Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/MxYpdz7QLHrqszrw0ICVs_l_uwI.roa
File:                     MxYpdz7QLHrqszrw0ICVs_l_uwI.roa (raw, json)
Hash identifier:          uY4nKFGGyfh/6l3FSdHL/FklopbqDKoZs2zw3yHpkBY=
Subject key identifier:   33:16:29:77:3E:D0:2C:7A:EA:B3:3A:F0:D0:80:95:B3:F9:7F:BB:02
Certificate issuer:       /CN=60a540ce450456345ec8e098ef4f53634d74bf1f
Certificate serial:       019422FB85A3EA0CB7C4C7379BD32CABCFFA
Authority key identifier: 60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/MxYpdz7QLHrqszrw0ICVs_l_uwI.roa
Signing time:             Wed 01 Jan 2025 17:48:16 +0000
ROA not before:           Wed 01 Jan 2025 17:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399114
IP address blocks:        94.154.8.0/24 maxlen: 24
                          178.211.157.0/24 maxlen: 24
                          185.234.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:85:a3:ea:0c:b7:c4:c7:37:9b:d3:2c:ab:cf:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60a540ce450456345ec8e098ef4f53634d74bf1f
        Validity
            Not Before: Jan  1 17:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=331629773ed02c7aeab33af0d08095b3f97fbb02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2d:df:b3:de:1b:63:25:60:a6:37:65:3b:84:
                    48:6e:ff:0b:82:7c:05:b7:33:e2:cd:88:b8:dc:7b:
                    72:bb:02:73:b7:a7:44:a6:e2:4e:f1:fb:32:08:9e:
                    dc:f5:bb:f3:f7:29:c4:bf:56:4b:37:5e:98:44:65:
                    da:cd:29:d1:fc:91:46:6b:d5:2c:e2:35:49:10:e7:
                    7e:e6:f6:08:56:c0:5e:f6:51:7b:86:d7:9c:e3:0e:
                    f7:35:61:12:7d:9a:7c:da:5a:a6:5e:29:64:c5:8b:
                    3e:8d:28:2b:72:62:21:ce:c9:ec:d6:1b:5f:25:82:
                    4a:96:53:70:8f:72:80:51:e7:cf:03:c8:ec:c5:b0:
                    b7:b9:85:6a:d3:81:94:bd:23:ca:86:48:a7:4f:df:
                    41:c8:d6:ae:d4:af:76:cc:06:a5:39:30:5d:df:e6:
                    a1:1f:4b:8b:98:f5:17:93:ab:4b:f5:81:a3:b4:da:
                    e8:06:d8:80:17:74:9c:cf:db:26:c0:41:d6:be:8f:
                    8b:f0:3b:7f:ec:7b:ea:63:bc:58:ee:33:75:4b:13:
                    ac:65:87:0f:70:5f:94:79:e9:c1:d7:24:58:33:b0:
                    d9:2d:b1:20:15:78:11:d2:12:fe:04:d3:dd:c0:49:
                    94:24:80:0f:4b:b8:61:e4:34:fc:3b:c8:3a:64:17:
                    0d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:16:29:77:3E:D0:2C:7A:EA:B3:3A:F0:D0:80:95:B3:F9:7F:BB:02
            X509v3 Authority Key Identifier:
                keyid:60:A5:40:CE:45:04:56:34:5E:C8:E0:98:EF:4F:53:63:4D:74:BF:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKVAzkUEVjReyOCY709TY010vx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/MxYpdz7QLHrqszrw0ICVs_l_uwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/195a47-a2cb-4f00-8531-e473531f6fe8/1/YKVAzkUEVjReyOCY709TY010vx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.8.0/24
                  178.211.157.0/24
                  185.234.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:18:98:12:72:27:98:b3:0b:f4:44:0b:21:d4:bc:d6:15:84:
         c2:90:2d:57:98:eb:a1:36:2a:e6:44:f4:c1:0c:68:d6:ed:76:
         f9:7b:24:24:96:19:71:6f:e8:08:af:73:ed:21:db:88:67:98:
         cd:8b:fd:e1:a7:6c:ce:f7:b1:ee:a8:bd:40:9f:6e:cb:40:13:
         59:b3:53:67:f4:04:32:e1:db:01:e3:75:2f:72:06:3c:d6:aa:
         99:a9:33:88:3f:9c:68:c7:db:17:45:3f:a0:ca:52:8c:c7:a2:
         ef:49:74:57:60:31:ae:75:c2:b7:a5:ef:b0:22:a8:49:08:54:
         17:08:e8:3d:d7:89:dd:c2:38:71:4b:3d:18:b8:a0:4a:c7:4c:
         4a:d3:f3:92:c4:a2:33:93:15:7c:52:c2:56:e7:d0:c2:f8:bd:
         0f:b3:02:b1:e0:47:b2:7b:36:20:a6:4f:a1:1b:c7:9f:59:d8:
         74:a8:97:a4:9f:4b:02:90:d6:42:2d:1e:ff:ce:ba:04:09:3e:
         b0:97:12:2a:60:cc:d1:e9:74:71:d9:cf:d6:44:9f:dc:f1:94:
         3c:65:60:4f:e6:c1:db:5d:13:13:a7:18:8f:81:bc:99:df:bd:
         04:91:77:9f:bc:b7:ae:3b:da:d1:84:cd:4b:25:f0:eb:c8:65:
         7a:00:e3:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi+4Wj6gy3xMc3m9Msq8/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYTU0MGNlNDUwNDU2MzQ1ZWM4ZTA5OGVmNGY1MzYzNGQ3
NGJmMWYwHhcNMjUwMTAxMTc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzE2Mjk3NzNlZDAyYzdhZWFiMzNhZjBkMDgwOTViM2Y5N2ZiYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzS3fs94bYyVgpjdlO4RIbv8LgnwF
tzPizYi43HtyuwJzt6dEpuJO8fsyCJ7c9bvz9ynEv1ZLN16YRGXazSnR/JFGa9Us
4jVJEOd+5vYIVsBe9lF7htec4w73NWESfZp82lqmXilkxYs+jSgrcmIhzsns1htf
JYJKllNwj3KAUefPA8jsxbC3uYVq04GUvSPKhkinT99ByNau1K92zAalOTBd3+ah
H0uLmPUXk6tL9YGjtNroBtiAF3Scz9smwEHWvo+L8Dt/7HvqY7xY7jN1SxOsZYcP
cF+UeenB1yRYM7DZLbEgFXgR0hL+BNPdwEmUJIAPS7hh5DT8O8g6ZBcN+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDMWKXc+0Cx66rM68NCAlbP5f7sCMB8GA1UdIwQY
MBaAFGClQM5FBFY0XsjgmO9PU2NNdL8fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEt
ZTQ3MzUzMWY2ZmU4LzEvTXhZcGR6N1FMSHJxc3pydzBJQ1ZzX2xfdXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xOTVhNDctYTJjYi00ZjAwLTg1MzEtZTQ3MzUzMWY2ZmU4
LzEvWUtWQXprVUVWalJleU9DWTcwOVRZMDEwdng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpoIAwQA
stOdAwQAuepzMA0GCSqGSIb3DQEBCwUAA4IBAQABGJgScieYswv0RAsh1LzWFYTC
kC1XmOuhNirmRPTBDGjW7Xb5eyQklhlxb+gIr3PtIduIZ5jNi/3hp2zO97HuqL1A
n27LQBNZs1Nn9AQy4dsB43UvcgY81qqZqTOIP5xox9sXRT+gylKMx6LvSXRXYDGu
dcK3pe+wIqhJCFQXCOg914ndwjhxSz0YuKBKx0xK0/OSxKIzkxV8UsJW59DC+L0P
swKx4EeyezYgpk+hG8efWdh0qJekn0sCkNZCLR7/zroECT6wlxIqYMzR6XRx2c/W
RJ/c8ZQ8ZWBP5sHbXRMTpxiPgbyZ370EkXefvLeuO9rRhM1LJfDryGV6AOPE
-----END CERTIFICATE-----