Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/mRB_OnP44xYbYgLWxMbqszszPGM.roa
File:                     mRB_OnP44xYbYgLWxMbqszszPGM.roa (raw, json)
Hash identifier:          307gSScwcEhhHcOrs8EFwDS2bixk41KMX1xrq34a1Rs=
Subject key identifier:   99:10:7F:3A:73:F8:E3:16:1B:62:02:D6:C4:C6:EA:B3:3B:33:3C:63
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CAA6372393E36C2E63189E4D37AAE
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/mRB_OnP44xYbYgLWxMbqszszPGM.roa
Signing time:             Wed 01 Jan 2025 01:48:19 +0000
ROA not before:           Wed 01 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47380
IP address blocks:        91.242.144.0/22 maxlen: 24
                          185.93.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:aa:63:72:39:3e:36:c2:e6:31:89:e4:d3:7a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99107f3a73f8e3161b6202d6c4c6eab33b333c63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:57:29:29:05:fe:87:ef:2f:c9:a7:77:25:11:
                    b7:71:57:d6:6f:f2:c6:97:65:e0:8e:4f:2c:47:7c:
                    87:ac:b3:b4:41:9e:57:0e:ae:d7:e7:73:a0:7e:d4:
                    3f:b5:76:23:b4:fc:69:7d:14:dd:bb:94:e0:95:77:
                    ec:59:9f:d3:70:0f:e9:ee:04:dd:c4:b7:35:18:74:
                    a3:8a:b0:7e:69:ee:dd:19:18:7b:65:00:51:49:e8:
                    45:8b:da:7e:99:92:6b:96:1e:ff:75:1c:e5:9b:29:
                    13:f3:21:cf:d4:a7:99:a5:ee:21:72:9b:4f:05:ac:
                    80:37:b6:96:7e:d7:3f:ae:bc:13:3f:ce:ed:f0:7e:
                    df:95:c4:82:1f:b4:e7:32:68:88:8e:c0:f9:f1:3f:
                    45:2d:8c:6a:de:de:5f:72:ea:ce:4b:90:08:fe:d1:
                    fa:78:fe:09:85:c2:ca:09:ae:04:61:05:cf:25:93:
                    72:23:ab:e6:4c:e7:bd:db:52:92:3b:18:b5:0c:60:
                    3e:63:9c:22:d1:7e:43:86:f5:de:38:18:bd:c1:8b:
                    36:5d:c3:4f:8e:96:93:16:96:8e:c4:1f:e1:01:42:
                    3b:28:6c:ad:38:a7:61:bb:a5:c3:8b:e1:e7:8b:63:
                    a6:06:4a:82:3f:a4:09:ad:44:37:4b:c7:11:f2:5c:
                    b8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:10:7F:3A:73:F8:E3:16:1B:62:02:D6:C4:C6:EA:B3:3B:33:3C:63
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/mRB_OnP44xYbYgLWxMbqszszPGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.144.0/22
                  185.93.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:58:c7:fd:db:d7:3a:e4:e5:d5:39:50:9c:62:b8:4c:b2:15:
         05:07:f9:0a:23:00:0b:00:9c:36:fe:0a:03:39:8b:d9:9e:b0:
         35:3f:f3:02:e4:08:d7:74:34:ff:a0:f4:e1:86:fd:e5:a6:6f:
         f0:f8:d2:1e:a5:dc:a6:3f:c1:68:55:c9:8a:c0:54:14:14:c1:
         a6:9f:40:59:fa:68:3c:12:23:63:9d:45:38:af:4c:fc:1a:56:
         d6:37:38:4f:af:3b:06:96:e1:d8:4a:af:87:94:a2:f7:c7:2e:
         45:83:df:be:25:a7:84:17:4b:94:a1:ad:fc:42:9e:d5:39:03:
         24:50:e1:ec:a6:45:29:22:bf:16:8b:9b:48:e8:a7:2e:03:15:
         84:2a:96:7c:8b:01:33:7d:5b:0a:bd:af:53:f8:25:a9:eb:ea:
         b3:1c:d2:ae:aa:6c:9d:f0:c0:0b:2d:76:76:21:f6:5b:62:7e:
         6e:e3:fb:ba:65:48:0b:e1:84:59:07:de:b3:10:03:dc:a6:c9:
         e6:4c:83:40:30:1a:4e:cc:65:f9:14:91:e8:11:5e:ac:a1:cf:
         72:4f:2c:c9:92:84:13:5c:17:aa:1f:80:d2:6b:5d:73:77:a2:
         58:01:da:ec:91:6f:42:55:ca:a3:d6:32:a3:84:4d:f8:07:67:
         dd:cd:0f:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjKpjcjk+NsLmMYnk03quMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTEwN2YzYTczZjhlMzE2MWI2MjAyZDZjNGM2ZWFiMzNiMzMzYzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlcpKQX+h+8vyad3JRG3cVfWb/LG
l2Xgjk8sR3yHrLO0QZ5XDq7X53OgftQ/tXYjtPxpfRTdu5TglXfsWZ/TcA/p7gTd
xLc1GHSjirB+ae7dGRh7ZQBRSehFi9p+mZJrlh7/dRzlmykT8yHP1KeZpe4hcptP
BayAN7aWftc/rrwTP87t8H7flcSCH7TnMmiIjsD58T9FLYxq3t5fcurOS5AI/tH6
eP4JhcLKCa4EYQXPJZNyI6vmTOe921KSOxi1DGA+Y5wi0X5DhvXeOBi9wYs2XcNP
jpaTFpaOxB/hAUI7KGytOKdhu6XDi+Hni2OmBkqCP6QJrUQ3S8cR8ly45wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJkQfzpz+OMWG2IC1sTG6rM7MzxjMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvbVJCX09uUDQ0eFliWWdMV3hNYnFzenN6UEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW/KQAwQC
uV3oMA0GCSqGSIb3DQEBCwUAA4IBAQCtWMf929c65OXVOVCcYrhMshUFB/kKIwAL
AJw2/goDOYvZnrA1P/MC5AjXdDT/oPThhv3lpm/w+NIepdymP8FoVcmKwFQUFMGm
n0BZ+mg8EiNjnUU4r0z8GlbWNzhPrzsGluHYSq+HlKL3xy5Fg9++JaeEF0uUoa38
Qp7VOQMkUOHspkUpIr8Wi5tI6KcuAxWEKpZ8iwEzfVsKva9T+CWp6+qzHNKuqmyd
8MALLXZ2IfZbYn5u4/u6ZUgL4YRZB96zEAPcpsnmTINAMBpOzGX5FJHoEV6soc9y
TyzJkoQTXBeqH4DSa11zd6JYAdrskW9CVcqj1jKjhE34B2fdzQ+B
-----END CERTIFICATE-----