Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MX7W_XjaJapK4DQtwhceLi9jDqw.roa
File:                     MX7W_XjaJapK4DQtwhceLi9jDqw.roa (raw, json)
Hash identifier:          Z0UY0YF1P7ipesX3akeaOOX/P8V4MZ9NyCBnhCxyBTo=
Subject key identifier:   31:7E:D6:FD:78:DA:25:AA:4A:E0:34:2D:C2:17:1E:2E:2F:63:0E:AC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422204C18C0B19D61B6D59A470E072777
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MX7W_XjaJapK4DQtwhceLi9jDqw.roa
Signing time:             Wed 01 Jan 2025 13:48:49 +0000
ROA not before:           Wed 01 Jan 2025 13:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211975
IP address blocks:        194.5.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:4c:18:c0:b1:9d:61:b6:d5:9a:47:0e:07:27:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=317ed6fd78da25aa4ae0342dc2171e2e2f630eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:16:e6:47:c1:7b:b5:d3:b8:05:0d:c2:25:c8:
                    64:7c:23:78:75:1f:ec:90:6c:9f:22:6d:d6:84:71:
                    97:a4:86:cb:50:98:b8:ee:3e:01:a3:cb:ee:67:21:
                    54:15:ba:15:d3:71:5d:f9:19:ed:59:e4:82:38:90:
                    73:f3:ea:f6:99:68:b5:bb:bb:b8:1d:63:ad:ef:5f:
                    1e:d3:23:43:68:65:b3:17:0d:9a:ef:99:b3:83:69:
                    59:f6:9d:9c:7d:0b:58:0a:6a:05:a6:0e:d0:cc:ec:
                    70:8a:5a:07:6e:bd:c3:31:10:4e:fa:3b:0f:87:e2:
                    de:2f:53:6d:85:9e:49:b6:6a:f6:78:35:b4:c8:4c:
                    54:54:39:68:6e:f7:bc:4c:2d:e0:c2:b2:6f:80:9e:
                    35:cd:f5:28:76:8f:1f:1f:16:a1:25:de:6e:7e:e6:
                    db:71:a1:03:3e:80:cc:fc:c2:3b:09:66:06:3e:d3:
                    8b:86:51:60:13:61:00:c1:59:a7:0b:bf:6d:8a:71:
                    ce:6c:e2:16:47:35:36:4a:3b:63:56:a4:c6:4a:40:
                    98:45:1a:fc:c3:1b:01:7a:92:a0:fb:32:f0:ce:09:
                    0b:51:79:e5:4f:1c:bd:97:e0:3c:33:df:56:15:09:
                    f0:f7:ac:48:d0:42:b4:90:7f:c3:48:c7:8a:ed:85:
                    73:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:7E:D6:FD:78:DA:25:AA:4A:E0:34:2D:C2:17:1E:2E:2F:63:0E:AC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MX7W_XjaJapK4DQtwhceLi9jDqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:df:01:7c:ee:72:59:21:ee:6d:1a:5c:77:41:8e:1e:7b:13:
         6e:20:ac:76:32:b6:5d:ff:47:c8:fd:ce:11:3f:6c:88:9f:99:
         9d:16:9a:50:0c:77:80:d1:67:d8:dd:12:54:8a:8c:ba:29:8d:
         2f:f9:e4:9f:a7:fa:b1:67:4d:29:e8:a7:ff:03:66:81:aa:31:
         87:51:80:90:b1:65:65:42:53:32:ab:cc:31:d4:15:6c:e2:84:
         df:2f:2e:9f:1c:87:e7:13:c0:7c:01:09:d0:c9:09:3a:63:98:
         98:81:62:c6:8d:5f:35:15:0f:41:ef:b0:af:33:74:79:47:a6:
         4e:7d:32:b0:25:66:ba:81:36:47:70:fc:cd:41:10:3c:3e:ac:
         e9:af:be:76:98:7a:3b:a7:16:a3:44:d3:aa:d1:ce:56:a5:78:
         8b:ff:b8:09:07:f2:15:45:6a:a6:b7:75:a4:fd:51:4f:3d:e5:
         67:c4:02:17:31:ad:a5:bf:01:b5:e1:0a:f0:e9:b1:72:9b:9d:
         38:d1:1b:13:69:65:bc:a1:75:77:c3:6c:11:f7:ef:04:bc:ce:
         1e:4e:8f:a3:f1:37:24:2f:6d:66:4b:62:fc:c3:55:67:ca:39:
         39:f8:44:ed:44:ed:0a:b9:bf:cb:64:f7:99:c6:c5:83:2c:7e:
         86:da:17:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEwYwLGdYbbVmkcOByd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdlZDZmZDc4ZGEyNWFhNGFlMDM0MmRjMjE3MWUyZTJmNjMwZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxbmR8F7tdO4BQ3CJchkfCN4dR/s
kGyfIm3WhHGXpIbLUJi47j4Bo8vuZyFUFboV03Fd+RntWeSCOJBz8+r2mWi1u7u4
HWOt718e0yNDaGWzFw2a75mzg2lZ9p2cfQtYCmoFpg7QzOxwiloHbr3DMRBO+jsP
h+LeL1NthZ5Jtmr2eDW0yExUVDlobve8TC3gwrJvgJ41zfUodo8fHxahJd5ufubb
caEDPoDM/MI7CWYGPtOLhlFgE2EAwVmnC79tinHObOIWRzU2SjtjVqTGSkCYRRr8
wxsBepKg+zLwzgkLUXnlTxy9l+A8M99WFQnw96xI0EK0kH/DSMeK7YVz/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF+1v142iWqSuA0LcIXHi4vYw6sMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTVg3V19YamFKYXBLNERRdHdoY2VMaTlqRHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVAMA0G
CSqGSIb3DQEBCwUAA4IBAQAK3wF87nJZIe5tGlx3QY4eexNuIKx2MrZd/0fI/c4R
P2yIn5mdFppQDHeA0WfY3RJUioy6KY0v+eSfp/qxZ00p6Kf/A2aBqjGHUYCQsWVl
QlMyq8wx1BVs4oTfLy6fHIfnE8B8AQnQyQk6Y5iYgWLGjV81FQ9B77CvM3R5R6ZO
fTKwJWa6gTZHcPzNQRA8Pqzpr752mHo7pxajRNOq0c5WpXiL/7gJB/IVRWqmt3Wk
/VFPPeVnxAIXMa2lvwG14Qrw6bFym5040RsTaWW8oXV3w2wR9+8EvM4eTo+j8Tck
L21mS2L8w1Vnyjk5+ETtRO0Kub/LZPeZxsWDLH6G2hdM
-----END CERTIFICATE-----