Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/Mxd-3hzbMgrofSbAlf1PCLAOx9E.roa
File:                     Mxd-3hzbMgrofSbAlf1PCLAOx9E.roa (raw, json)
Hash identifier:          +UNe16m3v6kAWsTmo+BSfNubz54T8NoWKFzGOYyBRD4=
Subject key identifier:   33:17:7E:DE:1C:DB:32:0A:E8:7D:26:C0:95:FD:4F:08:B0:0E:C7:D1
Certificate issuer:       /CN=406f014a2bc76ae04e6d304d06aacbfc8e85d514
Certificate serial:       018CC492CB53FC636C3EB42A097AC3634D69
Authority key identifier: 40:6F:01:4A:2B:C7:6A:E0:4E:6D:30:4D:06:AA:CB:FC:8E:85:D5:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/Mxd-3hzbMgrofSbAlf1PCLAOx9E.roa
Signing time:             Mon 01 Jan 2024 10:30:03 +0000
ROA not before:           Mon 01 Jan 2024 10:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34136
IP address blocks:        195.234.76.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:cb:53:fc:63:6c:3e:b4:2a:09:7a:c3:63:4d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=406f014a2bc76ae04e6d304d06aacbfc8e85d514
        Validity
            Not Before: Jan  1 10:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33177ede1cdb320ae87d26c095fd4f08b00ec7d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:94:36:58:3b:ac:f7:01:a9:44:3f:66:2b:6f:
                    83:80:b9:10:3f:aa:7b:d8:0d:ad:56:35:72:22:5c:
                    79:75:2e:92:39:27:3e:d0:7e:a7:8d:3d:4f:82:3d:
                    47:8d:e0:4b:96:56:57:2a:dd:ca:29:a5:d2:a6:e5:
                    01:80:54:9e:fd:1d:24:76:47:9f:4e:5c:e2:e8:07:
                    03:31:6b:a2:56:3d:93:71:b3:ab:99:f0:f5:3f:ca:
                    fb:16:82:d9:95:8d:fd:c9:66:1a:36:36:79:73:8e:
                    b8:29:31:49:de:8e:3d:8c:50:ef:27:b7:fb:ac:8d:
                    82:49:cb:d2:af:3f:12:fa:a2:a4:76:a8:3c:4c:66:
                    6f:2a:0d:fa:f2:e7:2b:21:fb:e2:08:56:f0:b5:05:
                    34:56:6b:5a:ac:cb:17:a2:c7:a9:1c:40:02:82:d0:
                    35:f2:47:fe:bb:99:98:3d:49:2a:b9:7a:80:6a:42:
                    10:40:a3:66:3d:1c:5b:e5:d4:5f:48:09:8b:e5:d2:
                    cc:c0:f1:16:38:3c:17:1d:2c:5e:36:84:37:91:c3:
                    de:5b:3e:17:e3:33:67:50:b0:5b:bb:f7:eb:b3:5b:
                    3a:44:3c:52:5b:09:cc:51:32:b6:48:f3:34:54:73:
                    7b:21:1b:10:5d:e0:00:2a:92:c8:1e:c6:c4:e8:cc:
                    b0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:17:7E:DE:1C:DB:32:0A:E8:7D:26:C0:95:FD:4F:08:B0:0E:C7:D1
            X509v3 Authority Key Identifier:
                keyid:40:6F:01:4A:2B:C7:6A:E0:4E:6D:30:4D:06:AA:CB:FC:8E:85:D5:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QG8BSivHauBObTBNBqrL_I6F1RQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/Mxd-3hzbMgrofSbAlf1PCLAOx9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3caa-313e-4683-84db-9ee5a78ec57b/1/QG8BSivHauBObTBNBqrL_I6F1RQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:cf:3e:b9:d7:aa:02:af:94:89:51:32:85:52:d4:1c:c5:96:
         5c:98:5b:0e:9d:58:42:d8:26:d4:fd:1b:2d:f1:79:ef:e4:61:
         d7:2b:36:f0:af:36:7a:ac:94:66:52:11:b1:1c:ef:d9:05:b3:
         ac:9f:d1:b5:17:ef:63:9a:5b:06:1e:4c:7f:1d:03:c2:ff:ab:
         04:03:f4:be:10:22:39:87:8d:03:d1:f5:c8:7c:29:f5:74:f6:
         aa:1c:7d:57:27:d0:59:36:0b:21:55:27:dc:00:66:06:6c:61:
         6d:6c:6f:38:86:19:31:1e:0a:d6:e8:69:e8:62:5c:ff:94:f4:
         29:5b:90:85:53:0f:bd:48:9c:1a:bd:51:60:6d:b8:d4:19:a8:
         55:bc:35:95:7b:e6:d1:be:1f:05:57:00:e8:7f:92:a6:ed:10:
         02:f4:54:8f:49:6a:49:c7:88:5c:2b:82:21:3e:8c:18:47:97:
         91:90:ee:b8:0b:bb:73:87:dd:bc:c5:98:c4:a4:86:46:81:5a:
         fc:5b:2e:53:be:99:77:bc:e9:41:68:79:8c:1b:68:be:95:65:
         f7:fa:0f:0a:17:e1:07:10:4e:88:ee:53:4e:04:dd:9d:c0:a1:
         13:55:4a:b9:31:68:01:90:45:f4:2e:a5:41:b9:cc:bf:eb:f9:
         09:6d:d3:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkstT/GNsPrQqCXrDY01pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNmYwMTRhMmJjNzZhZTA0ZTZkMzA0ZDA2YWFjYmZjOGU4
NWQ1MTQwHhcNMjQwMTAxMTAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzE3N2VkZTFjZGIzMjBhZTg3ZDI2YzA5NWZkNGYwOGIwMGVjN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppQ2WDus9wGpRD9mK2+DgLkQP6p7
2A2tVjVyIlx5dS6SOSc+0H6njT1Pgj1HjeBLllZXKt3KKaXSpuUBgFSe/R0kdkef
Tlzi6AcDMWuiVj2TcbOrmfD1P8r7FoLZlY39yWYaNjZ5c464KTFJ3o49jFDvJ7f7
rI2CScvSrz8S+qKkdqg8TGZvKg368ucrIfviCFbwtQU0VmtarMsXosepHEACgtA1
8kf+u5mYPUkquXqAakIQQKNmPRxb5dRfSAmL5dLMwPEWODwXHSxeNoQ3kcPeWz4X
4zNnULBbu/frs1s6RDxSWwnMUTK2SPM0VHN7IRsQXeAAKpLIHsbE6MywfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMXft4c2zIK6H0mwJX9TwiwDsfRMB8GA1UdIwQY
MBaAFEBvAUorx2rgTm0wTQaqy/yOhdUUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUc4QlNpdkhhdUJPYlRCTkJxckxfSTZGMVJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjNjYWEtMzEzZS00NjgzLTg0ZGIt
OWVlNWE3OGVjNTdiLzEvTXhkLTNoemJNZ3JvZlNiQWxmMVBDTEFPeDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjNjYWEtMzEzZS00NjgzLTg0ZGItOWVlNWE3OGVjNTdi
LzEvUUc4QlNpdkhhdUJPYlRCTkJxckxfSTZGMVJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+pMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqzz6516oCr5SJUTKFUtQcxZZcmFsOnVhC2CbU/Rst
8Xnv5GHXKzbwrzZ6rJRmUhGxHO/ZBbOsn9G1F+9jmlsGHkx/HQPC/6sEA/S+ECI5
h40D0fXIfCn1dPaqHH1XJ9BZNgshVSfcAGYGbGFtbG84hhkxHgrW6GnoYlz/lPQp
W5CFUw+9SJwavVFgbbjUGahVvDWVe+bRvh8FVwDof5Km7RAC9FSPSWpJx4hcK4Ih
PowYR5eRkO64C7tzh928xZjEpIZGgVr8Wy5Tvpl3vOlBaHmMG2i+lWX3+g8KF+EH
EE6I7lNOBN2dwKETVUq5MWgBkEX0LqVBucy/6/kJbdNS
-----END CERTIFICATE-----