Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/MGlZFsyOq1f2F49idtK-ek2IT8I.roa
File:                     MGlZFsyOq1f2F49idtK-ek2IT8I.roa (raw, json)
Hash identifier:          FdQfolDBWmJ5yycj5iSBbHgmfx06g2HBfo6O0H7XUIw=
Subject key identifier:   30:69:59:16:CC:8E:AB:57:F6:17:8F:62:76:D2:BE:7A:4D:88:4F:C2
Certificate issuer:       /CN=08fcbc341c87433d03e4dd615b7f3453164344b3
Certificate serial:       018CC4252397728C6D8A70D97591F5B13896
Authority key identifier: 08:FC:BC:34:1C:87:43:3D:03:E4:DD:61:5B:7F:34:53:16:43:44:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPy8NByHQz0D5N1hW380UxZDRLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/MGlZFsyOq1f2F49idtK-ek2IT8I.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201913
IP address blocks:        185.77.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/CPy8NByHQz0D5N1hW380UxZDRLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/CPy8NByHQz0D5N1hW380UxZDRLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPy8NByHQz0D5N1hW380UxZDRLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 04:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:23:97:72:8c:6d:8a:70:d9:75:91:f5:b1:38:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fcbc341c87433d03e4dd615b7f3453164344b3
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30695916cc8eab57f6178f6276d2be7a4d884fc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:66:bc:96:85:55:da:9c:4d:25:7b:16:f7:4d:
                    b5:73:c8:0f:ee:4d:85:60:1c:d1:50:1b:34:5a:2d:
                    af:b5:17:6f:e9:74:1e:3c:6d:f8:da:d0:11:a6:9d:
                    66:bc:79:d6:ec:3e:d6:0b:e7:53:39:6d:38:80:03:
                    63:bc:6d:7e:1d:22:01:d6:ce:ea:eb:09:ac:66:ef:
                    eb:8a:89:40:d8:ca:0b:f2:0f:31:1d:87:7e:e1:b2:
                    9d:01:64:bf:5f:8f:bb:f3:7e:72:31:75:ca:63:4d:
                    18:e6:09:23:60:d6:a2:0c:f7:c6:87:ce:58:83:3e:
                    95:ca:27:00:68:73:c7:bc:80:ec:8b:c3:bd:31:2e:
                    07:41:c4:77:76:59:24:fd:fc:32:70:02:1b:66:8a:
                    84:0e:3b:7e:e8:55:ef:07:33:d1:5d:cc:fa:7c:31:
                    de:6c:bf:d0:bd:74:b1:f6:92:8f:61:9c:fb:71:bb:
                    84:8b:52:74:8c:e0:c7:51:bc:0c:d5:d1:4c:0f:16:
                    92:58:c0:d7:07:20:f3:44:31:fb:3b:61:5b:07:a4:
                    70:67:a4:b9:9f:69:c6:f8:be:b6:81:f5:3f:8e:d5:
                    c0:2b:7c:97:f1:e7:de:eb:e6:f0:e5:3a:70:d1:e3:
                    56:db:b6:3b:c6:12:37:d8:32:e0:90:aa:13:b5:28:
                    bf:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:69:59:16:CC:8E:AB:57:F6:17:8F:62:76:D2:BE:7A:4D:88:4F:C2
            X509v3 Authority Key Identifier:
                keyid:08:FC:BC:34:1C:87:43:3D:03:E4:DD:61:5B:7F:34:53:16:43:44:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPy8NByHQz0D5N1hW380UxZDRLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/MGlZFsyOq1f2F49idtK-ek2IT8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1ae7be-3484-4b12-8bf4-c100a986bc5c/1/CPy8NByHQz0D5N1hW380UxZDRLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:51:a5:c2:2c:da:1f:72:2a:cf:e5:58:94:b6:c1:a6:4f:c6:
         8a:25:5c:a3:ac:5b:f1:dc:4e:7d:98:7b:5c:f5:b3:1f:63:ef:
         c6:31:31:04:dc:49:ba:83:d7:af:8b:eb:dd:70:6f:8d:26:68:
         eb:54:66:34:82:14:2a:ff:1e:a0:c3:b4:8c:be:85:97:b3:c3:
         3b:26:13:a5:fa:aa:a0:1e:9d:94:29:20:0c:b7:95:2a:37:ee:
         66:c8:38:9f:c1:a3:db:0b:37:ff:ce:b1:fc:d2:1a:56:d8:d0:
         80:4b:73:44:c9:25:7b:c5:75:ec:36:58:96:e4:11:0d:74:30:
         46:b7:fa:57:e7:73:38:f4:ea:5a:0b:22:6c:4a:43:d1:66:ea:
         ff:f5:b2:c3:ba:76:42:65:d8:b9:cf:47:bf:21:10:05:e4:a1:
         d6:e4:9f:57:60:90:78:7e:94:0e:6d:d4:f7:97:db:07:69:ff:
         da:87:6c:7a:f4:63:58:72:7d:f9:b2:fe:10:62:74:09:48:b1:
         bc:c4:b6:72:19:ae:6d:dc:c2:e2:c8:44:1a:b0:9b:f9:ae:6d:
         9d:fd:3d:50:ff:f5:fe:4b:5f:29:c4:3c:b2:b2:db:e9:62:f6:
         7d:5f:c6:9a:fe:21:36:39:88:87:1c:3a:71:63:78:94:2e:59:
         99:38:13:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSOXcoxtinDZdZH1sTiWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmNiYzM0MWM4NzQzM2QwM2U0ZGQ2MTViN2YzNDUzMTY0
MzQ0YjMwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDY5NTkxNmNjOGVhYjU3ZjYxNzhmNjI3NmQyYmU3YTRkODg0ZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGa8loVV2pxNJXsW9021c8gP7k2F
YBzRUBs0Wi2vtRdv6XQePG342tARpp1mvHnW7D7WC+dTOW04gANjvG1+HSIB1s7q
6wmsZu/riolA2MoL8g8xHYd+4bKdAWS/X4+7835yMXXKY00Y5gkjYNaiDPfGh85Y
gz6VyicAaHPHvIDsi8O9MS4HQcR3dlkk/fwycAIbZoqEDjt+6FXvBzPRXcz6fDHe
bL/QvXSx9pKPYZz7cbuEi1J0jODHUbwM1dFMDxaSWMDXByDzRDH7O2FbB6RwZ6S5
n2nG+L62gfU/jtXAK3yX8efe6+bw5Tpw0eNW27Y7xhI32DLgkKoTtSi/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBpWRbMjqtX9hePYnbSvnpNiE/CMB8GA1UdIwQY
MBaAFAj8vDQch0M9A+TdYVt/NFMWQ0SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1B5OE5CeUhRejBENU4xaFczODBVeFpEUkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xYWU3YmUtMzQ4NC00YjEyLThiZjQt
YzEwMGE5ODZiYzVjLzEvTUdsWkZzeU9xMWYyRjQ5aWR0Sy1lazJJVDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xYWU3YmUtMzQ4NC00YjEyLThiZjQtYzEwMGE5ODZiYzVj
LzEvQ1B5OE5CeUhRejBENU4xaFczODBVeFpEUkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU0LMA0G
CSqGSIb3DQEBCwUAA4IBAQA1UaXCLNofcirP5ViUtsGmT8aKJVyjrFvx3E59mHtc
9bMfY+/GMTEE3Em6g9evi+vdcG+NJmjrVGY0ghQq/x6gw7SMvoWXs8M7JhOl+qqg
Hp2UKSAMt5UqN+5myDifwaPbCzf/zrH80hpW2NCAS3NEySV7xXXsNliW5BENdDBG
t/pX53M49OpaCyJsSkPRZur/9bLDunZCZdi5z0e/IRAF5KHW5J9XYJB4fpQObdT3
l9sHaf/ah2x69GNYcn35sv4QYnQJSLG8xLZyGa5t3MLiyEQasJv5rm2d/T1Q//X+
S18pxDyystvpYvZ9X8aa/iE2OYiHHDpxY3iULlmZOBO1
-----END CERTIFICATE-----