Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/MFR-YAMljVNcPKmnKZwjQ7eWi44.roa
File:                     MFR-YAMljVNcPKmnKZwjQ7eWi44.roa (raw, json)
Hash identifier:          TTX+IGNIg23QPSCa7nfKUJYtcDdlZ3y7IqFBrM4egmc=
Subject key identifier:   30:54:7E:60:03:25:8D:53:5C:3C:A9:A7:29:9C:23:43:B7:96:8B:8E
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA53DAAAFCDA1EBFED743D2963FC02
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/MFR-YAMljVNcPKmnKZwjQ7eWi44.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58224
IP address blocks:        81.12.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:53:da:aa:fc:da:1e:bf:ed:74:3d:29:63:fc:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30547e6003258d535c3ca9a7299c2343b7968b8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:af:78:07:5e:f4:89:2e:e1:a8:14:88:4b:a4:
                    1c:85:bd:61:cd:81:43:d2:84:8f:fa:40:03:bd:db:
                    74:a0:74:f2:75:93:db:ae:55:e5:fb:20:22:4f:7e:
                    ba:bf:1c:e0:e4:c3:15:fa:f5:3f:8c:93:46:76:70:
                    8b:55:23:5d:2f:53:21:a4:e8:27:cd:09:b8:05:7f:
                    e5:ab:1a:ac:ac:3f:51:6c:79:d9:c1:cb:1c:46:2a:
                    62:ca:bc:8b:79:d0:86:ab:7a:f0:20:72:50:34:0a:
                    81:40:22:51:46:77:c3:d1:1c:cb:91:3e:a3:9a:b5:
                    3b:4d:c1:09:84:88:50:49:9c:3b:00:d6:c6:3c:3e:
                    12:bb:a8:dc:1d:bd:86:45:b7:de:00:22:98:e2:fc:
                    67:85:56:9a:1d:3e:7f:35:24:75:39:63:55:9a:08:
                    5b:9b:b0:01:62:e6:57:9a:ae:b7:c0:aa:eb:3a:2d:
                    fd:61:0e:51:e9:f1:aa:bf:d3:7b:5d:06:3f:a6:11:
                    c9:04:68:cd:4d:33:b6:37:84:64:7b:ea:4d:b5:1f:
                    b6:cb:e6:a2:ae:d0:64:83:93:78:f2:02:f2:61:2b:
                    07:9a:09:a5:7d:94:04:1a:79:97:e9:3e:9f:31:5a:
                    9b:07:39:03:e6:aa:65:16:fd:a6:2d:18:e5:8f:45:
                    1a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:54:7E:60:03:25:8D:53:5C:3C:A9:A7:29:9C:23:43:B7:96:8B:8E
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/MFR-YAMljVNcPKmnKZwjQ7eWi44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:8d:f2:84:5b:91:94:cc:0a:d0:f5:74:a5:66:49:83:65:2a:
         ac:8a:76:09:64:42:e9:d0:a3:08:bc:81:f2:bc:5f:4f:64:64:
         14:5e:f2:25:88:ea:75:11:e8:96:c4:0c:3b:ee:e1:9f:5b:94:
         12:c2:d2:e8:c0:4d:a9:d7:4d:51:7d:12:be:40:83:7e:0c:e1:
         31:f8:cf:6f:fc:a5:7e:e9:03:6e:42:1d:0a:de:32:9b:11:0f:
         da:82:a4:f3:4b:e2:15:4e:ab:6e:f6:f0:79:25:39:a9:51:a5:
         60:42:72:79:3c:cc:a8:f0:69:75:98:8a:e4:e8:ed:d3:9e:b0:
         91:4c:67:83:0f:23:35:71:bf:77:b1:54:52:ea:77:e2:2e:76:
         b6:69:0d:3a:e9:92:09:90:23:99:c5:f4:67:66:24:ba:f6:88:
         60:62:2d:77:3d:fb:d7:84:fc:e1:10:ca:01:36:f9:fc:e7:3f:
         78:01:91:3a:02:4f:e9:a0:5a:a8:e1:4d:e6:31:b6:1a:06:f0:
         0e:99:bf:56:1e:6d:3d:33:03:c8:56:3b:f0:ec:52:16:0b:03:
         ce:81:2d:ec:4d:55:61:3c:a8:88:b7:10:ac:7a:37:53:36:2d:
         81:79:af:83:95:98:23:42:d9:47:f0:f7:78:4d:30:67:84:43:
         65:51:e0:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lPaqvzaHr/tdD0pY/wCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU0N2U2MDAzMjU4ZDUzNWMzY2E5YTcyOTljMjM0M2I3OTY4YjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4K94B170iS7hqBSIS6Qchb1hzYFD
0oSP+kADvdt0oHTydZPbrlXl+yAiT366vxzg5MMV+vU/jJNGdnCLVSNdL1MhpOgn
zQm4BX/lqxqsrD9RbHnZwcscRipiyryLedCGq3rwIHJQNAqBQCJRRnfD0RzLkT6j
mrU7TcEJhIhQSZw7ANbGPD4Su6jcHb2GRbfeACKY4vxnhVaaHT5/NSR1OWNVmghb
m7ABYuZXmq63wKrrOi39YQ5R6fGqv9N7XQY/phHJBGjNTTO2N4Rke+pNtR+2y+ai
rtBkg5N48gLyYSsHmgmlfZQEGnmX6T6fMVqbBzkD5qplFv2mLRjlj0Ua4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBUfmADJY1TXDyppymcI0O3louOMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvTUZSLVlBTWxqVk5jUEttbktad2pRN2VXaTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQwcMA0G
CSqGSIb3DQEBCwUAA4IBAQAxjfKEW5GUzArQ9XSlZkmDZSqsinYJZELp0KMIvIHy
vF9PZGQUXvIliOp1EeiWxAw77uGfW5QSwtLowE2p101RfRK+QIN+DOEx+M9v/KV+
6QNuQh0K3jKbEQ/agqTzS+IVTqtu9vB5JTmpUaVgQnJ5PMyo8Gl1mIrk6O3TnrCR
TGeDDyM1cb93sVRS6nfiLna2aQ066ZIJkCOZxfRnZiS69ohgYi13PfvXhPzhEMoB
Nvn85z94AZE6Ak/poFqo4U3mMbYaBvAOmb9WHm09MwPIVjvw7FIWCwPOgS3sTVVh
PKiItxCsejdTNi2Bea+DlZgjQtlH8Pd4TTBnhENlUeCz
-----END CERTIFICATE-----