Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MjHnzODlLpPh2jz0mX3cG-n3JlY.roa
File:                     MjHnzODlLpPh2jz0mX3cG-n3JlY.roa (raw, json)
Hash identifier:          NG41EhnG7eWbfL3DGOXX/840NnD3L7Qk6QW44dlrL+I=
Subject key identifier:   32:31:E7:CC:E0:E5:2E:93:E1:DA:3C:F4:99:7D:DC:1B:E9:F7:26:56
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942144078F385E34E43E882E69D1102C91
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MjHnzODlLpPh2jz0mX3cG-n3JlY.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206483
IP address blocks:        217.144.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:07:8f:38:5e:34:e4:3e:88:2e:69:d1:10:2c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3231e7cce0e52e93e1da3cf4997ddc1be9f72656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:51:a9:5d:13:b4:0c:4a:14:8a:58:68:fa:b0:
                    a5:b9:f6:36:d7:b5:c0:5e:d9:cc:5f:4c:43:23:e8:
                    e9:3f:c4:5f:46:ab:5f:c4:22:41:4c:89:0d:b9:dc:
                    c5:d1:25:83:5e:31:91:b7:f9:30:69:8b:02:44:32:
                    9f:f0:7a:33:31:3d:d5:43:cf:02:d3:99:e4:21:b4:
                    64:06:f7:4b:42:12:a8:16:3d:97:45:26:65:be:41:
                    6c:15:ad:0e:34:5f:a8:c8:9f:28:89:e7:24:dc:5e:
                    78:76:0d:9d:a3:96:3c:c2:8c:a6:74:df:e8:f1:b1:
                    72:1a:1a:19:2d:79:0d:23:5d:e6:7c:d8:d3:54:28:
                    e7:86:cf:8c:be:63:40:68:bb:14:c7:69:aa:19:a0:
                    fe:a1:a6:1d:f5:bd:13:81:55:24:42:c3:d4:a2:ab:
                    67:ef:05:98:48:70:2a:2c:04:32:4f:7f:db:bb:d8:
                    5c:9d:bb:52:a3:84:5d:50:d0:7c:c4:b7:e5:60:ac:
                    23:be:44:e6:62:f6:fc:a8:21:75:0e:9d:95:a0:b9:
                    8d:24:8d:55:ff:f3:f0:a5:36:08:f1:5c:97:86:62:
                    58:91:3d:c6:cf:77:54:de:57:5d:0c:4e:23:83:3d:
                    08:88:15:d4:97:2e:be:6c:f9:9f:81:1f:69:da:1c:
                    bd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:31:E7:CC:E0:E5:2E:93:E1:DA:3C:F4:99:7D:DC:1B:E9:F7:26:56
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MjHnzODlLpPh2jz0mX3cG-n3JlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:37:96:b4:c4:71:ac:38:c0:f0:93:60:58:01:1a:18:04:48:
         c0:02:a2:55:9a:1a:1a:e5:08:eb:be:2a:86:ef:00:87:9b:75:
         24:93:0d:b6:48:fd:9a:1b:e7:e2:6e:08:06:9b:23:e8:8d:1e:
         d7:7b:4f:d3:62:62:7d:dc:88:8c:32:ef:05:70:59:d3:51:06:
         32:a8:8a:a9:26:bc:e8:9d:e2:16:64:06:b9:96:2f:7b:aa:a9:
         2b:1c:ae:7e:b2:06:7b:fb:bf:f2:5b:c0:19:0d:0b:59:72:cf:
         4b:31:d3:68:47:69:04:8c:5c:54:65:84:c7:71:c0:a9:25:c0:
         28:30:a8:40:1c:8e:00:ed:43:c7:10:6b:b6:0b:d3:a1:e1:4c:
         c9:47:85:26:99:d6:33:3a:dd:3c:ee:fa:9e:31:16:57:c5:00:
         d2:bc:0f:47:7b:91:73:82:1d:08:d7:c9:2c:ae:fb:03:6f:ea:
         88:50:c9:11:a4:a7:f6:f2:a3:64:dc:aa:30:50:05:7a:cc:d3:
         76:88:e3:08:48:cd:f8:6b:e1:fd:25:e0:9e:e5:9e:a4:9c:f7:
         3e:42:c9:44:e6:a8:21:ab:bb:58:cb:1b:66:5a:49:11:c7:02:
         56:66:c8:4e:93:ed:58:1a:41:b8:9a:91:00:8b:22:7a:8d:1a:
         07:21:11:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAePOF405D6ILmnRECyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjMxZTdjY2UwZTUyZTkzZTFkYTNjZjQ5OTdkZGMxYmU5ZjcyNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21GpXRO0DEoUilho+rClufY217XA
XtnMX0xDI+jpP8RfRqtfxCJBTIkNudzF0SWDXjGRt/kwaYsCRDKf8HozMT3VQ88C
05nkIbRkBvdLQhKoFj2XRSZlvkFsFa0ONF+oyJ8oieck3F54dg2do5Y8woymdN/o
8bFyGhoZLXkNI13mfNjTVCjnhs+MvmNAaLsUx2mqGaD+oaYd9b0TgVUkQsPUoqtn
7wWYSHAqLAQyT3/bu9hcnbtSo4RdUNB8xLflYKwjvkTmYvb8qCF1Dp2VoLmNJI1V
//PwpTYI8VyXhmJYkT3Gz3dU3lddDE4jgz0IiBXUly6+bPmfgR9p2hy9UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIx58zg5S6T4do89Jl93Bvp9yZWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTWpIbnpPRGxMcFBoMmp6MG1YM2NHLW4zSmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZCRMA0G
CSqGSIb3DQEBCwUAA4IBAQA9N5a0xHGsOMDwk2BYARoYBEjAAqJVmhoa5QjrviqG
7wCHm3Ukkw22SP2aG+fibggGmyPojR7Xe0/TYmJ93IiMMu8FcFnTUQYyqIqpJrzo
neIWZAa5li97qqkrHK5+sgZ7+7/yW8AZDQtZcs9LMdNoR2kEjFxUZYTHccCpJcAo
MKhAHI4A7UPHEGu2C9Oh4UzJR4UmmdYzOt087vqeMRZXxQDSvA9He5Fzgh0I18ks
rvsDb+qIUMkRpKf28qNk3KowUAV6zNN2iOMISM34a+H9JeCe5Z6knPc+QslE5qgh
q7tYyxtmWkkRxwJWZshOk+1YGkG4mpEAiyJ6jRoHIREi
-----END CERTIFICATE-----