Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/M5hYRJhvdGCKvhvMAGC4jWTJSXA.roa
File:                     M5hYRJhvdGCKvhvMAGC4jWTJSXA.roa (raw, json)
Hash identifier:          VGkxa4pTyEqZCbbcRS6HnlUuOo2QmctHYBT+vvYYBDg=
Subject key identifier:   33:98:58:44:98:6F:74:60:8A:BE:1B:CC:00:60:B8:8D:64:C9:49:70
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       0196A580E6DC40B9CF53373DE622F0515A69
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/M5hYRJhvdGCKvhvMAGC4jWTJSXA.roa
Signing time:             Tue 06 May 2025 12:10:10 +0000
ROA not before:           Tue 06 May 2025 12:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39298
IP address blocks:        213.143.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:80:e6:dc:40:b9:cf:53:37:3d:e6:22:f0:51:5a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: May  6 12:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33985844986f74608abe1bcc0060b88d64c94970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2b:10:f6:5c:a9:dc:0a:9f:75:37:0a:df:19:
                    42:4b:91:36:08:2f:74:8a:54:06:83:02:bc:62:39:
                    e9:8d:9f:c8:e0:02:c6:8a:35:a2:c3:2c:5a:1a:95:
                    8e:5f:38:35:90:49:16:a8:08:75:d6:22:e6:d8:2d:
                    30:e5:34:5c:cc:e9:b2:ee:9b:62:15:b2:c2:9e:af:
                    59:0a:c1:d7:79:86:bf:90:0a:78:17:3f:cc:b7:8d:
                    77:aa:f2:df:50:0e:e3:83:d8:c5:7e:78:73:44:d1:
                    31:f9:be:07:87:f6:02:8d:da:7d:88:4a:fd:c8:a6:
                    86:7e:44:57:8f:fa:3a:99:a4:dd:20:9f:f0:8d:df:
                    7e:ae:ad:fe:77:a5:f1:ee:72:74:23:a3:aa:43:16:
                    d9:f4:ed:32:9e:1d:2c:d4:d7:2a:4b:89:8c:8a:a8:
                    3e:55:28:93:4a:c9:f8:7d:f0:8f:45:88:bd:6f:08:
                    61:6b:c4:1b:9d:32:75:80:07:d5:b2:73:f8:21:26:
                    55:b7:9f:c8:79:17:f5:c2:3b:04:b7:89:f0:18:bd:
                    c1:2b:3b:99:22:9e:d2:8b:b2:ad:bd:7b:48:69:fd:
                    df:3f:77:7b:ca:f0:a4:40:12:56:c8:ec:2c:70:0d:
                    de:11:e3:25:6b:e8:25:6c:0f:bd:aa:25:cd:f1:1c:
                    51:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:98:58:44:98:6F:74:60:8A:BE:1B:CC:00:60:B8:8D:64:C9:49:70
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/M5hYRJhvdGCKvhvMAGC4jWTJSXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.143.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:18:40:66:06:d1:a0:ca:8c:e6:ec:5d:98:b6:c4:a9:f0:f1:
         a6:a0:91:24:1f:c3:b0:26:24:35:ff:2d:d7:07:f3:86:ce:ea:
         73:54:e4:33:4c:9c:dc:df:d7:73:9e:8d:3c:f1:f3:38:58:f3:
         5d:4d:3a:4d:aa:41:74:43:dc:ea:49:e4:35:30:f8:61:88:67:
         dc:54:a0:34:40:d7:5f:b5:12:03:19:ed:64:47:85:c3:53:84:
         ba:85:27:94:06:e0:55:5c:5f:9b:5c:f4:ff:cb:cd:7c:57:2e:
         44:98:8d:87:99:05:88:1f:1a:c8:89:a8:a9:dc:83:78:25:08:
         a7:ab:6f:88:c8:6f:53:50:50:b1:b5:f4:ea:da:71:05:2d:90:
         81:59:cf:02:fd:b4:cf:e5:dd:9c:f4:b2:0e:c9:42:6f:3e:19:
         e5:a3:94:4a:a1:f0:8e:b9:53:1a:2d:4d:c6:bf:7f:e2:d6:fd:
         10:17:51:70:de:a7:d9:40:d8:14:8f:bb:f3:33:ae:98:19:b8:
         a6:60:17:e8:80:13:c6:82:c6:ba:c6:60:61:56:69:00:af:45:
         b4:36:a9:b9:a4:a3:f1:b4:c8:8a:83:6e:61:f5:e9:19:95:eb:
         53:3c:46:0a:0a:f2:29:2a:c0:f7:5a:1d:69:a6:d4:20:3c:cb:
         b0:f8:22:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZalgObcQLnPUzc95iLwUVppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjUwNTA2MTIxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzk4NTg0NDk4NmY3NDYwOGFiZTFiY2MwMDYwYjg4ZDY0Yzk0OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCsQ9lyp3AqfdTcK3xlCS5E2CC90
ilQGgwK8YjnpjZ/I4ALGijWiwyxaGpWOXzg1kEkWqAh11iLm2C0w5TRczOmy7pti
FbLCnq9ZCsHXeYa/kAp4Fz/Mt413qvLfUA7jg9jFfnhzRNEx+b4Hh/YCjdp9iEr9
yKaGfkRXj/o6maTdIJ/wjd9+rq3+d6Xx7nJ0I6OqQxbZ9O0ynh0s1NcqS4mMiqg+
VSiTSsn4ffCPRYi9bwhha8QbnTJ1gAfVsnP4ISZVt5/IeRf1wjsEt4nwGL3BKzuZ
Ip7Si7KtvXtIaf3fP3d7yvCkQBJWyOwscA3eEeMla+glbA+9qiXN8RxR7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOYWESYb3Rgir4bzABguI1kyUlwMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvTTVoWVJKaHZkR0NLdmh2TUFHQzRqV1RKU1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y/7MA0G
CSqGSIb3DQEBCwUAA4IBAQBGGEBmBtGgyozm7F2YtsSp8PGmoJEkH8OwJiQ1/y3X
B/OGzupzVOQzTJzc39dzno088fM4WPNdTTpNqkF0Q9zqSeQ1MPhhiGfcVKA0QNdf
tRIDGe1kR4XDU4S6hSeUBuBVXF+bXPT/y818Vy5EmI2HmQWIHxrIiaip3IN4JQin
q2+IyG9TUFCxtfTq2nEFLZCBWc8C/bTP5d2c9LIOyUJvPhnlo5RKofCOuVMaLU3G
v3/i1v0QF1Fw3qfZQNgUj7vzM66YGbimYBfogBPGgsa6xmBhVmkAr0W0Nqm5pKPx
tMiKg25h9ekZletTPEYKCvIpKsD3Wh1pptQgPMuw+CLc
-----END CERTIFICATE-----