Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/mGb7BxKlXQ1k9CHjDWD7BMFZHSQ.roa
File:                     mGb7BxKlXQ1k9CHjDWD7BMFZHSQ.roa (raw, json)
Hash identifier:          tJF8uovUStWmO8f7TDEtjdEZUW2noIjEbpOLcO1y40s=
Subject key identifier:   98:66:FB:07:12:A5:5D:0D:64:F4:21:E3:0D:60:FB:04:C1:59:1D:24
Certificate issuer:       /CN=4a7f4f8ac8ca7343ed1b4ff12ce276318b69d10e
Certificate serial:       0195EC7E86CC534E24BFA081A835915C7276
Authority key identifier: 4A:7F:4F:8A:C8:CA:73:43:ED:1B:4F:F1:2C:E2:76:31:8B:69:D1:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/mGb7BxKlXQ1k9CHjDWD7BMFZHSQ.roa
Signing time:             Mon 31 Mar 2025 13:57:49 +0000
ROA not before:           Mon 31 Mar 2025 13:57:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211623
IP address blocks:        185.253.58.0/24 maxlen: 24
                          2a10:b9c0::/32 maxlen: 48
                          2a10:b9c1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ec:7e:86:cc:53:4e:24:bf:a0:81:a8:35:91:5c:72:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a7f4f8ac8ca7343ed1b4ff12ce276318b69d10e
        Validity
            Not Before: Mar 31 13:57:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9866fb0712a55d0d64f421e30d60fb04c1591d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bd:95:49:07:2f:b2:20:7d:3e:a9:3e:31:97:
                    0a:79:41:19:ea:f2:92:40:42:3d:8b:df:cc:85:b1:
                    43:20:3e:01:1c:03:f5:42:40:01:8e:87:71:4a:cd:
                    27:ae:96:7d:fa:00:c1:18:21:d4:eb:84:d6:ad:91:
                    98:a4:fd:b7:8b:41:c6:ff:f6:94:e8:c9:eb:fc:b5:
                    16:7c:8b:aa:be:47:8f:3a:2a:08:1b:05:24:a0:75:
                    3f:ae:ad:6b:ab:ff:26:df:ef:00:8b:40:72:a8:51:
                    0b:47:a2:ac:e1:3a:de:7c:23:13:89:d0:8b:e9:46:
                    a9:e2:39:90:7c:80:3c:e6:9e:99:e4:36:25:20:fb:
                    50:14:a0:b8:11:99:b1:ef:c2:bb:a6:7d:dd:7a:f3:
                    ef:6b:ac:19:d1:88:c3:ef:84:97:3e:9d:74:a9:5d:
                    1d:12:17:33:b5:e6:2b:e3:89:5b:8f:86:f5:cc:2c:
                    9f:8d:c5:08:5c:73:ba:c9:29:35:e2:d2:df:44:5d:
                    ad:18:13:d1:ab:5f:38:07:25:44:3c:72:ad:b1:7c:
                    a4:1e:3b:99:06:b0:3a:03:46:3f:9c:71:20:52:96:
                    03:6f:08:a2:ba:9b:ee:cf:9c:20:d3:b5:02:c8:d6:
                    4c:ee:59:44:db:39:2d:95:13:1e:0b:2e:e6:58:74:
                    db:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:66:FB:07:12:A5:5D:0D:64:F4:21:E3:0D:60:FB:04:C1:59:1D:24
            X509v3 Authority Key Identifier:
                keyid:4A:7F:4F:8A:C8:CA:73:43:ED:1B:4F:F1:2C:E2:76:31:8B:69:D1:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/mGb7BxKlXQ1k9CHjDWD7BMFZHSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.58.0/24
                IPv6:
                  2a10:b9c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         20:f8:0d:22:dc:2d:9f:e5:0d:d8:f3:31:91:85:4d:87:a8:61:
         e0:3a:08:9e:c5:6f:28:bc:12:cf:cb:5d:7e:dc:67:56:95:a9:
         66:4a:4f:f4:72:1a:ec:31:2f:ce:e7:fd:41:e3:74:2b:15:20:
         f3:ab:2c:ce:d8:4d:17:33:75:3a:a5:51:cb:c8:d7:0c:49:d4:
         e2:2a:4c:60:68:69:ba:4b:4b:0e:4b:f6:31:af:ce:2a:33:b7:
         61:8f:05:2b:f3:5c:02:ff:f9:69:6d:d9:cf:ca:0b:79:51:44:
         39:7e:01:50:42:a6:5e:77:3d:be:ea:e8:ea:86:19:16:16:bd:
         78:2e:e0:26:c0:ea:d4:5d:0a:9b:5d:f5:35:4d:3e:06:87:d3:
         90:49:e9:ee:f9:2f:c0:a1:39:21:0f:0a:c0:d5:00:5a:21:84:
         d2:bb:8c:32:5b:64:78:a0:c1:37:5d:c9:29:ff:b4:02:eb:19:
         01:b5:c0:2d:f3:19:6d:50:02:15:2b:12:2e:95:2a:72:87:6a:
         16:d2:41:ae:6c:0b:66:8c:0f:44:de:e9:98:64:7e:fa:71:f5:
         c1:69:1b:09:1f:0a:d7:cb:c0:f8:d9:d5:4e:07:27:2a:c1:35:
         b4:32:df:68:bb:a9:f7:bb:99:31:3e:7d:21:58:79:c7:f4:22:
         43:94:ba:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZXsfobMU04kv6CBqDWRXHJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhN2Y0ZjhhYzhjYTczNDNlZDFiNGZmMTJjZTI3NjMxOGI2
OWQxMGUwHhcNMjUwMzMxMTM1NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY2ZmIwNzEyYTU1ZDBkNjRmNDIxZTMwZDYwZmIwNGMxNTkxZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnb2VSQcvsiB9Pqk+MZcKeUEZ6vKS
QEI9i9/MhbFDID4BHAP1QkABjodxSs0nrpZ9+gDBGCHU64TWrZGYpP23i0HG//aU
6Mnr/LUWfIuqvkePOioIGwUkoHU/rq1rq/8m3+8Ai0ByqFELR6Ks4TrefCMTidCL
6Uap4jmQfIA85p6Z5DYlIPtQFKC4EZmx78K7pn3devPva6wZ0YjD74SXPp10qV0d
EhczteYr44lbj4b1zCyfjcUIXHO6ySk14tLfRF2tGBPRq184ByVEPHKtsXykHjuZ
BrA6A0Y/nHEgUpYDbwiiupvuz5wg07UCyNZM7llE2zktlRMeCy7mWHTbuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJhm+wcSpV0NZPQh4w1g+wTBWR0kMB8GA1UdIwQY
MBaAFEp/T4rIynND7RtP8SzidjGLadEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU245UGlzaktjMFB0RzBfeExPSjJNWXRwMFE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wZTY5NjItOTZiNy00ZmI4LWE4Mzkt
OWVjN2FkZDBlYjY4LzEvbUdiN0J4S2xYUTFrOUNIakRXRDdCTUZaSFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wZTY5NjItOTZiNy00ZmI4LWE4MzktOWVjN2FkZDBlYjY4
LzEvU245UGlzaktjMFB0RzBfeExPSjJNWXRwMFE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf06MA0E
AgACMAcDBQEqELnAMA0GCSqGSIb3DQEBCwUAA4IBAQAg+A0i3C2f5Q3Y8zGRhU2H
qGHgOgiexW8ovBLPy11+3GdWlalmSk/0chrsMS/O5/1B43QrFSDzqyzO2E0XM3U6
pVHLyNcMSdTiKkxgaGm6S0sOS/Yxr84qM7dhjwUr81wC//lpbdnPygt5UUQ5fgFQ
QqZedz2+6ujqhhkWFr14LuAmwOrUXQqbXfU1TT4Gh9OQSenu+S/AoTkhDwrA1QBa
IYTSu4wyW2R4oME3Xckp/7QC6xkBtcAt8xltUAIVKxIulSpyh2oW0kGubAtmjA9E
3umYZH76cfXBaRsJHwrXy8D42dVOBycqwTW0Mt9ou6n3u5kxPn0hWHnH9CJDlLrL
-----END CERTIFICATE-----