Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/MmAJyfU_dlt0do8CX6diN-YJ_Oc.roa
File:                     MmAJyfU_dlt0do8CX6diN-YJ_Oc.roa (raw, json)
Hash identifier:          XGfGceySHzAO2kpdGgs6YXRG5WX21WUR9vxGSsqNbCw=
Subject key identifier:   32:60:09:C9:F5:3F:76:5B:74:76:8F:02:5F:A7:62:37:E6:09:FC:E7
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80123891E674407F0F0511C14BD5469
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/MmAJyfU_dlt0do8CX6diN-YJ_Oc.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15818
IP address blocks:        159.148.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:23:89:1e:67:44:07:f0:f0:51:1c:14:bd:54:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=326009c9f53f765b74768f025fa76237e609fce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:68:61:5c:89:ba:a4:cb:57:dc:01:18:ae:1a:
                    75:5a:f5:ba:60:42:79:62:eb:7b:72:d9:90:3e:80:
                    d8:d3:27:32:69:78:f1:1a:b5:44:0f:11:38:0c:f4:
                    31:be:82:b1:35:b7:d1:76:43:16:47:ed:f9:10:11:
                    a7:a6:bc:c6:2f:93:02:79:f5:e4:58:fb:b5:6c:7f:
                    b6:d5:bd:65:3c:ac:92:43:6d:e8:28:b7:df:9e:92:
                    71:75:b0:a1:5e:6c:42:c0:6c:82:ca:1e:79:ee:a3:
                    2f:e0:6b:a5:05:83:b1:af:96:4e:f7:10:a3:e8:da:
                    02:4c:c7:e8:68:67:11:1b:07:f7:03:8f:26:4e:9c:
                    99:d8:eb:8d:f8:51:9b:34:5b:81:7e:c7:9d:b0:d1:
                    b2:02:9b:cc:34:12:dc:6c:e9:3c:c4:3f:f5:0f:15:
                    81:84:af:26:d9:2f:8f:83:e3:25:95:9c:83:97:68:
                    f4:a8:9d:5d:44:8b:f9:6a:b0:66:01:48:46:9a:fd:
                    d6:e2:5a:f5:12:67:33:a8:60:76:ac:6e:82:a0:b5:
                    66:bc:62:0e:84:15:35:19:79:80:43:dd:13:f9:fd:
                    3b:3a:d8:86:1d:43:8c:e1:ef:b8:b0:71:4b:2b:c6:
                    c6:42:96:b9:1a:9b:43:2d:6e:cf:7a:fb:f0:20:5b:
                    9f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:60:09:C9:F5:3F:76:5B:74:76:8F:02:5F:A7:62:37:E6:09:FC:E7
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/MmAJyfU_dlt0do8CX6diN-YJ_Oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:4c:ea:2d:f8:25:2d:31:1c:f0:78:3a:1c:e6:d2:f7:ef:10:
         90:33:c8:a6:b5:69:92:6a:aa:12:12:60:f9:25:60:4b:15:68:
         98:b4:c9:0d:4d:17:6c:54:c7:59:aa:50:34:5e:91:be:68:be:
         05:fc:c4:1b:8e:12:1e:65:eb:10:ae:4b:86:30:4f:43:d5:58:
         68:02:61:4b:ed:8f:b5:96:36:d9:6b:55:5e:07:ba:6c:4d:3b:
         55:f0:69:e3:56:5d:f0:2a:10:7f:b0:1f:25:f3:78:e6:8e:c7:
         5f:82:eb:7d:e6:b8:b2:70:e3:28:f3:57:47:bd:b4:8d:d0:2f:
         08:79:a0:62:5f:b9:31:aa:8d:e4:fc:28:3b:24:a3:0c:28:13:
         8b:1b:e3:05:aa:a1:1b:ba:22:80:5f:29:46:f3:6e:2e:61:4f:
         f5:dd:c7:15:ff:6f:57:14:32:ba:8b:08:aa:f6:a8:2f:cc:52:
         3e:18:3d:09:c0:b6:f2:f3:2a:cb:6c:da:82:bf:81:30:b4:2d:
         8a:12:fd:73:05:f5:d7:5b:ca:53:ce:3b:a2:8a:9b:f1:e5:e2:
         23:59:2f:f4:3c:93:26:ba:a5:7e:01:78:b9:9e:95:da:51:3e:
         d9:dc:12:9d:96:3b:32:2c:a8:81:56:94:3d:da:c6:80:6c:54:
         2f:a5:70:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASOJHmdEB/DwURwUvVRpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjYwMDljOWY1M2Y3NjViNzQ3NjhmMDI1ZmE3NjIzN2U2MDlmY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomhhXIm6pMtX3AEYrhp1WvW6YEJ5
Yut7ctmQPoDY0ycyaXjxGrVEDxE4DPQxvoKxNbfRdkMWR+35EBGnprzGL5MCefXk
WPu1bH+21b1lPKySQ23oKLffnpJxdbChXmxCwGyCyh557qMv4GulBYOxr5ZO9xCj
6NoCTMfoaGcRGwf3A48mTpyZ2OuN+FGbNFuBfsedsNGyApvMNBLcbOk8xD/1DxWB
hK8m2S+Pg+MllZyDl2j0qJ1dRIv5arBmAUhGmv3W4lr1EmczqGB2rG6CoLVmvGIO
hBU1GXmAQ90T+f07OtiGHUOM4e+4sHFLK8bGQpa5GptDLW7PevvwIFufNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJgCcn1P3ZbdHaPAl+nYjfmCfznMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvTW1BSnlmVV9kbHQwZG84Q1g2ZGlOLVlKX09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5RaMA0G
CSqGSIb3DQEBCwUAA4IBAQClTOot+CUtMRzweDoc5tL37xCQM8imtWmSaqoSEmD5
JWBLFWiYtMkNTRdsVMdZqlA0XpG+aL4F/MQbjhIeZesQrkuGME9D1VhoAmFL7Y+1
ljbZa1VeB7psTTtV8GnjVl3wKhB/sB8l83jmjsdfgut95riycOMo81dHvbSN0C8I
eaBiX7kxqo3k/Cg7JKMMKBOLG+MFqqEbuiKAXylG824uYU/13ccV/29XFDK6iwiq
9qgvzFI+GD0JwLby8yrLbNqCv4EwtC2KEv1zBfXXW8pTzjuiipvx5eIjWS/0PJMm
uqV+AXi5npXaUT7Z3BKdljsyLKiBVpQ92saAbFQvpXCN
-----END CERTIFICATE-----