:5e:0a:6e:82:0a:54:1d:65:b9:db:31:f7:6d:37:92:fc:85:
         47:50:c5:4d:0d:4d:6e:a1:09:99:3f:e1:9f:fe:59:63:b8:94:
         9d:e0:c8:12:f2:16:47:10:00:41:2f:26:c9:cc:81:1e:2b:80:
         ca:9c:54:8f:4a:ca:b4:9a:6a:8e:85:0c:af:db:70:f1:00:65:
         3d:64:23:d0:e9:68:37:16:75:f3:15:03:07:16:80:85:09:1d:
         ae:2c:56:49:22:f8:1f:e8:e2:80:02:52:5b:72:2a:0f:d0:0b:
         27:56:15:28
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQnthb8XhVCuFu41e1abeRGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlODNmNzg3OWMyYzc0YTExNjUyYjVlMDhhZjY0YWFjOTA4
MDBiMDQwHhcNMjUwMTAyMTU1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzI2YzI5ODFlMWJkNDExNDMzZDMwMDIyNzk2MDRmYmIwYjc2YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9Kt4Vzg2nUIvJ+NI/Avim0G/sR7
jGhFc2Q+ISZe20fTV5HvL1SDYg7gdy04Ha5QiOn3dz3yfqauUmJ9fvkQibfXnVGh
JDWaquEJEowi6hxrchh0rtv9sabNyrZvbpABN1Ed5zDkdFrTd8n4XleJwh1v5GdH
CUJrG3iaff+c8b3DSwYBEG659T3ooZHUpIvV4BzGLhmG6Lee+aN4NP+dWabG6TJ/
Wh+vmNkHZ+vZd51EqR1g7D8xUJ5tYFtTIizj3sRGP+5Zk99r2FzAu+mUJ1B/m0H6
ze6qrITCOvA74ebrTiK6KCRmF8HaQu6AhQ7x6G53Bj+PXO3yOdwsx0ECKQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDMmwpgeG9QRQz0wAieWBPuwt2txMB8GA1UdIwQY
MBaAFK6D94ecLHShFlK14Ir2SqyQgAsEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm9QM2g1d3NkS0VXVXJYZ2l2WktySkNBQ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84NGQwMjYtMTdlNC00Nzg3LWE0Mzkt
NDczZDc0YTVlMjBmLzEvTXliQ21CNGIxQkZEUFRBQ0o1WUUtN0MzYTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84NGQwMjYtMTdlNC00Nzg3LWE0MzktNDczZDc0YTVlMjBm
LzEvcm9QM2g1d3NkS0VXVXJYZ2l2WktySkNBQ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiM4wDQYJ
KoZIhvcNAQELBQADggEBAEfGK2p0AoI1ev89aCqNv+RXIpKO54c2KfEGFS3XybVq
vZvTyz0Uow78qXUxMTpHvEhw2k3onRPx3PdQRh1lW1bK/EI45Ud7zsgYSRAvnu+v
5Bk2g57ODJ1HEUGIy8Ja9jIqNr6W4cbYW8dtylMiAVwHp6uAAEIYurSh/nPKfF8i
2x+C2ituKMRjH09OogWovWheCm6CClQdZbnbMfdtN5L8hUdQxU0NTW6hCZk/4Z/+
WWO4lJ3gyBLyFkcQAEEvJsnMgR4rgMqcVI9KyrSaao6FDK/bcPEAZT1kI9DpaDcW
dfMVAwcWgIUJHa4sVkki+B/o4oACUltyKg/QCydWFSg=
-----END CERTIFICATE-----