Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/MAF_Elgy9u87cVsZVUNNm5Bb_UE.roa
File:                     MAF_Elgy9u87cVsZVUNNm5Bb_UE.roa (raw, json)
Hash identifier:          OX4gvHHnab+S9t+kA6ofZcqN5QU8A+hvwcM1NQu21jI=
Subject key identifier:   30:01:7F:12:58:32:F6:EF:3B:71:5B:19:55:43:4D:9B:90:5B:FD:41
Certificate issuer:       /CN=e9d880e887077fad82b74c998010fa9b253e0ea8
Certificate serial:       0194244482E45B10D160039D1E799C6BB090
Authority key identifier: E9:D8:80:E8:87:07:7F:AD:82:B7:4C:99:80:10:FA:9B:25:3E:0E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/MAF_Elgy9u87cVsZVUNNm5Bb_UE.roa
Signing time:             Wed 01 Jan 2025 23:47:37 +0000
ROA not before:           Wed 01 Jan 2025 23:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        62.201.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:82:e4:5b:10:d1:60:03:9d:1e:79:9c:6b:b0:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9d880e887077fad82b74c998010fa9b253e0ea8
        Validity
            Not Before: Jan  1 23:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30017f125832f6ef3b715b1955434d9b905bfd41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:1f:8a:bd:f5:18:f2:e8:62:26:e7:18:ec:29:
                    83:2d:11:0f:c1:4c:62:79:e7:96:28:c9:c3:51:42:
                    ea:19:99:42:16:ab:19:85:67:58:b8:19:9e:33:de:
                    14:6d:6c:64:f3:cd:99:64:10:90:41:2c:8d:bc:06:
                    4c:2f:45:a0:86:a9:26:fd:87:ff:e1:34:d1:35:35:
                    e0:5a:af:8f:79:b2:1b:93:81:ee:96:f7:ab:b7:fb:
                    29:72:65:4b:97:0c:0b:17:95:36:ea:92:41:2d:da:
                    20:0c:6d:f7:3f:d7:6d:53:2c:3b:51:0c:1a:52:c8:
                    67:1b:b3:55:4e:59:45:52:5d:47:b2:5c:e5:3d:58:
                    a5:25:96:54:e5:e2:45:b4:5c:a2:ed:fb:25:7c:ef:
                    32:a7:f8:16:88:2b:7a:d9:e6:6a:8f:1a:e1:ce:91:
                    30:d5:c2:d4:ab:b4:9f:04:af:28:bd:be:76:ee:08:
                    94:0e:04:1f:87:d2:06:ca:22:2e:8b:dd:c4:48:8f:
                    22:e3:2a:e1:28:cd:79:a9:47:a5:34:0a:72:b9:53:
                    53:b6:3e:49:cd:5a:81:43:1a:92:b6:62:a3:cd:7e:
                    ff:c5:44:e9:73:fe:00:9a:49:63:a4:fe:23:d5:39:
                    50:25:3b:f2:63:59:e7:47:52:f5:1d:99:41:69:e5:
                    5f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:01:7F:12:58:32:F6:EF:3B:71:5B:19:55:43:4D:9B:90:5B:FD:41
            X509v3 Authority Key Identifier:
                keyid:E9:D8:80:E8:87:07:7F:AD:82:B7:4C:99:80:10:FA:9B:25:3E:0E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/MAF_Elgy9u87cVsZVUNNm5Bb_UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:6f:f4:c5:47:6c:8b:0a:3a:35:7d:c0:c3:f2:f3:2f:90:ba:
         70:6f:8d:a6:54:0a:56:8e:c5:01:75:b5:f0:31:18:18:73:e6:
         f7:c1:7b:2e:81:f5:8b:30:21:61:51:a7:27:8f:36:1b:c1:fb:
         bf:30:1e:b5:8a:62:52:6d:d9:36:56:1f:53:35:72:41:97:d0:
         c6:c9:de:af:21:90:3a:84:82:9b:67:74:3b:87:7d:b1:24:bd:
         cf:de:bf:33:47:a8:de:09:67:87:15:a0:f9:cd:50:37:f3:06:
         97:55:ee:10:42:35:d2:b9:f5:96:49:3c:71:9d:35:0e:ce:e0:
         29:71:07:4d:0f:00:01:da:37:4b:c1:40:54:72:7d:7f:ab:c5:
         47:fc:ed:4d:05:fa:8e:71:ef:56:3d:78:b0:b9:76:01:c1:f5:
         f6:56:6d:75:8d:14:9e:b0:24:a0:15:15:21:4c:5e:c1:57:0b:
         64:13:0c:81:1b:77:87:1b:4b:3a:37:a5:46:1e:77:1b:12:b2:
         65:f0:fa:dd:6a:73:d5:00:46:cb:d6:d5:96:d5:8f:59:12:e3:
         77:3d:b5:aa:9d:74:82:b0:cf:4a:df:30:a9:7c:c2:3e:2f:7d:
         2c:1c:da:7c:4e:5b:6f:56:76:c2:c7:55:0f:c0:6e:c4:a4:8c:
         b5:30:b7:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRILkWxDRYAOdHnmca7CQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZDg4MGU4ODcwNzdmYWQ4MmI3NGM5OTgwMTBmYTliMjUz
ZTBlYTgwHhcNMjUwMTAxMjM0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDAxN2YxMjU4MzJmNmVmM2I3MTViMTk1NTQzNGQ5YjkwNWJmZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4h+KvfUY8uhiJucY7CmDLREPwUxi
eeeWKMnDUULqGZlCFqsZhWdYuBmeM94UbWxk882ZZBCQQSyNvAZML0Wghqkm/Yf/
4TTRNTXgWq+PebIbk4Hulvert/spcmVLlwwLF5U26pJBLdogDG33P9dtUyw7UQwa
UshnG7NVTllFUl1HslzlPVilJZZU5eJFtFyi7fslfO8yp/gWiCt62eZqjxrhzpEw
1cLUq7SfBK8ovb527giUDgQfh9IGyiIui93ESI8i4yrhKM15qUelNApyuVNTtj5J
zVqBQxqStmKjzX7/xUTpc/4AmkljpP4j1TlQJTvyY1nnR1L1HZlBaeVfbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDABfxJYMvbvO3FbGVVDTZuQW/1BMB8GA1UdIwQY
MBaAFOnYgOiHB3+tgrdMmYAQ+pslPg6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmRpQTZJY0hmNjJDdDB5WmdCRDZteVUtRHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kYmRhZDItN2M0My00Y2FjLWI0YTYt
ZmFjZjQ4NTg2MjQ5LzEvTUFGX0VsZ3k5dTg3Y1ZzWlZVTk5tNUJiX1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kYmRhZDItN2M0My00Y2FjLWI0YTYtZmFjZjQ4NTg2MjQ5
LzEvNmRpQTZJY0hmNjJDdDB5WmdCRDZteVUtRHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPsmsMA0G
CSqGSIb3DQEBCwUAA4IBAQBib/TFR2yLCjo1fcDD8vMvkLpwb42mVApWjsUBdbXw
MRgYc+b3wXsugfWLMCFhUacnjzYbwfu/MB61imJSbdk2Vh9TNXJBl9DGyd6vIZA6
hIKbZ3Q7h32xJL3P3r8zR6jeCWeHFaD5zVA38waXVe4QQjXSufWWSTxxnTUOzuAp
cQdNDwAB2jdLwUBUcn1/q8VH/O1NBfqOce9WPXiwuXYBwfX2Vm11jRSesCSgFRUh
TF7BVwtkEwyBG3eHG0s6N6VGHncbErJl8PrdanPVAEbL1tWW1Y9ZEuN3PbWqnXSC
sM9K3zCpfMI+L30sHNp8TltvVnbCx1UPwG7EpIy1MLfI
-----END CERTIFICATE-----