Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/mRlLG-5kU_wBciWClXIVvCGQxeE.roa
File:                     mRlLG-5kU_wBciWClXIVvCGQxeE.roa (raw, json)
Hash identifier:          ZuSklCsUXIbLUEwi1a/wPQy/93NYaA4MC8miFKmm96c=
Subject key identifier:   99:19:4B:1B:EE:64:53:FC:01:72:25:82:95:72:15:BC:21:90:C5:E1
Certificate issuer:       /CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
Certificate serial:       019425216E851A10210353822132C6C88E3F
Authority key identifier: 80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/mRlLG-5kU_wBciWClXIVvCGQxeE.roa
Signing time:             Thu 02 Jan 2025 03:48:55 +0000
ROA not before:           Thu 02 Jan 2025 03:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9044
IP address blocks:        193.135.57.0/24 maxlen: 24
                          2001:678:e48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6e:85:1a:10:21:03:53:82:21:32:c6:c8:8e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
        Validity
            Not Before: Jan  2 03:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99194b1bee6453fc01722582957215bc2190c5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:42:22:94:ee:eb:9f:9d:1a:0b:a5:ab:0f:
                    8a:11:aa:16:d5:44:e6:6f:f3:fd:80:e0:2d:90:54:
                    96:68:b4:b4:02:b7:85:74:db:11:0e:a2:0b:f4:00:
                    c3:66:8c:ff:4f:00:a1:7d:23:c7:ee:71:03:f1:19:
                    40:b0:3f:d7:a9:2b:16:55:dc:8f:2d:e4:90:7d:bc:
                    58:b1:70:db:67:51:66:9b:15:bf:f3:1a:c2:2a:2f:
                    61:45:73:3d:5c:bd:85:0c:7f:87:e4:8b:02:f6:8e:
                    29:54:d7:85:73:38:5f:bb:80:92:06:6d:c7:c1:66:
                    e0:1d:bf:e1:02:26:87:d0:54:11:e9:11:a0:b7:0c:
                    2b:e1:24:09:b3:8f:1e:fe:5f:be:3b:76:f4:e2:2e:
                    f3:ce:39:06:9d:f9:21:05:75:55:3a:fd:c3:d7:93:
                    e0:73:f8:6f:8c:82:23:d0:c2:67:ce:da:26:d7:c5:
                    04:d7:9f:33:1a:f0:8f:5d:e6:27:9c:11:73:5c:23:
                    31:58:82:1c:49:6b:a8:07:ee:17:7e:8d:bf:62:07:
                    9b:c1:c9:23:ec:91:1d:dc:f7:07:7b:47:99:41:a3:
                    20:82:9e:18:05:3c:5d:0e:ac:66:74:9d:0e:9f:2d:
                    6a:49:6e:b6:ff:a8:ea:a1:5e:b9:cf:a3:62:5f:b7:
                    13:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:19:4B:1B:EE:64:53:FC:01:72:25:82:95:72:15:BC:21:90:C5:E1
            X509v3 Authority Key Identifier:
                keyid:80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/mRlLG-5kU_wBciWClXIVvCGQxeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.57.0/24
                IPv6:
                  2001:678:e48::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:c3:a5:a7:8f:b1:96:dd:67:dc:e8:56:45:94:d9:80:44:8e:
         25:95:60:a3:c8:03:df:c3:06:5b:b3:d4:aa:2b:31:5b:30:ce:
         98:68:35:6e:4b:58:d3:5c:9e:e4:7b:d9:32:45:da:95:d2:c7:
         d6:a7:c9:01:a2:cd:15:7e:37:0c:69:be:c2:3c:0e:de:23:e7:
         24:ad:cd:17:d0:1f:f4:3e:43:8f:ae:9e:ed:32:29:43:8e:6a:
         42:35:ba:68:f5:19:e7:db:a0:c0:0c:89:28:51:50:58:d6:bf:
         be:f6:42:49:1f:ac:1f:6b:a0:20:4a:94:75:02:9e:36:2b:4d:
         1d:3a:7d:59:c7:04:34:21:ad:42:ea:72:a2:fc:0f:b5:96:34:
         76:ab:a1:55:e1:70:8d:7d:d5:8d:38:a3:8d:90:d5:e5:34:6b:
         aa:90:7c:f4:ef:39:04:8c:bc:36:6f:e1:3b:2a:2a:95:bc:ce:
         78:00:08:df:76:51:ed:ad:d6:74:bd:00:29:53:e2:7f:ac:3b:
         e4:07:de:17:1f:65:ae:e7:d2:7d:8a:80:33:72:c5:05:65:f2:
         98:98:87:b9:72:fc:66:44:5a:91:aa:e3:8b:87:2c:21:d5:19:
         1b:f6:95:a7:1a:c4:ea:5b:03:44:de:86:a6:a6:0c:65:d6:6c:
         57:ce:80:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIW6FGhAhA1OCITLGyI4/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTA1MDRmNGIxNzc2ZTgwYjhhZDlmOGIzNTZlNjEzYjU4
NWIzNWEwHhcNMjUwMTAyMDM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE5NGIxYmVlNjQ1M2ZjMDE3MjI1ODI5NTcyMTViYzIxOTBjNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBlCIpTu65+dGgulqw+KEaoW1UTm
b/P9gOAtkFSWaLS0AreFdNsRDqIL9ADDZoz/TwChfSPH7nED8RlAsD/XqSsWVdyP
LeSQfbxYsXDbZ1FmmxW/8xrCKi9hRXM9XL2FDH+H5IsC9o4pVNeFczhfu4CSBm3H
wWbgHb/hAiaH0FQR6RGgtwwr4SQJs48e/l++O3b04i7zzjkGnfkhBXVVOv3D15Pg
c/hvjIIj0MJnztom18UE158zGvCPXeYnnBFzXCMxWIIcSWuoB+4Xfo2/Ygebwckj
7JEd3PcHe0eZQaMggp4YBTxdDqxmdJ0Ony1qSW62/6jqoV65z6NiX7cTGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJkZSxvuZFP8AXIlgpVyFbwhkMXhMB8GA1UdIwQY
MBaAFIBQUE9LF3boC4rZ+LNW5hO1hbNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjIt
MDE0NGEzMjgyYTJlLzEvbVJsTEctNWtVX3dCY2lXQ2xYSVZ2Q0dReGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjItMDE0NGEzMjgyYTJl
LzEvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwYc5MA8E
AgACMAkDBwAgAQZ4DkgwDQYJKoZIhvcNAQELBQADggEBADTDpaePsZbdZ9zoVkWU
2YBEjiWVYKPIA9/DBluz1KorMVswzphoNW5LWNNcnuR72TJF2pXSx9anyQGizRV+
NwxpvsI8Dt4j5yStzRfQH/Q+Q4+unu0yKUOOakI1umj1GefboMAMiShRUFjWv772
QkkfrB9roCBKlHUCnjYrTR06fVnHBDQhrULqcqL8D7WWNHaroVXhcI191Y04o42Q
1eU0a6qQfPTvOQSMvDZv4TsqKpW8zngACN92Ue2t1nS9AClT4n+sO+QH3hcfZa7n
0n2KgDNyxQVl8piYh7ly/GZEWpGq44uHLCHVGRv2lacaxOpbA0TehqamDGXWbFfO
gIk=
-----END CERTIFICATE-----