Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/776552-e0c2-4b7c-9891-21cd290c03f3/1/mYh-qCmaZDKpRaEP5mJEDlY8uOo.roa
File:                     mYh-qCmaZDKpRaEP5mJEDlY8uOo.roa (raw, json)
Hash identifier:          n/GDBDbA1t8MPsRWLpJVKlD7pNNzCkXSyPdnuFSxeus=
Subject key identifier:   99:88:7E:A8:29:9A:64:32:A9:45:A1:0F:E6:62:44:0E:56:3C:B8:EA
Certificate issuer:       /CN=2c9e49962073f9efb66a4b303506da6341567450
Certificate serial:       0194266C31768454CB3DB9F0BCFC39C22D6F
Authority key identifier: 2C:9E:49:96:20:73:F9:EF:B6:6A:4B:30:35:06:DA:63:41:56:74:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJ5JliBz-e-2akswNQbaY0FWdFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/776552-e0c2-4b7c-9891-21cd290c03f3/1/mYh-qCmaZDKpRaEP5mJEDlY8uOo.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5405
IP address blocks:        195.200.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/776552-e0c2-4b7c-9891-21cd290c03f3/1/LJ5JliBz-e-2akswNQbaY0FWdFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/776552-e0c2-4b7c-9891-21cd290c03f3/1/LJ5JliBz-e-2akswNQbaY0FWdFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJ5JliBz-e-2akswNQbaY0FWdFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:31:76:84:54:cb:3d:b9:f0:bc:fc:39:c2:2d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c9e49962073f9efb66a4b303506da6341567450
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99887ea8299a6432a945a10fe662440e563cb8ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b2:95:40:85:4d:50:6a:85:75:a7:bb:55:92:
                    40:68:6d:33:e2:97:d7:3d:84:5a:63:35:07:c7:39:
                    6c:b7:b9:97:47:b1:a9:09:46:c4:18:b3:63:61:8c:
                    98:b0:26:43:35:21:a3:e5:33:fd:6d:95:bf:bd:4a:
                    40:f3:1e:1e:4d:4e:2e:cf:09:09:63:98:10:d2:46:
                    41:b6:9f:67:57:5d:5f:46:ee:2c:94:0b:d4:61:c5:
                    5b:28:8b:80:9a:be:c7:ac:d8:fa:52:b2:06:e4:13:
                    2d:04:b2:bf:62:34:e1:2b:f0:d7:c5:97:32:d8:04:
                    d7:0e:c8:54:8a:b7:e9:e6:0b:c1:01:94:9f:08:cc:
                    8f:9c:87:53:97:48:ad:70:90:6b:53:4d:a5:e9:78:
                    0c:1e:50:a5:90:0b:be:3a:d5:26:24:db:de:2f:0c:
                    3b:6c:b4:d8:5e:43:ed:15:d8:c0:e3:f5:62:42:bf:
                    07:b9:41:80:f9:10:63:bb:67:e3:2b:f8:50:dd:d7:
                    98:61:f0:d0:2d:95:b6:d3:d9:a7:43:38:74:a9:45:
                    49:4a:d1:c3:e9:a3:69:fd:8c:b8:f5:29:85:fa:1a:
                    c6:b1:01:d4:ff:87:ee:68:f8:d5:dc:11:65:55:c5:
                    94:dc:0b:bf:c1:0f:5e:c4:8b:93:99:05:4b:20:89:
                    a6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:88:7E:A8:29:9A:64:32:A9:45:A1:0F:E6:62:44:0E:56:3C:B8:EA
            X509v3 Authority Key Identifier:
                keyid:2C:9E:49:96:20:73:F9:EF:B6:6A:4B:30:35:06:DA:63:41:56:74:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJ5JliBz-e-2akswNQbaY0FWdFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/776552-e0c2-4b7c-9891-21cd290c03f3/1/mYh-qCmaZDKpRaEP5mJEDlY8uOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/776552-e0c2-4b7c-9891-21cd290c03f3/1/LJ5JliBz-e-2akswNQbaY0FWdFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:2d:d7:de:28:50:7f:bb:88:21:a2:3a:d4:06:7e:2b:31:ad:
         dc:6e:ac:49:d3:50:6c:f6:e7:49:6d:1c:35:86:86:09:f2:d6:
         b3:a5:ab:d2:73:81:49:b9:2b:76:3f:3b:ab:4a:13:f6:09:e2:
         ea:dd:ab:c1:2f:1b:3a:be:aa:03:0a:df:ae:6a:47:88:f8:08:
         5e:7a:0c:9a:02:14:9b:8b:8c:e5:f1:ae:88:b5:b5:b7:14:22:
         ac:07:8e:1d:25:12:1f:2c:e2:77:fc:28:71:97:b1:0d:1b:d0:
         59:91:99:0d:34:2a:53:b2:99:2b:92:bd:49:4f:58:d7:96:8b:
         7e:ef:d2:18:d7:30:89:6c:39:46:b1:ca:cd:a4:6b:7e:24:27:
         f5:f3:70:6b:6c:03:f2:ad:f7:af:39:52:e2:6b:95:bc:81:b5:
         68:80:5a:d6:bf:32:4e:dc:b0:61:7c:fd:3a:9b:e8:60:81:22:
         0b:90:69:0f:83:c8:4b:c3:7f:11:1f:0b:0c:c6:bf:2d:ef:66:
         93:5c:fd:d6:0c:8d:0c:d1:bf:16:c9:f6:0a:eb:be:24:3e:be:
         35:80:3f:53:7d:10:83:10:d4:ce:a3:c1:35:6b:df:ca:a6:0a:
         98:36:af:d7:3e:0f:d6:db:94:b4:41:ac:1f:84:24:b8:41:69:
         e1:10:a6:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbDF2hFTLPbnwvPw5wi1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOWU0OTk2MjA3M2Y5ZWZiNjZhNGIzMDM1MDZkYTYzNDE1
Njc0NTAwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTg4N2VhODI5OWE2NDMyYTk0NWExMGZlNjYyNDQwZTU2M2NiOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rKVQIVNUGqFdae7VZJAaG0z4pfX
PYRaYzUHxzlst7mXR7GpCUbEGLNjYYyYsCZDNSGj5TP9bZW/vUpA8x4eTU4uzwkJ
Y5gQ0kZBtp9nV11fRu4slAvUYcVbKIuAmr7HrNj6UrIG5BMtBLK/YjThK/DXxZcy
2ATXDshUirfp5gvBAZSfCMyPnIdTl0itcJBrU02l6XgMHlClkAu+OtUmJNveLww7
bLTYXkPtFdjA4/ViQr8HuUGA+RBju2fjK/hQ3deYYfDQLZW209mnQzh0qUVJStHD
6aNp/Yy49SmF+hrGsQHU/4fuaPjV3BFlVcWU3Au/wQ9exIuTmQVLIImmFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmIfqgpmmQyqUWhD+ZiRA5WPLjqMB8GA1UdIwQY
MBaAFCyeSZYgc/nvtmpLMDUG2mNBVnRQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEo1SmxpQnotZS0yYWtzd05RYmFZMEZXZEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi83NzY1NTItZTBjMi00YjdjLTk4OTEt
MjFjZDI5MGMwM2YzLzEvbVloLXFDbWFaREtwUmFFUDVtSkVEbFk4dU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi83NzY1NTItZTBjMi00YjdjLTk4OTEtMjFjZDI5MGMwM2Yz
LzEvTEo1SmxpQnotZS0yYWtzd05RYmFZMEZXZEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw8hFMA0G
CSqGSIb3DQEBCwUAA4IBAQBgLdfeKFB/u4ghojrUBn4rMa3cbqxJ01Bs9udJbRw1
hoYJ8tazpavSc4FJuSt2PzurShP2CeLq3avBLxs6vqoDCt+uakeI+AheegyaAhSb
i4zl8a6ItbW3FCKsB44dJRIfLOJ3/Chxl7ENG9BZkZkNNCpTspkrkr1JT1jXlot+
79IY1zCJbDlGscrNpGt+JCf183BrbAPyrfevOVLia5W8gbVogFrWvzJO3LBhfP06
m+hggSILkGkPg8hLw38RHwsMxr8t72aTXP3WDI0M0b8WyfYK674kPr41gD9TfRCD
ENTOo8E1a9/KpgqYNq/XPg/W25S0QawfhCS4QWnhEKZN
-----END CERTIFICATE-----