Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/MSTk0rZzouSPYGI1gDaMA1y8I3w.roa
File:                     MSTk0rZzouSPYGI1gDaMA1y8I3w.roa (raw, json)
Hash identifier:          Ugr9tV3AUOQ6HNsmvPcAgWZ9bWT2X0968T/RlXcaMaw=
Subject key identifier:   31:24:E4:D2:B6:73:A2:E4:8F:60:62:35:80:36:8C:03:5C:BC:23:7C
Certificate issuer:       /CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
Certificate serial:       018CC726DA2618AEABFF19ABE8AE8B1DEB48
Authority key identifier: 03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/MSTk0rZzouSPYGI1gDaMA1y8I3w.roa
Signing time:             Mon 01 Jan 2024 22:31:01 +0000
ROA not before:           Mon 01 Jan 2024 22:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        217.197.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:da:26:18:ae:ab:ff:19:ab:e8:ae:8b:1d:eb:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
        Validity
            Not Before: Jan  1 22:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3124e4d2b673a2e48f60623580368c035cbc237c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d3:57:9c:cb:56:42:66:aa:ac:94:1a:5d:b9:
                    e9:40:cf:5f:45:80:c7:cb:2a:7b:4d:f2:28:7a:32:
                    79:e3:07:d5:bc:43:7f:45:35:2e:6c:25:79:fb:e3:
                    ca:49:4e:42:8e:7a:76:35:bf:6c:96:91:12:ab:4b:
                    f6:6a:44:24:f5:e8:ac:84:a2:df:12:0a:35:92:82:
                    9c:f3:71:c2:aa:b6:49:2c:21:e3:b2:3c:53:4f:7e:
                    94:2d:5d:49:ea:7a:4f:ff:25:3f:2a:62:63:a9:57:
                    6e:e6:fd:8f:8e:fc:2f:24:15:99:ef:ed:40:ff:cc:
                    d1:2a:e2:59:96:76:d5:67:ae:35:52:9d:4e:95:28:
                    50:ff:0f:57:56:fa:2a:48:25:84:ad:17:3a:72:68:
                    98:41:76:96:9e:f3:af:b9:2b:ee:0a:59:24:85:a9:
                    9f:3d:04:d9:8e:af:bf:0a:14:3f:91:c4:06:b1:a7:
                    e7:80:f0:27:30:a4:09:6f:9d:c5:8e:f8:e5:5b:d0:
                    6e:74:44:a2:d6:68:66:a8:76:11:9a:c1:a7:06:f3:
                    9f:68:01:2e:e6:d9:04:6a:38:a1:40:39:d6:12:74:
                    93:3e:0c:37:20:00:67:c3:b1:38:28:9b:c8:b3:8c:
                    02:c9:94:20:47:c8:5a:93:f1:48:a4:b0:f4:c8:b8:
                    0c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:24:E4:D2:B6:73:A2:E4:8F:60:62:35:80:36:8C:03:5C:BC:23:7C
            X509v3 Authority Key Identifier:
                keyid:03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/MSTk0rZzouSPYGI1gDaMA1y8I3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:cf:fc:c9:fd:08:e8:4e:2c:68:36:21:ac:c8:31:28:f5:9b:
         a7:ac:24:22:21:c7:56:af:3b:65:f3:75:6d:a9:ba:5d:32:ac:
         e6:3a:9a:d8:6f:0d:09:a2:c6:bd:6e:07:9e:f2:f8:bb:c8:18:
         92:77:a7:c1:94:6b:7d:9b:ba:fd:f6:2f:d8:2f:04:74:f5:30:
         dc:21:58:d4:ff:ac:20:6d:c2:6d:b9:76:8d:fe:8e:a2:9b:1c:
         aa:33:e1:27:ae:dd:c1:f8:36:2c:a0:6c:9c:da:2c:44:67:d3:
         ae:9f:2f:3f:8c:b8:5c:f7:60:b8:15:9d:51:d0:ab:26:7c:10:
         4c:2e:8e:b6:11:c2:45:48:71:80:97:34:9e:56:48:7e:8c:b3:
         77:0f:1e:71:b5:e9:1a:8f:bd:ba:42:26:c6:65:22:8b:2b:08:
         57:64:a0:dd:84:5b:fe:e4:71:d8:ec:44:7b:ad:ce:fa:7d:cf:
         91:d4:cb:6c:f0:49:f1:dd:fa:49:06:a7:28:7f:c2:fd:a7:8e:
         ab:4b:7a:59:21:c1:71:17:29:e6:45:9a:f1:87:cb:d3:de:a0:
         ff:df:98:8d:00:fe:d7:20:ee:d2:5e:e6:59:0a:91:93:eb:02:
         66:f4:47:10:27:fc:8b:71:82:e0:bb:e9:8f:9b:bc:7e:f8:5f:
         fe:33:e4:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJtomGK6r/xmr6K6LHetIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2JkYjA1OTVmYzQ4OTAyOTM4YTc4ZjQyYzFlYWYwYTE1
OWJmNDYwHhcNMjQwMTAxMjIzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI0ZTRkMmI2NzNhMmU0OGY2MDYyMzU4MDM2OGMwMzVjYmMyMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNNXnMtWQmaqrJQaXbnpQM9fRYDH
yyp7TfIoejJ54wfVvEN/RTUubCV5++PKSU5Cjnp2Nb9slpESq0v2akQk9eishKLf
Ego1koKc83HCqrZJLCHjsjxTT36ULV1J6npP/yU/KmJjqVdu5v2PjvwvJBWZ7+1A
/8zRKuJZlnbVZ641Up1OlShQ/w9XVvoqSCWErRc6cmiYQXaWnvOvuSvuClkkhamf
PQTZjq+/ChQ/kcQGsafngPAnMKQJb53FjvjlW9BudESi1mhmqHYRmsGnBvOfaAEu
5tkEajihQDnWEnSTPgw3IABnw7E4KJvIs4wCyZQgR8hak/FIpLD0yLgMFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEk5NK2c6Lkj2BiNYA2jANcvCN8MB8GA1UdIwQY
MBaAFAPL2wWV/EiQKTinj0LB6vChWb9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYt
ZjY2MTM4MDY2MzU4LzEvTVNUazByWnpvdVNQWUdJMWdEYU1BMXk4STN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYtZjY2MTM4MDY2MzU4
LzEvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cVvMA0G
CSqGSIb3DQEBCwUAA4IBAQBFz/zJ/QjoTixoNiGsyDEo9ZunrCQiIcdWrztl83Vt
qbpdMqzmOprYbw0Josa9bgee8vi7yBiSd6fBlGt9m7r99i/YLwR09TDcIVjU/6wg
bcJtuXaN/o6imxyqM+Enrt3B+DYsoGyc2ixEZ9Ouny8/jLhc92C4FZ1R0KsmfBBM
Lo62EcJFSHGAlzSeVkh+jLN3Dx5xtekaj726QibGZSKLKwhXZKDdhFv+5HHY7ER7
rc76fc+R1Mts8Enx3fpJBqcof8L9p46rS3pZIcFxFynmRZrxh8vT3qD/35iNAP7X
IO7SXuZZCpGT6wJm9EcQJ/yLcYLgu+mPm7x++F/+M+Q4
-----END CERTIFICATE-----