Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/MXOFcfnTUbTG0Z0k6jm9OvZjusI.roa
File:                     MXOFcfnTUbTG0Z0k6jm9OvZjusI.roa (raw, json)
Hash identifier:          g12bb8NYsiYXoa8eXe67xmpUlRgVE1p14iprEmnae2Y=
Subject key identifier:   31:73:85:71:F9:D3:51:B4:C6:D1:9D:24:EA:39:BD:3A:F6:63:BA:C2
Certificate issuer:       /CN=bcec8c732aa43ef0b39bd34d140fdd3a73aedb79
Certificate serial:       01941F8C90BAC551E178724788A055D253E9
Authority key identifier: BC:EC:8C:73:2A:A4:3E:F0:B3:9B:D3:4D:14:0F:DD:3A:73:AE:DB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vOyMcyqkPvCzm9NNFA_dOnOu23k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/MXOFcfnTUbTG0Z0k6jm9OvZjusI.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.57.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/vOyMcyqkPvCzm9NNFA_dOnOu23k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/vOyMcyqkPvCzm9NNFA_dOnOu23k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vOyMcyqkPvCzm9NNFA_dOnOu23k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:90:ba:c5:51:e1:78:72:47:88:a0:55:d2:53:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcec8c732aa43ef0b39bd34d140fdd3a73aedb79
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31738571f9d351b4c6d19d24ea39bd3af663bac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9d:fb:00:4f:08:57:cb:16:d2:ea:b1:54:76:
                    b1:3a:5f:9f:a4:b7:db:ee:9d:b9:7e:9a:5d:65:d2:
                    76:a1:fc:01:2e:62:72:66:06:2d:48:29:0c:7f:24:
                    37:32:56:6b:44:9d:a5:ec:bb:cb:e3:21:6f:a1:5c:
                    7d:12:c2:c4:6a:4a:00:17:18:89:55:68:f0:54:1c:
                    31:e0:4e:4e:85:ad:d1:31:be:cb:db:2b:2e:42:6b:
                    60:a8:0f:24:7b:99:11:c1:04:b4:b6:6e:6c:93:5a:
                    f8:3d:ba:aa:87:03:6a:80:38:5c:92:c4:c4:e0:39:
                    d3:e0:dd:a1:6f:f4:6d:2d:a4:27:3d:d6:b4:a6:60:
                    7f:cc:2f:a9:f7:b7:92:30:8b:1f:83:c8:2d:25:15:
                    91:0d:08:44:43:72:d0:91:e3:a8:e6:89:e8:0b:a5:
                    1c:ae:bf:18:5f:45:13:4a:54:10:7a:fd:91:e7:1e:
                    d8:f8:04:d2:1e:5a:e6:24:3a:ff:91:2d:55:1a:36:
                    1b:51:71:6d:f5:bf:89:19:35:5e:2f:83:df:98:6d:
                    15:9f:a6:18:c0:ab:c3:cf:5d:6c:e8:b6:1c:47:ed:
                    5c:00:b2:9d:52:2a:22:e7:61:e7:c9:51:56:4c:9c:
                    bc:5a:ce:90:97:b1:e6:07:e9:3b:78:e7:ff:5e:59:
                    66:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:73:85:71:F9:D3:51:B4:C6:D1:9D:24:EA:39:BD:3A:F6:63:BA:C2
            X509v3 Authority Key Identifier:
                keyid:BC:EC:8C:73:2A:A4:3E:F0:B3:9B:D3:4D:14:0F:DD:3A:73:AE:DB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vOyMcyqkPvCzm9NNFA_dOnOu23k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/MXOFcfnTUbTG0Z0k6jm9OvZjusI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/vOyMcyqkPvCzm9NNFA_dOnOu23k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.57.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         55:a8:df:43:c3:76:aa:5e:7e:9a:84:94:90:69:4e:9a:05:a5:
         cd:44:56:29:62:77:c7:e8:0b:6e:2b:12:0e:8d:fc:96:4e:6c:
         50:93:b2:58:82:6e:ea:50:4b:64:67:9c:8f:55:da:4f:21:39:
         e4:ce:f6:6d:99:6b:22:78:e0:a2:f5:af:d1:7c:0e:81:9b:1b:
         7f:3f:9e:dc:bb:fb:61:40:a2:00:42:06:1e:94:78:e6:64:fc:
         d4:75:4b:9d:fe:03:aa:76:0b:c6:3f:60:1f:94:58:dc:8f:f3:
         c2:5e:46:a3:c3:7c:ac:d5:ed:5d:a4:b4:90:f1:76:7e:04:03:
         47:84:e1:55:c5:8e:f0:0d:77:32:1c:cf:66:9e:12:71:e7:12:
         ca:1e:ad:e1:fd:a5:56:d7:88:75:95:45:74:86:27:a9:69:35:
         1c:78:41:d6:ba:b8:94:7f:ed:97:f4:24:ee:c4:7b:67:3e:69:
         8a:9b:85:c9:92:8f:da:38:5e:d9:55:63:3c:ae:54:d9:a9:e1:
         8f:03:fa:ce:2a:b4:dc:2d:49:ed:a0:c0:02:51:b1:ae:23:df:
         99:96:65:42:66:0b:47:4b:97:90:a1:91:6d:64:ee:70:9c:5e:
         c2:c8:57:f8:cd:e7:5c:36:9d:6f:af:9a:fe:cb:12:ee:b9:5d:
         b1:47:80:12
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQfjJC6xVHheHJHiKBV0lPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZWM4YzczMmFhNDNlZjBiMzliZDM0ZDE0MGZkZDNhNzNh
ZWRiNzkwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTczODU3MWY5ZDM1MWI0YzZkMTlkMjRlYTM5YmQzYWY2NjNiYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo537AE8IV8sW0uqxVHaxOl+fpLfb
7p25fppdZdJ2ofwBLmJyZgYtSCkMfyQ3MlZrRJ2l7LvL4yFvoVx9EsLEakoAFxiJ
VWjwVBwx4E5Oha3RMb7L2ysuQmtgqA8ke5kRwQS0tm5sk1r4PbqqhwNqgDhcksTE
4DnT4N2hb/RtLaQnPda0pmB/zC+p97eSMIsfg8gtJRWRDQhEQ3LQkeOo5onoC6Uc
rr8YX0UTSlQQev2R5x7Y+ATSHlrmJDr/kS1VGjYbUXFt9b+JGTVeL4PfmG0Vn6YY
wKvDz11s6LYcR+1cALKdUioi52HnyVFWTJy8Ws6Ql7HmB+k7eOf/Xllm6QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDFzhXH501G0xtGdJOo5vTr2Y7rCMB8GA1UdIwQY
MBaAFLzsjHMqpD7ws5vTTRQP3Tpzrtt5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk95TWN5cWtQdkN6bTlOTkZBX2RPbk91MjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC82MTE1OGEtNzI0Ni00YjQ3LWI0OTYt
YzQwYzBkYmUxZGUwLzEvTVhPRmNmblRVYlRHMFowazZqbTlPdlpqdXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC82MTE1OGEtNzI0Ni00YjQ3LWI0OTYtYzQwYzBkYmUxZGUw
LzEvdk95TWN5cWtQdkN6bTlOTkZBX2RPbk91MjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTkwDQYJ
KoZIhvcNAQELBQADggEBAFWo30PDdqpefpqElJBpTpoFpc1EVilid8foC24rEg6N
/JZObFCTsliCbupQS2RnnI9V2k8hOeTO9m2ZayJ44KL1r9F8DoGbG38/nty7+2FA
ogBCBh6UeOZk/NR1S53+A6p2C8Y/YB+UWNyP88JeRqPDfKzV7V2ktJDxdn4EA0eE
4VXFjvANdzIcz2aeEnHnEsoereH9pVbXiHWVRXSGJ6lpNRx4Qda6uJR/7Zf0JO7E
e2c+aYqbhcmSj9o4XtlVYzyuVNmp4Y8D+s4qtNwtSe2gwAJRsa4j35mWZUJmC0dL
l5ChkW1k7nCcXsLIV/jN51w2nW+vmv7LEu65XbFHgBI=
-----END CERTIFICATE-----