Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/MxNe7yMIRX8ebs7AVsbBiRpllSA.roa
File:                     MxNe7yMIRX8ebs7AVsbBiRpllSA.roa (raw, json)
Hash identifier:          pDnjp0EQggea9pBhHKuRbHKwdSKEn82KNKgB36PKwns=
Subject key identifier:   33:13:5E:EF:23:08:45:7F:1E:6E:CE:C0:56:C6:C1:89:1A:65:95:20
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B67EB3AAD694FE70DC7D09FBBD00FD
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/MxNe7yMIRX8ebs7AVsbBiRpllSA.roa
Signing time:             Thu 02 Jan 2025 15:50:58 +0000
ROA not before:           Thu 02 Jan 2025 15:50:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196665
IP address blocks:        91.232.116.0/24 maxlen: 24
                          91.232.117.0/24 maxlen: 24
                          91.232.118.0/23 maxlen: 23
                          195.88.52.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:7e:b3:aa:d6:94:fe:70:dc:7d:09:fb:bd:00:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33135eef2308457f1e6ecec056c6c1891a659520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e0:95:41:a3:51:7d:56:80:a1:3e:8c:9a:9c:
                    9e:13:2a:69:c3:e7:79:a9:d5:8d:03:00:6e:42:7c:
                    b3:90:b4:da:7b:c1:90:ae:fd:63:fc:c3:a5:99:cc:
                    6c:1d:80:12:24:f9:c8:dd:af:0c:89:59:ed:38:17:
                    12:70:b3:a3:bc:d5:80:a0:5f:da:7a:5d:a8:82:a8:
                    2d:0a:8d:60:14:05:ce:ee:c9:dd:99:57:99:98:c1:
                    27:99:f8:10:9f:69:62:3b:c8:94:36:e9:b6:02:77:
                    55:d9:82:d7:22:04:1d:9e:4f:50:12:0f:86:25:e9:
                    50:3a:ff:ca:54:46:55:62:94:d9:30:2a:62:b2:b4:
                    1b:66:33:79:22:33:6e:92:63:93:ce:bd:27:5c:d1:
                    50:6d:bb:ed:0a:1b:a5:23:15:82:5b:17:87:44:26:
                    37:5f:7b:ba:8c:f5:f4:d3:b6:c7:cf:88:bf:e4:fc:
                    d5:a6:4c:54:9a:25:8e:d4:02:5e:d6:fb:44:c7:1f:
                    46:7f:22:90:de:c9:c1:09:0b:53:67:af:1c:ed:8a:
                    6c:b0:b2:65:12:f2:2d:fe:b6:e8:a6:9e:b0:b3:f7:
                    c4:c8:dc:50:0f:c8:79:e7:7a:51:bf:d2:a5:72:d3:
                    d3:c5:a7:11:4b:ba:55:35:be:38:af:78:fe:b4:5b:
                    b5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:13:5E:EF:23:08:45:7F:1E:6E:CE:C0:56:C6:C1:89:1A:65:95:20
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/MxNe7yMIRX8ebs7AVsbBiRpllSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.116.0/22
                  195.88.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:4f:f3:fc:a9:dc:e2:80:49:07:d0:4b:17:08:aa:32:5c:dc:
         10:ec:9d:df:62:fe:8b:05:be:23:24:84:1f:1b:81:f1:62:9b:
         88:6b:d8:57:42:9f:3f:8a:ca:f9:88:d5:7b:ca:40:d0:99:68:
         de:05:35:c5:f8:41:4d:6f:61:05:6a:d5:84:e6:a5:74:65:43:
         d3:6d:b9:e2:fe:fa:85:0c:91:0c:4d:35:08:5e:93:83:ed:51:
         1b:75:80:ac:68:1d:1a:73:15:d3:d1:19:70:e2:9e:75:69:32:
         52:30:de:96:44:8f:2a:69:f4:8f:01:67:ae:44:95:b6:0f:7d:
         dc:69:71:96:34:37:3c:78:1c:8f:bf:c3:aa:cf:ec:87:fa:2d:
         ad:73:79:e8:8b:eb:3d:7e:99:c1:7e:6f:6c:cd:78:e4:a6:c8:
         f2:b7:0c:d2:c1:cd:0a:c4:a8:81:30:a0:05:70:1b:e3:8e:67:
         82:6e:f0:24:a5:8b:03:29:af:ac:de:fa:4f:cc:1b:86:48:00:
         85:ec:a5:fd:04:dc:b4:e5:f7:22:59:75:46:e5:57:84:bd:ce:
         7d:96:63:1f:e7:a1:cd:42:8e:45:51:3a:cc:60:38:00:ab:b6:
         95:ef:71:bd:a6:0d:28:04:00:99:0a:8f:0c:f0:65:11:df:3a:
         e1:03:d4:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntn6zqtaU/nDcfQn7vQD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzEzNWVlZjIzMDg0NTdmMWU2ZWNlYzA1NmM2YzE4OTFhNjU5NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+CVQaNRfVaAoT6MmpyeEyppw+d5
qdWNAwBuQnyzkLTae8GQrv1j/MOlmcxsHYASJPnI3a8MiVntOBcScLOjvNWAoF/a
el2ogqgtCo1gFAXO7sndmVeZmMEnmfgQn2liO8iUNum2AndV2YLXIgQdnk9QEg+G
JelQOv/KVEZVYpTZMCpisrQbZjN5IjNukmOTzr0nXNFQbbvtChulIxWCWxeHRCY3
X3u6jPX007bHz4i/5PzVpkxUmiWO1AJe1vtExx9GfyKQ3snBCQtTZ68c7YpssLJl
EvIt/rbopp6ws/fEyNxQD8h553pRv9KlctPTxacRS7pVNb44r3j+tFu1QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDMTXu8jCEV/Hm7OwFbGwYkaZZUgMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvTXhOZTd5TUlSWDhlYnM3QVZzYkJpUnBsbFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+h0AwQB
w1g0MA0GCSqGSIb3DQEBCwUAA4IBAQBdT/P8qdzigEkH0EsXCKoyXNwQ7J3fYv6L
Bb4jJIQfG4HxYpuIa9hXQp8/isr5iNV7ykDQmWjeBTXF+EFNb2EFatWE5qV0ZUPT
bbni/vqFDJEMTTUIXpOD7VEbdYCsaB0acxXT0Rlw4p51aTJSMN6WRI8qafSPAWeu
RJW2D33caXGWNDc8eByPv8Oqz+yH+i2tc3noi+s9fpnBfm9szXjkpsjytwzSwc0K
xKiBMKAFcBvjjmeCbvAkpYsDKa+s3vpPzBuGSACF7KX9BNy05fciWXVG5VeEvc59
lmMf56HNQo5FUTrMYDgAq7aV73G9pg0oBACZCo8M8GUR3zrhA9S6
-----END CERTIFICATE-----