Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MMgWHGkQ_cKss-p11ELUF0Fhjew.roa
File:                     MMgWHGkQ_cKss-p11ELUF0Fhjew.roa (raw, json)
Hash identifier:          XZ5dQN2S2y62KB4+NHC25DXrnQuSxhzlvbG1Ptwcla8=
Subject key identifier:   30:C8:16:1C:69:10:FD:C2:AC:B3:EA:75:D4:42:D4:17:41:61:8D:EC
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422202B467ED064DB27CCD6CD95029388
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MMgWHGkQ_cKss-p11ELUF0Fhjew.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197715
IP address blocks:        62.106.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2b:46:7e:d0:64:db:27:cc:d6:cd:95:02:93:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30c8161c6910fdc2acb3ea75d442d41741618dec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:76:6f:94:c3:62:b5:f3:45:6b:c8:7f:6b:
                    74:e7:ba:8d:91:a5:90:a8:0e:ef:56:9e:54:67:2a:
                    01:a3:1f:e4:e6:8b:0b:a3:4a:1d:83:48:73:26:bc:
                    e9:d4:47:fd:df:0e:9b:25:26:86:35:aa:13:7f:6a:
                    53:b8:16:bd:77:cf:32:87:59:f2:45:04:a0:1b:50:
                    50:b7:64:29:6d:fc:7c:84:43:79:20:37:c5:b8:11:
                    d4:01:4c:d6:98:53:d4:ec:d7:17:31:b7:b6:ad:85:
                    98:58:79:b1:83:9e:a8:95:98:4c:5c:b9:e8:40:aa:
                    08:7b:79:1b:d6:dd:93:01:a6:ef:f7:ab:ab:66:fe:
                    a7:7e:c5:58:35:ab:29:cb:19:d2:ef:a0:2f:1a:c4:
                    95:10:ad:d2:bb:53:c1:5a:15:9f:2c:d8:d8:3d:d2:
                    ed:78:63:5d:b7:dc:be:85:20:39:1e:19:0a:79:ab:
                    6d:67:ab:ce:4e:27:1d:77:55:51:85:ce:b8:3b:95:
                    15:bf:e2:6e:c9:61:c4:a2:77:a3:e8:0d:36:15:95:
                    1a:53:e0:8b:62:35:5c:19:8a:45:fc:68:a5:f8:24:
                    18:21:6e:a9:cd:5b:5a:ff:bf:ad:81:7c:48:e0:cc:
                    c7:11:8f:38:c0:74:38:ab:ac:3d:ae:2c:8f:2e:a7:
                    be:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C8:16:1C:69:10:FD:C2:AC:B3:EA:75:D4:42:D4:17:41:61:8D:EC
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MMgWHGkQ_cKss-p11ELUF0Fhjew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:86:7a:e8:d3:27:b8:cd:92:89:82:0a:7a:1d:74:7f:d0:b1:
         8d:c9:86:aa:f8:6e:3e:52:1a:e3:cf:8a:5a:22:bc:2a:74:ee:
         d3:0e:89:cc:3f:1c:2f:f4:cf:ab:a9:a1:45:c9:bd:1f:58:1b:
         3b:56:4a:2a:a4:9c:ac:6f:e8:37:ca:d7:ee:eb:88:85:db:67:
         36:58:2f:5f:38:9f:43:21:70:f9:64:a6:61:ef:e0:36:bd:51:
         b2:51:fc:57:c1:06:7f:15:44:5d:fe:f4:0e:a1:81:6b:7f:31:
         5c:4b:d9:59:ff:15:ad:13:a8:0e:f1:85:8d:30:ee:aa:96:2b:
         6b:65:fb:78:a8:28:69:ff:5a:87:08:c8:d0:e8:35:10:27:26:
         69:14:d5:99:a4:56:ec:59:46:df:d8:ac:bb:bd:8a:73:7c:99:
         6e:bb:e7:5b:78:8d:b6:b1:68:df:04:45:ac:10:12:41:1a:68:
         01:83:e9:b8:41:3c:90:70:f1:eb:df:8e:0a:83:4e:b1:bd:04:
         9e:eb:16:ba:53:a9:fd:21:e7:f7:ec:66:8e:3d:5e:49:e3:dd:
         93:83:00:fe:9f:7f:ba:f2:04:43:4b:fd:3a:dd:73:15:a8:f2:
         97:ce:b4:90:ae:b2:19:97:a7:3a:c2:48:d3:ac:0c:56:43:ae:
         5b:ad:15:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICtGftBk2yfM1s2VApOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGM4MTYxYzY5MTBmZGMyYWNiM2VhNzVkNDQyZDQxNzQxNjE4ZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGF2b5TDYrXzRWvIf2t057qNkaWQ
qA7vVp5UZyoBox/k5osLo0odg0hzJrzp1Ef93w6bJSaGNaoTf2pTuBa9d88yh1ny
RQSgG1BQt2Qpbfx8hEN5IDfFuBHUAUzWmFPU7NcXMbe2rYWYWHmxg56olZhMXLno
QKoIe3kb1t2TAabv96urZv6nfsVYNaspyxnS76AvGsSVEK3Su1PBWhWfLNjYPdLt
eGNdt9y+hSA5HhkKeattZ6vOTicdd1VRhc64O5UVv+JuyWHEonej6A02FZUaU+CL
YjVcGYpF/Gil+CQYIW6pzVta/7+tgXxI4MzHEY84wHQ4q6w9riyPLqe+lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDIFhxpEP3CrLPqddRC1BdBYY3sMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTU1nV0hHa1FfY0tzcy1wMTFFTFVGMEZoamV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmpZMA0G
CSqGSIb3DQEBCwUAA4IBAQCThnro0ye4zZKJggp6HXR/0LGNyYaq+G4+Uhrjz4pa
IrwqdO7TDonMPxwv9M+rqaFFyb0fWBs7VkoqpJysb+g3ytfu64iF22c2WC9fOJ9D
IXD5ZKZh7+A2vVGyUfxXwQZ/FURd/vQOoYFrfzFcS9lZ/xWtE6gO8YWNMO6qlitr
Zft4qChp/1qHCMjQ6DUQJyZpFNWZpFbsWUbf2Ky7vYpzfJluu+dbeI22sWjfBEWs
EBJBGmgBg+m4QTyQcPHr344Kg06xvQSe6xa6U6n9Ief37GaOPV5J492TgwD+n3+6
8gRDS/063XMVqPKXzrSQrrIZl6c6wkjTrAxWQ65brRUl
-----END CERTIFICATE-----