Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/MclD5Mu7-yM5WZCWdDKEQwXWAPQ.roa
File:                     MclD5Mu7-yM5WZCWdDKEQwXWAPQ.roa (raw, json)
Hash identifier:          y1IKqd+2kIlmWEscFMhJpumTjPaLVfESY/QMInl6Usc=
Subject key identifier:   31:C9:43:E4:CB:BB:FB:23:39:59:90:96:74:32:84:43:05:D6:00:F4
Certificate issuer:       /CN=b48bd8ec4e301c9e7b0a43bef0f3ddd3a453155a
Certificate serial:       019301CEAA04D177A1B361113739B1BB162A
Authority key identifier: B4:8B:D8:EC:4E:30:1C:9E:7B:0A:43:BE:F0:F3:DD:D3:A4:53:15:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIvY7E4wHJ57CkO-8PPd06RTFVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/MclD5Mu7-yM5WZCWdDKEQwXWAPQ.roa
Signing time:             Wed 06 Nov 2024 14:09:01 +0000
ROA not before:           Wed 06 Nov 2024 14:09:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213913
IP address blocks:        46.102.234.0/24 maxlen: 24
                          2a0c:2780::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/tIvY7E4wHJ57CkO-8PPd06RTFVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/tIvY7E4wHJ57CkO-8PPd06RTFVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIvY7E4wHJ57CkO-8PPd06RTFVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:ce:aa:04:d1:77:a1:b3:61:11:37:39:b1:bb:16:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b48bd8ec4e301c9e7b0a43bef0f3ddd3a453155a
        Validity
            Not Before: Nov  6 14:09:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31c943e4cbbbfb23395990967432844305d600f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:06:ed:78:25:29:53:12:c2:3a:d5:db:46:85:
                    49:3a:0b:1b:97:65:42:cc:c4:ce:5b:52:99:e3:2a:
                    38:e7:08:78:3b:c4:3e:0e:1c:e6:13:c5:8b:e6:74:
                    ac:31:66:62:13:49:5e:6b:4c:5a:1c:b4:0b:0d:04:
                    c6:17:47:3a:34:52:20:58:82:98:06:73:00:c4:2b:
                    9b:73:4a:41:ad:d0:87:e4:21:6c:f3:aa:d3:67:c1:
                    a5:49:44:04:d9:c6:ce:8c:7d:77:7e:3b:7f:bb:80:
                    35:3f:83:ff:e8:19:2b:dd:4f:00:af:d2:33:fe:79:
                    db:40:5c:60:e5:11:f7:cf:2f:01:43:53:ab:6f:d7:
                    f3:26:3d:bb:f0:42:01:e7:60:7d:76:f4:bf:fe:87:
                    f5:fd:d7:47:16:06:b2:66:8a:bc:95:89:fe:e2:9b:
                    1b:e0:1c:03:12:d7:27:9f:b6:1e:e8:11:0e:0c:1d:
                    d4:51:81:de:63:6d:67:7f:8a:02:d5:f0:00:cb:5b:
                    fc:d3:c6:a3:87:28:a7:bb:6e:ce:a4:ab:1f:f9:29:
                    89:fc:bd:88:8d:ab:43:97:0b:5d:7c:64:b0:21:25:
                    76:0f:4b:a4:46:72:37:57:c7:11:d2:36:9b:5f:02:
                    00:18:b8:7a:e9:20:47:3e:73:31:ed:bf:3e:4f:23:
                    a8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C9:43:E4:CB:BB:FB:23:39:59:90:96:74:32:84:43:05:D6:00:F4
            X509v3 Authority Key Identifier:
                keyid:B4:8B:D8:EC:4E:30:1C:9E:7B:0A:43:BE:F0:F3:DD:D3:A4:53:15:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIvY7E4wHJ57CkO-8PPd06RTFVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/MclD5Mu7-yM5WZCWdDKEQwXWAPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/tIvY7E4wHJ57CkO-8PPd06RTFVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.234.0/24
                IPv6:
                  2a0c:2780::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:fb:26:e8:53:f8:2c:ac:ec:63:57:da:b6:3c:61:a2:29:f9:
         53:5c:15:ca:ca:f2:5b:55:29:5b:ad:92:c7:c0:2f:89:ab:a9:
         b6:fd:df:55:21:ca:fb:b3:cb:b8:5b:62:13:7b:73:9a:b7:88:
         3c:1b:eb:c0:53:8d:3b:63:95:3e:1f:d2:4c:35:f4:df:a6:63:
         f2:38:52:c2:9c:e0:4b:9b:5c:6e:29:54:fa:e7:b3:ae:42:21:
         60:78:f0:30:e3:5d:9c:e1:b3:4e:f0:f1:19:db:a9:9f:d0:43:
         ba:2e:30:ef:d0:9d:8e:cf:49:36:c6:83:5d:b5:e0:82:c9:d1:
         a7:a9:49:a1:32:58:83:60:a7:19:d5:dd:55:fd:76:6e:f4:15:
         13:90:cb:88:47:fd:d3:78:6a:f4:fa:be:b6:0e:67:d0:8e:74:
         ba:4f:1e:ac:a9:2b:3f:e8:89:81:d5:54:27:81:58:e8:b4:49:
         07:57:3c:63:17:c5:ba:6b:57:9d:94:c1:95:41:3b:30:71:8a:
         18:06:f7:18:a9:56:dd:d5:cf:59:db:f9:bf:f5:89:01:08:7a:
         64:e2:b1:b3:db:06:17:3d:9a:47:38:b7:65:c2:cd:75:2c:e2:
         45:f9:ad:00:18:fe:5a:db:7b:3f:66:6e:25:79:21:9e:bc:6b:
         76:6f:1a:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMBzqoE0Xehs2ERNzmxuxYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OGJkOGVjNGUzMDFjOWU3YjBhNDNiZWYwZjNkZGQzYTQ1
MzE1NWEwHhcNMjQxMTA2MTQwOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWM5NDNlNGNiYmJmYjIzMzk1OTkwOTY3NDMyODQ0MzA1ZDYwMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwbteCUpUxLCOtXbRoVJOgsbl2VC
zMTOW1KZ4yo45wh4O8Q+DhzmE8WL5nSsMWZiE0lea0xaHLQLDQTGF0c6NFIgWIKY
BnMAxCubc0pBrdCH5CFs86rTZ8GlSUQE2cbOjH13fjt/u4A1P4P/6Bkr3U8Ar9Iz
/nnbQFxg5RH3zy8BQ1Orb9fzJj278EIB52B9dvS//of1/ddHFgayZoq8lYn+4psb
4BwDEtcnn7Ye6BEODB3UUYHeY21nf4oC1fAAy1v808ajhyinu27OpKsf+SmJ/L2I
jatDlwtdfGSwISV2D0ukRnI3V8cR0jabXwIAGLh66SBHPnMx7b8+TyOoowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDHJQ+TLu/sjOVmQlnQyhEMF1gD0MB8GA1UdIwQY
MBaAFLSL2OxOMByeewpDvvDz3dOkUxVaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEl2WTdFNHdISjU3Q2tPLThQUGQwNlJURlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC83NDM0ZTEtNzQxMy00ZjZhLWEyOWMt
Y2RjODFkYjc3NTMxLzEvTWNsRDVNdTcteU01V1pDV2RES0VRd1hXQVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC83NDM0ZTEtNzQxMy00ZjZhLWEyOWMtY2RjODFkYjc3NTMx
LzEvdEl2WTdFNHdISjU3Q2tPLThQUGQwNlJURlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALmbqMA0E
AgACMAcDBQAqDCeAMA0GCSqGSIb3DQEBCwUAA4IBAQCM+yboU/gsrOxjV9q2PGGi
KflTXBXKyvJbVSlbrZLHwC+Jq6m2/d9VIcr7s8u4W2ITe3Oat4g8G+vAU407Y5U+
H9JMNfTfpmPyOFLCnOBLm1xuKVT657OuQiFgePAw412c4bNO8PEZ26mf0EO6LjDv
0J2Oz0k2xoNdteCCydGnqUmhMliDYKcZ1d1V/XZu9BUTkMuIR/3TeGr0+r62DmfQ
jnS6Tx6sqSs/6ImB1VQngVjotEkHVzxjF8W6a1edlMGVQTswcYoYBvcYqVbd1c9Z
2/m/9YkBCHpk4rGz2wYXPZpHOLdlws11LOJF+a0AGP5a23s/Zm4leSGevGt2bxoO
-----END CERTIFICATE-----