Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/MKzlSHA5umAqwVeARbcnAeXl1jc.roa
File:                     MKzlSHA5umAqwVeARbcnAeXl1jc.roa (raw, json)
Hash identifier:          4blSnw7gE5YpxzhFPmztaW8X3UNRRgK5gE8sJ2PE3n4=
Subject key identifier:   30:AC:E5:48:70:39:BA:60:2A:C1:57:80:45:B7:27:01:E5:E5:D6:37
Certificate issuer:       /CN=26d38293f669db48b6d0bd1036adfdef6bd3d375
Certificate serial:       019425FC06D930B2F1CB0569E30803ECF3D3
Authority key identifier: 26:D3:82:93:F6:69:DB:48:B6:D0:BD:10:36:AD:FD:EF:6B:D3:D3:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/MKzlSHA5umAqwVeARbcnAeXl1jc.roa
Signing time:             Thu 02 Jan 2025 07:47:41 +0000
ROA not before:           Thu 02 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60091
IP address blocks:        185.166.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:06:d9:30:b2:f1:cb:05:69:e3:08:03:ec:f3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d38293f669db48b6d0bd1036adfdef6bd3d375
        Validity
            Not Before: Jan  2 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30ace5487039ba602ac1578045b72701e5e5d637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6d:72:e0:49:16:48:c9:a7:f0:a6:05:ae:31:
                    48:7e:ef:56:5d:d6:84:42:9c:49:92:b3:6c:f4:65:
                    9e:77:c4:6a:a1:40:46:f3:16:ed:67:7b:f9:0d:cf:
                    be:38:24:42:64:d1:7f:4b:70:21:8a:c5:29:5d:b1:
                    d2:e1:40:37:1e:f2:d2:4d:28:7e:5c:1e:d7:a8:c8:
                    1f:da:29:03:2a:09:83:b1:da:d2:6d:4a:d8:a9:29:
                    b4:fa:40:ec:40:79:d1:91:65:f7:1f:3f:1b:05:1e:
                    07:5b:3d:fb:b4:b1:27:8a:43:0c:9e:4d:75:51:89:
                    1d:9e:93:e6:66:68:a3:03:3a:f7:57:04:d7:6f:91:
                    af:3a:ce:68:4c:c2:9c:73:c0:c5:d3:e0:98:ac:e3:
                    a0:cc:61:f5:32:66:fe:9b:85:d5:da:6c:f8:92:73:
                    25:9c:ea:b9:c0:7e:22:ee:fe:17:10:b1:c0:47:db:
                    82:20:69:77:77:c6:66:2e:7d:49:9b:39:8b:3b:09:
                    30:90:ac:93:08:be:07:b7:c6:f1:57:0d:fc:68:2d:
                    66:4a:6b:96:e9:a7:af:b1:5f:33:64:9a:35:b1:f7:
                    4e:34:04:57:97:7c:e7:1b:67:e0:9d:21:2e:88:6c:
                    cb:93:cb:dd:19:79:4e:1a:c0:bd:86:d9:08:5c:7a:
                    05:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:AC:E5:48:70:39:BA:60:2A:C1:57:80:45:B7:27:01:E5:E5:D6:37
            X509v3 Authority Key Identifier:
                keyid:26:D3:82:93:F6:69:DB:48:B6:D0:BD:10:36:AD:FD:EF:6B:D3:D3:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/MKzlSHA5umAqwVeARbcnAeXl1jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:c7:87:02:4a:10:91:dd:64:3b:c7:28:28:c2:36:4d:e3:7c:
         3a:e6:06:66:84:2f:44:7d:2e:0e:ed:a7:7e:62:55:31:08:8f:
         80:b2:50:64:70:14:ed:67:06:64:a2:34:ea:c0:4b:c1:bb:5b:
         38:57:bb:4f:13:98:6d:ba:1e:52:3a:ca:13:1a:2a:b5:6e:a5:
         10:18:e6:14:0f:42:f3:a3:11:bd:e5:24:25:d5:08:6b:28:4b:
         32:11:f3:74:80:ba:de:62:3a:9b:e8:c0:bb:67:be:1e:a3:eb:
         43:a8:57:16:53:d5:85:06:94:30:64:bb:d3:65:7e:1b:84:6e:
         09:6f:1e:75:5f:7f:e8:4d:ca:62:88:7f:95:94:fb:19:f2:b2:
         bf:75:ff:e5:c3:73:77:f8:84:8f:d3:c9:53:ad:fe:a7:a0:b6:
         f4:c9:91:28:21:02:ef:93:96:75:74:37:f0:d3:2d:e7:ff:6a:
         26:23:7c:f2:9e:91:87:68:f2:ac:50:76:18:3a:e9:ae:1c:f9:
         0e:95:20:a1:4b:fd:f4:7d:62:a7:bd:97:ce:3d:8d:09:2f:48:
         3f:7c:b5:db:ef:7d:86:91:0f:1d:db:b9:7b:5e:bf:33:46:71:
         70:8d:0f:78:fa:fa:6a:9e:2c:43:f9:b0:1a:16:bd:04:65:4f:
         a1:ab:7e:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/AbZMLLxywVp4wgD7PPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDM4MjkzZjY2OWRiNDhiNmQwYmQxMDM2YWRmZGVmNmJk
M2QzNzUwHhcNMjUwMTAyMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGFjZTU0ODcwMzliYTYwMmFjMTU3ODA0NWI3MjcwMWU1ZTVkNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG1y4EkWSMmn8KYFrjFIfu9WXdaE
QpxJkrNs9GWed8RqoUBG8xbtZ3v5Dc++OCRCZNF/S3AhisUpXbHS4UA3HvLSTSh+
XB7XqMgf2ikDKgmDsdrSbUrYqSm0+kDsQHnRkWX3Hz8bBR4HWz37tLEnikMMnk11
UYkdnpPmZmijAzr3VwTXb5GvOs5oTMKcc8DF0+CYrOOgzGH1Mmb+m4XV2mz4knMl
nOq5wH4i7v4XELHAR9uCIGl3d8ZmLn1JmzmLOwkwkKyTCL4Ht8bxVw38aC1mSmuW
6aevsV8zZJo1sfdONARXl3znG2fgnSEuiGzLk8vdGXlOGsC9htkIXHoFawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCs5UhwObpgKsFXgEW3JwHl5dY3MB8GA1UdIwQY
MBaAFCbTgpP2adtIttC9EDat/e9r09N1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRPQ2tfWnAyMGkyMEwwUU5xMzk3MnZUMDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wN2NjMjUtODU5Ny00MzBiLWJjNTIt
NDQ4YjliOTViMDllLzEvTUt6bFNIQTV1bUFxd1ZlQVJiY25BZVhsMWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wN2NjMjUtODU5Ny00MzBiLWJjNTItNDQ4YjliOTViMDll
LzEvSnRPQ2tfWnAyMGkyMEwwUU5xMzk3MnZUMDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaYJMA0G
CSqGSIb3DQEBCwUAA4IBAQBMx4cCShCR3WQ7xygowjZN43w65gZmhC9EfS4O7ad+
YlUxCI+AslBkcBTtZwZkojTqwEvBu1s4V7tPE5htuh5SOsoTGiq1bqUQGOYUD0Lz
oxG95SQl1QhrKEsyEfN0gLreYjqb6MC7Z74eo+tDqFcWU9WFBpQwZLvTZX4bhG4J
bx51X3/oTcpiiH+VlPsZ8rK/df/lw3N3+ISP08lTrf6noLb0yZEoIQLvk5Z1dDfw
0y3n/2omI3zynpGHaPKsUHYYOumuHPkOlSChS/30fWKnvZfOPY0JL0g/fLXb732G
kQ8d27l7Xr8zRnFwjQ94+vpqnixD+bAaFr0EZU+hq36m
-----END CERTIFICATE-----