Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/MgZOg0ktgm5JwqLTG2VzoZNqODE.roa
File:                     MgZOg0ktgm5JwqLTG2VzoZNqODE.roa (raw, json)
Hash identifier:          VEBp/uNwKrFwVVYoEQpyaCC7wdRNu65/ank+2GwYngI=
Subject key identifier:   32:06:4E:83:49:2D:82:6E:49:C2:A2:D3:1B:65:73:A1:93:6A:38:31
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E2F654E38FDBB760A5295CC86D0D
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/MgZOg0ktgm5JwqLTG2VzoZNqODE.roa
Signing time:             Fri 07 Jun 2024 13:52:28 +0000
ROA not before:           Fri 07 Jun 2024 13:52:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204707
IP address blocks:        94.131.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e2:f6:54:e3:8f:db:b7:60:a5:29:5c:c8:6d:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32064e83492d826e49c2a2d31b6573a1936a3831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d4:1d:c8:04:ad:0b:fc:13:e4:b2:77:c6:16:
                    cd:f1:87:0b:01:a6:6d:cc:83:f0:fc:f0:db:f5:c9:
                    40:30:e1:47:5a:eb:2d:4a:c7:63:59:8b:06:7f:6e:
                    0e:eb:a5:5c:15:2a:a3:02:a4:7f:9b:d1:01:90:77:
                    77:51:f8:39:05:38:8b:b9:d5:94:ef:95:60:ff:93:
                    2d:0e:ce:94:ce:cd:86:44:46:b0:58:66:85:3d:60:
                    7c:1b:c0:d6:26:dd:ab:32:be:01:25:d1:17:e7:2d:
                    e9:2d:66:98:5e:b6:38:ec:82:6f:00:01:40:22:3d:
                    0f:59:11:7f:3a:1a:f0:c3:75:a4:28:b1:94:2c:74:
                    5e:4d:b3:ae:31:7d:03:7e:a0:03:d3:49:54:1c:dd:
                    d0:71:ea:43:da:bf:30:c8:28:51:cd:dd:c2:9b:7b:
                    b2:b0:c7:00:8b:78:73:12:8d:7d:4b:32:68:02:67:
                    a7:86:d8:a1:73:64:04:76:66:49:11:ac:8c:70:9f:
                    4c:c9:fc:80:77:96:7d:4c:eb:4a:08:85:3c:39:f7:
                    52:b6:03:01:4d:82:2f:ba:6f:e0:cb:57:e4:56:ea:
                    9a:6f:99:3c:ca:ea:fc:23:0c:72:99:3c:ab:46:74:
                    a7:04:c0:b7:79:d4:c4:d4:d8:5b:fb:e6:cc:af:6d:
                    04:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:06:4E:83:49:2D:82:6E:49:C2:A2:D3:1B:65:73:A1:93:6A:38:31
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/MgZOg0ktgm5JwqLTG2VzoZNqODE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:fe:be:a8:d5:46:5d:da:77:61:4d:5f:fd:94:9d:1d:18:80:
         a1:35:0c:69:fe:ee:ba:e2:50:30:9c:6f:91:af:56:29:af:3e:
         d2:c8:6f:8d:9d:b8:df:8d:18:59:5a:cd:3c:47:e3:a6:8c:8f:
         07:f5:c4:28:ee:50:47:9a:94:e9:a7:19:f0:da:3c:af:94:7b:
         98:e0:05:5b:32:d2:f7:ff:d4:e0:b2:10:72:a7:d5:ce:6c:70:
         95:15:40:ed:68:63:72:ac:93:f8:8c:8e:98:63:ef:6c:e1:31:
         f6:a0:82:db:d0:f5:8d:87:2a:86:a9:63:65:a8:30:06:a4:2a:
         b6:6e:30:92:7f:35:a9:9a:49:f4:6e:3a:5d:3b:93:d3:24:bb:
         f7:83:4a:fc:f6:1d:bd:11:93:8b:fa:76:55:d1:04:62:99:95:
         56:36:69:4f:1c:33:93:ce:1d:1b:d2:09:9c:d3:28:e6:c5:4f:
         04:d4:20:9f:29:31:36:f4:16:84:7a:bc:a2:1b:b0:1a:83:ae:
         b9:ac:48:4e:0d:27:29:57:d2:c5:03:5e:8f:ef:fd:b3:61:4d:
         ef:21:9a:aa:5a:3b:21:e9:e9:e9:ed:8b:f6:f1:e9:c7:d0:0a:
         ae:58:17:b6:ba:76:c7:93:2d:ea:48:30:78:27:a7:f8:3a:c7:
         71:34:c0:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/y+OL2VOOP27dgpSlcyG0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjA2NGU4MzQ5MmQ4MjZlNDljMmEyZDMxYjY1NzNhMTkzNmEzODMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudQdyAStC/wT5LJ3xhbN8YcLAaZt
zIPw/PDb9clAMOFHWustSsdjWYsGf24O66VcFSqjAqR/m9EBkHd3Ufg5BTiLudWU
75Vg/5MtDs6Uzs2GREawWGaFPWB8G8DWJt2rMr4BJdEX5y3pLWaYXrY47IJvAAFA
Ij0PWRF/Ohrww3WkKLGULHReTbOuMX0DfqAD00lUHN3QcepD2r8wyChRzd3Cm3uy
sMcAi3hzEo19SzJoAmenhtihc2QEdmZJEayMcJ9MyfyAd5Z9TOtKCIU8OfdStgMB
TYIvum/gy1fkVuqab5k8yur8IwxymTyrRnSnBMC3edTE1Nhb++bMr20E/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIGToNJLYJuScKi0xtlc6GTajgxMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvTWdaT2cwa3RnbTVKd3FMVEcyVnpvWk5xT0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoPMMA0G
CSqGSIb3DQEBCwUAA4IBAQBD/r6o1UZd2ndhTV/9lJ0dGIChNQxp/u664lAwnG+R
r1Yprz7SyG+NnbjfjRhZWs08R+OmjI8H9cQo7lBHmpTppxnw2jyvlHuY4AVbMtL3
/9TgshByp9XObHCVFUDtaGNyrJP4jI6YY+9s4TH2oILb0PWNhyqGqWNlqDAGpCq2
bjCSfzWpmkn0bjpdO5PTJLv3g0r89h29EZOL+nZV0QRimZVWNmlPHDOTzh0b0gmc
0yjmxU8E1CCfKTE29BaEeryiG7Aag665rEhODScpV9LFA16P7/2zYU3vIZqqWjsh
6enp7Yv28enH0AquWBe2unbHky3qSDB4J6f4OsdxNMBq
-----END CERTIFICATE-----