Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/69d8ea-b08b-4e7e-afce-4d20e34d0992/1/_Mx3tryLoUr9840pDWBBH9wAMYM.roa
File:                     _Mx3tryLoUr9840pDWBBH9wAMYM.roa (raw, json)
Hash identifier:          1wblbboXkRfG1niU72RZH+g04kmYi2u633wBSi0v2qE=
Subject key identifier:   FC:CC:77:B6:BC:8B:A1:4A:FD:F3:8D:29:0D:60:41:1F:DC:00:31:83
Certificate issuer:       /CN=daee6df9728cd8af0f34a03ed6ea3151c3bc22c8
Certificate serial:       01977877F8CD08E4D91628A2B4446CFDCE80
Authority key identifier: DA:EE:6D:F9:72:8C:D8:AF:0F:34:A0:3E:D6:EA:31:51:C3:BC:22:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2u5t-XKM2K8PNKA-1uoxUcO8Isg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/69d8ea-b08b-4e7e-afce-4d20e34d0992/1/_Mx3tryLoUr9840pDWBBH9wAMYM.roa
Signing time:             Mon 16 Jun 2025 11:20:17 +0000
ROA not before:           Mon 16 Jun 2025 11:20:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42151
IP address blocks:        195.242.142.0/24 maxlen: 24
                          195.242.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/69d8ea-b08b-4e7e-afce-4d20e34d0992/1/2u5t-XKM2K8PNKA-1uoxUcO8Isg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/69d8ea-b08b-4e7e-afce-4d20e34d0992/1/2u5t-XKM2K8PNKA-1uoxUcO8Isg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2u5t-XKM2K8PNKA-1uoxUcO8Isg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:77:f8:cd:08:e4:d9:16:28:a2:b4:44:6c:fd:ce:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daee6df9728cd8af0f34a03ed6ea3151c3bc22c8
        Validity
            Not Before: Jun 16 11:20:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fccc77b6bc8ba14afdf38d290d60411fdc003183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4f:44:e5:f7:32:72:f8:a8:bb:80:05:56:36:
                    cd:4e:f5:37:e9:af:21:82:48:8d:be:2f:c6:07:8e:
                    de:d1:7d:c3:a3:3f:1a:bf:d7:6c:69:cc:81:ff:cd:
                    15:13:b2:25:a1:54:e6:55:28:ce:21:ae:8b:0c:2d:
                    63:2f:4e:d7:98:f9:fc:de:aa:f5:86:5e:82:51:01:
                    95:b9:6c:8a:af:37:d8:21:c6:8d:7d:46:99:02:be:
                    eb:c7:0f:79:02:da:1f:2f:89:a9:16:07:40:86:a4:
                    b9:9f:e6:36:ef:82:74:e3:51:9c:d4:e8:a5:84:46:
                    c9:f6:73:90:23:62:ca:5e:43:93:bf:67:5d:f5:5c:
                    8c:a0:28:cc:aa:ab:ee:c7:ce:5e:0b:e1:16:9e:e1:
                    3f:33:d7:c2:78:75:a9:e5:4f:3d:b0:03:75:82:5f:
                    37:d6:04:7e:e0:f7:2c:1e:fb:e7:78:eb:55:1f:58:
                    ea:1f:e4:06:d9:b2:b3:1b:b0:fb:40:8b:20:d9:18:
                    1a:8f:06:0f:23:01:f2:64:1a:20:46:ef:06:32:ee:
                    7b:21:48:4a:4b:f0:91:a9:3b:9f:f6:ac:ca:8e:02:
                    84:04:73:84:28:87:da:14:bc:26:d9:69:6c:76:0b:
                    d9:0e:52:7e:39:68:43:e1:b9:60:58:a7:55:cd:8f:
                    d0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CC:77:B6:BC:8B:A1:4A:FD:F3:8D:29:0D:60:41:1F:DC:00:31:83
            X509v3 Authority Key Identifier:
                keyid:DA:EE:6D:F9:72:8C:D8:AF:0F:34:A0:3E:D6:EA:31:51:C3:BC:22:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2u5t-XKM2K8PNKA-1uoxUcO8Isg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/69d8ea-b08b-4e7e-afce-4d20e34d0992/1/_Mx3tryLoUr9840pDWBBH9wAMYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/69d8ea-b08b-4e7e-afce-4d20e34d0992/1/2u5t-XKM2K8PNKA-1uoxUcO8Isg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:ca:5c:e1:1b:e9:3f:97:6c:11:48:4a:ed:2a:0a:57:54:a7:
         86:b5:28:76:d4:3b:e2:d0:d2:f6:e9:12:4e:c2:54:fe:bb:62:
         27:f7:69:f2:92:4f:99:30:0c:f5:86:02:5d:30:70:d6:d2:dd:
         92:a9:d8:f3:b4:a7:b0:29:b6:c3:7b:09:0b:ab:96:c9:32:4b:
         ef:67:22:2f:ff:8d:f7:d1:fd:23:ec:a9:e2:e2:32:03:09:50:
         66:18:80:e5:c8:b6:09:c9:f2:b2:b5:17:9f:82:d4:e2:f2:a8:
         e3:36:fc:22:06:4a:30:1d:69:1a:e1:57:88:19:a0:0f:96:c5:
         90:1e:e0:e9:ed:8d:6c:0d:df:99:56:3e:c7:7c:0d:0f:66:a3:
         a2:aa:bc:71:8d:67:bc:3e:5a:8c:d8:d5:26:8e:53:c0:fa:be:
         9a:80:f6:d1:4b:a9:d4:5a:a6:62:4f:3f:10:c9:25:7b:9d:fd:
         a7:d9:4c:df:f0:c9:a4:d1:d1:41:79:71:85:87:0a:25:41:ea:
         65:9c:df:85:b7:34:07:e4:05:94:87:d7:7b:24:a4:21:de:03:
         68:66:69:43:bb:96:dd:7d:10:bb:fc:4c:7a:59:c7:1b:cb:74:
         97:af:6b:14:4e:04:f5:0e:a0:b9:bd:e3:fd:fa:f3:a9:5e:52:
         89:30:0a:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd4d/jNCOTZFiiitERs/c6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZWU2ZGY5NzI4Y2Q4YWYwZjM0YTAzZWQ2ZWEzMTUxYzNi
YzIyYzgwHhcNMjUwNjE2MTEyMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NjNzdiNmJjOGJhMTRhZmRmMzhkMjkwZDYwNDExZmRjMDAzMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU9E5fcycviou4AFVjbNTvU36a8h
gkiNvi/GB47e0X3Doz8av9dsacyB/80VE7IloVTmVSjOIa6LDC1jL07XmPn83qr1
hl6CUQGVuWyKrzfYIcaNfUaZAr7rxw95AtofL4mpFgdAhqS5n+Y274J041Gc1Oil
hEbJ9nOQI2LKXkOTv2dd9VyMoCjMqqvux85eC+EWnuE/M9fCeHWp5U89sAN1gl83
1gR+4PcsHvvneOtVH1jqH+QG2bKzG7D7QIsg2RgajwYPIwHyZBogRu8GMu57IUhK
S/CRqTuf9qzKjgKEBHOEKIfaFLwm2WlsdgvZDlJ+OWhD4blgWKdVzY/QrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzMd7a8i6FK/fONKQ1gQR/cADGDMB8GA1UdIwQY
MBaAFNrubflyjNivDzSgPtbqMVHDvCLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnU1dC1YS00ySzhQTktBLTF1b3hVY084SXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82OWQ4ZWEtYjA4Yi00ZTdlLWFmY2Ut
NGQyMGUzNGQwOTkyLzEvX014M3RyeUxvVXI5ODQwcERXQkJIOXdBTVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82OWQ4ZWEtYjA4Yi00ZTdlLWFmY2UtNGQyMGUzNGQwOTky
LzEvMnU1dC1YS00ySzhQTktBLTF1b3hVY084SXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/KOMA0G
CSqGSIb3DQEBCwUAA4IBAQBWylzhG+k/l2wRSErtKgpXVKeGtSh21Dvi0NL26RJO
wlT+u2In92nykk+ZMAz1hgJdMHDW0t2SqdjztKewKbbDewkLq5bJMkvvZyIv/433
0f0j7Kni4jIDCVBmGIDlyLYJyfKytRefgtTi8qjjNvwiBkowHWka4VeIGaAPlsWQ
HuDp7Y1sDd+ZVj7HfA0PZqOiqrxxjWe8PlqM2NUmjlPA+r6agPbRS6nUWqZiTz8Q
ySV7nf2n2Uzf8Mmk0dFBeXGFhwolQeplnN+FtzQH5AWUh9d7JKQh3gNoZmlDu5bd
fRC7/Ex6Wccby3SXr2sUTgT1DqC5veP9+vOpXlKJMAr6
-----END CERTIFICATE-----