Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da0e47-b619-410a-b451-3fdfeae9b3d3/1/mjCXGX40P2ffcrN44boEpnJTaTc.roa
File:                     mjCXGX40P2ffcrN44boEpnJTaTc.roa (raw, json)
Hash identifier:          LgLHJFwEHcRfiWC8m23QPb6Ya1PBtB3V5dXpILctiVI=
Subject key identifier:   9A:30:97:19:7E:34:3F:67:DF:72:B3:78:E1:BA:04:A6:72:53:69:37
Certificate issuer:       /CN=7ad78cafb35f5f96b3f6cece970615ad5cfff711
Certificate serial:       019639509A813175CCEDFED9F9922A237C67
Authority key identifier: 7A:D7:8C:AF:B3:5F:5F:96:B3:F6:CE:CE:97:06:15:AD:5C:FF:F7:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eteMr7NfX5az9s7OlwYVrVz_9xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da0e47-b619-410a-b451-3fdfeae9b3d3/1/mjCXGX40P2ffcrN44boEpnJTaTc.roa
Signing time:             Tue 15 Apr 2025 11:58:25 +0000
ROA not before:           Tue 15 Apr 2025 11:58:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201875
IP address blocks:        185.58.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da0e47-b619-410a-b451-3fdfeae9b3d3/1/eteMr7NfX5az9s7OlwYVrVz_9xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da0e47-b619-410a-b451-3fdfeae9b3d3/1/eteMr7NfX5az9s7OlwYVrVz_9xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eteMr7NfX5az9s7OlwYVrVz_9xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 23:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:50:9a:81:31:75:cc:ed:fe:d9:f9:92:2a:23:7c:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ad78cafb35f5f96b3f6cece970615ad5cfff711
        Validity
            Not Before: Apr 15 11:58:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a3097197e343f67df72b378e1ba04a672536937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:14:63:da:0e:48:40:a9:5c:98:62:26:0c:35:
                    fd:8c:82:a6:88:d4:68:87:e4:b5:03:0c:40:ba:dc:
                    25:41:25:64:dd:a0:73:de:0c:f7:88:ef:e6:36:50:
                    fb:88:1e:d1:91:34:df:9e:31:e0:7b:b6:3a:4c:ae:
                    21:f9:1d:c4:01:40:2b:37:64:43:24:8c:0e:33:3e:
                    58:8f:16:9c:7f:2a:90:9a:62:94:ab:9e:2e:53:fe:
                    53:d0:19:df:5a:ac:1e:62:33:87:c1:bb:5a:63:0e:
                    57:b6:d8:18:92:db:5a:46:5c:15:d1:46:8e:7c:15:
                    4f:ed:af:23:16:2e:7a:3b:ed:aa:87:5c:42:96:4e:
                    6a:b7:97:cd:0f:34:99:a0:1b:44:e6:55:82:cd:eb:
                    71:66:9c:0a:75:28:5a:b7:8e:27:57:74:47:56:dc:
                    08:06:8a:38:1e:db:b6:db:a8:30:20:a2:ec:e9:93:
                    8e:1a:1b:1a:3d:e3:e6:f1:75:c4:4b:c9:91:92:2d:
                    11:0a:2d:ac:ea:c9:cb:92:e3:f7:36:85:ce:be:cb:
                    05:3c:8c:56:67:2c:ff:c0:8d:f0:59:f5:46:bd:48:
                    59:2b:a7:57:6a:52:4c:5c:51:7c:0b:57:b2:8c:a1:
                    c5:12:44:b3:fb:cf:ed:b3:e1:b9:54:49:71:3a:db:
                    3a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:30:97:19:7E:34:3F:67:DF:72:B3:78:E1:BA:04:A6:72:53:69:37
            X509v3 Authority Key Identifier:
                keyid:7A:D7:8C:AF:B3:5F:5F:96:B3:F6:CE:CE:97:06:15:AD:5C:FF:F7:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eteMr7NfX5az9s7OlwYVrVz_9xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da0e47-b619-410a-b451-3fdfeae9b3d3/1/mjCXGX40P2ffcrN44boEpnJTaTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da0e47-b619-410a-b451-3fdfeae9b3d3/1/eteMr7NfX5az9s7OlwYVrVz_9xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:72:37:98:22:09:28:e7:83:ac:06:34:4c:cc:b4:59:4e:69:
         d2:4f:69:56:62:6e:e0:61:cb:96:8f:a1:d3:c5:50:e7:d1:d9:
         10:ae:8a:64:de:f5:84:56:06:2e:cf:c9:06:94:75:e3:1c:ba:
         57:16:b2:de:af:c6:3c:20:44:cf:e6:61:07:ba:6b:fe:47:15:
         ac:55:16:90:44:fb:47:0c:61:b6:af:90:b4:17:53:28:fd:7d:
         66:30:40:d4:20:ec:c3:30:b5:66:ad:b2:40:d5:d9:8f:27:26:
         41:5b:b9:8c:b7:31:94:df:d7:2e:63:04:d7:f1:88:e2:82:da:
         e8:59:51:fe:be:36:69:f7:e4:46:8d:f0:09:6c:26:c1:95:92:
         f6:8d:04:25:4a:3c:56:bc:57:b6:9c:7e:60:a6:00:2c:d7:78:
         1b:ec:e8:db:7d:ff:98:f3:e4:3b:46:cc:84:dd:27:b8:dc:a1:
         dd:1b:1e:95:8f:21:c9:32:59:f8:bb:83:c5:d7:71:ff:d6:b5:
         06:d4:19:15:24:f0:b8:79:15:fd:33:63:2e:fd:26:db:3e:0c:
         54:70:2f:e9:41:32:9d:52:98:1e:a2:ab:bf:2c:98:ff:10:c3:
         14:32:57:2b:f1:31:47:5e:cd:06:3c:b5:87:a1:0a:77:e4:13:
         6d:2d:21:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY5UJqBMXXM7f7Z+ZIqI3xnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZDc4Y2FmYjM1ZjVmOTZiM2Y2Y2VjZTk3MDYxNWFkNWNm
ZmY3MTEwHhcNMjUwNDE1MTE1ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTMwOTcxOTdlMzQzZjY3ZGY3MmIzNzhlMWJhMDRhNjcyNTM2OTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphRj2g5IQKlcmGImDDX9jIKmiNRo
h+S1AwxAutwlQSVk3aBz3gz3iO/mNlD7iB7RkTTfnjHge7Y6TK4h+R3EAUArN2RD
JIwOMz5YjxacfyqQmmKUq54uU/5T0BnfWqweYjOHwbtaYw5XttgYkttaRlwV0UaO
fBVP7a8jFi56O+2qh1xClk5qt5fNDzSZoBtE5lWCzetxZpwKdShat44nV3RHVtwI
Boo4Htu226gwIKLs6ZOOGhsaPePm8XXES8mRki0RCi2s6snLkuP3NoXOvssFPIxW
Zyz/wI3wWfVGvUhZK6dXalJMXFF8C1eyjKHFEkSz+8/ts+G5VElxOts6gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJowlxl+ND9n33KzeOG6BKZyU2k3MB8GA1UdIwQY
MBaAFHrXjK+zX1+Ws/bOzpcGFa1c//cRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXRlTXI3TmZYNWF6OXM3T2x3WVZyVnpfOXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9kYTBlNDctYjYxOS00MTBhLWI0NTEt
M2ZkZmVhZTliM2QzLzEvbWpDWEdYNDBQMmZmY3JONDRib0VwbkpUYVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9kYTBlNDctYjYxOS00MTBhLWI0NTEtM2ZkZmVhZTliM2Qz
LzEvZXRlTXI3TmZYNWF6OXM3T2x3WVZyVnpfOXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTrsMA0G
CSqGSIb3DQEBCwUAA4IBAQDZcjeYIgko54OsBjRMzLRZTmnST2lWYm7gYcuWj6HT
xVDn0dkQropk3vWEVgYuz8kGlHXjHLpXFrLer8Y8IETP5mEHumv+RxWsVRaQRPtH
DGG2r5C0F1Mo/X1mMEDUIOzDMLVmrbJA1dmPJyZBW7mMtzGU39cuYwTX8Yjigtro
WVH+vjZp9+RGjfAJbCbBlZL2jQQlSjxWvFe2nH5gpgAs13gb7Ojbff+Y8+Q7RsyE
3Se43KHdGx6VjyHJMln4u4PF13H/1rUG1BkVJPC4eRX9M2Mu/SbbPgxUcC/pQTKd
Upgeoqu/LJj/EMMUMlcr8TFHXs0GPLWHoQp35BNtLSFv
-----END CERTIFICATE-----