Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MFLq1utjcDgvj0oIc4QOHmH3GpU.roa
File:                     MFLq1utjcDgvj0oIc4QOHmH3GpU.roa (raw, json)
Hash identifier:          6YSn0DlSJDuRf/GxBNMXBym0rAqKPEOVjzIF8JdPFPE=
Subject key identifier:   30:52:EA:D6:EB:63:70:38:2F:8F:4A:08:73:84:0E:1E:61:F7:1A:95
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D731307028DC98C0E39FD1078522E9
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MFLq1utjcDgvj0oIc4QOHmH3GpU.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215826
IP address blocks:        194.36.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:31:30:70:28:dc:98:c0:e3:9f:d1:07:85:22:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3052ead6eb6370382f8f4a0873840e1e61f71a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3a:4a:70:54:9a:51:d5:9a:62:96:8a:29:d0:
                    e1:8c:78:7a:a8:b6:42:b1:cf:28:94:17:90:0d:79:
                    1f:76:72:3d:05:79:8e:a1:a1:29:b7:3e:08:c9:59:
                    21:1a:b4:bf:f2:3d:3c:d4:17:47:c3:72:b0:a9:5b:
                    a9:3a:cb:00:30:ed:a0:96:9c:e1:26:6a:92:0c:31:
                    cc:e8:91:13:2b:df:9e:b8:3d:ed:3f:e9:23:f8:53:
                    1c:9a:90:c4:0a:2b:1a:24:62:2a:b2:19:38:19:e7:
                    91:5e:e5:9c:4d:f1:25:5b:f0:35:94:f0:b6:bb:48:
                    62:ed:45:8a:fd:c8:1c:c1:0c:0b:fb:b3:5f:8d:10:
                    28:2a:3d:6c:5b:35:52:ac:7d:2e:8f:5a:c2:56:e4:
                    50:c8:f4:f3:98:f0:d0:f0:17:a5:43:8c:ef:cc:8a:
                    04:f0:c3:c4:ac:d7:ce:9e:97:14:22:00:92:af:b7:
                    e7:6e:94:db:e3:b8:21:e3:c1:4c:ed:b0:dc:bb:52:
                    d8:40:8f:92:03:cf:8d:b4:e2:a7:a5:58:75:78:0f:
                    03:e9:74:41:45:09:5d:42:c2:34:03:e6:71:d5:bf:
                    98:29:94:a2:7b:ff:48:39:ef:2b:a9:80:21:1c:ca:
                    7f:49:45:49:9e:df:98:dd:17:7b:a4:2a:d2:e6:98:
                    90:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:52:EA:D6:EB:63:70:38:2F:8F:4A:08:73:84:0E:1E:61:F7:1A:95
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/MFLq1utjcDgvj0oIc4QOHmH3GpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ce:e6:94:8b:3d:f5:54:e1:ad:19:57:39:bb:6e:52:c0:01:
         a9:9e:c1:e6:76:f4:8f:3d:e9:45:ab:c4:38:9b:64:6b:19:81:
         4e:e5:79:e0:d2:67:93:45:81:6a:2e:e2:d4:96:3f:45:c3:28:
         2d:21:d5:77:f7:32:93:98:29:4f:70:6d:78:8a:48:7a:0f:a8:
         0d:58:73:ca:06:b2:74:ff:e6:32:59:0c:f3:4a:24:be:46:41:
         6c:34:14:7c:5d:46:20:f5:33:12:81:3e:21:80:2b:d1:03:a3:
         96:b2:b8:18:84:66:67:c2:dc:ed:a3:9f:2d:45:65:16:4f:ed:
         53:ae:ac:e0:24:c6:c7:2a:5b:1b:d5:cf:f5:ef:48:36:52:ac:
         9d:79:31:d3:1e:82:f9:96:f4:1f:4b:95:a4:7a:b4:29:5b:3a:
         75:2b:42:e9:11:a6:67:57:f0:5d:3a:ff:28:4b:1b:a9:42:cc:
         36:cd:fb:96:82:32:fb:f5:ff:e6:74:dc:7d:15:5e:c7:f0:ae:
         1a:9d:72:00:83:a3:eb:29:df:d0:d3:3f:4c:f6:22:b6:2b:15:
         9f:96:77:6c:ae:2e:59:ad:bc:aa:26:9b:7a:83:fc:33:17:4e:
         ba:f0:55:ad:99:9c:7c:3f:8b:89:fc:80:05:51:a1:11:e3:07:
         c2:50:fa:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zEwcCjcmMDjn9EHhSLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDUyZWFkNmViNjM3MDM4MmY4ZjRhMDg3Mzg0MGUxZTYxZjcxYTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDpKcFSaUdWaYpaKKdDhjHh6qLZC
sc8olBeQDXkfdnI9BXmOoaEptz4IyVkhGrS/8j081BdHw3KwqVupOssAMO2glpzh
JmqSDDHM6JETK9+euD3tP+kj+FMcmpDECisaJGIqshk4GeeRXuWcTfElW/A1lPC2
u0hi7UWK/cgcwQwL+7NfjRAoKj1sWzVSrH0uj1rCVuRQyPTzmPDQ8BelQ4zvzIoE
8MPErNfOnpcUIgCSr7fnbpTb47gh48FM7bDcu1LYQI+SA8+NtOKnpVh1eA8D6XRB
RQldQsI0A+Zx1b+YKZSie/9IOe8rqYAhHMp/SUVJnt+Y3Rd7pCrS5piQqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBS6tbrY3A4L49KCHOEDh5h9xqVMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTUZMcTF1dGpjRGd2ajBvSWM0UU9IbUgzR3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSxMA0G
CSqGSIb3DQEBCwUAA4IBAQATzuaUiz31VOGtGVc5u25SwAGpnsHmdvSPPelFq8Q4
m2RrGYFO5Xng0meTRYFqLuLUlj9FwygtIdV39zKTmClPcG14ikh6D6gNWHPKBrJ0
/+YyWQzzSiS+RkFsNBR8XUYg9TMSgT4hgCvRA6OWsrgYhGZnwtzto58tRWUWT+1T
rqzgJMbHKlsb1c/170g2UqydeTHTHoL5lvQfS5WkerQpWzp1K0LpEaZnV/BdOv8o
SxupQsw2zfuWgjL79f/mdNx9FV7H8K4anXIAg6PrKd/Q0z9M9iK2KxWflndsri5Z
rbyqJpt6g/wzF0668FWtmZx8P4uJ/IAFUaER4wfCUPpo
-----END CERTIFICATE-----