Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/MxtTc6BM1OFbDauFqwEhmVMvEFQ.roa
File:                     MxtTc6BM1OFbDauFqwEhmVMvEFQ.roa (raw, json)
Hash identifier:          woUQ4mDhOZvLZjoxddbuObbvuZdgyLS+4+TChRS2i6A=
Subject key identifier:   33:1B:53:73:A0:4C:D4:E1:5B:0D:AB:85:AB:01:21:99:53:2F:10:54
Certificate issuer:       /CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
Certificate serial:       01961EA2DC886C4C3333153ABD0861D59C89
Authority key identifier: BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/MxtTc6BM1OFbDauFqwEhmVMvEFQ.roa
Signing time:             Thu 10 Apr 2025 07:38:31 +0000
ROA not before:           Thu 10 Apr 2025 07:38:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        185.236.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:a2:dc:88:6c:4c:33:33:15:3a:bd:08:61:d5:9c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
        Validity
            Not Before: Apr 10 07:38:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=331b5373a04cd4e15b0dab85ab012199532f1054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:27:62:c3:15:5c:3e:e0:0e:0f:61:60:5f:4b:
                    f4:d3:65:eb:61:b7:8c:e1:d8:05:3d:be:ba:c2:5c:
                    cf:69:d2:50:f2:7f:f9:2a:fa:92:a8:20:39:b6:02:
                    23:4c:2e:1d:0f:6c:a0:10:f6:45:ce:b7:52:8b:63:
                    af:fb:63:61:6c:a4:03:a8:a3:bf:26:47:d4:3d:b7:
                    5e:0c:b3:21:40:ff:fa:60:6d:bc:d8:d6:c6:91:9e:
                    b8:e3:b4:39:69:b5:3e:e9:a2:30:cb:c9:a9:c9:5e:
                    43:e4:f1:65:b5:a7:17:65:21:93:02:b4:b6:67:93:
                    24:e9:eb:ea:b5:09:84:ea:1e:fe:a7:84:9b:cc:d7:
                    6c:5c:78:bb:ec:4c:db:a6:07:d3:c7:9c:40:cc:38:
                    ff:f1:74:61:21:c7:69:9f:d1:10:90:e1:36:80:04:
                    db:29:05:28:98:b6:4e:53:d3:8a:4e:00:e0:c8:90:
                    6a:77:54:34:2e:8a:fc:02:14:86:e3:df:24:ef:92:
                    c0:f0:7d:b5:36:69:cc:aa:64:5a:2b:12:ff:f7:72:
                    ef:73:00:be:fd:86:bf:4c:82:5e:b2:7b:83:62:d6:
                    12:bc:0f:41:60:75:93:01:b1:0e:a5:b9:02:c2:d3:
                    fc:76:52:8b:bf:94:1d:38:f0:11:73:8b:11:78:a6:
                    bf:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1B:53:73:A0:4C:D4:E1:5B:0D:AB:85:AB:01:21:99:53:2F:10:54
            X509v3 Authority Key Identifier:
                keyid:BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/MxtTc6BM1OFbDauFqwEhmVMvEFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:6d:33:34:aa:7a:d7:91:a6:52:e2:6b:b3:81:d1:6c:08:ca:
         9d:52:6f:fc:9d:6a:f9:8e:76:60:4f:5c:ca:d0:76:d0:24:99:
         b1:d6:55:62:28:b1:60:3e:ba:41:58:ad:46:b7:1b:4d:68:0a:
         8b:c3:8f:6e:e0:c4:56:89:9d:1d:82:b2:46:1c:7b:0a:e0:d5:
         1a:5f:76:ed:87:82:39:14:7d:0f:d2:77:2d:ab:56:8f:e8:be:
         8f:1c:8d:c1:97:a9:11:86:71:b2:7b:63:d2:42:e1:72:e3:fc:
         26:27:68:9b:69:bc:66:f7:96:7b:7f:12:e1:eb:28:87:d7:16:
         91:58:a6:29:94:43:c6:d1:fc:43:f0:43:01:e5:51:d1:85:c9:
         8f:b6:85:b9:b9:93:68:74:e9:03:bd:6e:85:32:aa:64:ea:ba:
         cc:f4:07:a1:d0:0b:d3:52:ea:58:61:9f:8a:a9:0a:bc:b2:70:
         b3:94:ff:29:ba:33:66:26:d5:ba:79:06:05:18:16:f7:8d:82:
         d1:b0:8d:5d:e6:cd:d9:bc:db:63:48:d9:35:17:d1:c1:74:0e:
         45:5e:d1:01:7a:6c:2f:fa:65:15:88:04:b6:32:e2:4b:25:de:
         4f:92:14:98:2f:e3:1e:e8:97:8c:76:a1:c6:4a:d2:80:85:26:
         45:f4:ed:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYeotyIbEwzMxU6vQhh1ZyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYzQ3MGU5YjU4ZTU1N2VhOGMxZGJlZGFlYjljNmE1ZmM0
NTUxMjUwHhcNMjUwNDEwMDczODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzFiNTM3M2EwNGNkNGUxNWIwZGFiODVhYjAxMjE5OTUzMmYxMDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6CdiwxVcPuAOD2FgX0v002XrYbeM
4dgFPb66wlzPadJQ8n/5KvqSqCA5tgIjTC4dD2ygEPZFzrdSi2Ov+2NhbKQDqKO/
JkfUPbdeDLMhQP/6YG282NbGkZ6447Q5abU+6aIwy8mpyV5D5PFltacXZSGTArS2
Z5Mk6evqtQmE6h7+p4SbzNdsXHi77EzbpgfTx5xAzDj/8XRhIcdpn9EQkOE2gATb
KQUomLZOU9OKTgDgyJBqd1Q0Lor8AhSG498k75LA8H21NmnMqmRaKxL/93LvcwC+
/Ya/TIJesnuDYtYSvA9BYHWTAbEOpbkCwtP8dlKLv5QdOPARc4sReKa/UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMbU3OgTNThWw2rhasBIZlTLxBUMB8GA1UdIwQY
MBaAFL/EcOm1jlV+qMHb7a65xqX8RVElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzkt
YTJhYTY1NDBmODc1LzEvTXh0VGM2Qk0xT0ZiRGF1RnF3RWhtVk12RUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzktYTJhYTY1NDBmODc1
LzEvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuewQMA0G
CSqGSIb3DQEBCwUAA4IBAQB3bTM0qnrXkaZS4muzgdFsCMqdUm/8nWr5jnZgT1zK
0HbQJJmx1lViKLFgPrpBWK1GtxtNaAqLw49u4MRWiZ0dgrJGHHsK4NUaX3bth4I5
FH0P0nctq1aP6L6PHI3Bl6kRhnGye2PSQuFy4/wmJ2ibabxm95Z7fxLh6yiH1xaR
WKYplEPG0fxD8EMB5VHRhcmPtoW5uZNodOkDvW6FMqpk6rrM9Aeh0AvTUupYYZ+K
qQq8snCzlP8pujNmJtW6eQYFGBb3jYLRsI1d5s3ZvNtjSNk1F9HBdA5FXtEBemwv
+mUViAS2MuJLJd5PkhSYL+Me6JeMdqHGStKAhSZF9O18
-----END CERTIFICATE-----