Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/eHDMSl0n3gkN3nkv7A1T0Obt_mk.roa
File:                     eHDMSl0n3gkN3nkv7A1T0Obt_mk.roa (raw, json)
Hash identifier:          hK+CDhO+GKKuhNLylcLGQYdzrgv1T2TXGRDtFxmKHP4=
Subject key identifier:   78:70:CC:4A:5D:27:DE:09:0D:DE:79:2F:EC:0D:53:D0:E6:ED:FE:69
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       019425FDCECDDA2489CC825E835DDF3EF287
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/eHDMSl0n3gkN3nkv7A1T0Obt_mk.roa
Signing time:             Thu 02 Jan 2025 07:49:37 +0000
ROA not before:           Thu 02 Jan 2025 07:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        212.96.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ce:cd:da:24:89:cc:82:5e:83:5d:df:3e:f2:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Jan  2 07:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7870cc4a5d27de090dde792fec0d53d0e6edfe69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:70:0e:3a:1a:0d:d4:e6:97:b4:23:9f:d3:77:
                    d3:73:17:fa:c1:16:c4:1d:39:b1:e3:fb:5b:d3:56:
                    a5:99:e3:5a:36:14:dc:cf:24:49:92:1e:f5:c6:c1:
                    fa:42:d7:51:df:09:46:45:3b:5c:40:fd:84:16:fc:
                    cc:a6:a7:65:9a:a6:5e:ef:79:61:27:75:80:9c:17:
                    14:6b:a6:31:8b:7a:25:10:51:ce:9d:4e:f0:0e:13:
                    5e:72:b8:ab:e7:6d:bc:dc:3d:c9:bb:0f:7c:e9:79:
                    94:6a:3d:68:90:c4:b0:8d:cf:f5:59:19:20:b7:0a:
                    9a:ab:f5:65:df:11:3b:0c:7e:23:3d:c9:34:53:49:
                    5c:04:7f:39:57:b0:b3:be:40:e2:0f:73:be:de:54:
                    c4:88:b8:dc:71:17:8c:1d:5a:16:70:7c:f9:22:11:
                    a5:da:42:84:78:e6:98:1f:ef:28:13:88:1c:ca:e6:
                    76:57:49:b7:36:c4:d9:e0:c5:45:d9:d6:a9:0a:e4:
                    0c:2a:43:28:dc:a7:0b:d7:9b:92:9d:50:79:60:83:
                    45:66:6b:a2:10:e8:1c:ef:82:d9:82:fd:08:ba:26:
                    2c:aa:03:75:4f:ba:db:d1:50:93:49:57:59:f7:c9:
                    df:a0:a8:dc:2e:ef:be:73:61:ae:51:ef:1c:f6:cf:
                    ae:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:70:CC:4A:5D:27:DE:09:0D:DE:79:2F:EC:0D:53:D0:E6:ED:FE:69
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/eHDMSl0n3gkN3nkv7A1T0Obt_mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:30:a8:c5:4d:29:4f:b9:a0:bf:35:c1:ce:92:34:a2:48:86:
         1e:c3:8e:41:28:8a:f2:cc:89:15:97:78:e0:3e:55:b3:3f:9f:
         d9:4c:da:0a:e4:84:96:24:03:da:30:3b:0d:f6:67:e4:c5:f5:
         92:3b:a8:91:2e:6e:ab:46:1a:c0:6d:a3:4c:ea:af:7d:c3:ff:
         66:17:a1:2c:f7:0c:bb:23:24:20:bb:d5:0d:6f:b0:25:f9:e5:
         e1:9b:d1:a5:26:b4:52:ae:e0:6b:ae:f3:e0:6c:ed:cd:39:25:
         dd:7a:d4:d5:c1:de:a8:2b:90:5f:7b:56:28:ae:10:e1:51:86:
         8c:17:35:94:7e:fa:e0:df:ce:20:23:93:22:40:ac:2a:b8:ed:
         d7:a5:e6:f4:16:a4:31:3b:04:fc:9d:ca:0e:b6:27:94:f1:54:
         6b:29:05:4b:d7:a6:83:c1:9f:2e:aa:7d:60:68:16:db:6e:87:
         44:72:04:60:41:19:ea:d0:30:99:d1:38:c3:8d:74:1f:50:4c:
         f2:07:9f:7c:f8:71:c8:47:f6:0b:3b:9e:97:27:c4:b4:df:a4:
         56:53:bf:3d:ce:19:85:7b:1a:1e:5c:fd:bf:74:a6:d7:2e:d6:
         62:85:64:8b:71:65:88:5b:cc:db:75:cf:68:a0:52:9e:7f:f1:
         74:26:eb:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/c7N2iSJzIJeg13fPvKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODcwY2M0YTVkMjdkZTA5MGRkZTc5MmZlYzBkNTNkMGU2ZWRmZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3AOOhoN1OaXtCOf03fTcxf6wRbE
HTmx4/tb01almeNaNhTczyRJkh71xsH6QtdR3wlGRTtcQP2EFvzMpqdlmqZe73lh
J3WAnBcUa6Yxi3olEFHOnU7wDhNecrir52283D3Juw986XmUaj1okMSwjc/1WRkg
twqaq/Vl3xE7DH4jPck0U0lcBH85V7CzvkDiD3O+3lTEiLjccReMHVoWcHz5IhGl
2kKEeOaYH+8oE4gcyuZ2V0m3NsTZ4MVF2dapCuQMKkMo3KcL15uSnVB5YINFZmui
EOgc74LZgv0IuiYsqgN1T7rb0VCTSVdZ98nfoKjcLu++c2GuUe8c9s+u0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhwzEpdJ94JDd55L+wNU9Dm7f5pMB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvZUhETVNsMG4zZ2tOM25rdjdBMVQwT2J0X21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDktMGExOTUxOGY3MzU4
LzEvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1GCYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtMKjFTSlPuaC/NcHOkjSiSIYew45BKIryzIkVl3jg
PlWzP5/ZTNoK5ISWJAPaMDsN9mfkxfWSO6iRLm6rRhrAbaNM6q99w/9mF6Es9wy7
IyQgu9UNb7Al+eXhm9GlJrRSruBrrvPgbO3NOSXdetTVwd6oK5Bfe1YorhDhUYaM
FzWUfvrg384gI5MiQKwquO3Xpeb0FqQxOwT8ncoOtieU8VRrKQVL16aDwZ8uqn1g
aBbbbodEcgRgQRnq0DCZ0TjDjXQfUEzyB598+HHIR/YLO56XJ8S036RWU789zhmF
exoeXP2/dKbXLtZihWSLcWWIW8zbdc9ooFKef/F0JuvV
-----END CERTIFICATE-----