Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/mcCnj0YcjKVWKNRUEHJJ9oCILI8.roa
File:                     mcCnj0YcjKVWKNRUEHJJ9oCILI8.roa (raw, json)
Hash identifier:          QCD+FHuTsYXCE9fg4S64GzeBQUQDK650c6oIs3Pqi/Y=
Subject key identifier:   99:C0:A7:8F:46:1C:8C:A5:56:28:D4:54:10:72:49:F6:80:88:2C:8F
Certificate issuer:       /CN=c9b59f41779e6f2435f59f1a171c080a5a7a44d2
Certificate serial:       01942521DD3AE0FE728D0C581F53EF2763F5
Authority key identifier: C9:B5:9F:41:77:9E:6F:24:35:F5:9F:1A:17:1C:08:0A:5A:7A:44:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/mcCnj0YcjKVWKNRUEHJJ9oCILI8.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61211
IP address blocks:        194.36.45.0/24 maxlen: 24
                          194.36.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:dd:3a:e0:fe:72:8d:0c:58:1f:53:ef:27:63:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b59f41779e6f2435f59f1a171c080a5a7a44d2
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99c0a78f461c8ca55628d454107249f680882c8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:cc:a2:34:32:32:de:44:c7:b4:9c:3f:a5:ab:
                    ec:c5:20:0d:87:14:cd:df:26:40:c9:a2:82:a4:cf:
                    22:2a:00:9c:fe:de:17:67:5b:2f:41:54:26:f7:c8:
                    3b:8d:47:b8:8e:02:4d:d1:5f:46:66:90:5e:5b:0f:
                    0d:b7:b7:ad:3a:ee:ae:61:43:b7:43:97:e0:bd:01:
                    47:db:79:5c:da:4c:53:b4:0c:e9:b1:db:32:e7:07:
                    5b:1d:b0:d8:82:94:a3:d2:28:5f:0d:f3:0e:f3:8c:
                    4e:20:72:cb:66:08:34:7e:3f:04:61:42:bb:10:fe:
                    a9:6d:ab:68:1f:2c:bc:dd:54:3e:72:c8:c7:58:42:
                    b8:06:61:32:a1:cf:c7:22:f3:f1:e0:44:68:9e:82:
                    d4:0c:0a:e8:4c:6a:cf:75:be:2b:4c:2e:6d:1a:7b:
                    7b:ee:42:5e:01:93:4b:e0:dd:de:7c:b8:de:b0:fe:
                    23:66:b9:15:e2:ec:9f:ac:c4:d0:e8:ab:4b:1d:2b:
                    bd:dd:ca:f6:ff:21:bb:0b:d5:46:82:e1:9f:4e:52:
                    c1:b1:1d:11:2c:0f:19:fd:29:8b:2b:cf:bd:31:39:
                    56:d7:a7:3b:23:31:f1:d0:28:22:16:9d:a4:cf:c9:
                    b9:f6:50:58:5e:c3:bb:34:a6:89:7c:2a:62:34:80:
                    09:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C0:A7:8F:46:1C:8C:A5:56:28:D4:54:10:72:49:F6:80:88:2C:8F
            X509v3 Authority Key Identifier:
                keyid:C9:B5:9F:41:77:9E:6F:24:35:F5:9F:1A:17:1C:08:0A:5A:7A:44:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/mcCnj0YcjKVWKNRUEHJJ9oCILI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.45.0-194.36.47.255

    Signature Algorithm: sha256WithRSAEncryption
         54:c2:ec:29:35:1d:f8:1d:61:b2:2b:5c:f3:55:2e:38:22:a4:
         2a:32:30:bc:54:3b:fb:6e:ab:8e:e7:8f:20:42:bb:9b:8d:0a:
         f8:1f:91:dc:8d:5e:96:f2:66:d4:0f:de:0e:a3:be:98:d0:c2:
         6a:ca:53:b4:cd:8f:42:57:1d:f0:a0:c8:52:6d:2d:1a:ab:9a:
         aa:09:7d:1d:68:04:d4:08:b3:61:91:94:42:ef:29:da:ad:db:
         f7:9b:35:a7:a7:f0:a6:80:38:d9:bc:3d:15:a7:69:bd:29:c0:
         85:18:17:5d:ba:c8:b5:f7:d5:01:ef:d9:21:d9:12:d3:69:22:
         dd:1e:16:6d:07:61:c5:16:02:4b:71:3f:6b:54:53:33:3b:36:
         a8:6c:53:a6:1d:54:44:02:e8:29:cf:9b:5e:00:20:bb:21:9a:
         87:97:ef:63:1e:0c:95:55:02:6f:c2:43:34:a6:55:26:e7:ed:
         72:27:ca:b8:99:13:ca:1a:21:8b:ce:0b:71:10:2e:4c:e7:81:
         0d:72:2e:cc:43:1d:6f:55:4b:0a:cc:2f:b2:79:da:5e:b3:3f:
         ac:29:19:00:07:90:3e:c3:5f:bf:59:ac:b3:20:e2:6a:db:76:
         78:be:75:0e:7d:78:0c:58:ae:10:9b:e6:78:cb:bd:54:41:13:
         4d:0b:ec:0c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQlId064P5yjQxYH1PvJ2P1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjU5ZjQxNzc5ZTZmMjQzNWY1OWYxYTE3MWMwODBhNWE3
YTQ0ZDIwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWMwYTc4ZjQ2MWM4Y2E1NTYyOGQ0NTQxMDcyNDlmNjgwODgyYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8yiNDIy3kTHtJw/pavsxSANhxTN
3yZAyaKCpM8iKgCc/t4XZ1svQVQm98g7jUe4jgJN0V9GZpBeWw8Nt7etOu6uYUO3
Q5fgvQFH23lc2kxTtAzpsdsy5wdbHbDYgpSj0ihfDfMO84xOIHLLZgg0fj8EYUK7
EP6pbatoHyy83VQ+csjHWEK4BmEyoc/HIvPx4ERonoLUDAroTGrPdb4rTC5tGnt7
7kJeAZNL4N3efLjesP4jZrkV4uyfrMTQ6KtLHSu93cr2/yG7C9VGguGfTlLBsR0R
LA8Z/SmLK8+9MTlW16c7IzHx0CgiFp2kz8m59lBYXsO7NKaJfCpiNIAJTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJnAp49GHIylVijUVBBySfaAiCyPMB8GA1UdIwQY
MBaAFMm1n0F3nm8kNfWfGhccCApaekTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJXZlFYZWVieVExOVo4YUZ4d0lDbHA2Uk5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wMjdjOGItNDAwOS00ZGE2LWFlOTct
NzIzNjdjYmIxOWVmLzEvbWNDbmowWWNqS1ZXS05SVUVISko5b0NJTEk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wMjdjOGItNDAwOS00ZGE2LWFlOTctNzIzNjdjYmIxOWVm
LzEveWJXZlFYZWVieVExOVo4YUZ4d0lDbHA2Uk5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCJC0D
BATCJCAwDQYJKoZIhvcNAQELBQADggEBAFTC7Ck1HfgdYbIrXPNVLjgipCoyMLxU
O/tuq47njyBCu5uNCvgfkdyNXpbyZtQP3g6jvpjQwmrKU7TNj0JXHfCgyFJtLRqr
mqoJfR1oBNQIs2GRlELvKdqt2/ebNaen8KaAONm8PRWnab0pwIUYF126yLX31QHv
2SHZEtNpIt0eFm0HYcUWAktxP2tUUzM7NqhsU6YdVEQC6CnPm14AILshmoeX72Me
DJVVAm/CQzSmVSbn7XInyriZE8oaIYvOC3EQLkzngQ1yLsxDHW9VSwrML7J52l6z
P6wpGQAHkD7DX79ZrLMg4mrbdni+dQ59eAxYrhCb5njLvVRBE00L7Aw=
-----END CERTIFICATE-----