Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/830b5c-b6c8-4979-a53e-494e26491796/1/MwvoWkWo9tPF3-ebrf8KhdhT5TM.roa
File:                     MwvoWkWo9tPF3-ebrf8KhdhT5TM.roa (raw, json)
Hash identifier:          J6S0Z4p2gfhxasiv/lLlbwcSkqpUsOSqdw4ILx8OJfc=
Subject key identifier:   33:0B:E8:5A:45:A8:F6:D3:C5:DF:E7:9B:AD:FF:0A:85:D8:53:E5:33
Certificate issuer:       /CN=e1006a06dc490997ff8fc3a42ecf389bed3dd178
Certificate serial:       018CC8017B2588743F1EB6B4D644D88D534F
Authority key identifier: E1:00:6A:06:DC:49:09:97:FF:8F:C3:A4:2E:CF:38:9B:ED:3D:D1:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4QBqBtxJCZf_j8OkLs84m-090Xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/830b5c-b6c8-4979-a53e-494e26491796/1/MwvoWkWo9tPF3-ebrf8KhdhT5TM.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        185.79.8.0/22 maxlen: 24
                          2a05:6c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/830b5c-b6c8-4979-a53e-494e26491796/1/4QBqBtxJCZf_j8OkLs84m-090Xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/830b5c-b6c8-4979-a53e-494e26491796/1/4QBqBtxJCZf_j8OkLs84m-090Xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4QBqBtxJCZf_j8OkLs84m-090Xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7b:25:88:74:3f:1e:b6:b4:d6:44:d8:8d:53:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1006a06dc490997ff8fc3a42ecf389bed3dd178
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=330be85a45a8f6d3c5dfe79badff0a85d853e533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:91:4a:35:71:c5:5d:14:f1:b4:69:ef:e0:e4:
                    fa:73:bb:50:99:25:94:b6:ce:7d:58:9d:16:ff:48:
                    d8:56:61:5d:4d:59:14:cb:48:2f:33:76:82:f8:a5:
                    1d:8b:88:b8:57:eb:7a:21:6a:36:a1:d3:35:5c:bb:
                    01:f3:31:a5:b7:fc:41:e9:b7:a0:e1:40:a1:4b:32:
                    eb:3e:90:56:5c:e7:ff:90:5a:8d:61:d0:f5:ba:0e:
                    fe:e3:fe:fe:14:ed:de:f8:62:6c:8c:5a:ec:b9:9d:
                    b6:a8:14:f9:de:69:5a:96:02:ee:23:a1:5c:d0:a6:
                    1e:e7:40:1e:a6:6d:68:e3:60:ff:18:44:62:e1:01:
                    c0:7f:2f:66:80:a9:75:a5:4f:69:b0:3f:4a:e2:7c:
                    00:7b:55:4d:53:29:45:c7:c7:e9:86:60:63:99:f5:
                    9c:b6:94:c0:ef:24:04:bd:1d:d3:3a:c3:d7:16:6b:
                    5b:b3:c7:0e:7f:ac:3d:d8:e0:6d:e3:da:5d:f8:61:
                    d0:c8:f5:75:c5:fc:14:90:7c:0a:61:af:dd:f7:d4:
                    95:13:0f:c6:8d:13:04:b3:c2:56:3f:01:49:65:4e:
                    1f:66:f4:9d:50:c5:4b:59:54:e0:aa:d8:b5:c3:58:
                    41:4b:65:78:10:39:6f:19:d6:69:74:cb:03:96:74:
                    69:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0B:E8:5A:45:A8:F6:D3:C5:DF:E7:9B:AD:FF:0A:85:D8:53:E5:33
            X509v3 Authority Key Identifier:
                keyid:E1:00:6A:06:DC:49:09:97:FF:8F:C3:A4:2E:CF:38:9B:ED:3D:D1:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4QBqBtxJCZf_j8OkLs84m-090Xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/830b5c-b6c8-4979-a53e-494e26491796/1/MwvoWkWo9tPF3-ebrf8KhdhT5TM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/830b5c-b6c8-4979-a53e-494e26491796/1/4QBqBtxJCZf_j8OkLs84m-090Xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.8.0/22
                IPv6:
                  2a05:6c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:55:55:d2:97:df:7f:41:25:77:8e:a8:3e:67:b2:c1:d3:f7:
         b3:be:d6:0d:28:6e:79:b8:24:9b:1c:6f:07:1e:04:03:2d:4f:
         31:78:5e:0e:2f:6b:d8:87:6b:3e:72:74:a8:06:38:2a:88:35:
         23:af:cb:14:8e:e4:c5:e2:99:76:37:6c:f1:93:66:c5:3d:76:
         11:19:94:19:2e:2b:f2:fa:8e:6a:15:dd:0b:0a:28:5d:6d:67:
         0e:e8:77:87:7c:59:4e:a2:20:5e:4e:ac:91:fa:05:d8:01:70:
         38:06:d2:28:e2:67:3b:bc:ae:ee:79:d8:e8:fe:53:4f:92:26:
         a0:d9:f6:72:63:66:b0:5d:43:bc:93:1e:5b:6c:73:d4:68:16:
         f6:29:56:7e:6b:7b:35:53:4a:8c:bb:fe:73:bc:29:1d:12:62:
         98:2e:8b:7a:63:ac:d1:8c:2d:3e:73:f9:32:39:c0:64:ec:d7:
         a7:41:86:3d:80:b0:94:12:f5:98:f7:90:9c:ae:8d:38:3b:6d:
         96:f4:3e:c0:f0:f9:25:5f:4a:fd:74:f0:27:01:de:28:f5:cf:
         2e:07:a1:37:4d:eb:9c:d0:d3:53:cb:af:16:fe:a6:6a:34:1d:
         da:1d:4e:81:a7:ab:8a:1a:38:7a:90:80:62:28:64:9a:ec:f7:
         f2:2f:68:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAXsliHQ/Hra01kTYjVNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMDA2YTA2ZGM0OTA5OTdmZjhmYzNhNDJlY2YzODliZWQz
ZGQxNzgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBiZTg1YTQ1YThmNmQzYzVkZmU3OWJhZGZmMGE4NWQ4NTNlNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpFKNXHFXRTxtGnv4OT6c7tQmSWU
ts59WJ0W/0jYVmFdTVkUy0gvM3aC+KUdi4i4V+t6IWo2odM1XLsB8zGlt/xB6beg
4UChSzLrPpBWXOf/kFqNYdD1ug7+4/7+FO3e+GJsjFrsuZ22qBT53mlalgLuI6Fc
0KYe50Aepm1o42D/GERi4QHAfy9mgKl1pU9psD9K4nwAe1VNUylFx8fphmBjmfWc
tpTA7yQEvR3TOsPXFmtbs8cOf6w92OBt49pd+GHQyPV1xfwUkHwKYa/d99SVEw/G
jRMEs8JWPwFJZU4fZvSdUMVLWVTgqti1w1hBS2V4EDlvGdZpdMsDlnRpeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDML6FpFqPbTxd/nm63/CoXYU+UzMB8GA1UdIwQY
MBaAFOEAagbcSQmX/4/DpC7POJvtPdF4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFFCcUJ0eEpDWmZfajhPa0xzODRtLTA5MFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84MzBiNWMtYjZjOC00OTc5LWE1M2Ut
NDk0ZTI2NDkxNzk2LzEvTXd2b1drV285dFBGMy1lYnJmOEtoZGhUNVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84MzBiNWMtYjZjOC00OTc5LWE1M2UtNDk0ZTI2NDkxNzk2
LzEvNFFCcUJ0eEpDWmZfajhPa0xzODRtLTA5MFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuU8IMA0E
AgACMAcDBQMqBWyAMA0GCSqGSIb3DQEBCwUAA4IBAQCOVVXSl99/QSV3jqg+Z7LB
0/ezvtYNKG55uCSbHG8HHgQDLU8xeF4OL2vYh2s+cnSoBjgqiDUjr8sUjuTF4pl2
N2zxk2bFPXYRGZQZLivy+o5qFd0LCihdbWcO6HeHfFlOoiBeTqyR+gXYAXA4BtIo
4mc7vK7uedjo/lNPkiag2fZyY2awXUO8kx5bbHPUaBb2KVZ+a3s1U0qMu/5zvCkd
EmKYLot6Y6zRjC0+c/kyOcBk7NenQYY9gLCUEvWY95Ccro04O22W9D7A8PklX0r9
dPAnAd4o9c8uB6E3Teuc0NNTy68W/qZqNB3aHU6Bp6uKGjh6kIBiKGSa7PfyL2ji
-----END CERTIFICATE-----