Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/Mdz7gFP_KbOqqYubu7U76xBnbk0.roa
File:                     Mdz7gFP_KbOqqYubu7U76xBnbk0.roa (raw, json)
Hash identifier:          jA9ulv112lR/bkdkG+34ufilO6znCYlwpUBfU78DlcQ=
Subject key identifier:   31:DC:FB:80:53:FF:29:B3:AA:A9:8B:9B:BB:B5:3B:EB:10:67:6E:4D
Certificate issuer:       /CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
Certificate serial:       01953DF728E9D1DCE63930728C8A7E7D3E57
Authority key identifier: CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/Mdz7gFP_KbOqqYubu7U76xBnbk0.roa
Signing time:             Tue 25 Feb 2025 16:36:02 +0000
ROA not before:           Tue 25 Feb 2025 16:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196618
IP address blocks:        194.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:f7:28:e9:d1:dc:e6:39:30:72:8c:8a:7e:7d:3e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9f6fbfe00a08592b7bb0edfdc2002bfc72b578
        Validity
            Not Before: Feb 25 16:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31dcfb8053ff29b3aaa98b9bbbb53beb10676e4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b0:14:5d:20:6f:c8:19:11:cd:80:1e:9b:02:
                    02:68:0c:1c:f0:dd:6b:bd:b9:5a:fb:8a:76:8a:de:
                    0e:16:72:46:f2:da:ea:11:15:7d:42:33:13:43:21:
                    c0:97:e5:dc:af:e9:ac:11:99:62:38:73:30:64:3e:
                    7e:fd:ce:02:fe:f9:ce:df:11:80:6c:71:1c:f9:e7:
                    46:22:88:5f:e3:0a:92:cd:31:7f:f4:a4:84:0f:8d:
                    e6:81:e3:1e:5b:62:5d:23:5e:0d:e2:f3:4d:17:8d:
                    02:25:62:fd:c1:5c:4c:2f:27:65:fe:97:17:8b:88:
                    f3:a9:58:f7:75:1e:e1:14:29:59:52:c3:c4:0c:55:
                    ab:f3:87:32:20:db:b5:d4:8f:bf:7b:c1:47:1f:6c:
                    fb:e5:08:a2:8d:ed:2f:99:56:da:12:56:9f:94:f6:
                    79:85:47:43:4d:4f:63:54:07:3c:41:83:51:68:5b:
                    e2:dc:58:cf:7a:44:1a:42:c6:4d:fd:d7:e2:64:3b:
                    8d:01:7a:99:dc:08:9c:76:3c:fd:1c:a9:c3:a1:61:
                    e4:5a:05:db:52:4d:dd:d4:9f:df:e3:19:77:21:0d:
                    d2:c9:6e:f8:02:cd:03:42:ba:cc:3e:61:4f:0d:0a:
                    6f:c8:52:f8:3e:d4:27:79:66:ef:ef:fe:1f:8e:28:
                    45:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DC:FB:80:53:FF:29:B3:AA:A9:8B:9B:BB:B5:3B:EB:10:67:6E:4D
            X509v3 Authority Key Identifier:
                keyid:CF:9F:6F:BF:E0:0A:08:59:2B:7B:B0:ED:FD:C2:00:2B:FC:72:B5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z59vv-AKCFkre7Dt_cIAK_xytXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/Mdz7gFP_KbOqqYubu7U76xBnbk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/733989-f131-45e9-9b75-342a9ee73d85/1/z59vv-AKCFkre7Dt_cIAK_xytXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c4:d4:c8:0f:ee:43:7d:05:93:13:65:b7:78:38:b1:a0:f1:
         d9:54:b3:4a:09:30:b7:9d:05:b2:00:1f:15:4b:ec:fd:cc:9d:
         79:75:20:24:e9:23:e7:a4:a1:5e:92:30:ef:f5:3c:9c:88:93:
         f6:c4:7d:89:f9:ac:3b:a1:ee:5e:1c:ef:d6:d8:a7:fd:53:7d:
         55:8c:f7:39:21:21:09:b6:54:30:1e:ad:8b:a5:0a:90:22:b3:
         4b:2c:23:42:c1:4b:43:10:67:62:a0:8f:50:21:d6:48:98:a5:
         76:95:1b:87:87:b5:b2:4f:3a:96:4b:2a:f3:13:68:c3:ed:c2:
         4e:91:8b:e1:d0:8d:35:e9:3c:f2:90:d9:4e:2f:31:f4:a2:fd:
         c5:52:0d:f1:c8:5e:fb:b7:df:cc:cc:7e:60:c2:ca:4a:08:9f:
         8d:08:02:30:54:3c:c6:f4:88:d4:53:c8:48:db:90:23:e8:e2:
         69:04:6a:b0:b4:b5:87:45:d5:8e:a8:b1:cf:15:30:c9:76:2e:
         31:54:e6:4a:73:3f:ba:6e:9b:1b:e4:d7:4c:3e:be:0d:2b:40:
         18:08:29:3b:a8:28:48:ff:66:1d:2d:82:49:5c:20:10:f0:0e:
         db:08:42:3e:10:fa:d7:1d:22:25:ac:dd:88:17:1e:ce:e1:c6:
         2b:d0:b8:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU99yjp0dzmOTByjIp+fT5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWY2ZmJmZTAwYTA4NTkyYjdiYjBlZGZkYzIwMDJiZmM3
MmI1NzgwHhcNMjUwMjI1MTYzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRjZmI4MDUzZmYyOWIzYWFhOThiOWJiYmI1M2JlYjEwNjc2ZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLAUXSBvyBkRzYAemwICaAwc8N1r
vbla+4p2it4OFnJG8trqERV9QjMTQyHAl+Xcr+msEZliOHMwZD5+/c4C/vnO3xGA
bHEc+edGIohf4wqSzTF/9KSED43mgeMeW2JdI14N4vNNF40CJWL9wVxMLydl/pcX
i4jzqVj3dR7hFClZUsPEDFWr84cyINu11I+/e8FHH2z75Qiije0vmVbaElaflPZ5
hUdDTU9jVAc8QYNRaFvi3FjPekQaQsZN/dfiZDuNAXqZ3Aicdjz9HKnDoWHkWgXb
Uk3d1J/f4xl3IQ3SyW74As0DQrrMPmFPDQpvyFL4PtQneWbv7/4fjihFcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHc+4BT/ymzqqmLm7u1O+sQZ25NMB8GA1UdIwQY
MBaAFM+fb7/gCghZK3uw7f3CACv8crV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUt
MzQyYTllZTczZDg1LzEvTWR6N2dGUF9LYk9xcVl1YnU3VTc2eEJuYmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83MzM5ODktZjEzMS00NWU5LTliNzUtMzQyYTllZTczZDg1
LzEvejU5dnYtQUtDRmtyZTdEdF9jSUFLX3h5dFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiBMA0G
CSqGSIb3DQEBCwUAA4IBAQBXxNTID+5DfQWTE2W3eDixoPHZVLNKCTC3nQWyAB8V
S+z9zJ15dSAk6SPnpKFekjDv9TyciJP2xH2J+aw7oe5eHO/W2Kf9U31VjPc5ISEJ
tlQwHq2LpQqQIrNLLCNCwUtDEGdioI9QIdZImKV2lRuHh7WyTzqWSyrzE2jD7cJO
kYvh0I016TzykNlOLzH0ov3FUg3xyF77t9/MzH5gwspKCJ+NCAIwVDzG9IjUU8hI
25Aj6OJpBGqwtLWHRdWOqLHPFTDJdi4xVOZKcz+6bpsb5NdMPr4NK0AYCCk7qChI
/2YdLYJJXCAQ8A7bCEI+EPrXHSIlrN2IFx7O4cYr0LjZ
-----END CERTIFICATE-----