Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/bf86b0-c5ed-4bdd-a917-682cd3bd4102/1/MnoBa_w-qVyFn7m-dSU1hXf8x1A.roa
File:                     MnoBa_w-qVyFn7m-dSU1hXf8x1A.roa (raw, json)
Hash identifier:          TUPqqkGrqP3Kldv/T7TrmH1znAZOr9hDKyDXE+bSBpo=
Subject key identifier:   32:7A:01:6B:FC:3E:A9:5C:85:9F:B9:BE:75:25:35:85:77:FC:C7:50
Certificate issuer:       /CN=1627b80681f5b48e126898295983e0df29971b98
Certificate serial:       018CC8DE1F87E29D6102778DE5CF8CDBA4C3
Authority key identifier: 16:27:B8:06:81:F5:B4:8E:12:68:98:29:59:83:E0:DF:29:97:1B:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fie4BoH1tI4SaJgpWYPg3ymXG5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/bf86b0-c5ed-4bdd-a917-682cd3bd4102/1/MnoBa_w-qVyFn7m-dSU1hXf8x1A.roa
Signing time:             Tue 02 Jan 2024 06:30:49 +0000
ROA not before:           Tue 02 Jan 2024 06:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39387
IP address blocks:        195.178.118.0/23 maxlen: 23
                          2001:67c:300::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/bf86b0-c5ed-4bdd-a917-682cd3bd4102/1/Fie4BoH1tI4SaJgpWYPg3ymXG5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/bf86b0-c5ed-4bdd-a917-682cd3bd4102/1/Fie4BoH1tI4SaJgpWYPg3ymXG5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fie4BoH1tI4SaJgpWYPg3ymXG5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:1f:87:e2:9d:61:02:77:8d:e5:cf:8c:db:a4:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1627b80681f5b48e126898295983e0df29971b98
        Validity
            Not Before: Jan  2 06:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327a016bfc3ea95c859fb9be7525358577fcc750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:27:0e:39:a3:38:02:a4:13:e8:68:aa:33:ff:
                    7d:80:de:f2:c4:93:7e:fd:64:01:7f:7c:a7:c7:11:
                    26:98:b3:4c:d3:49:3e:1d:40:dd:e6:2b:58:f7:13:
                    fe:46:aa:e4:04:d3:54:a5:64:6d:e4:a3:15:fa:e1:
                    0a:2f:67:22:1e:b7:4a:5b:7d:b1:5a:a4:98:b5:5d:
                    73:9c:1c:e5:90:a7:a2:22:e8:15:53:80:3a:26:ba:
                    50:3b:7e:fe:d6:e6:a3:0b:ab:55:04:5b:00:05:64:
                    e3:50:59:56:3a:64:5a:ae:1c:35:3a:92:9a:f8:38:
                    96:f1:24:7c:66:4d:0f:1b:19:20:d9:2b:d1:08:97:
                    9d:25:af:71:7f:f0:26:69:8b:d6:e4:13:85:10:9d:
                    07:4f:71:06:3a:f9:8a:1a:87:23:94:3e:67:d8:64:
                    cd:57:a4:e2:08:d8:42:5f:6e:41:e4:60:3c:98:aa:
                    3a:93:60:37:11:af:91:7f:58:e1:80:45:82:d0:3b:
                    5c:b3:97:bd:66:29:54:32:a0:a2:87:04:50:4d:66:
                    de:a4:d3:17:fa:c5:05:da:8c:e9:3b:27:33:03:2e:
                    f9:79:cc:b2:3b:3e:53:f9:de:94:13:78:18:48:6b:
                    56:89:80:32:3e:f7:1d:5f:38:d7:fb:13:6b:99:b7:
                    7b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7A:01:6B:FC:3E:A9:5C:85:9F:B9:BE:75:25:35:85:77:FC:C7:50
            X509v3 Authority Key Identifier:
                keyid:16:27:B8:06:81:F5:B4:8E:12:68:98:29:59:83:E0:DF:29:97:1B:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fie4BoH1tI4SaJgpWYPg3ymXG5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/bf86b0-c5ed-4bdd-a917-682cd3bd4102/1/MnoBa_w-qVyFn7m-dSU1hXf8x1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/bf86b0-c5ed-4bdd-a917-682cd3bd4102/1/Fie4BoH1tI4SaJgpWYPg3ymXG5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.118.0/23
                IPv6:
                  2001:67c:300::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:ff:aa:33:de:44:1d:80:f2:86:0e:65:18:aa:50:c2:23:52:
         18:25:f2:2d:93:84:88:ce:71:01:7b:05:fa:df:28:97:bb:da:
         76:84:fa:a9:69:8b:4e:99:08:03:0c:5b:b4:c5:2d:a6:59:dc:
         6e:4d:33:17:52:fb:6a:fb:47:7f:96:9f:30:b2:70:6d:97:d8:
         36:d6:90:2a:58:d0:b7:0d:fc:82:ef:55:80:f0:b1:7a:c6:c2:
         5c:08:17:f2:ad:d2:5c:ac:19:06:14:3d:64:36:99:45:a6:ca:
         76:d0:2b:aa:53:67:05:ed:de:5c:d0:ad:fc:4a:7d:09:50:c7:
         b8:11:2f:f3:4a:6f:58:5e:bc:64:17:33:35:2b:88:f1:36:56:
         4b:53:aa:17:77:37:3a:db:18:10:f0:2d:f0:ca:64:72:18:6f:
         05:47:b3:a4:14:ad:96:8d:aa:56:c2:88:44:64:a6:ab:c3:92:
         b6:ff:2d:b2:23:8d:6a:62:8b:6c:fa:2d:fe:78:7b:0d:8c:ed:
         50:ba:4f:04:97:68:62:d6:50:56:1c:19:64:ac:76:0f:36:f6:
         ae:5c:d1:9c:1e:e2:dd:d0:04:96:19:c3:c9:67:d4:98:9c:74:
         b6:30:d9:3e:7d:a1:88:08:32:b3:83:90:61:ff:0a:22:08:9e:
         e5:9c:ae:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3h+H4p1hAneN5c+M26TDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjdiODA2ODFmNWI0OGUxMjY4OTgyOTU5ODNlMGRmMjk5
NzFiOTgwHhcNMjQwMTAyMDYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdhMDE2YmZjM2VhOTVjODU5ZmI5YmU3NTI1MzU4NTc3ZmNjNzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CcOOaM4AqQT6GiqM/99gN7yxJN+
/WQBf3ynxxEmmLNM00k+HUDd5itY9xP+RqrkBNNUpWRt5KMV+uEKL2ciHrdKW32x
WqSYtV1znBzlkKeiIugVU4A6JrpQO37+1uajC6tVBFsABWTjUFlWOmRarhw1OpKa
+DiW8SR8Zk0PGxkg2SvRCJedJa9xf/AmaYvW5BOFEJ0HT3EGOvmKGocjlD5n2GTN
V6TiCNhCX25B5GA8mKo6k2A3Ea+Rf1jhgEWC0Dtcs5e9ZilUMqCihwRQTWbepNMX
+sUF2ozpOyczAy75ecyyOz5T+d6UE3gYSGtWiYAyPvcdXzjX+xNrmbd7YwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDJ6AWv8PqlchZ+5vnUlNYV3/MdQMB8GA1UdIwQY
MBaAFBYnuAaB9bSOEmiYKVmD4N8plxuYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmllNEJvSDF0STRTYUpncFdZUGczeW1YRzVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iZjg2YjAtYzVlZC00YmRkLWE5MTct
NjgyY2QzYmQ0MTAyLzEvTW5vQmFfdy1xVnlGbjdtLWRTVTFoWGY4eDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iZjg2YjAtYzVlZC00YmRkLWE5MTctNjgyY2QzYmQ0MTAy
LzEvRmllNEJvSDF0STRTYUpncFdZUGczeW1YRzVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw7J2MA8E
AgACMAkDBwAgAQZ8AwAwDQYJKoZIhvcNAQELBQADggEBAB7/qjPeRB2A8oYOZRiq
UMIjUhgl8i2ThIjOcQF7BfrfKJe72naE+qlpi06ZCAMMW7TFLaZZ3G5NMxdS+2r7
R3+WnzCycG2X2DbWkCpY0LcN/ILvVYDwsXrGwlwIF/Kt0lysGQYUPWQ2mUWmynbQ
K6pTZwXt3lzQrfxKfQlQx7gRL/NKb1hevGQXMzUriPE2VktTqhd3NzrbGBDwLfDK
ZHIYbwVHs6QUrZaNqlbCiERkpqvDkrb/LbIjjWpii2z6Lf54ew2M7VC6TwSXaGLW
UFYcGWSsdg829q5c0Zwe4t3QBJYZw8ln1JicdLYw2T59oYgIMrODkGH/CiIInuWc
rqU=
-----END CERTIFICATE-----