Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/b17ec3-4d2e-4b49-a3a7-407e9f38907e/1/MdpNEvAqweEeBxvHQjNduxcNC5o.roa
File:                     MdpNEvAqweEeBxvHQjNduxcNC5o.roa (raw, json)
Hash identifier:          3CFotLoSJook5su+0dIfaMzyVX/dwZvzE8G3t1ZME68=
Subject key identifier:   31:DA:4D:12:F0:2A:C1:E1:1E:07:1B:C7:42:33:5D:BB:17:0D:0B:9A
Certificate issuer:       /CN=6b923e16a2c4cdbdd952408908bf82380465ba51
Certificate serial:       01941F8C4E5C92AC40A3CA5AF39FE1EDABB3
Authority key identifier: 6B:92:3E:16:A2:C4:CD:BD:D9:52:40:89:08:BF:82:38:04:65:BA:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a5I-FqLEzb3ZUkCJCL-COARlulE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/b17ec3-4d2e-4b49-a3a7-407e9f38907e/1/MdpNEvAqweEeBxvHQjNduxcNC5o.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42691
IP address blocks:        192.109.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/b17ec3-4d2e-4b49-a3a7-407e9f38907e/1/a5I-FqLEzb3ZUkCJCL-COARlulE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/b17ec3-4d2e-4b49-a3a7-407e9f38907e/1/a5I-FqLEzb3ZUkCJCL-COARlulE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a5I-FqLEzb3ZUkCJCL-COARlulE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4e:5c:92:ac:40:a3:ca:5a:f3:9f:e1:ed:ab:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b923e16a2c4cdbdd952408908bf82380465ba51
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31da4d12f02ac1e11e071bc742335dbb170d0b9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:46:05:dd:7c:6f:58:67:48:a8:d6:02:31:0a:
                    f8:ba:2e:67:c7:31:10:45:be:d7:93:6b:62:e0:e8:
                    cd:0c:93:d0:d1:10:2f:6a:58:56:e8:34:64:2b:a9:
                    7d:11:c7:09:b7:55:f9:fa:ec:cf:34:76:61:29:6a:
                    78:a6:81:a7:89:8f:6b:12:a8:94:8f:52:f4:18:35:
                    33:2c:3d:c9:ac:85:a6:53:79:0b:16:3a:a1:75:d2:
                    de:c8:2d:7a:a1:ff:42:06:f1:22:d5:d9:fa:70:d0:
                    32:f5:1a:3d:96:fb:ec:0d:4f:33:49:e8:84:d2:ab:
                    ec:4e:1e:f3:93:ba:8d:1e:1a:3a:17:27:08:25:eb:
                    63:c3:ac:1e:66:e6:0c:ce:40:a5:ae:37:f8:a3:dc:
                    64:18:54:4d:8e:6e:61:ba:12:ef:1d:0e:4a:f9:fa:
                    a4:8e:83:fb:9b:d6:30:a0:c5:b7:b2:b3:58:64:46:
                    44:d8:d4:87:2a:46:7e:c4:79:29:51:18:1c:7d:a7:
                    63:f0:a4:c4:3c:d0:2f:2c:55:1f:4d:5d:0a:99:8c:
                    6d:2c:a2:45:8e:74:84:6a:6d:a4:6c:ca:f5:f1:64:
                    c4:4e:91:ce:86:05:82:68:ac:30:8d:ee:46:2c:1c:
                    9b:09:89:1b:5a:e0:bf:2d:c6:a1:d1:38:82:0b:08:
                    b0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:DA:4D:12:F0:2A:C1:E1:1E:07:1B:C7:42:33:5D:BB:17:0D:0B:9A
            X509v3 Authority Key Identifier:
                keyid:6B:92:3E:16:A2:C4:CD:BD:D9:52:40:89:08:BF:82:38:04:65:BA:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5I-FqLEzb3ZUkCJCL-COARlulE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/b17ec3-4d2e-4b49-a3a7-407e9f38907e/1/MdpNEvAqweEeBxvHQjNduxcNC5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/b17ec3-4d2e-4b49-a3a7-407e9f38907e/1/a5I-FqLEzb3ZUkCJCL-COARlulE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:09:77:3a:d9:48:e9:87:04:d6:1c:01:dd:85:a8:1a:b0:21:
         11:6a:84:24:9a:64:3e:2b:83:47:ae:86:1b:bc:76:77:80:cb:
         00:c7:b5:f3:b1:dd:d1:d6:41:03:14:8c:8e:7d:a7:00:20:69:
         ba:21:50:f9:eb:ce:70:2d:69:b3:7f:35:00:c8:b5:da:c2:aa:
         34:10:d3:75:13:26:db:82:5b:48:b9:9f:29:a5:20:08:96:90:
         c4:33:f9:8c:8e:72:d3:48:96:03:b8:04:fa:ee:14:17:19:fd:
         ef:c9:7c:77:fa:d8:21:e8:89:40:3e:fe:89:fd:86:65:30:29:
         81:b0:82:19:a1:e1:fd:e0:d5:ea:6f:50:ff:b2:02:d8:cf:8a:
         59:96:32:14:f9:63:4e:fb:91:10:bc:cd:c7:e6:09:62:f7:5a:
         0a:43:e3:a0:29:0d:66:58:14:05:b1:0a:91:68:1d:de:fb:c2:
         69:1d:e6:82:9e:6c:3c:73:bc:d4:c3:ed:c9:e2:70:12:b9:cf:
         37:b7:0f:6a:83:09:b6:67:c0:75:c9:fd:f8:56:d7:47:3e:99:
         39:ef:dd:d6:98:89:6d:55:08:7d:f2:f1:dc:47:d2:85:5b:4d:
         77:3c:c7:92:ec:83:8a:58:58:06:82:c1:af:a5:7e:eb:eb:83:
         b2:3e:67:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjE5ckqxAo8pa85/h7auzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiOTIzZTE2YTJjNGNkYmRkOTUyNDA4OTA4YmY4MjM4MDQ2
NWJhNTEwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWRhNGQxMmYwMmFjMWUxMWUwNzFiYzc0MjMzNWRiYjE3MGQwYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0YF3XxvWGdIqNYCMQr4ui5nxzEQ
Rb7Xk2ti4OjNDJPQ0RAvalhW6DRkK6l9EccJt1X5+uzPNHZhKWp4poGniY9rEqiU
j1L0GDUzLD3JrIWmU3kLFjqhddLeyC16of9CBvEi1dn6cNAy9Ro9lvvsDU8zSeiE
0qvsTh7zk7qNHho6FycIJetjw6weZuYMzkClrjf4o9xkGFRNjm5huhLvHQ5K+fqk
joP7m9YwoMW3srNYZEZE2NSHKkZ+xHkpURgcfadj8KTEPNAvLFUfTV0KmYxtLKJF
jnSEam2kbMr18WTETpHOhgWCaKwwje5GLBybCYkbWuC/Lcah0TiCCwiwmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHaTRLwKsHhHgcbx0IzXbsXDQuaMB8GA1UdIwQY
MBaAFGuSPhaixM292VJAiQi/gjgEZbpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTVJLUZxTEV6YjNaVWtDSkNMLUNPQVJsdWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iMTdlYzMtNGQyZS00YjQ5LWEzYTct
NDA3ZTlmMzg5MDdlLzEvTWRwTkV2QXF3ZUVlQnh2SFFqTmR1eGNOQzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iMTdlYzMtNGQyZS00YjQ5LWEzYTctNDA3ZTlmMzg5MDdl
LzEvYTVJLUZxTEV6YjNaVWtDSkNMLUNPQVJsdWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG32MA0G
CSqGSIb3DQEBCwUAA4IBAQA7CXc62UjphwTWHAHdhagasCERaoQkmmQ+K4NHroYb
vHZ3gMsAx7Xzsd3R1kEDFIyOfacAIGm6IVD5685wLWmzfzUAyLXawqo0ENN1Eybb
gltIuZ8ppSAIlpDEM/mMjnLTSJYDuAT67hQXGf3vyXx3+tgh6IlAPv6J/YZlMCmB
sIIZoeH94NXqb1D/sgLYz4pZljIU+WNO+5EQvM3H5gli91oKQ+OgKQ1mWBQFsQqR
aB3e+8JpHeaCnmw8c7zUw+3J4nASuc83tw9qgwm2Z8B1yf34VtdHPpk5793WmIlt
VQh98vHcR9KFW013PMeS7IOKWFgGgsGvpX7r64OyPmeu
-----END CERTIFICATE-----