Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/MO-t3az7j_ZvuSRLymyjSDGlgcs.roa
File:                     MO-t3az7j_ZvuSRLymyjSDGlgcs.roa (raw, json)
Hash identifier:          4SsBBS12fw8sj3HVWDIHwRatT16CXX2vDli4UqK9fFU=
Subject key identifier:   30:EF:AD:DD:AC:FB:8F:F6:6F:B9:24:4B:CA:6C:A3:48:31:A5:81:CB
Certificate issuer:       /CN=283deba3b1305c9a48d374ba47369bf1f827ee08
Certificate serial:       018D22170970F4AA5C22AE5B1F2B02822263
Authority key identifier: 28:3D:EB:A3:B1:30:5C:9A:48:D3:74:BA:47:36:9B:F1:F8:27:EE:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KD3ro7EwXJpI03S6Rzab8fgn7gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/MO-t3az7j_ZvuSRLymyjSDGlgcs.roa
Signing time:             Fri 19 Jan 2024 14:19:11 +0000
ROA not before:           Fri 19 Jan 2024 14:19:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        87.236.200.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/KD3ro7EwXJpI03S6Rzab8fgn7gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/KD3ro7EwXJpI03S6Rzab8fgn7gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KD3ro7EwXJpI03S6Rzab8fgn7gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:17:09:70:f4:aa:5c:22:ae:5b:1f:2b:02:82:22:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=283deba3b1305c9a48d374ba47369bf1f827ee08
        Validity
            Not Before: Jan 19 14:19:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30efadddacfb8ff66fb9244bca6ca34831a581cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:db:cc:4b:f1:1d:0a:67:be:f5:04:e1:a9:f3:
                    de:15:11:bb:4d:94:d0:a2:0e:b9:f7:2d:70:93:0c:
                    9f:76:03:a3:31:2f:2c:27:54:a0:ee:61:ff:66:e6:
                    8c:54:0d:94:02:76:46:ce:5d:15:51:60:d1:2b:8f:
                    cf:0c:0e:11:00:93:d0:f9:37:63:34:bd:f2:9e:d4:
                    60:07:32:4f:dc:d0:2c:f4:39:18:59:c2:39:18:83:
                    05:59:e3:2c:42:19:3a:a2:23:e6:0f:ca:c1:aa:b7:
                    31:a7:0b:25:fa:6b:79:55:c5:05:a6:88:f3:f9:d7:
                    d3:cc:25:47:17:39:58:30:20:f4:67:f7:c9:1d:1e:
                    cc:4c:1f:9d:ff:3f:0f:6c:32:2e:ef:41:67:68:a0:
                    1e:09:13:5b:b8:a5:eb:bb:6d:14:0c:1d:13:7e:f9:
                    84:5c:81:27:2a:ed:9b:5c:79:39:c6:26:a7:2c:2c:
                    05:ef:8c:0c:40:0f:86:52:df:93:32:40:9d:03:13:
                    a0:5e:79:d6:1f:fc:7c:d4:f5:34:f7:11:5b:a0:89:
                    15:27:51:75:9c:4c:2f:8f:ff:2e:08:3a:c0:1c:3e:
                    f7:5c:ce:5b:e8:10:f6:42:fb:f1:8f:6c:0e:aa:23:
                    9c:5c:72:8f:93:86:49:0f:88:2b:e8:f4:4b:3d:5d:
                    24:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:EF:AD:DD:AC:FB:8F:F6:6F:B9:24:4B:CA:6C:A3:48:31:A5:81:CB
            X509v3 Authority Key Identifier:
                keyid:28:3D:EB:A3:B1:30:5C:9A:48:D3:74:BA:47:36:9B:F1:F8:27:EE:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KD3ro7EwXJpI03S6Rzab8fgn7gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/MO-t3az7j_ZvuSRLymyjSDGlgcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e5dfa9-5196-48cd-9178-5a31f620b04a/1/KD3ro7EwXJpI03S6Rzab8fgn7gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:c9:44:ad:05:af:c7:4f:09:fa:22:de:0a:9b:24:53:0f:1d:
         c6:2c:a1:71:94:5d:85:53:9f:7e:7f:14:93:74:9d:e1:4c:d2:
         91:3d:12:23:9c:51:3f:41:bb:19:01:ca:fb:6b:b2:3d:31:f7:
         94:f1:8d:34:e7:87:a2:d3:b2:c0:d5:45:b5:29:d5:09:42:8c:
         25:40:a3:6e:07:44:24:23:64:f1:a8:ef:9f:d0:a8:a2:fe:7f:
         11:09:70:e6:89:22:36:2b:11:87:6c:a0:7b:f1:50:44:78:44:
         63:97:f7:f0:31:02:5d:02:5d:b1:23:c4:48:1a:e7:4d:84:dc:
         ae:ac:1d:9a:ac:49:bd:88:95:f5:ff:7e:5e:2c:33:c2:38:21:
         b7:53:d9:cc:ca:7a:bf:fc:4f:b6:2b:0e:40:20:5f:58:fa:c0:
         0f:90:a5:1a:7e:1e:08:2f:8b:c9:6a:b2:76:4e:f7:e5:c0:d3:
         30:a9:12:d4:3c:15:85:f3:3e:e2:48:36:ab:b3:ed:29:b2:8e:
         e2:47:f3:26:5b:8e:dd:64:e8:a6:8d:64:12:c0:8c:a2:64:1a:
         f6:3f:47:f2:32:55:36:79:3e:32:9f:77:9a:8b:5c:73:dd:95:
         16:9a:b6:a2:fb:05:14:1b:87:b4:96:fe:1e:9d:88:8a:4f:1b:
         4e:f2:63:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0iFwlw9KpcIq5bHysCgiJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4M2RlYmEzYjEzMDVjOWE0OGQzNzRiYTQ3MzY5YmYxZjgy
N2VlMDgwHhcNMjQwMTE5MTQxOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGVmYWRkZGFjZmI4ZmY2NmZiOTI0NGJjYTZjYTM0ODMxYTU4MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9vMS/EdCme+9QThqfPeFRG7TZTQ
og659y1wkwyfdgOjMS8sJ1Sg7mH/ZuaMVA2UAnZGzl0VUWDRK4/PDA4RAJPQ+Tdj
NL3yntRgBzJP3NAs9DkYWcI5GIMFWeMsQhk6oiPmD8rBqrcxpwsl+mt5VcUFpojz
+dfTzCVHFzlYMCD0Z/fJHR7MTB+d/z8PbDIu70FnaKAeCRNbuKXru20UDB0TfvmE
XIEnKu2bXHk5xianLCwF74wMQA+GUt+TMkCdAxOgXnnWH/x81PU09xFboIkVJ1F1
nEwvj/8uCDrAHD73XM5b6BD2Qvvxj2wOqiOcXHKPk4ZJD4gr6PRLPV0k+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDvrd2s+4/2b7kkS8pso0gxpYHLMB8GA1UdIwQY
MBaAFCg966OxMFyaSNN0ukc2m/H4J+4IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0Qzcm83RXdYSnBJMDNTNlJ6YWI4ZmduN2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lNWRmYTktNTE5Ni00OGNkLTkxNzgt
NWEzMWY2MjBiMDRhLzEvTU8tdDNhejdqX1p2dVNSTHlteWpTREdsZ2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lNWRmYTktNTE5Ni00OGNkLTkxNzgtNWEzMWY2MjBiMDRh
LzEvS0Qzcm83RXdYSnBJMDNTNlJ6YWI4ZmduN2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDV+zIMA0G
CSqGSIb3DQEBCwUAA4IBAQApyUStBa/HTwn6It4KmyRTDx3GLKFxlF2FU59+fxST
dJ3hTNKRPRIjnFE/QbsZAcr7a7I9MfeU8Y0054ei07LA1UW1KdUJQowlQKNuB0Qk
I2TxqO+f0Kii/n8RCXDmiSI2KxGHbKB78VBEeERjl/fwMQJdAl2xI8RIGudNhNyu
rB2arEm9iJX1/35eLDPCOCG3U9nMynq//E+2Kw5AIF9Y+sAPkKUafh4IL4vJarJ2
TvflwNMwqRLUPBWF8z7iSDars+0pso7iR/MmW47dZOimjWQSwIyiZBr2P0fyMlU2
eT4yn3eai1xz3ZUWmrai+wUUG4e0lv4enYiKTxtO8mPM
-----END CERTIFICATE-----