Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/mApTSnYFxMRESa48NumdWxl9uvs.roa
File:                     mApTSnYFxMRESa48NumdWxl9uvs.roa (raw, json)
Hash identifier:          gqFTicH8wxEArYd906ELv2zay1P8WAicM2mPNgxgwp8=
Subject key identifier:   98:0A:53:4A:76:05:C4:C4:44:49:AE:3C:36:E9:9D:5B:19:7D:BA:FB
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019635F2DCFB2EB1B8F8FC82F46D8781C844
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/mApTSnYFxMRESa48NumdWxl9uvs.roa
Signing time:             Mon 14 Apr 2025 20:17:10 +0000
ROA not before:           Mon 14 Apr 2025 20:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214834
IP address blocks:        89.144.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:35:f2:dc:fb:2e:b1:b8:f8:fc:82:f4:6d:87:81:c8:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 14 20:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=980a534a7605c4c44449ae3c36e99d5b197dbafb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e5:91:be:01:03:f7:45:17:0b:70:c7:07:62:
                    98:32:58:7f:16:a4:97:25:d0:0d:4b:e2:0b:61:e2:
                    d4:b5:77:80:82:84:b8:e6:0f:16:01:de:7e:36:24:
                    0d:2e:bd:60:21:2e:45:a3:49:6a:d3:bc:77:b8:10:
                    f7:e4:5c:e7:fc:ae:59:40:24:f9:04:32:e7:bf:b4:
                    a1:5e:37:53:8d:fa:f4:63:d6:4c:9b:0a:63:e7:1b:
                    c2:b8:d0:43:dd:32:fd:fd:58:29:e6:df:10:33:85:
                    a9:dd:ed:11:35:6e:f9:88:e7:77:68:36:b5:c9:2d:
                    1b:35:46:95:7c:30:a5:cc:a7:e3:2e:4d:ad:69:b6:
                    7d:11:5c:ce:7d:fc:c3:82:0f:4f:b3:c2:c4:6c:f0:
                    62:33:83:c9:55:ff:dc:f8:0a:a3:b1:6b:94:4c:3b:
                    ab:0f:92:70:4c:81:18:78:16:9c:83:2a:c5:f2:37:
                    f0:ce:7a:aa:17:63:20:4f:2b:f5:7f:f4:e5:a6:05:
                    32:12:f6:bc:53:6c:43:7b:51:ac:a4:2f:b4:24:ba:
                    59:ea:07:68:39:22:23:13:bc:01:d8:7d:55:3e:56:
                    41:fa:98:aa:2d:4f:2c:12:98:c3:c1:60:4c:e7:f0:
                    df:e8:44:86:f8:e3:e6:b7:a7:1f:ef:22:ec:a5:f5:
                    0a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0A:53:4A:76:05:C4:C4:44:49:AE:3C:36:E9:9D:5B:19:7D:BA:FB
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/mApTSnYFxMRESa48NumdWxl9uvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.144.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:1d:1e:45:1a:c9:1b:6a:06:46:28:b5:73:65:6f:e2:e2:0a:
         16:9e:ce:ef:36:4d:2e:20:f8:12:85:59:c0:ba:d4:1f:f0:6a:
         68:5d:7e:e4:44:81:f5:d0:b8:7f:e7:5d:23:7a:75:1d:ae:d1:
         76:72:7c:17:95:a2:9d:c9:2d:fa:9c:29:b3:f2:8e:4b:75:95:
         d0:cc:dd:95:6c:5e:f0:f3:35:3a:f3:6e:0b:0e:e9:c0:1d:7b:
         43:ff:1f:08:be:9b:15:e7:29:44:94:67:97:99:54:91:42:0e:
         92:aa:b6:19:6e:e5:f3:11:7d:f3:33:a0:76:95:e6:af:af:78:
         5a:98:0c:74:96:23:5d:17:f4:68:9d:3c:64:fa:e4:6e:5f:0f:
         92:8f:40:87:a1:7f:e1:fe:32:a0:03:15:32:23:7e:ab:90:6a:
         27:da:ff:5c:0f:5e:25:fc:b0:12:ab:72:27:30:7f:e2:72:1f:
         bd:ce:2a:8b:ae:3b:80:71:c5:43:a8:99:b5:50:0f:61:1a:4c:
         2b:67:90:24:49:3b:0f:36:3b:d6:b1:71:f9:81:7d:20:4b:06:
         86:12:0d:90:0c:93:2f:dc:1d:be:7f:fc:80:da:1d:00:eb:57:
         a8:68:4c:11:11:68:7a:f3:53:2e:4d:5f:63:0a:a1:ab:8a:7a:
         69:a0:29:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY18tz7LrG4+PyC9G2HgchEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDE0MjAxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODBhNTM0YTc2MDVjNGM0NDQ0OWFlM2MzNmU5OWQ1YjE5N2RiYWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuWRvgED90UXC3DHB2KYMlh/FqSX
JdANS+ILYeLUtXeAgoS45g8WAd5+NiQNLr1gIS5Fo0lq07x3uBD35Fzn/K5ZQCT5
BDLnv7ShXjdTjfr0Y9ZMmwpj5xvCuNBD3TL9/Vgp5t8QM4Wp3e0RNW75iOd3aDa1
yS0bNUaVfDClzKfjLk2tabZ9EVzOffzDgg9Ps8LEbPBiM4PJVf/c+AqjsWuUTDur
D5JwTIEYeBacgyrF8jfwznqqF2MgTyv1f/TlpgUyEva8U2xDe1GspC+0JLpZ6gdo
OSIjE7wB2H1VPlZB+piqLU8sEpjDwWBM5/Df6ESG+OPmt6cf7yLspfUKmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgKU0p2BcTEREmuPDbpnVsZfbr7MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbUFwVFNuWUZ4TVJFU2E0OE51bWRXeGw5dXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZAPMA0G
CSqGSIb3DQEBCwUAA4IBAQCFHR5FGskbagZGKLVzZW/i4goWns7vNk0uIPgShVnA
utQf8GpoXX7kRIH10Lh/510jenUdrtF2cnwXlaKdyS36nCmz8o5LdZXQzN2VbF7w
8zU6824LDunAHXtD/x8IvpsV5ylElGeXmVSRQg6SqrYZbuXzEX3zM6B2leavr3ha
mAx0liNdF/RonTxk+uRuXw+Sj0CHoX/h/jKgAxUyI36rkGon2v9cD14l/LASq3In
MH/ich+9ziqLrjuAccVDqJm1UA9hGkwrZ5AkSTsPNjvWsXH5gX0gSwaGEg2QDJMv
3B2+f/yA2h0A61eoaEwREWh681MuTV9jCqGrinppoCmf
-----END CERTIFICATE-----