Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/MSn0dinH8F7h7C9Jc6R3UNmyP3w.roa
File:                     MSn0dinH8F7h7C9Jc6R3UNmyP3w.roa (raw, json)
Hash identifier:          KStiOBcSOiwyAn+YWBUdonUvaWYM4nslVzovef30Y4M=
Subject key identifier:   31:29:F4:76:29:C7:F0:5E:E1:EC:2F:49:73:A4:77:50:D9:B2:3F:7C
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       0196582C7448D92FC1FA22630FA3DD14B086
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/MSn0dinH8F7h7C9Jc6R3UNmyP3w.roa
Signing time:             Mon 21 Apr 2025 11:47:10 +0000
ROA not before:           Mon 21 Apr 2025 11:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8311
IP address blocks:        185.212.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:2c:74:48:d9:2f:c1:fa:22:63:0f:a3:dd:14:b0:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Apr 21 11:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3129f47629c7f05ee1ec2f4973a47750d9b23f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:34:1c:bc:54:36:26:a9:01:55:8c:8a:27:6d:
                    f2:7b:4a:cc:fa:0b:4d:83:30:47:22:57:89:52:8b:
                    b0:ba:8c:79:33:10:c1:b4:74:a6:a7:7c:d0:eb:1f:
                    dc:07:6f:80:f6:34:67:54:3b:bd:38:87:4d:4f:ec:
                    1b:e4:a5:ba:82:d0:18:98:b0:5d:19:34:15:b7:69:
                    fe:fa:00:f6:d6:c1:33:e4:c5:1c:92:d0:9e:26:35:
                    e5:5e:84:c7:66:c3:9e:7a:83:c6:b3:4b:6b:74:b8:
                    25:17:39:b6:63:08:ac:c1:16:ca:74:4a:36:70:7e:
                    c3:36:d4:8e:7e:42:28:93:53:46:a8:17:82:35:ef:
                    40:43:7a:34:6f:65:e9:e8:f5:02:17:8d:13:f1:4a:
                    ee:14:4b:08:7b:22:41:5c:49:bc:30:8d:f9:73:09:
                    0d:af:aa:d9:6b:7b:37:45:66:10:31:b4:88:f4:ef:
                    de:e1:38:c2:da:36:de:f3:0e:7a:6b:47:58:4a:77:
                    05:ec:b4:b3:92:76:48:b1:e4:61:e2:ba:69:8f:e2:
                    f1:b2:23:fa:6e:f8:d0:fd:e7:0b:17:59:3a:f7:b6:
                    a5:9d:cb:5c:04:bd:44:0b:e9:f9:5d:a3:c5:56:e9:
                    d1:e1:b0:3e:78:38:3d:17:31:82:80:f9:d8:74:13:
                    45:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:29:F4:76:29:C7:F0:5E:E1:EC:2F:49:73:A4:77:50:D9:B2:3F:7C
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/MSn0dinH8F7h7C9Jc6R3UNmyP3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:61:c6:7b:f4:db:a3:14:91:a8:55:91:7b:64:50:60:46:52:
         b5:f8:3a:b0:af:b5:b3:c5:61:cb:4b:ff:64:a3:2f:46:92:1a:
         96:07:3b:23:70:1b:c4:3f:f6:13:7b:c4:8f:19:4f:62:e3:e1:
         20:7f:87:58:22:42:9e:11:df:09:6a:3e:ca:b1:f7:a0:a8:47:
         dd:68:18:24:32:05:c7:af:c3:a5:1a:9c:56:d4:f4:2b:77:b6:
         9b:ce:1d:f6:66:59:1f:71:2e:60:e0:2e:06:65:ff:bc:cc:ee:
         d4:39:c4:11:13:1a:a2:69:3c:05:f9:f2:63:20:d2:6d:5d:a1:
         13:76:aa:aa:09:96:b5:26:f4:77:63:2c:5f:71:d8:eb:c8:51:
         09:b2:ca:6a:ba:2d:cf:99:2e:7d:c5:a0:2d:fd:69:42:b8:7a:
         06:ac:07:17:0f:fc:29:fa:4d:60:24:e7:fe:42:1f:67:d0:8d:
         73:9d:90:f7:bb:b7:e7:5d:5d:e8:34:b6:69:c0:b5:67:0a:29:
         6a:dc:64:53:24:e3:c2:0b:16:f5:89:df:f7:83:f6:02:23:b1:
         4b:6b:2d:ac:2a:c8:7f:2e:df:ee:7a:01:5a:5e:65:8a:9b:25:
         b8:40:fa:3a:91:92:25:c0:26:fc:2a:8c:c3:ad:1d:99:b2:fb:
         23:c4:c8:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZYLHRI2S/B+iJjD6PdFLCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwNDIxMTE0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI5ZjQ3NjI5YzdmMDVlZTFlYzJmNDk3M2E0Nzc1MGQ5YjIzZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjQcvFQ2JqkBVYyKJ23ye0rM+gtN
gzBHIleJUouwuox5MxDBtHSmp3zQ6x/cB2+A9jRnVDu9OIdNT+wb5KW6gtAYmLBd
GTQVt2n++gD21sEz5MUcktCeJjXlXoTHZsOeeoPGs0trdLglFzm2YwiswRbKdEo2
cH7DNtSOfkIok1NGqBeCNe9AQ3o0b2Xp6PUCF40T8UruFEsIeyJBXEm8MI35cwkN
r6rZa3s3RWYQMbSI9O/e4TjC2jbe8w56a0dYSncF7LSzknZIseRh4rppj+LxsiP6
bvjQ/ecLF1k697alnctcBL1EC+n5XaPFVunR4bA+eDg9FzGCgPnYdBNFGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEp9HYpx/Be4ewvSXOkd1DZsj98MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvTVNuMGRpbkg4RjdoN0M5SmM2UjNVTm15UDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudTMMA0G
CSqGSIb3DQEBCwUAA4IBAQANYcZ79NujFJGoVZF7ZFBgRlK1+Dqwr7WzxWHLS/9k
oy9GkhqWBzsjcBvEP/YTe8SPGU9i4+Egf4dYIkKeEd8Jaj7KsfegqEfdaBgkMgXH
r8OlGpxW1PQrd7abzh32ZlkfcS5g4C4GZf+8zO7UOcQRExqiaTwF+fJjINJtXaET
dqqqCZa1JvR3YyxfcdjryFEJsspqui3PmS59xaAt/WlCuHoGrAcXD/wp+k1gJOf+
Qh9n0I1znZD3u7fnXV3oNLZpwLVnCilq3GRTJOPCCxb1id/3g/YCI7FLay2sKsh/
Lt/uegFaXmWKmyW4QPo6kZIlwCb8KozDrR2ZsvsjxMg7
-----END CERTIFICATE-----