Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/MKXJ66CRttluCaD2As6acb3eAwI.roa
File:                     MKXJ66CRttluCaD2As6acb3eAwI.roa (raw, json)
Hash identifier:          A1bSrmMEPbiNQFfUVIkOSltYihJGIH6EUwYcLxbC5P4=
Subject key identifier:   30:A5:C9:EB:A0:91:B6:D9:6E:09:A0:F6:02:CE:9A:71:BD:DE:03:02
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       019420680F6EC60AF8E0878A332B76F474A0
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/MKXJ66CRttluCaD2As6acb3eAwI.roa
Signing time:             Wed 01 Jan 2025 05:47:58 +0000
ROA not before:           Wed 01 Jan 2025 05:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26548
IP address blocks:        91.242.228.0/24 maxlen: 24
                          94.154.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0f:6e:c6:0a:f8:e0:87:8a:33:2b:76:f4:74:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Jan  1 05:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30a5c9eba091b6d96e09a0f602ce9a71bdde0302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:03:2b:ba:79:4c:c7:d6:58:79:6a:48:fb:ee:
                    e8:2e:e1:d8:db:50:b3:8d:78:a8:6f:df:38:79:18:
                    2f:5b:05:6e:ef:7b:2e:7e:72:af:53:d0:96:2f:ae:
                    66:5e:43:c9:d2:8e:ec:15:f2:e8:38:37:1c:a7:4a:
                    30:d8:93:54:de:c6:df:ea:1a:75:e1:58:74:42:5a:
                    33:98:7e:ed:7d:5b:42:13:bb:c5:b7:d3:6c:eb:fb:
                    78:c1:35:ee:08:a7:53:1c:ac:82:66:05:bc:22:5a:
                    08:dd:2a:a0:88:25:bf:48:12:36:6e:32:54:be:f1:
                    a8:91:a5:30:31:79:8b:57:fc:f5:f9:e3:6f:3e:8c:
                    e6:3d:bd:60:f7:21:fd:fc:5e:3e:bf:10:57:d4:cf:
                    49:a8:ed:58:01:d7:98:d3:7b:9a:68:a3:97:66:5e:
                    58:df:7b:95:47:a1:79:34:74:65:fa:8a:7d:4e:39:
                    ef:ec:49:43:45:4f:40:1b:3f:bf:de:8b:ac:e9:c4:
                    a6:86:98:86:13:27:21:db:74:b1:67:0f:47:62:a7:
                    c8:c6:e0:77:d6:c8:91:59:dd:5a:9a:87:9c:f2:99:
                    0e:b4:d4:f1:a4:64:41:48:87:67:70:9d:61:8e:4a:
                    d7:71:ad:fd:65:b6:9f:6a:fe:a3:34:c6:d0:c9:5c:
                    e4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A5:C9:EB:A0:91:B6:D9:6E:09:A0:F6:02:CE:9A:71:BD:DE:03:02
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/MKXJ66CRttluCaD2As6acb3eAwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.228.0/24
                  94.154.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:80:08:bc:56:e1:99:34:73:89:b4:2c:91:f1:49:d5:8d:ee:
         2e:04:e8:29:81:9f:cd:f1:b3:37:94:f2:d3:96:86:50:f7:9f:
         82:08:70:b6:4d:62:f2:db:49:78:92:94:ce:dc:35:b5:97:3a:
         f2:3a:0d:5b:5b:32:39:b7:ea:9e:48:36:5b:05:bd:4c:fd:80:
         16:f5:49:2b:ec:5a:3a:ab:1b:05:28:bb:5c:8f:5c:b1:da:86:
         48:e0:63:96:0f:08:4b:40:c1:a6:a0:8b:64:b3:a3:a7:2d:ed:
         ce:64:ba:c8:d9:8d:6e:a9:c4:49:7b:ae:60:0c:f5:65:97:61:
         1a:f9:6e:8a:c4:6c:e1:52:b3:fb:03:5a:44:ea:48:49:d2:67:
         bf:49:9e:9d:ec:a2:ec:83:f1:3d:35:c8:82:ed:8b:4f:46:ec:
         81:d7:c8:7e:87:27:ba:9e:2c:40:94:07:ba:cf:ef:4b:cb:25:
         51:41:05:32:26:9f:6a:7f:f8:c3:68:5a:14:68:c3:58:1a:fd:
         4f:69:2f:69:1e:57:cc:be:2a:a5:b1:ff:4a:64:31:5f:94:b1:
         a2:92:f7:20:6b:a9:6e:46:00:a2:b5:5a:48:61:36:7d:37:bd:
         2f:ca:e1:a0:3b:fb:2d:8e:af:bb:5f:07:18:3d:e5:4e:d7:07:
         61:de:c7:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaA9uxgr44IeKMyt29HSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjUwMTAxMDU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGE1YzllYmEwOTFiNmQ5NmUwOWEwZjYwMmNlOWE3MWJkZGUwMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQMrunlMx9ZYeWpI++7oLuHY21Cz
jXiob984eRgvWwVu73sufnKvU9CWL65mXkPJ0o7sFfLoODccp0ow2JNU3sbf6hp1
4Vh0QlozmH7tfVtCE7vFt9Ns6/t4wTXuCKdTHKyCZgW8IloI3SqgiCW/SBI2bjJU
vvGokaUwMXmLV/z1+eNvPozmPb1g9yH9/F4+vxBX1M9JqO1YAdeY03uaaKOXZl5Y
33uVR6F5NHRl+op9Tjnv7ElDRU9AGz+/3ous6cSmhpiGEych23SxZw9HYqfIxuB3
1siRWd1amoec8pkOtNTxpGRBSIdncJ1hjkrXca39Zbafav6jNMbQyVzkGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDClyeugkbbZbgmg9gLOmnG93gMCMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvTUtYSjY2Q1J0dGx1Q2FEMkFzNmFjYjNlQXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/LkAwQA
Xpp/MA0GCSqGSIb3DQEBCwUAA4IBAQAwgAi8VuGZNHOJtCyR8UnVje4uBOgpgZ/N
8bM3lPLTloZQ95+CCHC2TWLy20l4kpTO3DW1lzryOg1bWzI5t+qeSDZbBb1M/YAW
9Ukr7Fo6qxsFKLtcj1yx2oZI4GOWDwhLQMGmoItks6OnLe3OZLrI2Y1uqcRJe65g
DPVll2Ea+W6KxGzhUrP7A1pE6khJ0me/SZ6d7KLsg/E9NciC7YtPRuyB18h+hye6
nixAlAe6z+9LyyVRQQUyJp9qf/jDaFoUaMNYGv1PaS9pHlfMviqlsf9KZDFflLGi
kvcga6luRgCitVpIYTZ9N70vyuGgO/stjq+7XwcYPeVO1wdh3seV
-----END CERTIFICATE-----