Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/MmMjPcmgSnmpat_UrnnkwrG8N3M.roa
File:                     MmMjPcmgSnmpat_UrnnkwrG8N3M.roa (raw, json)
Hash identifier:          P+6oU+/zVxV3KfOFEMlrjbqkg2yguA/0UthTHnReUm8=
Subject key identifier:   32:63:23:3D:C9:A0:4A:79:A9:6A:DF:D4:AE:79:E4:C2:B1:BC:37:73
Certificate issuer:       /CN=707f3dabaee24fc43b865aafa3f3c9c2f364bfc9
Certificate serial:       01942521D3D10F7AD5BD63FEADBBF15D6792
Authority key identifier: 70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/MmMjPcmgSnmpat_UrnnkwrG8N3M.roa
Signing time:             Thu 02 Jan 2025 03:49:21 +0000
ROA not before:           Thu 02 Jan 2025 03:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        193.23.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d3:d1:0f:7a:d5:bd:63:fe:ad:bb:f1:5d:67:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=707f3dabaee24fc43b865aafa3f3c9c2f364bfc9
        Validity
            Not Before: Jan  2 03:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3263233dc9a04a79a96adfd4ae79e4c2b1bc3773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b3:7c:4b:18:83:ba:de:e4:6b:38:29:60:1d:
                    3e:6f:b3:d5:ec:46:60:5e:cf:a5:28:5b:f0:09:76:
                    2f:d4:34:36:3c:86:d6:af:70:d7:d0:1f:3c:03:ed:
                    25:42:1e:6a:ea:ee:91:e6:35:db:b9:bc:8a:72:2e:
                    98:8a:e2:de:2f:86:3e:00:ea:12:31:75:09:aa:83:
                    b5:23:10:43:64:61:56:01:bd:66:c2:5c:b3:64:d0:
                    d3:b6:80:0d:c4:f6:45:45:49:36:15:e6:6b:bb:0a:
                    9a:e9:e1:de:dd:61:fc:e6:a2:5a:e5:dd:f2:30:8e:
                    fb:af:85:0f:c6:77:4b:a0:a4:b6:df:cf:bb:dc:68:
                    63:35:2d:fd:26:c6:86:0b:81:44:fe:cc:56:10:e1:
                    fe:ad:1d:f0:33:fc:21:51:b2:3b:9d:05:7f:80:17:
                    1e:99:ae:8f:fc:14:1a:48:6e:5c:d7:ef:ae:6c:fd:
                    ac:2e:bc:c5:d2:ce:5f:8b:f0:57:8e:1a:a9:cd:76:
                    e9:7d:d3:65:39:82:ef:55:12:ad:d2:e8:9c:11:7b:
                    8d:88:fa:37:18:b2:d9:db:49:5d:87:51:03:e2:d6:
                    a6:d2:d7:49:cb:3e:ed:d4:98:ed:18:99:e1:68:26:
                    83:6c:56:78:e4:3f:f9:f3:60:86:2a:93:91:b3:54:
                    fc:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:63:23:3D:C9:A0:4A:79:A9:6A:DF:D4:AE:79:E4:C2:B1:BC:37:73
            X509v3 Authority Key Identifier:
                keyid:70:7F:3D:AB:AE:E2:4F:C4:3B:86:5A:AF:A3:F3:C9:C2:F3:64:BF:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cH89q67iT8Q7hlqvo_PJwvNkv8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/MmMjPcmgSnmpat_UrnnkwrG8N3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/88cc50-2273-45ff-adb5-eccd665f1f03/1/cH89q67iT8Q7hlqvo_PJwvNkv8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:03:b1:f0:e9:dd:de:c4:31:fd:29:32:f9:1d:e8:ca:0c:5e:
         68:39:be:29:74:f5:56:f5:a9:d1:c4:de:da:95:2e:b0:da:2b:
         7a:6a:ec:22:31:db:38:1a:f3:0b:08:32:6a:be:dc:95:bb:06:
         f1:95:de:04:be:49:b5:26:e1:fa:bc:48:30:9d:83:28:84:fe:
         1a:b8:35:4e:a3:a5:c5:d9:34:70:ad:94:59:5b:6d:10:c7:29:
         ca:a2:6d:24:3b:ae:1b:c5:d7:4b:a6:e0:7e:30:b8:31:32:c1:
         ff:84:26:9a:6e:00:de:0d:f2:48:bf:02:d3:6c:27:5a:84:f5:
         f5:3b:a2:f4:00:b7:f3:7a:c7:b6:2e:35:6d:4a:c9:52:f6:b6:
         c6:8b:6f:b1:31:87:84:a4:e1:bf:bd:21:00:bc:88:c5:33:f8:
         02:21:45:24:04:0b:c5:b2:e4:1a:08:4c:f2:af:ec:64:ac:d0:
         7c:90:f4:ce:ac:08:6d:15:d5:77:ff:08:17:c4:0e:90:43:9b:
         de:7a:33:f6:e1:55:0e:cd:c2:50:5f:58:65:85:3b:8b:85:ca:
         0f:e6:77:83:59:ca:61:ca:1b:4a:54:76:9d:f0:4c:44:9c:18:
         79:e0:2a:4e:1c:28:4a:9d:47:98:c4:a5:83:b8:0b:ee:a4:f4:
         99:a2:48:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIdPRD3rVvWP+rbvxXWeSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwN2YzZGFiYWVlMjRmYzQzYjg2NWFhZmEzZjNjOWMyZjM2
NGJmYzkwHhcNMjUwMTAyMDM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjYzMjMzZGM5YTA0YTc5YTk2YWRmZDRhZTc5ZTRjMmIxYmMzNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbN8SxiDut7kazgpYB0+b7PV7EZg
Xs+lKFvwCXYv1DQ2PIbWr3DX0B88A+0lQh5q6u6R5jXbubyKci6YiuLeL4Y+AOoS
MXUJqoO1IxBDZGFWAb1mwlyzZNDTtoANxPZFRUk2FeZruwqa6eHe3WH85qJa5d3y
MI77r4UPxndLoKS238+73GhjNS39JsaGC4FE/sxWEOH+rR3wM/whUbI7nQV/gBce
ma6P/BQaSG5c1++ubP2sLrzF0s5fi/BXjhqpzXbpfdNlOYLvVRKt0uicEXuNiPo3
GLLZ20ldh1ED4tam0tdJyz7t1JjtGJnhaCaDbFZ45D/582CGKpORs1T83QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJjIz3JoEp5qWrf1K555MKxvDdzMB8GA1UdIwQY
MBaAFHB/Pauu4k/EO4Zar6PzycLzZL/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0g4OXE2N2lUOFE3aGxxdm9fUEp3dk5rdjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84OGNjNTAtMjI3My00NWZmLWFkYjUt
ZWNjZDY2NWYxZjAzLzEvTW1NalBjbWdTbm1wYXRfVXJubmt3ckc4TjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84OGNjNTAtMjI3My00NWZmLWFkYjUtZWNjZDY2NWYxZjAz
LzEvY0g4OXE2N2lUOFE3aGxxdm9fUEp3dk5rdjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwReoMA0G
CSqGSIb3DQEBCwUAA4IBAQB2A7Hw6d3exDH9KTL5HejKDF5oOb4pdPVW9anRxN7a
lS6w2it6auwiMds4GvMLCDJqvtyVuwbxld4Evkm1JuH6vEgwnYMohP4auDVOo6XF
2TRwrZRZW20QxynKom0kO64bxddLpuB+MLgxMsH/hCaabgDeDfJIvwLTbCdahPX1
O6L0ALfzese2LjVtSslS9rbGi2+xMYeEpOG/vSEAvIjFM/gCIUUkBAvFsuQaCEzy
r+xkrNB8kPTOrAhtFdV3/wgXxA6QQ5veejP24VUOzcJQX1hlhTuLhcoP5neDWcph
yhtKVHad8ExEnBh54CpOHChKnUeYxKWDuAvupPSZokht
-----END CERTIFICATE-----