Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/MK6Wt26ubZnx8uPGofYFajPlEuM.roa
File:                     MK6Wt26ubZnx8uPGofYFajPlEuM.roa (raw, json)
Hash identifier:          pNoc6zxMnN0pQF1kB42eiM3UzngOuAJOl2Ggh4EWIBo=
Subject key identifier:   30:AE:96:B7:6E:AE:6D:99:F1:F2:E3:C6:A1:F6:05:6A:33:E5:12:E3
Certificate issuer:       /CN=03969a13cb7c3718bd3717712628e7ab1b33b0a5
Certificate serial:       0194266BD6D7D8075B9AF479E87C9C085EA4
Authority key identifier: 03:96:9A:13:CB:7C:37:18:BD:37:17:71:26:28:E7:AB:1B:33:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A5aaE8t8Nxi9NxdxJijnqxszsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/MK6Wt26ubZnx8uPGofYFajPlEuM.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49326
IP address blocks:        80.244.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/A5aaE8t8Nxi9NxdxJijnqxszsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/A5aaE8t8Nxi9NxdxJijnqxszsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A5aaE8t8Nxi9NxdxJijnqxszsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d6:d7:d8:07:5b:9a:f4:79:e8:7c:9c:08:5e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03969a13cb7c3718bd3717712628e7ab1b33b0a5
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30ae96b76eae6d99f1f2e3c6a1f6056a33e512e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:39:18:3b:ae:5b:d4:ab:49:f4:2b:86:f5:62:
                    ef:09:ea:b7:8c:32:3f:e7:a3:bd:da:c0:cf:33:da:
                    9e:95:01:f3:3a:4d:37:02:c1:da:c7:dd:23:90:e3:
                    96:79:29:3a:d8:29:d1:72:7d:46:b0:91:0e:b2:89:
                    35:0c:e1:7f:ea:ba:7e:37:e1:f6:2f:20:e3:ad:27:
                    eb:dd:ab:a6:6a:3b:b6:bc:19:68:55:18:a8:28:9a:
                    a2:ef:f1:f4:4d:7f:02:3f:7f:ea:15:f3:6e:c0:9f:
                    30:7b:b3:11:ee:3b:91:1b:9f:56:82:f7:95:91:9a:
                    5a:23:af:47:4a:92:d1:6e:0b:ce:2d:7e:f8:51:53:
                    fd:22:6a:b3:57:ba:99:1a:07:ae:34:d1:0e:52:17:
                    cf:2e:78:08:09:e6:60:b6:2d:e0:90:f0:38:a0:a4:
                    d7:28:35:ec:a9:df:e5:52:70:ea:6e:a3:5e:50:1f:
                    a4:9e:89:7a:63:fc:cd:83:00:c1:14:21:95:36:28:
                    73:a0:82:f7:b6:0b:7f:13:25:6e:8e:0a:7d:cb:b4:
                    30:3b:73:88:3f:e7:df:8f:78:97:bf:eb:9a:94:44:
                    c3:79:13:f6:be:b8:8c:36:58:25:2d:a3:b2:6a:f8:
                    65:60:0d:79:cf:3d:56:e2:db:6b:ca:fe:29:57:53:
                    5b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AE:96:B7:6E:AE:6D:99:F1:F2:E3:C6:A1:F6:05:6A:33:E5:12:E3
            X509v3 Authority Key Identifier:
                keyid:03:96:9A:13:CB:7C:37:18:BD:37:17:71:26:28:E7:AB:1B:33:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A5aaE8t8Nxi9NxdxJijnqxszsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/MK6Wt26ubZnx8uPGofYFajPlEuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c129ab-79a7-4bc0-9a3b-41efeace7a71/1/A5aaE8t8Nxi9NxdxJijnqxszsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:a6:09:9c:ae:db:6f:8e:be:99:56:bb:ef:ec:0e:57:ba:e2:
         6f:47:eb:9b:41:be:a4:27:4b:a6:b3:09:07:00:3b:95:f8:d4:
         d6:a2:92:2a:27:78:bd:2d:e3:cc:2a:7a:b6:71:3c:38:5d:67:
         cf:7e:31:d5:e1:f4:6b:a6:0c:0e:16:85:fd:bc:93:17:ae:e8:
         78:a3:a8:0f:da:28:0a:b8:21:5f:25:a6:88:e3:8b:9c:13:37:
         c6:74:a0:da:8f:cc:7d:ba:3a:40:fa:10:a8:33:2d:8c:fd:86:
         1f:3c:0e:02:53:03:47:fb:25:8c:7e:85:5d:54:6f:8d:1d:41:
         c6:30:e8:3a:6b:44:5f:3b:59:c2:0f:b9:10:2a:41:a1:4e:17:
         e2:d1:f3:5f:22:cf:c5:7d:6c:0a:77:5f:5f:c1:44:75:21:31:
         df:04:2a:7a:f4:66:27:1e:20:2d:b4:8c:88:14:cc:49:06:35:
         05:17:fd:58:be:da:72:2d:8d:e1:0f:4c:8a:66:d3:46:1e:09:
         e2:50:d9:c1:e4:9f:39:ab:cb:f6:37:73:a5:d9:5f:b7:ee:2e:
         d3:03:03:b3:87:2e:68:80:e4:31:ad:bb:4c:cc:c4:81:d5:ee:
         69:9d:64:32:f4:98:c8:60:5c:68:0e:d5:2d:44:16:d2:b2:7b:
         2f:6e:32:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9bX2AdbmvR56HycCF6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOTY5YTEzY2I3YzM3MThiZDM3MTc3MTI2MjhlN2FiMWIz
M2IwYTUwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFlOTZiNzZlYWU2ZDk5ZjFmMmUzYzZhMWY2MDU2YTMzZTUxMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TkYO65b1KtJ9CuG9WLvCeq3jDI/
56O92sDPM9qelQHzOk03AsHax90jkOOWeSk62CnRcn1GsJEOsok1DOF/6rp+N+H2
LyDjrSfr3aumaju2vBloVRioKJqi7/H0TX8CP3/qFfNuwJ8we7MR7juRG59WgveV
kZpaI69HSpLRbgvOLX74UVP9ImqzV7qZGgeuNNEOUhfPLngICeZgti3gkPA4oKTX
KDXsqd/lUnDqbqNeUB+knol6Y/zNgwDBFCGVNihzoIL3tgt/EyVujgp9y7QwO3OI
P+ffj3iXv+ualETDeRP2vriMNlglLaOyavhlYA15zz1W4ttryv4pV1NbuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCulrdurm2Z8fLjxqH2BWoz5RLjMB8GA1UdIwQY
MBaAFAOWmhPLfDcYvTcXcSYo56sbM7ClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTVhYUU4dDhOeGk5TnhkeEppam5xeHN6c0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9jMTI5YWItNzlhNy00YmMwLTlhM2It
NDFlZmVhY2U3YTcxLzEvTUs2V3QyNnViWm54OHVQR29mWUZhalBsRXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9jMTI5YWItNzlhNy00YmMwLTlhM2ItNDFlZmVhY2U3YTcx
LzEvQTVhYUU4dDhOeGk5TnhkeEppam5xeHN6c0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQAMA0G
CSqGSIb3DQEBCwUAA4IBAQC6pgmcrttvjr6ZVrvv7A5XuuJvR+ubQb6kJ0umswkH
ADuV+NTWopIqJ3i9LePMKnq2cTw4XWfPfjHV4fRrpgwOFoX9vJMXruh4o6gP2igK
uCFfJaaI44ucEzfGdKDaj8x9ujpA+hCoMy2M/YYfPA4CUwNH+yWMfoVdVG+NHUHG
MOg6a0RfO1nCD7kQKkGhThfi0fNfIs/FfWwKd19fwUR1ITHfBCp69GYnHiAttIyI
FMxJBjUFF/1YvtpyLY3hD0yKZtNGHgniUNnB5J85q8v2N3Ol2V+37i7TAwOzhy5o
gOQxrbtMzMSB1e5pnWQy9JjIYFxoDtUtRBbSsnsvbjKS
-----END CERTIFICATE-----