Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/MPwSmw7TKMOSUXcFrOOlFixZc2g.roa
File:                     MPwSmw7TKMOSUXcFrOOlFixZc2g.roa (raw, json)
Hash identifier:          QP+dxlkmxIyI9F9hcSk4trG33k+WqitL0NMMPJjf69Q=
Subject key identifier:   30:FC:12:9B:0E:D3:28:C3:92:51:77:05:AC:E3:A5:16:2C:59:73:68
Certificate issuer:       /CN=9c8a1876fddc2b63748b457b770b79a7e66e793c
Certificate serial:       0194244512B24DCE6D4609AF085AF5FA660A
Authority key identifier: 9C:8A:18:76:FD:DC:2B:63:74:8B:45:7B:77:0B:79:A7:E6:6E:79:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nIoYdv3cK2N0i0V7dwt5p-ZueTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/MPwSmw7TKMOSUXcFrOOlFixZc2g.roa
Signing time:             Wed 01 Jan 2025 23:48:14 +0000
ROA not before:           Wed 01 Jan 2025 23:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209585
IP address blocks:        193.16.97.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/nIoYdv3cK2N0i0V7dwt5p-ZueTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/nIoYdv3cK2N0i0V7dwt5p-ZueTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nIoYdv3cK2N0i0V7dwt5p-ZueTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:12:b2:4d:ce:6d:46:09:af:08:5a:f5:fa:66:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c8a1876fddc2b63748b457b770b79a7e66e793c
        Validity
            Not Before: Jan  1 23:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30fc129b0ed328c392517705ace3a5162c597368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:98:e9:79:fb:6b:84:db:86:43:d6:79:38:05:
                    b2:01:13:f4:7d:52:64:17:d1:3e:a4:1c:39:b5:34:
                    0d:6a:13:f1:62:bc:47:93:e8:21:55:c3:5a:ac:57:
                    59:e9:fa:5c:ce:6f:97:f5:01:9b:b8:34:77:44:b8:
                    aa:34:44:7d:51:64:04:f2:58:e6:69:b8:e2:47:85:
                    64:91:56:5f:7b:bd:71:19:9c:37:61:ff:84:c8:4f:
                    ca:d1:95:5d:e4:f0:84:f1:67:8d:98:92:87:90:a2:
                    b5:12:da:94:5f:39:7e:15:98:01:21:c0:20:28:89:
                    66:d4:00:54:6c:b6:fe:af:b2:68:49:ae:7f:bf:26:
                    bc:16:ca:60:4f:65:d7:75:e7:11:75:24:37:1b:7b:
                    c4:88:d1:15:47:f9:94:6b:e1:b2:27:d9:07:9d:52:
                    b8:f3:cc:82:36:1a:48:a1:82:09:2e:96:4e:0b:89:
                    ac:f3:f7:78:c7:31:31:21:b6:7b:86:8f:61:ec:b5:
                    06:a4:1e:7f:73:51:78:6f:1a:ad:03:c7:36:4b:c4:
                    f1:58:bd:59:ac:50:d3:0c:ee:2e:ef:f9:6b:9b:fe:
                    a1:44:9d:4a:48:14:f7:d9:57:d7:bb:ed:1e:ab:11:
                    52:80:e2:d3:7f:2d:0d:35:75:96:39:79:48:7f:c0:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:FC:12:9B:0E:D3:28:C3:92:51:77:05:AC:E3:A5:16:2C:59:73:68
            X509v3 Authority Key Identifier:
                keyid:9C:8A:18:76:FD:DC:2B:63:74:8B:45:7B:77:0B:79:A7:E6:6E:79:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nIoYdv3cK2N0i0V7dwt5p-ZueTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/MPwSmw7TKMOSUXcFrOOlFixZc2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/9ea68f-743d-47da-b71c-709fbe84cdfb/1/nIoYdv3cK2N0i0V7dwt5p-ZueTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:94:70:97:4e:94:fc:6c:68:d6:b6:4f:63:f3:5a:9c:56:c3:
         a8:31:86:78:7a:71:e5:b7:f9:03:e5:02:51:7a:10:89:e1:27:
         9e:d8:47:c1:6c:8d:52:2f:d3:e4:46:70:43:8a:e7:31:b8:98:
         7a:ec:68:ce:c4:f3:e9:bf:d3:e4:e6:4f:2c:14:cb:f4:a1:c7:
         1c:ff:72:bd:a6:b9:5e:4c:96:9e:2c:3b:32:8b:9d:e7:7f:1e:
         77:e8:e2:c0:94:23:10:63:26:68:b2:7e:96:75:3a:f6:0b:de:
         0c:36:97:49:60:d5:5a:be:0d:dd:4f:cd:ae:6b:92:75:a6:75:
         f8:97:32:e8:7d:53:d7:c9:e1:b3:a7:07:ad:23:de:f0:79:a4:
         a5:58:ad:94:43:b6:b0:2d:be:0a:5c:d5:f5:07:fb:58:ac:05:
         60:a6:9b:bb:7f:a8:2a:1c:f6:0e:d4:11:fd:49:83:45:7a:55:
         87:bf:18:91:2e:41:84:1d:15:3d:db:58:c4:9a:c7:11:33:a1:
         ac:1d:44:1f:f0:ed:5b:af:e8:c1:41:02:3b:0c:e9:66:81:39:
         c5:da:77:49:84:ae:b1:e1:e9:a1:c2:3c:68:af:ad:8b:58:0a:
         68:a6:4c:58:7c:5a:67:cc:b5:5a:e2:be:da:cd:ac:e8:ec:a6:
         24:41:53:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRKyTc5tRgmvCFr1+mYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOGExODc2ZmRkYzJiNjM3NDhiNDU3Yjc3MGI3OWE3ZTY2
ZTc5M2MwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGZjMTI5YjBlZDMyOGMzOTI1MTc3MDVhY2UzYTUxNjJjNTk3MzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpjpeftrhNuGQ9Z5OAWyARP0fVJk
F9E+pBw5tTQNahPxYrxHk+ghVcNarFdZ6fpczm+X9QGbuDR3RLiqNER9UWQE8ljm
abjiR4VkkVZfe71xGZw3Yf+EyE/K0ZVd5PCE8WeNmJKHkKK1EtqUXzl+FZgBIcAg
KIlm1ABUbLb+r7JoSa5/vya8FspgT2XXdecRdSQ3G3vEiNEVR/mUa+GyJ9kHnVK4
88yCNhpIoYIJLpZOC4ms8/d4xzExIbZ7ho9h7LUGpB5/c1F4bxqtA8c2S8TxWL1Z
rFDTDO4u7/lrm/6hRJ1KSBT32VfXu+0eqxFSgOLTfy0NNXWWOXlIf8CjlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDD8EpsO0yjDklF3BazjpRYsWXNoMB8GA1UdIwQY
MBaAFJyKGHb93CtjdItFe3cLeafmbnk8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbklvWWR2M2NLMk4waTBWN2R3dDVwLVp1ZVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85ZWE2OGYtNzQzZC00N2RhLWI3MWMt
NzA5ZmJlODRjZGZiLzEvTVB3U213N1RLTU9TVVhjRnJPT2xGaXhaYzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85ZWE2OGYtNzQzZC00N2RhLWI3MWMtNzA5ZmJlODRjZGZi
LzEvbklvWWR2M2NLMk4waTBWN2R3dDVwLVp1ZVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRBhMA0G
CSqGSIb3DQEBCwUAA4IBAQARlHCXTpT8bGjWtk9j81qcVsOoMYZ4enHlt/kD5QJR
ehCJ4See2EfBbI1SL9PkRnBDiucxuJh67GjOxPPpv9Pk5k8sFMv0occc/3K9prle
TJaeLDsyi53nfx536OLAlCMQYyZosn6WdTr2C94MNpdJYNVavg3dT82ua5J1pnX4
lzLofVPXyeGzpwetI97weaSlWK2UQ7awLb4KXNX1B/tYrAVgppu7f6gqHPYO1BH9
SYNFelWHvxiRLkGEHRU921jEmscRM6GsHUQf8O1br+jBQQI7DOlmgTnF2ndJhK6x
4emhwjxor62LWApopkxYfFpnzLVa4r7azazo7KYkQVPL
-----END CERTIFICATE-----