Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/MLwEXlz7vUwc5SjWgOx55jqHjfY.roa
File:                     MLwEXlz7vUwc5SjWgOx55jqHjfY.roa (raw, json)
Hash identifier:          nEFYTn5TUjsaiq+RhC3lF8ai3Uf+0UFa/4rn5vibuks=
Subject key identifier:   30:BC:04:5E:5C:FB:BD:4C:1C:E5:28:D6:80:EC:79:E6:3A:87:8D:F6
Certificate issuer:       /CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
Certificate serial:       019426D926E89F6B962E5DABFB6142CD3887
Authority key identifier: 7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/MLwEXlz7vUwc5SjWgOx55jqHjfY.roa
Signing time:             Thu 02 Jan 2025 11:49:13 +0000
ROA not before:           Thu 02 Jan 2025 11:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39071
IP address blocks:        195.66.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:26:e8:9f:6b:96:2e:5d:ab:fb:61:42:cd:38:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
        Validity
            Not Before: Jan  2 11:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30bc045e5cfbbd4c1ce528d680ec79e63a878df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1a:65:bb:77:a7:33:3d:0a:72:5d:94:c9:25:
                    af:c9:35:84:07:cf:f7:9b:95:b4:d3:a9:e6:29:06:
                    5e:62:0c:e7:f5:1d:07:52:4c:e0:02:88:46:51:90:
                    fd:19:23:30:9f:f7:6a:46:39:9e:76:c1:fa:94:44:
                    a3:b1:a3:28:58:52:1a:89:13:93:f7:76:15:e2:81:
                    72:8d:67:2f:69:86:ce:91:ca:c9:6d:ae:76:9c:93:
                    b2:5d:98:ed:e2:16:d4:f9:23:4f:65:24:45:8b:b1:
                    2b:9d:44:57:56:18:37:d8:9c:17:5f:38:c4:42:3f:
                    a7:36:c2:48:2b:f8:bd:75:60:1c:c2:50:e4:f8:bb:
                    c5:a2:5b:62:31:7a:26:71:69:b3:2e:5c:e5:c6:43:
                    d5:73:fe:ff:a7:bb:16:a9:c6:bc:4b:30:3f:dd:02:
                    b4:1b:e6:e9:64:5d:b2:10:66:07:c9:cd:48:85:25:
                    82:8a:fa:a0:bb:3f:47:ea:d4:f0:ca:50:01:11:32:
                    0d:ec:93:b7:f2:ce:d7:bc:c9:6b:6b:de:d4:2f:6e:
                    15:c7:df:59:3a:d4:c9:61:86:14:60:80:16:3a:c3:
                    78:2c:77:6d:67:53:dc:73:e7:c7:f6:bb:28:fb:bd:
                    ad:67:47:12:b9:10:8a:6f:d0:51:55:2e:53:97:7e:
                    7e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:BC:04:5E:5C:FB:BD:4C:1C:E5:28:D6:80:EC:79:E6:3A:87:8D:F6
            X509v3 Authority Key Identifier:
                keyid:7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/MLwEXlz7vUwc5SjWgOx55jqHjfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:39:ba:af:8a:19:3c:1c:ef:3c:22:df:5d:10:97:45:f0:54:
         c5:25:15:d8:89:a9:0a:8a:e8:c7:65:bb:82:05:03:6d:65:dc:
         c4:30:f8:43:33:be:2f:ef:10:42:6a:ff:45:dc:2c:c7:c6:8b:
         bf:f8:d4:f2:7a:ac:7e:a8:53:06:d4:3d:cf:e7:86:44:99:a1:
         b9:1f:59:86:7c:4a:46:1b:7b:cb:c6:da:13:94:57:43:41:18:
         84:7f:f1:c1:9c:98:16:dd:b0:a5:75:0f:ce:84:dc:8e:b6:ec:
         d0:67:a3:fe:ad:9a:3a:2a:83:bc:bd:e8:11:61:8b:e8:8e:44:
         7c:be:7f:04:c3:e8:59:28:07:07:6f:cd:7e:56:df:0d:30:8e:
         47:e5:0f:3c:ca:61:7a:47:2a:08:2a:23:e4:dd:33:3c:6e:32:
         e8:0e:7d:ea:19:a8:40:fb:01:c9:a9:25:ad:c6:6d:90:88:60:
         d3:83:37:c6:c0:dc:ea:03:58:37:44:6c:f6:df:43:66:0d:c2:
         f3:bf:a6:a6:88:4a:d6:a1:b7:06:c6:d6:2d:a8:2e:ce:4f:19:
         2a:a1:ed:53:94:82:cc:12:95:a2:32:9e:d0:2d:86:1b:bc:de:
         04:01:07:1d:8c:67:29:0d:3d:ed:23:37:96:bd:0f:58:2d:58:
         da:8a:c7:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Sbon2uWLl2r+2FCzTiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzVkNDgyOGRjMzQxOTllZjcxN2NjMDNhNDhhMDA3NGMx
NDQzYjgwHhcNMjUwMTAyMTE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGJjMDQ1ZTVjZmJiZDRjMWNlNTI4ZDY4MGVjNzllNjNhODc4ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxplu3enMz0Kcl2UySWvyTWEB8/3
m5W006nmKQZeYgzn9R0HUkzgAohGUZD9GSMwn/dqRjmedsH6lESjsaMoWFIaiROT
93YV4oFyjWcvaYbOkcrJba52nJOyXZjt4hbU+SNPZSRFi7ErnURXVhg32JwXXzjE
Qj+nNsJIK/i9dWAcwlDk+LvFoltiMXomcWmzLlzlxkPVc/7/p7sWqca8SzA/3QK0
G+bpZF2yEGYHyc1IhSWCivqguz9H6tTwylABETIN7JO38s7XvMlra97UL24Vx99Z
OtTJYYYUYIAWOsN4LHdtZ1Pcc+fH9rso+72tZ0cSuRCKb9BRVS5Tl35+mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDC8BF5c+71MHOUo1oDseeY6h432MB8GA1UdIwQY
MBaAFH7F1IKNw0GZ73F8wDpIoAdMFEO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUt
NDI3YjJkNGY5YzgyLzEvTUx3RVhsejd2VXdjNVNqV2dPeDU1anFIamZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUtNDI3YjJkNGY5Yzgy
LzEvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JCMA0G
CSqGSIb3DQEBCwUAA4IBAQAWObqvihk8HO88It9dEJdF8FTFJRXYiakKiujHZbuC
BQNtZdzEMPhDM74v7xBCav9F3CzHxou/+NTyeqx+qFMG1D3P54ZEmaG5H1mGfEpG
G3vLxtoTlFdDQRiEf/HBnJgW3bCldQ/OhNyOtuzQZ6P+rZo6KoO8vegRYYvojkR8
vn8Ew+hZKAcHb81+Vt8NMI5H5Q88ymF6RyoIKiPk3TM8bjLoDn3qGahA+wHJqSWt
xm2QiGDTgzfGwNzqA1g3RGz230NmDcLzv6amiErWobcGxtYtqC7OTxkqoe1TlILM
EpWiMp7QLYYbvN4EAQcdjGcpDT3tIzeWvQ9YLVjaiscG
-----END CERTIFICATE-----