Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/76ddd7-0af2-43ce-9859-6bc8394656b7/1/MKK8n36m1oywESMa6bR5-_Fd6JY.roa
File:                     MKK8n36m1oywESMa6bR5-_Fd6JY.roa (raw, json)
Hash identifier:          ScwPVFHc9mteKST5jWWngkkiSueFxnEmbAW+yVaKLm4=
Subject key identifier:   30:A2:BC:9F:7E:A6:D6:8C:B0:11:23:1A:E9:B4:79:FB:F1:5D:E8:96
Certificate issuer:       /CN=cf26c91af0ab2668a3601b2d957dc4ce002d5986
Certificate serial:       018CC9BC60FEF435D302F6B93E21F8E42513
Authority key identifier: CF:26:C9:1A:F0:AB:26:68:A3:60:1B:2D:95:7D:C4:CE:00:2D:59:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zybJGvCrJmijYBstlX3EzgAtWYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/76ddd7-0af2-43ce-9859-6bc8394656b7/1/MKK8n36m1oywESMa6bR5-_Fd6JY.roa
Signing time:             Tue 02 Jan 2024 10:33:35 +0000
ROA not before:           Tue 02 Jan 2024 10:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208011
IP address blocks:        194.156.190.0/23 maxlen: 24
                          194.156.198.0/23 maxlen: 24
                          2a0f:43c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/76ddd7-0af2-43ce-9859-6bc8394656b7/1/zybJGvCrJmijYBstlX3EzgAtWYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/76ddd7-0af2-43ce-9859-6bc8394656b7/1/zybJGvCrJmijYBstlX3EzgAtWYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zybJGvCrJmijYBstlX3EzgAtWYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:60:fe:f4:35:d3:02:f6:b9:3e:21:f8:e4:25:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf26c91af0ab2668a3601b2d957dc4ce002d5986
        Validity
            Not Before: Jan  2 10:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30a2bc9f7ea6d68cb011231ae9b479fbf15de896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7b:09:04:4b:2c:e7:68:ce:3f:a1:63:bd:d8:
                    aa:6f:60:89:35:e0:dc:bd:18:25:42:74:e2:6c:3c:
                    20:34:62:a3:59:01:4c:03:d7:7c:29:5c:04:f5:20:
                    52:fa:fb:44:a2:21:5e:91:3c:be:7b:8a:f0:e0:b8:
                    1e:07:cf:1c:43:f6:37:d2:1d:6e:67:a9:2e:b3:93:
                    88:4b:f6:41:18:f6:07:42:c2:59:cb:f6:7b:63:65:
                    5e:1d:36:0e:12:c7:55:08:fe:01:bd:a3:d1:1e:55:
                    b5:ac:6f:56:82:07:e4:d9:c0:fa:3e:19:ba:52:fc:
                    9e:6e:ab:ab:44:9c:67:3b:4d:b5:bb:77:99:78:d3:
                    f0:a5:22:0a:75:8d:1f:96:e2:e0:9a:11:a2:e5:b0:
                    4e:ec:05:58:3a:81:c0:72:50:c9:6b:1d:8e:d3:84:
                    e0:72:d5:67:0c:76:eb:70:28:17:7b:6f:bc:77:4b:
                    7d:c1:1e:03:6a:1e:6f:c9:30:50:a8:ab:78:18:c7:
                    34:63:6e:c6:92:b5:f5:97:79:31:5a:2e:9f:8f:1d:
                    02:89:0a:11:bc:17:9b:1f:9c:21:a3:ba:f2:18:0a:
                    42:1a:bf:91:cb:9a:76:04:64:22:2d:a3:b8:99:9e:
                    36:ff:1f:27:61:a8:92:83:cb:b4:98:c4:c2:72:5b:
                    6f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A2:BC:9F:7E:A6:D6:8C:B0:11:23:1A:E9:B4:79:FB:F1:5D:E8:96
            X509v3 Authority Key Identifier:
                keyid:CF:26:C9:1A:F0:AB:26:68:A3:60:1B:2D:95:7D:C4:CE:00:2D:59:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zybJGvCrJmijYBstlX3EzgAtWYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/76ddd7-0af2-43ce-9859-6bc8394656b7/1/MKK8n36m1oywESMa6bR5-_Fd6JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/76ddd7-0af2-43ce-9859-6bc8394656b7/1/zybJGvCrJmijYBstlX3EzgAtWYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.190.0/23
                  194.156.198.0/23
                IPv6:
                  2a0f:43c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:ca:97:24:57:1a:65:bb:8a:5f:cc:65:f3:58:24:e7:17:46:
         70:90:80:77:9a:84:11:37:14:c2:a0:fc:b4:52:8f:fb:00:bf:
         ac:e8:57:e8:52:a8:55:08:dc:78:71:57:ff:93:40:2a:15:39:
         62:17:8a:28:6a:90:2f:be:31:86:93:50:85:67:c9:66:79:db:
         18:c0:c3:2e:8f:43:a3:cb:0c:c9:70:0a:f8:20:6d:f2:c2:ab:
         98:73:65:c1:33:5a:47:6e:a0:eb:1a:4d:68:92:6b:ce:09:49:
         d2:25:65:fe:a2:f8:29:3b:00:b8:75:e5:ff:82:03:f9:96:6e:
         cb:b3:6a:35:4f:e8:3d:76:10:40:e8:34:33:f8:f7:56:82:3b:
         5f:20:62:ac:ae:e4:02:9a:c8:23:a4:72:1f:4f:0a:14:28:55:
         3e:ab:5c:fe:36:63:dc:73:a0:99:03:c4:79:07:69:7f:e4:f7:
         15:21:23:15:86:aa:33:7a:19:bd:fd:2f:1c:68:92:85:36:7f:
         fc:87:35:c0:54:95:eb:1c:94:b8:79:1e:47:e5:ed:12:53:7e:
         1f:b2:6d:35:73:67:4e:b1:21:a8:f4:a7:34:08:a5:7a:63:7b:
         be:76:be:2d:f6:f9:4e:d5:87:af:bd:99:a7:08:35:90:a8:a8:
         4f:fb:e4:08
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvGD+9DXTAva5PiH45CUTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMjZjOTFhZjBhYjI2NjhhMzYwMWIyZDk1N2RjNGNlMDAy
ZDU5ODYwHhcNMjQwMTAyMTAzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEyYmM5ZjdlYTZkNjhjYjAxMTIzMWFlOWI0NzlmYmYxNWRlODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHsJBEss52jOP6Fjvdiqb2CJNeDc
vRglQnTibDwgNGKjWQFMA9d8KVwE9SBS+vtEoiFekTy+e4rw4LgeB88cQ/Y30h1u
Z6kus5OIS/ZBGPYHQsJZy/Z7Y2VeHTYOEsdVCP4BvaPRHlW1rG9Wggfk2cD6Phm6
UvyebqurRJxnO021u3eZeNPwpSIKdY0fluLgmhGi5bBO7AVYOoHAclDJax2O04Tg
ctVnDHbrcCgXe2+8d0t9wR4Dah5vyTBQqKt4GMc0Y27GkrX1l3kxWi6fjx0CiQoR
vBebH5who7ryGApCGr+Ry5p2BGQiLaO4mZ42/x8nYaiSg8u0mMTCcltv9wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDCivJ9+ptaMsBEjGum0efvxXeiWMB8GA1UdIwQY
MBaAFM8myRrwqyZoo2AbLZV9xM4ALVmGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenliSkd2Q3JKbWlqWUJzdGxYM0V6Z0F0V1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS83NmRkZDctMGFmMi00M2NlLTk4NTkt
NmJjODM5NDY1NmI3LzEvTUtLOG4zNm0xb3l3RVNNYTZiUjUtX0ZkNkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS83NmRkZDctMGFmMi00M2NlLTk4NTktNmJjODM5NDY1NmI3
LzEvenliSkd2Q3JKbWlqWUJzdGxYM0V6Z0F0V1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwpy+AwQB
wpzGMA0EAgACMAcDBQAqD0PAMA0GCSqGSIb3DQEBCwUAA4IBAQA0ypckVxplu4pf
zGXzWCTnF0ZwkIB3moQRNxTCoPy0Uo/7AL+s6FfoUqhVCNx4cVf/k0AqFTliF4oo
apAvvjGGk1CFZ8lmedsYwMMuj0OjywzJcAr4IG3ywquYc2XBM1pHbqDrGk1okmvO
CUnSJWX+ovgpOwC4deX/ggP5lm7Ls2o1T+g9dhBA6DQz+PdWgjtfIGKsruQCmsgj
pHIfTwoUKFU+q1z+NmPcc6CZA8R5B2l/5PcVISMVhqozehm9/S8caJKFNn/8hzXA
VJXrHJS4eR5H5e0SU34fsm01c2dOsSGo9Kc0CKV6Y3u+dr4t9vlO1YevvZmnCDWQ
qKhP++QI
-----END CERTIFICATE-----