Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MLB1bc9V-9e6_BAhTlkd4-4fri4.roa
File:                     MLB1bc9V-9e6_BAhTlkd4-4fri4.roa (raw, json)
Hash identifier:          uOJwmp6yJso2k/8Uwr5S4tEp6gMxacly39w9H/YwKsU=
Subject key identifier:   30:B0:75:6D:CF:55:FB:D7:BA:FC:10:21:4E:59:1D:E3:EE:1F:AE:2E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018F38F5FF4C05817086A89842A9BF90618A
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MLB1bc9V-9e6_BAhTlkd4-4fri4.roa
Signing time:             Thu 02 May 2024 10:59:56 +0000
ROA not before:           Thu 02 May 2024 10:59:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197464
IP address blocks:        2a0c:9a40:8580::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:f5:ff:4c:05:81:70:86:a8:98:42:a9:bf:90:61:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May  2 10:59:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30b0756dcf55fbd7bafc10214e591de3ee1fae2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7c:b0:c8:93:14:44:aa:be:9d:c7:85:a4:6e:
                    5b:17:6a:aa:76:56:84:19:9b:d6:1e:a8:19:7e:5f:
                    34:69:84:02:67:43:05:04:c7:a2:1d:3c:7a:e5:95:
                    2d:6e:e7:84:dd:41:ac:4a:e7:19:38:0a:b4:5a:02:
                    c8:13:cd:dc:e4:b6:5f:93:f3:d1:ec:e2:48:6e:58:
                    0c:bc:c4:58:b4:0d:fc:67:e5:bd:c1:f5:f7:76:c0:
                    46:36:d1:5e:a3:f1:e7:d1:11:cb:14:b0:96:ce:9b:
                    f0:3d:5e:50:a8:86:f4:3f:62:45:f1:50:58:59:75:
                    eb:ee:f2:96:29:60:85:2d:6f:9b:0d:0f:29:5c:ba:
                    cd:c9:26:a6:1f:a3:73:6d:de:9f:c2:f2:51:22:a5:
                    0d:a3:91:1d:60:d4:c0:82:ba:41:07:14:31:27:0b:
                    7a:12:cb:ba:8a:c5:d3:50:fa:31:57:5e:a3:eb:5f:
                    6a:5d:ab:73:e7:1f:32:63:3b:40:88:b7:a8:07:49:
                    b7:e1:ee:88:3e:d1:cb:c0:67:82:0c:42:a7:2e:93:
                    63:d3:36:c2:98:dc:b1:f1:a4:f9:d6:30:22:fc:1f:
                    0d:7f:19:3d:39:3d:6f:6a:1b:76:bb:c7:c3:27:30:
                    0d:3c:d5:78:6f:b2:9f:ca:34:e9:38:b7:2a:cc:55:
                    ff:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B0:75:6D:CF:55:FB:D7:BA:FC:10:21:4E:59:1D:E3:EE:1F:AE:2E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/MLB1bc9V-9e6_BAhTlkd4-4fri4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8580::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:9e:76:b6:cf:2a:c7:d4:6b:81:ac:68:42:2c:87:76:e6:2b:
         22:9a:20:94:ab:f1:bc:c2:e1:cb:5d:39:8c:0f:7f:c0:ec:60:
         c8:d7:33:fd:b1:f1:e8:91:0b:b2:42:86:a1:b8:16:e3:d4:70:
         dc:50:30:d1:dc:b6:91:dd:4d:2b:7b:35:9b:b2:61:5c:3c:58:
         9d:46:f0:b2:28:18:8b:67:24:89:8b:9a:ea:f2:ff:2f:d1:04:
         53:01:b9:b6:73:3c:a2:cb:83:bf:86:85:60:ae:61:28:6f:27:
         43:b7:10:38:6f:11:3c:a5:c0:de:a5:41:e1:fa:f0:01:c3:74:
         f3:0c:e1:82:47:0b:b4:7a:fc:84:a4:a4:87:13:6d:a5:33:34:
         fc:62:6d:36:d4:b6:17:46:c7:bb:84:25:48:13:a0:99:ad:b7:
         50:fe:57:06:60:7c:9a:80:9c:c2:71:6e:ed:32:02:fc:6e:c5:
         05:7a:fc:58:f7:60:7e:31:ff:df:e3:0f:99:a7:f2:8d:62:52:
         b8:f4:8f:1a:47:ba:a5:04:f2:2c:e5:18:43:5d:a2:12:c0:91:
         f2:ad:6f:a8:14:d0:2a:11:b2:13:29:b5:b1:e5:dc:bf:5b:6d:
         8d:4e:12:37:a2:b2:62:87:c0:e7:20:44:3b:77:1b:08:c4:e9:
         dc:ac:ad:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY849f9MBYFwhqiYQqm/kGGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwNTAyMTA1OTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGIwNzU2ZGNmNTVmYmQ3YmFmYzEwMjE0ZTU5MWRlM2VlMWZhZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnywyJMURKq+nceFpG5bF2qqdlaE
GZvWHqgZfl80aYQCZ0MFBMeiHTx65ZUtbueE3UGsSucZOAq0WgLIE83c5LZfk/PR
7OJIblgMvMRYtA38Z+W9wfX3dsBGNtFeo/Hn0RHLFLCWzpvwPV5QqIb0P2JF8VBY
WXXr7vKWKWCFLW+bDQ8pXLrNySamH6Nzbd6fwvJRIqUNo5EdYNTAgrpBBxQxJwt6
Esu6isXTUPoxV16j619qXatz5x8yYztAiLeoB0m34e6IPtHLwGeCDEKnLpNj0zbC
mNyx8aT51jAi/B8Nfxk9OT1vaht2u8fDJzANPNV4b7KfyjTpOLcqzFX/vQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDCwdW3PVfvXuvwQIU5ZHePuH64uMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvTUxCMWJjOVYtOWU2X0JBaFRsa2Q0LTRmcmk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIWA
MA0GCSqGSIb3DQEBCwUAA4IBAQBsnna2zyrH1GuBrGhCLId25isimiCUq/G8wuHL
XTmMD3/A7GDI1zP9sfHokQuyQoahuBbj1HDcUDDR3LaR3U0rezWbsmFcPFidRvCy
KBiLZySJi5rq8v8v0QRTAbm2czyiy4O/hoVgrmEobydDtxA4bxE8pcDepUHh+vAB
w3TzDOGCRwu0evyEpKSHE22lMzT8Ym021LYXRse7hCVIE6CZrbdQ/lcGYHyagJzC
cW7tMgL8bsUFevxY92B+Mf/f4w+Zp/KNYlK49I8aR7qlBPIs5RhDXaISwJHyrW+o
FNAqEbITKbWx5dy/W22NThI3orJih8DnIEQ7dxsIxOncrK0k
-----END CERTIFICATE-----