Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/5sSVXjXvJmErWd1wKwIQK6a_mpc.roa
File:                     5sSVXjXvJmErWd1wKwIQK6a_mpc.roa (raw, json)
Hash identifier:          Gd8tIJeuQDrvoiYueaVU9NtycnUD3d9hfBsHWs7XkBs=
Subject key identifier:   E6:C4:95:5E:35:EF:26:61:2B:59:DD:70:2B:02:10:2B:A6:BF:9A:97
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       0194206814BFF91D31760E6E8980B0A2CDE1
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/5sSVXjXvJmErWd1wKwIQK6a_mpc.roa
Signing time:             Wed 01 Jan 2025 05:47:59 +0000
ROA not before:           Wed 01 Jan 2025 05:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212939
IP address blocks:        195.238.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:14:bf:f9:1d:31:76:0e:6e:89:80:b0:a2:cd:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Jan  1 05:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6c4955e35ef26612b59dd702b02102ba6bf9a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:40:92:90:a9:0f:88:10:c0:31:c1:3a:4f:bf:
                    fe:5b:23:c7:a2:be:9c:a3:8e:e9:ee:3d:3f:4c:f4:
                    62:7f:cd:36:e4:57:89:23:ac:c1:8c:8f:34:31:85:
                    79:3a:3d:de:18:f6:66:4c:1e:ac:7d:05:80:7f:c0:
                    04:04:fc:97:f2:28:0b:d5:44:a6:0c:73:05:82:a8:
                    55:4d:ff:33:dc:7b:71:aa:ed:97:a4:0e:81:73:46:
                    a8:43:70:87:27:cd:1b:7a:fc:16:a9:7a:5c:99:f0:
                    08:3b:c8:eb:8c:c3:84:fa:a9:b7:18:9e:0a:2f:df:
                    66:70:86:fb:3b:87:56:27:17:6b:a2:c2:4c:f3:2d:
                    7b:6e:d5:7c:a7:c4:ee:9a:24:43:c8:d9:41:8a:23:
                    d8:b3:d7:d2:06:92:26:50:0a:56:96:68:2b:84:b9:
                    55:c6:db:a4:2f:bb:d5:ca:85:9b:72:6d:03:bf:5c:
                    a9:f5:7a:6b:2b:16:97:17:55:b9:dd:7f:bc:10:0d:
                    c5:0d:6f:da:10:61:20:e1:48:32:ab:85:29:64:c0:
                    fe:6e:0b:fc:fc:d4:8e:b3:3c:e6:19:78:d6:80:ec:
                    5b:64:53:ef:b8:2d:1d:05:e1:69:0d:81:f4:a3:02:
                    4f:c1:eb:6d:32:3a:6d:d3:f7:2b:94:2c:e2:80:98:
                    dd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:C4:95:5E:35:EF:26:61:2B:59:DD:70:2B:02:10:2B:A6:BF:9A:97
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/5sSVXjXvJmErWd1wKwIQK6a_mpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:6b:18:6d:e6:1d:bd:80:ff:cf:b2:4c:36:d7:3e:c6:74:fa:
         5b:3a:8e:e9:c3:f2:27:0b:12:ac:cb:ef:37:7b:d3:0c:5d:94:
         36:25:8e:7f:54:94:3b:a5:6e:5f:ad:1f:ad:96:fc:3a:1e:39:
         29:10:d1:22:9c:20:88:5f:8a:cd:9b:f5:f8:14:8e:89:b3:a8:
         81:d9:ba:80:43:23:14:b4:c5:31:fc:58:5c:c1:8d:cc:13:e6:
         48:72:a6:76:c5:e3:1f:a5:53:07:5d:e0:e0:13:46:c5:6b:88:
         15:26:16:bf:32:1e:28:1a:58:83:28:36:82:3f:d3:6a:98:73:
         88:b8:11:13:1c:1b:9b:d5:4e:c0:05:38:16:30:5f:e9:54:d3:
         78:2c:49:86:be:d1:f2:9c:3b:b4:40:ff:01:8a:47:85:e0:c5:
         1f:2c:3e:6f:05:97:94:9c:f9:5a:da:bb:16:6f:4e:1a:8b:1a:
         44:79:0a:a7:f8:83:ef:b8:ec:eb:18:ef:48:7e:69:a8:28:1a:
         45:b2:3b:40:a4:3b:2a:9a:0f:0b:1c:e7:8e:92:d0:58:86:1d:
         4e:7e:dd:5a:86:c2:2e:43:d3:fc:1f:d2:eb:75:04:09:1e:a3:
         db:e3:48:a9:5d:a7:fd:73:bd:37:30:8a:61:9d:fb:2d:d1:c6:
         eb:5f:e8:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaBS/+R0xdg5uiYCwos3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwMTAxMDU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmM0OTU1ZTM1ZWYyNjYxMmI1OWRkNzAyYjAyMTAyYmE2YmY5YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10CSkKkPiBDAMcE6T7/+WyPHor6c
o47p7j0/TPRif8025FeJI6zBjI80MYV5Oj3eGPZmTB6sfQWAf8AEBPyX8igL1USm
DHMFgqhVTf8z3Htxqu2XpA6Bc0aoQ3CHJ80bevwWqXpcmfAIO8jrjMOE+qm3GJ4K
L99mcIb7O4dWJxdrosJM8y17btV8p8TumiRDyNlBiiPYs9fSBpImUApWlmgrhLlV
xtukL7vVyoWbcm0Dv1yp9XprKxaXF1W53X+8EA3FDW/aEGEg4Ugyq4UpZMD+bgv8
/NSOszzmGXjWgOxbZFPvuC0dBeFpDYH0owJPwettMjpt0/crlCzigJjd6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObElV417yZhK1ndcCsCECumv5qXMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvNXNTVlhqWHZKbUVyV2Qxd0t3SVFLNmFfbXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+73MA0G
CSqGSIb3DQEBCwUAA4IBAQBWaxht5h29gP/Pskw21z7GdPpbOo7pw/InCxKsy+83
e9MMXZQ2JY5/VJQ7pW5frR+tlvw6HjkpENEinCCIX4rNm/X4FI6Js6iB2bqAQyMU
tMUx/FhcwY3ME+ZIcqZ2xeMfpVMHXeDgE0bFa4gVJha/Mh4oGliDKDaCP9NqmHOI
uBETHBub1U7ABTgWMF/pVNN4LEmGvtHynDu0QP8BikeF4MUfLD5vBZeUnPla2rsW
b04aixpEeQqn+IPvuOzrGO9IfmmoKBpFsjtApDsqmg8LHOeOktBYhh1Oft1ahsIu
Q9P8H9LrdQQJHqPb40ipXaf9c703MIphnfst0cbrX+h6
-----END CERTIFICATE-----