Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/MXzzmJpwK0AnQmtnN3WOYLsCRv8.roa
File:                     MXzzmJpwK0AnQmtnN3WOYLsCRv8.roa (raw, json)
Hash identifier:          RsDSP/EJFDLzHQNpwCzmZg3FD2FDNn4XU1KplfHlLUU=
Subject key identifier:   31:7C:F3:98:9A:70:2B:40:27:42:6B:67:37:75:8E:60:BB:02:46:FF
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       019651F8ED734FCB2BF1FDC1DF6388909147
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/MXzzmJpwK0AnQmtnN3WOYLsCRv8.roa
Signing time:             Sun 20 Apr 2025 06:53:10 +0000
ROA not before:           Sun 20 Apr 2025 06:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56466
IP address blocks:        185.140.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 00:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:51:f8:ed:73:4f:cb:2b:f1:fd:c1:df:63:88:90:91:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Apr 20 06:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=317cf3989a702b4027426b6737758e60bb0246ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:33:04:f5:d2:86:18:ca:86:cb:43:59:30:97:
                    c0:35:3c:5c:72:f0:ed:3a:71:86:ed:d3:d5:3d:a6:
                    bc:ea:b7:71:5e:67:d9:9f:86:5e:c3:ef:d5:50:4c:
                    90:c2:ac:b4:a1:ba:83:6b:57:2f:8b:a9:20:fe:81:
                    4a:b8:0f:b9:8b:72:28:86:a6:7e:d8:e6:88:67:e1:
                    81:2d:1d:c5:fe:03:7a:ae:e2:8c:37:45:80:f5:6f:
                    67:90:72:30:41:3a:54:b1:e8:38:52:74:81:a2:30:
                    2b:45:0a:bf:e1:f0:82:96:82:93:a5:6e:be:b8:72:
                    79:4b:a3:0f:dc:45:14:4b:8d:f9:e6:fa:01:a1:96:
                    45:43:15:57:59:26:92:b7:d6:7c:77:4f:34:2d:8d:
                    ec:6e:68:4e:2a:d4:99:c2:49:f9:e3:2e:f6:f2:80:
                    b7:b2:a7:88:6f:9e:4d:c1:63:12:28:bb:ca:ae:53:
                    b0:7d:33:60:72:39:e5:5a:0e:ab:cb:ad:99:d6:17:
                    75:90:30:12:e4:24:bd:d7:00:90:cb:0a:f9:79:e0:
                    f3:e1:3d:42:81:a3:69:6a:57:9b:41:20:2d:f9:36:
                    ca:04:87:7c:63:6b:ee:15:54:63:fd:36:1e:7d:e1:
                    fd:0f:0f:ee:13:7f:85:4a:50:73:ae:3a:55:6e:c3:
                    be:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:7C:F3:98:9A:70:2B:40:27:42:6B:67:37:75:8E:60:BB:02:46:FF
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/MXzzmJpwK0AnQmtnN3WOYLsCRv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:24:ce:35:b8:1b:c0:5a:32:b0:a7:53:6a:21:82:bc:f9:b9:
         87:7d:b0:30:ce:cc:0e:28:b3:9d:c0:19:93:6f:0f:dc:b1:0b:
         f7:48:16:78:b6:3a:04:38:d9:34:8f:88:eb:47:e3:81:14:73:
         40:ec:80:e6:c3:fb:05:1b:11:93:51:81:b0:96:67:a0:e9:20:
         e5:f4:52:4d:95:0d:bd:ca:de:62:ca:2a:d6:bb:10:4c:6d:fc:
         d5:a4:9c:72:1a:ed:fc:cc:e9:5b:1e:0d:88:8c:5b:d1:2e:46:
         38:61:be:7b:59:de:15:5d:e8:a2:96:17:e5:49:af:ea:1e:e3:
         e6:76:9a:22:61:d2:a4:b3:d0:de:3d:93:a0:e8:86:39:a6:37:
         e5:3a:3b:40:0c:7b:14:e7:b3:aa:7f:5a:04:1c:39:83:c5:b1:
         36:3e:76:aa:00:68:f4:aa:a2:70:b4:11:38:a9:36:bf:a2:cd:
         81:a4:0b:6c:3a:34:4e:dd:1d:e9:5b:a6:f4:f3:05:fc:d2:33:
         fc:63:94:89:79:64:ef:34:ee:26:db:2c:e2:5e:c0:08:5c:73:
         db:c4:9d:36:5a:59:91:00:cf:4b:ca:88:16:76:b7:50:79:a1:
         b5:62:f5:2c:31:66:c1:05:d9:06:27:43:de:cf:a3:a9:f2:e9:
         9e:92:ac:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZR+O1zT8sr8f3B32OIkJFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwNDIwMDY1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdjZjM5ODlhNzAyYjQwMjc0MjZiNjczNzc1OGU2MGJiMDI0NmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTME9dKGGMqGy0NZMJfANTxccvDt
OnGG7dPVPaa86rdxXmfZn4Zew+/VUEyQwqy0obqDa1cvi6kg/oFKuA+5i3IohqZ+
2OaIZ+GBLR3F/gN6ruKMN0WA9W9nkHIwQTpUseg4UnSBojArRQq/4fCCloKTpW6+
uHJ5S6MP3EUUS4355voBoZZFQxVXWSaSt9Z8d080LY3sbmhOKtSZwkn54y728oC3
sqeIb55NwWMSKLvKrlOwfTNgcjnlWg6ry62Z1hd1kDAS5CS91wCQywr5eeDz4T1C
gaNpalebQSAt+TbKBId8Y2vuFVRj/TYefeH9Dw/uE3+FSlBzrjpVbsO+1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF885iacCtAJ0JrZzd1jmC7Akb/MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvTVh6em1KcHdLMEFuUW10bk4zV09ZTHNDUnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYzwMA0G
CSqGSIb3DQEBCwUAA4IBAQBuJM41uBvAWjKwp1NqIYK8+bmHfbAwzswOKLOdwBmT
bw/csQv3SBZ4tjoEONk0j4jrR+OBFHNA7IDmw/sFGxGTUYGwlmeg6SDl9FJNlQ29
yt5iyirWuxBMbfzVpJxyGu38zOlbHg2IjFvRLkY4Yb57Wd4VXeiilhflSa/qHuPm
dpoiYdKks9DePZOg6IY5pjflOjtADHsU57Oqf1oEHDmDxbE2PnaqAGj0qqJwtBE4
qTa/os2BpAtsOjRO3R3pW6b08wX80jP8Y5SJeWTvNO4m2yziXsAIXHPbxJ02WlmR
AM9LyogWdrdQeaG1YvUsMWbBBdkGJ0Pez6Op8umekqxQ
-----END CERTIFICATE-----