Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/MjK_xJG6Hwcb67PomltSWuntrmM.roa
File:                     MjK_xJG6Hwcb67PomltSWuntrmM.roa (raw, json)
Hash identifier:          aerGyiTEpiF59FAbfobUyJCn9cR81tY8N4zQCxzZAWk=
Subject key identifier:   32:32:BF:C4:91:BA:1F:07:1B:EB:B3:E8:9A:5B:52:5A:E9:ED:AE:63
Certificate issuer:       /CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
Certificate serial:       019662B6C0AF084FD2C8ECC2BA0D197AEA29
Authority key identifier: 50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/MjK_xJG6Hwcb67PomltSWuntrmM.roa
Signing time:             Wed 23 Apr 2025 12:54:26 +0000
ROA not before:           Wed 23 Apr 2025 12:54:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198065
IP address blocks:        185.164.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:b6:c0:af:08:4f:d2:c8:ec:c2:ba:0d:19:7a:ea:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
        Validity
            Not Before: Apr 23 12:54:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3232bfc491ba1f071bebb3e89a5b525ae9edae63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c9:49:84:a1:ea:5d:be:d9:8b:d1:a6:e4:76:
                    f7:1f:a5:d0:41:c5:3e:b1:c3:a1:f1:fb:61:9d:b6:
                    8b:f2:84:6b:d3:bd:4f:b3:19:45:49:c7:9e:b3:f0:
                    67:1a:3a:db:5d:45:d1:d3:50:8c:06:83:c0:d1:50:
                    dc:a1:6e:8e:b7:89:cb:cb:91:85:c1:05:1b:86:19:
                    0b:5a:b4:b2:28:12:fa:cf:c7:a9:99:14:f6:9d:20:
                    15:bf:d7:f3:04:b9:dd:6b:a1:7e:0a:18:a6:7f:c3:
                    4b:21:37:36:c4:18:f0:37:d6:d4:03:c2:ee:ac:3a:
                    4b:20:ce:5e:d2:e2:3e:14:af:d7:2c:da:89:03:c1:
                    ab:64:fd:a1:29:a6:77:93:3a:56:06:ef:69:86:08:
                    78:8b:a8:63:8c:64:02:9b:2b:b0:61:cb:cb:ce:38:
                    d3:a2:1e:93:de:a0:03:3b:ee:e2:75:6f:0d:3c:6f:
                    e9:91:19:f5:36:4b:33:de:a4:42:c3:ef:11:17:5a:
                    2e:3a:94:4f:d8:a4:71:26:98:a3:81:96:54:70:b1:
                    b5:c8:40:ea:89:26:78:4a:9d:78:5f:2f:c2:be:9f:
                    06:ec:6c:40:e7:b3:6c:89:92:a5:e4:8d:b9:df:d1:
                    00:52:a6:08:eb:57:25:28:fc:fb:88:b2:f0:0a:85:
                    12:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:32:BF:C4:91:BA:1F:07:1B:EB:B3:E8:9A:5B:52:5A:E9:ED:AE:63
            X509v3 Authority Key Identifier:
                keyid:50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/MjK_xJG6Hwcb67PomltSWuntrmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:22:ce:94:1c:65:ec:34:33:28:75:05:e4:b8:d9:a1:2b:8b:
         d9:17:1d:a5:69:8c:81:2b:88:61:b8:57:ee:75:f0:45:de:fd:
         1c:c3:9d:a5:61:c9:7e:bc:05:00:67:a6:80:d0:7f:0b:8f:c8:
         c0:76:e0:59:7d:f8:3f:44:35:f8:b9:aa:9c:4a:a1:38:7a:f1:
         f1:65:73:34:fb:82:a7:37:6e:3c:1c:4e:fa:f0:e2:56:07:2d:
         6f:89:cf:f7:0a:74:ea:5d:00:c1:e9:9c:ed:f7:99:cc:45:ce:
         45:0e:d7:e7:b3:cb:52:0f:ab:bb:52:74:2a:e9:7d:8b:01:13:
         97:60:57:7c:fb:d3:b1:6c:93:e6:f1:dd:a9:2a:0a:f5:74:e7:
         d5:b5:15:ea:32:85:39:00:69:88:63:87:6f:43:a9:0a:48:01:
         a7:04:28:8f:a3:ae:3e:fd:11:01:69:4a:88:97:65:90:14:f1:
         c3:a3:55:06:4f:24:31:cc:43:fd:1d:c0:22:fb:8e:73:ce:5b:
         62:b5:3e:f2:69:a5:bf:d0:f6:d3:65:c8:23:72:ff:c7:33:eb:
         84:8b:5a:8e:ea:40:0c:01:78:98:00:97:63:76:51:6a:8d:13:
         c6:4c:e5:01:96:86:35:ba:df:78:6a:ee:b7:e9:72:ed:88:aa:
         f3:c3:82:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZitsCvCE/SyOzCug0ZeuopMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWJjNjNlNjhjOTA5MzJiNGZjMjg5OTdmYzNiZjc4ZGUz
YjM3NDMwHhcNMjUwNDIzMTI1NDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjMyYmZjNDkxYmExZjA3MWJlYmIzZTg5YTViNTI1YWU5ZWRhZTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3slJhKHqXb7Zi9Gm5Hb3H6XQQcU+
scOh8fthnbaL8oRr071PsxlFScees/BnGjrbXUXR01CMBoPA0VDcoW6Ot4nLy5GF
wQUbhhkLWrSyKBL6z8epmRT2nSAVv9fzBLnda6F+Chimf8NLITc2xBjwN9bUA8Lu
rDpLIM5e0uI+FK/XLNqJA8GrZP2hKaZ3kzpWBu9phgh4i6hjjGQCmyuwYcvLzjjT
oh6T3qADO+7idW8NPG/pkRn1Nksz3qRCw+8RF1ouOpRP2KRxJpijgZZUcLG1yEDq
iSZ4Sp14Xy/Cvp8G7GxA57NsiZKl5I2539EAUqYI61clKPz7iLLwCoUS3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIyv8SRuh8HG+uz6JpbUlrp7a5jMB8GA1UdIwQY
MBaAFFCbxj5oyQkytPwomX/Dv3jeOzdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDkt
MTZlZDNjZDBjNzJhLzEvTWpLX3hKRzZId2NiNjdQb21sdFNXdW50cm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDktMTZlZDNjZDBjNzJh
LzEvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaRMMA0G
CSqGSIb3DQEBCwUAA4IBAQA4Is6UHGXsNDModQXkuNmhK4vZFx2laYyBK4hhuFfu
dfBF3v0cw52lYcl+vAUAZ6aA0H8Lj8jAduBZffg/RDX4uaqcSqE4evHxZXM0+4Kn
N248HE768OJWBy1vic/3CnTqXQDB6Zzt95nMRc5FDtfns8tSD6u7UnQq6X2LAROX
YFd8+9OxbJPm8d2pKgr1dOfVtRXqMoU5AGmIY4dvQ6kKSAGnBCiPo64+/REBaUqI
l2WQFPHDo1UGTyQxzEP9HcAi+45zzltitT7yaaW/0PbTZcgjcv/HM+uEi1qO6kAM
AXiYAJdjdlFqjRPGTOUBloY1ut94au636XLtiKrzw4IW
-----END CERTIFICATE-----