Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/mfViMC5WzFmHy2d2V9evB-1C54M.roa
File:                     mfViMC5WzFmHy2d2V9evB-1C54M.roa (raw, json)
Hash identifier:          AYo63SdEVlQlgz+glCe/AMcSKXW/Zi4rvSvNYshL2xk=
Subject key identifier:   99:F5:62:30:2E:56:CC:59:87:CB:67:76:57:D7:AF:07:ED:42:E7:83
Certificate issuer:       /CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
Certificate serial:       019426D926C1ACD2006FA470F58BD0DD49A0
Authority key identifier: 7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/mfViMC5WzFmHy2d2V9evB-1C54M.roa
Signing time:             Thu 02 Jan 2025 11:49:13 +0000
ROA not before:           Thu 02 Jan 2025 11:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24610
IP address blocks:        193.110.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:26:c1:ac:d2:00:6f:a4:70:f5:8b:d0:dd:49:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
        Validity
            Not Before: Jan  2 11:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99f562302e56cc5987cb677657d7af07ed42e783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bf:ad:b4:89:39:8a:60:d5:f9:e5:cb:4b:7c:
                    94:d9:1a:de:8b:a8:f8:22:af:ef:da:4e:d5:93:64:
                    72:eb:84:81:53:2c:fa:47:fe:43:2a:2e:e4:b4:c8:
                    a3:4b:fd:6c:b8:89:68:e4:3c:77:c4:61:99:d6:89:
                    e8:13:36:56:3f:b3:43:f9:48:42:87:7f:76:fa:b4:
                    b5:98:97:54:8f:1c:8d:84:fe:9d:fa:9d:37:e5:98:
                    ce:4e:a0:7a:79:fd:fa:c9:ea:cf:db:50:fb:4e:75:
                    99:dc:59:8c:ac:91:f0:53:a8:c3:7c:0d:c4:1a:e9:
                    73:df:c9:00:c7:58:8f:a7:16:c6:30:42:6d:ab:2d:
                    58:c5:af:0a:a2:47:f1:30:78:16:c0:c9:a7:4d:df:
                    f2:be:d0:04:e8:8b:24:28:2b:3a:01:0c:13:3c:11:
                    1b:9d:49:00:08:5f:0b:58:23:d9:fa:dc:8f:7d:69:
                    cd:a8:f8:f3:c3:f6:80:96:ae:da:8d:5f:61:43:df:
                    34:5d:ea:75:5f:f7:3b:52:dd:b7:7b:3e:4a:b2:e9:
                    72:12:99:85:1d:75:d3:20:97:68:5e:3d:a7:d8:2e:
                    30:b5:30:16:8c:ba:bd:0e:f6:c4:f7:0c:54:e4:cf:
                    a7:1f:32:f2:a1:78:fd:c6:b9:e5:a4:d2:16:b0:9b:
                    3b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F5:62:30:2E:56:CC:59:87:CB:67:76:57:D7:AF:07:ED:42:E7:83
            X509v3 Authority Key Identifier:
                keyid:7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/mfViMC5WzFmHy2d2V9evB-1C54M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:cf:ec:30:5a:4c:d3:0e:b0:94:28:97:2a:c6:c8:f9:45:55:
         7c:ab:0c:af:98:7a:5f:f0:f6:f6:93:1d:38:58:9d:14:a9:c5:
         63:08:2c:27:84:f7:66:bb:0c:1a:e5:77:f5:84:a9:a0:8f:63:
         81:b5:0b:09:b7:c4:0d:14:78:b4:1c:79:54:05:f4:4f:87:97:
         01:31:00:f1:eb:e0:f0:ba:dd:0a:d3:52:d8:29:da:7c:17:34:
         c0:b1:0b:b0:e9:b5:a8:9f:ef:28:c3:c1:01:5b:41:45:13:13:
         3c:70:1c:f6:b7:ed:16:b4:83:97:5b:af:c8:54:d7:d6:54:d9:
         37:7d:8b:e4:73:33:1f:bb:9e:92:ad:39:94:7c:80:7e:c7:9c:
         31:d9:59:41:1b:f5:e8:b6:27:13:d3:1f:c5:eb:b8:f7:5a:4a:
         e3:b4:e6:d7:0f:7e:12:e3:52:cd:5e:ef:36:ed:e9:d7:e6:5d:
         ff:84:e0:ba:61:ac:f4:be:c5:f6:2f:8f:20:0c:6d:ad:a0:63:
         ee:d8:34:d4:0a:6d:f2:64:0e:6b:bb:93:e8:a8:a3:33:30:b1:
         21:a2:ed:ad:22:54:a3:59:df:fd:80:d3:ef:6f:9b:77:72:3a:
         e6:a2:5b:83:a1:4a:f7:09:09:35:64:95:a7:2b:17:54:e2:43:
         a9:8f:5f:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SbBrNIAb6Rw9YvQ3UmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzVkNDgyOGRjMzQxOTllZjcxN2NjMDNhNDhhMDA3NGMx
NDQzYjgwHhcNMjUwMTAyMTE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWY1NjIzMDJlNTZjYzU5ODdjYjY3NzY1N2Q3YWYwN2VkNDJlNzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr+ttIk5imDV+eXLS3yU2Rrei6j4
Iq/v2k7Vk2Ry64SBUyz6R/5DKi7ktMijS/1suIlo5Dx3xGGZ1onoEzZWP7ND+UhC
h392+rS1mJdUjxyNhP6d+p035ZjOTqB6ef36yerP21D7TnWZ3FmMrJHwU6jDfA3E
Gulz38kAx1iPpxbGMEJtqy1Yxa8KokfxMHgWwMmnTd/yvtAE6IskKCs6AQwTPBEb
nUkACF8LWCPZ+tyPfWnNqPjzw/aAlq7ajV9hQ980Xep1X/c7Ut23ez5KsulyEpmF
HXXTIJdoXj2n2C4wtTAWjLq9DvbE9wxU5M+nHzLyoXj9xrnlpNIWsJs7gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn1YjAuVsxZh8tndlfXrwftQueDMB8GA1UdIwQY
MBaAFH7F1IKNw0GZ73F8wDpIoAdMFEO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUt
NDI3YjJkNGY5YzgyLzEvbWZWaU1DNVd6Rm1IeTJkMlY5ZXZCLTFDNTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUtNDI3YjJkNGY5Yzgy
LzEvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW58MA0G
CSqGSIb3DQEBCwUAA4IBAQA4z+wwWkzTDrCUKJcqxsj5RVV8qwyvmHpf8Pb2kx04
WJ0UqcVjCCwnhPdmuwwa5Xf1hKmgj2OBtQsJt8QNFHi0HHlUBfRPh5cBMQDx6+Dw
ut0K01LYKdp8FzTAsQuw6bWon+8ow8EBW0FFExM8cBz2t+0WtIOXW6/IVNfWVNk3
fYvkczMfu56SrTmUfIB+x5wx2VlBG/XoticT0x/F67j3WkrjtObXD34S41LNXu82
7enX5l3/hOC6Yaz0vsX2L48gDG2toGPu2DTUCm3yZA5ru5PoqKMzMLEhou2tIlSj
Wd/9gNPvb5t3cjrmoluDoUr3CQk1ZJWnKxdU4kOpj18u
-----END CERTIFICATE-----