Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MqyB8jgFyuOkVMHqYouHpyDbeZc.roa
File:                     MqyB8jgFyuOkVMHqYouHpyDbeZc.roa (raw, json)
Hash identifier:          +VW7MfJlOHHRRHQONlzdZsW/cF/qm6mOaLSWtliY6jg=
Subject key identifier:   32:AC:81:F2:38:05:CA:E3:A4:54:C1:EA:62:8B:87:A7:20:DB:79:97
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214421ACA6B3624206C833AEEC30F876
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MqyB8jgFyuOkVMHqYouHpyDbeZc.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214466
IP address blocks:        109.176.253.0/24 maxlen: 24
                          213.218.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:21:ac:a6:b3:62:42:06:c8:33:ae:ec:30:f8:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32ac81f23805cae3a454c1ea628b87a720db7997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5b:58:ef:c0:8c:22:ce:2f:a6:9a:49:86:bf:
                    94:f6:88:26:21:e6:b0:0a:74:52:cd:37:ef:9a:a0:
                    58:e4:ea:72:4e:63:84:d8:ad:5f:80:80:34:6b:8d:
                    f8:49:e2:78:24:96:97:38:6e:d2:2b:7d:74:de:00:
                    cb:c1:60:39:ef:6f:d7:5e:a9:b4:25:65:e8:17:fc:
                    2c:94:aa:8a:d9:2b:ac:fa:5d:63:82:83:37:d5:1c:
                    69:6b:1b:c4:49:ce:de:ba:39:b0:44:7c:1a:6b:cd:
                    1a:74:68:6e:08:29:39:4a:b4:17:1d:9a:54:01:7d:
                    78:bc:d7:46:f2:8f:cb:5a:b4:f5:42:25:22:2a:c4:
                    fe:fc:7c:bc:ff:35:ac:78:16:e9:83:ce:fa:7c:0c:
                    09:d4:44:6a:05:54:db:03:39:39:7b:f7:10:38:90:
                    9c:6f:c4:1d:e5:12:52:af:0f:be:c5:da:f1:45:31:
                    2b:79:ba:36:a3:ff:f5:17:4d:88:28:56:7b:39:21:
                    04:32:81:48:59:80:7a:1c:ef:42:db:ca:48:d6:4d:
                    7b:91:c1:74:80:0c:fb:65:b9:58:bf:99:f4:f0:17:
                    c3:f8:8c:34:da:0b:9a:12:84:2e:c1:69:3d:b6:d7:
                    d6:90:86:de:73:83:e0:bb:93:fb:ad:07:f2:29:76:
                    ce:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AC:81:F2:38:05:CA:E3:A4:54:C1:EA:62:8B:87:A7:20:DB:79:97
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MqyB8jgFyuOkVMHqYouHpyDbeZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.253.0/24
                  213.218.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:bc:f0:86:c9:10:c6:83:20:49:ad:45:92:64:bb:61:7a:72:
         51:e0:3d:e7:7e:25:60:75:57:9e:2f:3e:fa:6e:f9:68:71:ac:
         ce:d8:c4:0f:26:68:47:d7:96:57:2e:2b:4f:ce:9a:d4:18:cf:
         95:7e:17:29:d0:3d:8a:52:3e:94:b7:2e:18:3f:80:86:aa:62:
         b1:9b:c9:f7:0f:3e:5d:19:b0:b3:4d:a8:19:12:62:b6:26:97:
         c3:02:50:f5:4d:d8:d7:26:0c:fa:90:b9:7c:b6:2b:e2:84:4a:
         ac:fc:c9:0f:3d:81:92:66:71:a0:bf:cf:1d:76:d9:4e:9e:0a:
         49:f1:81:ef:9b:0b:30:f3:43:7d:6d:53:21:83:48:e7:22:e9:
         8b:bb:90:2b:c0:e6:aa:d1:36:ea:1e:84:86:5c:3c:ab:1f:a2:
         da:a3:0e:d5:e9:e2:29:e7:4a:e8:bc:e2:ea:b2:0e:97:24:5e:
         e8:a4:06:46:a4:08:23:a0:d0:fa:74:17:ae:b4:71:4c:ee:d8:
         a0:9b:07:55:58:7f:c2:70:b6:6f:20:b9:33:68:8c:27:d7:5b:
         30:a1:9b:59:25:dd:d7:4b:86:93:01:f5:21:26:18:9b:03:cd:
         3c:ea:87:1f:47:fd:ba:fe:ad:dc:70:38:87:98:a8:fe:85:67:
         ae:da:8b:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRCGsprNiQgbIM67sMPh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFjODFmMjM4MDVjYWUzYTQ1NGMxZWE2MjhiODdhNzIwZGI3OTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ltY78CMIs4vpppJhr+U9ogmIeaw
CnRSzTfvmqBY5OpyTmOE2K1fgIA0a434SeJ4JJaXOG7SK3103gDLwWA572/XXqm0
JWXoF/wslKqK2Sus+l1jgoM31RxpaxvESc7eujmwRHwaa80adGhuCCk5SrQXHZpU
AX14vNdG8o/LWrT1QiUiKsT+/Hy8/zWseBbpg876fAwJ1ERqBVTbAzk5e/cQOJCc
b8Qd5RJSrw++xdrxRTErebo2o//1F02IKFZ7OSEEMoFIWYB6HO9C28pI1k17kcF0
gAz7ZblYv5n08BfD+Iw02guaEoQuwWk9ttfWkIbec4Pgu5P7rQfyKXbO2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDKsgfI4BcrjpFTB6mKLh6cg23mXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTXF5QjhqZ0Z5dU9rVk1IcVlvdUhweURiZVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbD9AwQA
1dr7MA0GCSqGSIb3DQEBCwUAA4IBAQCOvPCGyRDGgyBJrUWSZLthenJR4D3nfiVg
dVeeLz76bvlocazO2MQPJmhH15ZXLitPzprUGM+Vfhcp0D2KUj6Uty4YP4CGqmKx
m8n3Dz5dGbCzTagZEmK2JpfDAlD1TdjXJgz6kLl8tivihEqs/MkPPYGSZnGgv88d
dtlOngpJ8YHvmwsw80N9bVMhg0jnIumLu5ArwOaq0TbqHoSGXDyrH6Laow7V6eIp
50rovOLqsg6XJF7opAZGpAgjoND6dBeutHFM7tigmwdVWH/CcLZvILkzaIwn11sw
oZtZJd3XS4aTAfUhJhibA8086ocfR/26/q3ccDiHmKj+hWeu2otL
-----END CERTIFICATE-----