Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/mxKqNAM863ITChJLjCi-JHUSkWw.roa
File:                     mxKqNAM863ITChJLjCi-JHUSkWw.roa (raw, json)
Hash identifier:          dI+6FWK1t3x8Piw/q1k50w2Q/hiRygsH9DYBFb0RVSE=
Subject key identifier:   9B:12:AA:34:03:3C:EB:72:13:0A:12:4B:8C:28:BE:24:75:12:91:6C
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0194228E41300C7FFDBB64CFAC7F7C1B616D
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/mxKqNAM863ITChJLjCi-JHUSkWw.roa
Signing time:             Wed 01 Jan 2025 15:48:55 +0000
ROA not before:           Wed 01 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        213.145.90.0/23 maxlen: 24
                          213.145.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:41:30:0c:7f:fd:bb:64:cf:ac:7f:7c:1b:61:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b12aa34033ceb72130a124b8c28be247512916c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:16:89:bb:ee:fb:33:bc:1d:96:9d:fd:c6:14:
                    38:86:75:d4:12:d2:6f:09:ab:c2:d8:12:a0:af:a9:
                    21:1f:06:86:11:03:6b:80:02:b2:11:9a:c8:25:46:
                    98:a1:07:0a:f3:67:cc:5c:64:64:89:55:80:b9:e1:
                    c5:4d:e1:a1:07:69:df:87:e4:cd:5f:bb:ba:5c:40:
                    bf:6d:d9:3d:c4:b1:44:f1:7c:c6:48:2a:b7:33:f8:
                    44:0b:2f:81:ac:b4:fe:4b:48:02:ba:e2:ed:38:53:
                    ed:93:e8:5e:27:64:d5:08:60:10:ac:31:48:59:d9:
                    2e:01:1c:7c:54:63:63:e5:d6:81:f1:3a:68:16:73:
                    01:24:16:cb:50:79:41:46:86:a2:05:35:a9:24:6f:
                    f7:70:da:f0:85:29:3f:d3:9e:93:9f:8f:e3:87:d0:
                    21:05:b3:d5:f3:d4:89:b6:3f:b7:a0:9f:80:81:72:
                    6b:99:90:3d:2a:0c:ee:14:22:40:98:e4:4b:66:13:
                    4f:d8:97:89:4d:67:cc:a0:0b:c0:40:67:c7:01:8a:
                    1f:71:7c:c9:f6:98:71:65:b4:3d:c7:ac:0c:6d:54:
                    a3:4d:3b:08:ff:cb:03:04:83:14:c3:f1:85:34:d3:
                    a9:27:6a:68:36:6a:58:d0:42:b1:ca:c8:8e:49:7f:
                    da:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:12:AA:34:03:3C:EB:72:13:0A:12:4B:8C:28:BE:24:75:12:91:6C
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/mxKqNAM863ITChJLjCi-JHUSkWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.90.0-213.145.93.255

    Signature Algorithm: sha256WithRSAEncryption
         f3:b1:ac:7d:33:32:98:0a:50:dd:6d:76:e3:b9:da:90:20:7d:
         f9:cc:2f:f3:16:86:ea:fd:27:28:9c:df:f4:36:92:43:7e:0f:
         c8:61:3f:20:41:ca:b5:ce:d6:4f:9c:8d:40:60:a0:7a:4e:d1:
         c8:bd:60:d7:c9:4c:38:1a:40:4b:61:1a:cb:61:0c:04:16:6b:
         f2:53:af:82:33:0e:f7:d7:50:7f:93:65:1e:5d:54:a6:c1:77:
         ef:1a:99:13:61:9a:21:65:6f:24:28:c1:47:dc:a1:3b:f7:80:
         ca:86:64:9c:c2:f9:df:5b:b8:be:4d:e3:43:53:1a:79:3a:96:
         2c:05:81:5b:20:26:18:9a:54:db:c4:07:fb:d7:ef:c8:b8:3f:
         70:8e:0f:36:5a:6c:a4:59:2d:e3:f4:66:d0:2d:4f:8e:d5:a3:
         0c:48:4e:a6:4a:b1:52:84:c6:13:7b:5e:53:58:84:af:6a:39:
         cb:91:9f:50:9a:32:f2:c3:be:c8:43:95:27:68:7f:06:cf:27:
         65:6a:e3:5e:36:b4:68:be:b5:9f:40:72:6a:8d:9b:58:e5:ff:
         29:e9:c8:72:1b:59:ab:1e:61:81:70:00:73:60:32:35:eb:17:
         d1:b3:e6:43:1b:e4:9c:ac:c1:78:94:f1:eb:c5:ea:e4:ca:17:
         7f:86:19:6d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijkEwDH/9u2TPrH98G2FtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwMTAxMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjEyYWEzNDAzM2NlYjcyMTMwYTEyNGI4YzI4YmUyNDc1MTI5MTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBaJu+77M7wdlp39xhQ4hnXUEtJv
CavC2BKgr6khHwaGEQNrgAKyEZrIJUaYoQcK82fMXGRkiVWAueHFTeGhB2nfh+TN
X7u6XEC/bdk9xLFE8XzGSCq3M/hECy+BrLT+S0gCuuLtOFPtk+heJ2TVCGAQrDFI
WdkuARx8VGNj5daB8TpoFnMBJBbLUHlBRoaiBTWpJG/3cNrwhSk/056Tn4/jh9Ah
BbPV89SJtj+3oJ+AgXJrmZA9KgzuFCJAmORLZhNP2JeJTWfMoAvAQGfHAYofcXzJ
9phxZbQ9x6wMbVSjTTsI/8sDBIMUw/GFNNOpJ2poNmpY0EKxysiOSX/a+wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJsSqjQDPOtyEwoSS4woviR1EpFsMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvbXhLcU5BTTg2M0lUQ2hKTGpDaS1KSFVTa1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHVkVoD
BAHVkVwwDQYJKoZIhvcNAQELBQADggEBAPOxrH0zMpgKUN1tduO52pAgffnML/MW
hur9Jyic3/Q2kkN+D8hhPyBByrXO1k+cjUBgoHpO0ci9YNfJTDgaQEthGsthDAQW
a/JTr4IzDvfXUH+TZR5dVKbBd+8amRNhmiFlbyQowUfcoTv3gMqGZJzC+d9buL5N
40NTGnk6liwFgVsgJhiaVNvEB/vX78i4P3CODzZabKRZLeP0ZtAtT47VowxITqZK
sVKExhN7XlNYhK9qOcuRn1CaMvLDvshDlSdofwbPJ2Vq4142tGi+tZ9AcmqNm1jl
/ynpyHIbWaseYYFwAHNgMjXrF9Gz5kMb5JyswXiU8evF6uTKF3+GGW0=
-----END CERTIFICATE-----