Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/mMAg12jPtr74TOsk3VC3gPjsZVo.roa
File:                     mMAg12jPtr74TOsk3VC3gPjsZVo.roa (raw, json)
Hash identifier:          o2G7nuGIq/7Be8J0MaBTzFHd8+XyBzC6NUzaY0EiFOk=
Subject key identifier:   98:C0:20:D7:68:CF:B6:BE:F8:4C:EB:24:DD:50:B7:80:F8:EC:65:5A
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       018CC348C3554E9DBD3F25BDDE35E6065A54
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/mMAg12jPtr74TOsk3VC3gPjsZVo.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34309
IP address blocks:        193.56.217.0/24 maxlen: 24
                          2a05:a880:dc20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c3:55:4e:9d:bd:3f:25:bd:de:35:e6:06:5a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98c020d768cfb6bef84ceb24dd50b780f8ec655a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:06:4c:7b:f6:94:8d:d5:ab:3e:68:8d:10:73:
                    74:53:82:f9:ea:e5:ca:22:32:96:7b:52:0c:e8:e8:
                    ab:ef:bb:33:37:71:65:92:c2:c0:43:de:1e:b5:ba:
                    73:eb:75:97:d6:b9:c4:af:3e:e8:c9:0a:e2:25:5c:
                    44:a9:95:32:0d:02:44:d4:65:e2:3b:32:47:7b:ed:
                    16:df:c3:ea:d3:3e:96:fb:5a:53:d7:03:1a:0f:7f:
                    43:5b:bd:4e:a2:42:a5:62:3a:48:51:d7:84:48:32:
                    60:4d:ca:a6:23:0d:2f:8d:dc:a4:15:61:e1:ff:4d:
                    4b:c5:02:86:fa:ce:0c:bc:ec:87:20:c7:17:59:fc:
                    25:e8:83:18:4d:ce:24:e7:fd:77:a7:9c:48:ed:97:
                    0f:6b:67:a2:4d:21:4f:d2:a5:6d:15:48:0a:59:28:
                    07:3f:55:49:c5:23:b0:c0:0c:7f:c4:70:70:2b:91:
                    29:c8:0a:5c:f8:c8:cf:cd:38:60:24:21:ab:c2:6c:
                    fb:19:35:38:8b:ab:27:b1:ed:23:f7:10:37:92:5c:
                    e4:9c:d7:99:e8:b4:5e:3d:da:63:da:cd:13:33:cd:
                    0c:7c:61:10:3f:77:ea:0c:0e:b6:2f:68:ac:e9:c7:
                    13:85:eb:ae:6f:94:dd:a3:15:ff:20:54:3c:42:c0:
                    14:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C0:20:D7:68:CF:B6:BE:F8:4C:EB:24:DD:50:B7:80:F8:EC:65:5A
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/mMAg12jPtr74TOsk3VC3gPjsZVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.217.0/24
                IPv6:
                  2a05:a880:dc20::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:61:59:4a:06:79:67:73:19:96:85:4e:9c:2a:8d:b2:4e:ab:
         28:fe:a7:ad:8e:38:74:20:98:52:e9:b0:3b:4d:2a:17:6a:b4:
         a6:56:af:e4:30:be:f5:53:16:70:f1:5d:6d:fb:c4:82:2c:6c:
         4b:01:46:81:88:a7:95:33:94:e6:a6:5d:74:76:e8:cb:36:07:
         f8:c9:f2:53:db:62:55:77:c3:50:32:4c:b0:3e:67:70:23:9d:
         70:09:a5:d0:0e:f7:2d:bc:44:a5:e9:0c:88:4f:ce:45:be:a7:
         a9:88:21:93:42:18:d3:17:4a:60:30:2c:f9:5a:34:ca:cb:ef:
         a3:39:8a:bd:73:98:f6:a8:be:1d:13:20:63:c0:0a:07:2e:f1:
         a2:1f:1f:ad:85:c0:d1:55:75:f5:51:40:c4:68:7c:b8:8c:d3:
         d2:24:65:08:6f:ce:59:57:1a:41:12:85:b6:34:1f:2e:67:6c:
         47:5e:b7:a1:33:06:1f:b0:97:93:e3:e5:8c:65:d8:0c:a0:f0:
         e7:03:e8:cf:94:f0:f9:e5:c9:89:51:af:19:b1:90:44:da:c2:
         60:78:1f:55:92:7b:67:61:dc:96:66:f3:a0:73:f4:6a:3f:5d:
         9e:55:60:3f:35:48:b8:cb:b8:d9:f7:26:91:5e:c8:d9:7b:11:
         92:f2:b4:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSMNVTp29PyW93jXmBlpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGMwMjBkNzY4Y2ZiNmJlZjg0Y2ViMjRkZDUwYjc4MGY4ZWM2NTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwZMe/aUjdWrPmiNEHN0U4L56uXK
IjKWe1IM6Oir77szN3FlksLAQ94etbpz63WX1rnErz7oyQriJVxEqZUyDQJE1GXi
OzJHe+0W38Pq0z6W+1pT1wMaD39DW71OokKlYjpIUdeESDJgTcqmIw0vjdykFWHh
/01LxQKG+s4MvOyHIMcXWfwl6IMYTc4k5/13p5xI7ZcPa2eiTSFP0qVtFUgKWSgH
P1VJxSOwwAx/xHBwK5EpyApc+MjPzThgJCGrwmz7GTU4i6snse0j9xA3klzknNeZ
6LRePdpj2s0TM80MfGEQP3fqDA62L2is6ccTheuub5TdoxX/IFQ8QsAU2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJjAINdoz7a++EzrJN1Qt4D47GVaMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvbU1BZzEyalB0cjc0VE9zazNWQzNnUGpzWlZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwTjZMA8E
AgACMAkDBwAqBaiA3CAwDQYJKoZIhvcNAQELBQADggEBAIZhWUoGeWdzGZaFTpwq
jbJOqyj+p62OOHQgmFLpsDtNKhdqtKZWr+QwvvVTFnDxXW37xIIsbEsBRoGIp5Uz
lOamXXR26Ms2B/jJ8lPbYlV3w1AyTLA+Z3AjnXAJpdAO9y28RKXpDIhPzkW+p6mI
IZNCGNMXSmAwLPlaNMrL76M5ir1zmPaovh0TIGPACgcu8aIfH62FwNFVdfVRQMRo
fLiM09IkZQhvzllXGkEShbY0Hy5nbEdet6EzBh+wl5Pj5Yxl2Ayg8OcD6M+U8Pnl
yYlRrxmxkETawmB4H1WSe2dh3JZm86Bz9Go/XZ5VYD81SLjLuNn3JpFeyNl7EZLy
tLk=
-----END CERTIFICATE-----