Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/MrFGSlTinGmALvU1jsbQgKu82NY.roa
File:                     MrFGSlTinGmALvU1jsbQgKu82NY.roa (raw, json)
Hash identifier:          oQHwzgKkGnokZrUJ7hGWKAJWtoQEleupqPRYkDiObHM=
Subject key identifier:   32:B1:46:4A:54:E2:9C:69:80:2E:F5:35:8E:C6:D0:80:AB:BC:D8:D6
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E1EACE47EB45104DA6E24FDAF9CA67883
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/MrFGSlTinGmALvU1jsbQgKu82NY.roa
Signing time:             Fri 08 Mar 2024 15:27:10 +0000
ROA not before:           Fri 08 Mar 2024 15:27:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64432
IP address blocks:        185.46.175.0/24 maxlen: 24
                          185.161.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:ac:e4:7e:b4:51:04:da:6e:24:fd:af:9c:a6:78:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  8 15:27:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32b1464a54e29c69802ef5358ec6d080abbcd8d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0a:68:a9:00:2b:29:5e:57:76:54:d5:68:4d:
                    f1:5c:0a:20:53:48:5c:32:d1:de:eb:fc:44:ac:d6:
                    a3:be:96:2e:02:c2:f5:7d:33:5f:6d:1a:7f:18:4f:
                    e3:37:bc:9a:2e:61:09:c7:2a:df:2a:25:69:67:f3:
                    f8:74:42:54:6d:f5:f2:34:90:cd:73:12:30:34:72:
                    ff:9f:a7:56:6c:22:99:ad:a2:bd:8f:0a:1a:98:e1:
                    a5:cc:da:31:24:17:e2:f1:bd:af:09:27:60:3c:c4:
                    f4:aa:2f:1f:63:13:d0:b0:0f:ae:4e:1e:cf:be:b1:
                    34:32:c4:83:a1:22:b8:90:a2:5e:ff:03:87:11:5f:
                    e3:e6:62:09:fc:4c:81:80:c1:cd:f9:f7:70:ff:de:
                    ca:fb:96:86:86:6b:84:8e:bc:0a:4c:c9:ab:5d:d2:
                    5c:1a:fd:58:ae:5a:16:e8:34:fb:a2:39:20:99:05:
                    cd:42:73:68:b3:32:7f:db:e3:3c:67:64:1d:5d:5a:
                    c4:2b:c7:18:4a:d3:9a:6f:81:bf:ea:f2:9c:de:98:
                    05:98:f6:1f:0f:54:ac:b7:9b:76:48:ca:dd:5a:28:
                    23:5b:49:58:74:44:1b:cd:b3:34:f9:a9:ed:a0:84:
                    fb:e8:ea:e5:5b:89:86:c1:a1:2d:e4:25:8e:66:9b:
                    cc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B1:46:4A:54:E2:9C:69:80:2E:F5:35:8E:C6:D0:80:AB:BC:D8:D6
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/MrFGSlTinGmALvU1jsbQgKu82NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.175.0/24
                  185.161.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:72:ad:3c:02:49:fc:86:da:cf:89:a3:8c:f8:09:e2:d6:1d:
         64:5e:31:2b:ba:b4:39:8a:cb:17:64:e3:66:84:1b:b7:a6:c5:
         14:fa:e8:91:7e:80:9a:6f:d2:61:63:03:84:98:97:18:e9:8b:
         f1:b0:3b:83:2b:f0:e2:32:74:11:65:0f:0f:76:bd:55:38:44:
         ba:0f:fe:42:ad:40:5e:fb:a3:9a:b4:73:8f:aa:2e:77:07:02:
         c2:f7:c2:75:fc:bb:ea:81:3e:17:bb:ca:55:82:c3:ad:96:51:
         d7:15:41:42:39:ee:56:39:aa:a0:aa:9c:be:f9:55:48:3f:d6:
         b6:b3:ed:1b:80:7b:3b:ee:b9:ea:6d:1c:49:67:26:be:b7:63:
         ad:95:8d:9f:25:b5:ac:7c:a1:f2:91:5f:a1:00:06:95:54:cd:
         e7:f1:2b:64:39:97:9c:77:a6:12:f4:e9:62:b4:f6:be:1b:89:
         99:36:ec:6c:75:ac:2d:35:24:ba:3a:92:c2:67:a3:df:8d:66:
         83:d0:11:f9:50:e3:b5:36:06:76:da:6e:cc:ae:b4:63:b9:d1:
         3c:63:1b:ec:cd:72:4c:b9:04:a7:0d:62:f7:04:a2:9f:af:04:
         0f:1c:9f:83:0e:4d:ef:03:35:38:47:e8:17:15:2a:15:56:98:
         40:02:12:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4erOR+tFEE2m4k/a+cpniDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzA4MTUyNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmIxNDY0YTU0ZTI5YzY5ODAyZWY1MzU4ZWM2ZDA4MGFiYmNkOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQpoqQArKV5XdlTVaE3xXAogU0hc
MtHe6/xErNajvpYuAsL1fTNfbRp/GE/jN7yaLmEJxyrfKiVpZ/P4dEJUbfXyNJDN
cxIwNHL/n6dWbCKZraK9jwoamOGlzNoxJBfi8b2vCSdgPMT0qi8fYxPQsA+uTh7P
vrE0MsSDoSK4kKJe/wOHEV/j5mIJ/EyBgMHN+fdw/97K+5aGhmuEjrwKTMmrXdJc
Gv1YrloW6DT7ojkgmQXNQnNoszJ/2+M8Z2QdXVrEK8cYStOab4G/6vKc3pgFmPYf
D1Sst5t2SMrdWigjW0lYdEQbzbM0+antoIT76OrlW4mGwaEt5CWOZpvMIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDKxRkpU4pxpgC71NY7G0ICrvNjWMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvTXJGR1NsVGluR21BTHZVMWpzYlFnS3U4Mk5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuS6vAwQA
uaFPMA0GCSqGSIb3DQEBCwUAA4IBAQBLcq08Akn8htrPiaOM+Ani1h1kXjErurQ5
issXZONmhBu3psUU+uiRfoCab9JhYwOEmJcY6YvxsDuDK/DiMnQRZQ8Pdr1VOES6
D/5CrUBe+6OatHOPqi53BwLC98J1/LvqgT4Xu8pVgsOtllHXFUFCOe5WOaqgqpy+
+VVIP9a2s+0bgHs77rnqbRxJZya+t2OtlY2fJbWsfKHykV+hAAaVVM3n8StkOZec
d6YS9OlitPa+G4mZNuxsdawtNSS6OpLCZ6PfjWaD0BH5UOO1NgZ22m7MrrRjudE8
YxvszXJMuQSnDWL3BKKfrwQPHJ+DDk3vAzU4R+gXFSoVVphAAhIy
-----END CERTIFICATE-----