Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/0Mvhcy66vg_hQj0H0BjuRhN8AEw.roa
File:                     0Mvhcy66vg_hQj0H0BjuRhN8AEw.roa (raw, json)
Hash identifier:          rLSJr6X2QsQeqUnzUxdyly3b6MStAcI5bnu/3/yjEXo=
Subject key identifier:   D0:CB:E1:73:2E:BA:BE:0F:E1:42:3D:07:D0:18:EE:46:13:7C:00:4C
Certificate issuer:       /CN=eebe79d147882422ec275417dfd2affa93a02757
Certificate serial:       0194228D862FD4DE09C1E46BAAEE56A3D508
Authority key identifier: EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/0Mvhcy66vg_hQj0H0BjuRhN8AEw.roa
Signing time:             Wed 01 Jan 2025 15:48:07 +0000
ROA not before:           Wed 01 Jan 2025 15:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215076
IP address blocks:        193.8.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:86:2f:d4:de:09:c1:e4:6b:aa:ee:56:a3:d5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebe79d147882422ec275417dfd2affa93a02757
        Validity
            Not Before: Jan  1 15:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0cbe1732ebabe0fe1423d07d018ee46137c004c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:da:c7:8a:18:73:af:bb:a5:f0:69:7e:9f:2b:
                    0d:b4:20:c8:94:45:bf:53:bd:3e:50:8f:25:4e:8c:
                    59:7b:19:3e:4a:25:11:1b:9c:5c:80:11:cd:8e:d7:
                    42:10:fe:32:59:81:39:2d:4d:58:55:ac:4a:81:63:
                    c9:06:25:66:25:13:58:1a:a2:af:57:01:63:6a:6a:
                    34:e2:5d:4d:ff:9f:0b:4b:e3:5f:3e:8c:36:05:cc:
                    4b:65:ec:66:2f:00:25:84:72:10:7f:e0:05:6d:40:
                    95:9e:1f:7f:e7:27:85:dd:23:15:35:c4:e1:51:ce:
                    ea:fc:fd:35:6b:cd:21:ee:40:ca:62:cd:b6:62:ac:
                    40:da:c4:c7:23:4c:73:3a:30:3f:ca:f4:1e:d0:c5:
                    e1:f8:63:e6:61:2e:62:89:b3:bc:5b:f7:0a:a6:f3:
                    65:7f:a7:90:51:36:cd:9b:a5:13:be:56:1f:78:05:
                    af:54:61:46:81:0a:76:19:03:e4:5b:e6:76:6b:5a:
                    9c:12:cd:fb:cc:c3:a3:ff:ed:45:e2:5d:16:ac:0f:
                    44:de:4b:71:e7:29:cc:54:c7:99:be:ea:39:7d:95:
                    ff:3c:1e:eb:4a:bc:82:42:8a:7c:6d:b4:77:cd:32:
                    85:76:26:eb:83:76:69:c0:3f:4c:92:75:09:b3:45:
                    aa:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:CB:E1:73:2E:BA:BE:0F:E1:42:3D:07:D0:18:EE:46:13:7C:00:4C
            X509v3 Authority Key Identifier:
                keyid:EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/0Mvhcy66vg_hQj0H0BjuRhN8AEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c1:f7:58:5e:0e:47:55:22:79:8b:6e:25:cf:e6:2a:b6:47:
         4b:bc:67:56:0c:02:a2:0d:7a:c2:a6:7c:8c:c2:16:35:61:91:
         b8:db:5f:49:a4:be:2b:cf:d3:0e:fa:fb:46:2b:6e:5f:92:a3:
         e7:24:98:59:2c:92:e6:e6:54:f9:eb:55:33:cd:80:50:15:67:
         45:ed:ca:e9:c1:6d:c1:db:ec:7c:86:82:48:6f:a9:b2:6e:d8:
         b4:ee:d3:19:8a:4e:a4:2a:b8:89:4e:ff:54:e2:b7:aa:49:b5:
         5a:63:4f:c8:b6:85:6a:e6:ca:a5:83:47:00:d6:ef:ba:a2:22:
         b9:43:f0:ba:36:45:e9:0f:9e:e6:96:6f:ef:91:2d:57:b1:8c:
         e3:1a:28:16:06:b1:d8:17:94:7b:07:2f:d2:14:7f:cc:6c:7c:
         63:d0:2b:ff:f5:29:7f:20:b7:10:0c:67:6c:06:f2:c6:89:97:
         fb:53:bd:2a:cd:38:79:c7:c6:80:e0:22:73:72:4c:5c:b3:2a:
         46:0c:c7:bb:36:45:1b:25:09:be:eb:0f:57:2e:fc:fc:e5:f4:
         d0:e3:01:9b:bd:71:0c:5f:10:7f:d9:7b:5b:a8:98:b8:1b:1f:
         d2:6a:2f:03:56:7e:c9:2b:f7:7d:71:81:df:57:95:00:2b:e0:
         0e:dc:63:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYYv1N4JweRrqu5Wo9UIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmU3OWQxNDc4ODI0MjJlYzI3NTQxN2RmZDJhZmZhOTNh
MDI3NTcwHhcNMjUwMTAxMTU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGNiZTE3MzJlYmFiZTBmZTE0MjNkMDdkMDE4ZWU0NjEzN2MwMDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdrHihhzr7ul8Gl+nysNtCDIlEW/
U70+UI8lToxZexk+SiURG5xcgBHNjtdCEP4yWYE5LU1YVaxKgWPJBiVmJRNYGqKv
VwFjamo04l1N/58LS+NfPow2BcxLZexmLwAlhHIQf+AFbUCVnh9/5yeF3SMVNcTh
Uc7q/P01a80h7kDKYs22YqxA2sTHI0xzOjA/yvQe0MXh+GPmYS5iibO8W/cKpvNl
f6eQUTbNm6UTvlYfeAWvVGFGgQp2GQPkW+Z2a1qcEs37zMOj/+1F4l0WrA9E3ktx
5ynMVMeZvuo5fZX/PB7rSryCQop8bbR3zTKFdibrg3ZpwD9MknUJs0WqGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDL4XMuur4P4UI9B9AY7kYTfABMMB8GA1UdIwQY
MBaAFO6+edFHiCQi7CdUF9/Sr/qToCdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTIt
Mzg4MjNjMTQ0OWFmLzEvME12aGN5NjZ2Z19oUWowSDBCanVSaE44QUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTItMzg4MjNjMTQ0OWFm
LzEvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhIMA0G
CSqGSIb3DQEBCwUAA4IBAQB8wfdYXg5HVSJ5i24lz+YqtkdLvGdWDAKiDXrCpnyM
whY1YZG4219JpL4rz9MO+vtGK25fkqPnJJhZLJLm5lT561UzzYBQFWdF7crpwW3B
2+x8hoJIb6mybti07tMZik6kKriJTv9U4reqSbVaY0/ItoVq5sqlg0cA1u+6oiK5
Q/C6NkXpD57mlm/vkS1XsYzjGigWBrHYF5R7By/SFH/MbHxj0Cv/9Sl/ILcQDGds
BvLGiZf7U70qzTh5x8aA4CJzckxcsypGDMe7NkUbJQm+6w9XLvz85fTQ4wGbvXEM
XxB/2XtbqJi4Gx/Sai8DVn7JK/d9cYHfV5UAK+AO3GNL
-----END CERTIFICATE-----