Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/_MoykkPzT3RtG4KYWTcw1Ox0uUI.roa
File:                     _MoykkPzT3RtG4KYWTcw1Ox0uUI.roa (raw, json)
Hash identifier:          4vjTVI4lNkmfO47S6Z9QBMSICBIZU8ZxNmteFs2CSfM=
Subject key identifier:   FC:CA:32:92:43:F3:4F:74:6D:1B:82:98:59:37:30:D4:EC:74:B9:42
Certificate issuer:       /CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
Certificate serial:       018CC80108F3CFE065ECB591B4D7DE70ACB1
Authority key identifier: 99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/_MoykkPzT3RtG4KYWTcw1Ox0uUI.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16322
IP address blocks:        185.178.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:08:f3:cf:e0:65:ec:b5:91:b4:d7:de:70:ac:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcca329243f34f746d1b8298593730d4ec74b942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1e:6e:6a:cb:63:59:7d:ad:4f:57:cf:7f:23:
                    55:9f:27:15:06:e6:59:82:3b:a2:c6:ce:9f:15:e7:
                    91:a2:2b:8c:ec:dc:54:25:77:4e:ef:ac:56:96:99:
                    52:a5:32:20:76:05:b7:56:47:b6:e1:ec:11:c0:7f:
                    6a:88:e8:4f:ff:7d:d0:46:52:06:3f:f5:7b:0e:3c:
                    f5:d1:d9:4b:a2:49:e1:fc:53:df:c3:8d:ff:36:22:
                    af:02:d5:ec:dd:bc:1e:03:20:1a:96:e8:dd:e4:a6:
                    b3:e0:76:8e:db:52:54:9a:6f:da:33:ff:28:a6:97:
                    74:cc:42:2b:ac:61:4e:4d:fb:d9:c6:e2:d4:0c:6e:
                    67:2c:e4:56:15:e5:e3:89:07:a1:6b:e5:70:b8:15:
                    6b:f3:46:f5:5b:60:73:de:00:7d:14:d7:e0:93:28:
                    9c:b2:7f:ef:9e:c7:26:64:a3:fb:7a:65:98:f2:7b:
                    52:6b:da:ab:74:42:7b:0b:4f:c3:11:a8:e6:9f:30:
                    eb:21:a7:f9:e2:45:50:a4:41:28:fc:d0:d4:1a:83:
                    10:3b:cf:9f:1d:be:2a:56:35:d5:38:ce:91:ed:d6:
                    43:fc:d5:27:84:d7:cc:df:9e:38:2e:fd:66:3b:8c:
                    e2:e0:c5:c1:63:6e:e8:92:0b:f9:56:b2:89:05:f8:
                    71:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CA:32:92:43:F3:4F:74:6D:1B:82:98:59:37:30:D4:EC:74:B9:42
            X509v3 Authority Key Identifier:
                keyid:99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/_MoykkPzT3RtG4KYWTcw1Ox0uUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:9c:37:17:5b:45:8d:de:d6:22:ef:64:4c:41:5f:3c:66:80:
         1b:ff:b2:41:7e:a4:8b:82:11:7a:d9:db:8f:bd:58:f5:0f:ba:
         98:17:66:23:dc:a3:97:53:4a:d7:9a:d8:25:04:dd:14:ba:a9:
         e9:d5:51:20:2e:c9:0b:3c:b0:4c:e7:0e:84:31:72:42:02:07:
         9a:6c:c1:d1:4b:3b:b5:04:29:c3:69:63:bb:b4:0d:6f:4f:23:
         c9:2f:01:30:e2:ed:fa:b0:b0:b7:fd:bc:13:91:d9:41:ac:6c:
         a5:a1:55:51:49:cf:92:6b:70:dc:9f:aa:eb:12:8c:ca:54:f4:
         e8:29:6a:75:0a:20:7a:42:7e:2f:b2:b8:67:c8:ec:5a:24:43:
         51:5e:11:4e:a6:d9:45:5d:ab:b5:f9:d9:62:ec:66:c4:d0:bc:
         5b:d5:28:00:44:aa:67:d6:3a:44:55:1c:32:6f:31:3c:9f:59:
         52:11:d4:4b:cc:92:9d:f0:ff:c7:85:91:fd:08:c0:7f:5d:47:
         41:35:ea:a7:ef:12:1f:74:16:14:62:37:45:ec:25:9b:33:25:
         11:27:af:db:81:cd:1a:da:fa:e9:47:83:74:dc:f4:9d:ef:cb:
         98:a9:4c:bd:a8:ed:b1:10:c0:af:3b:23:f0:e2:b0:27:bf:31:
         1d:bb:9c:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQjzz+Bl7LWRtNfecKyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MTdmNzc3ZTcxYWMzNDEyMmVkYjM1ZWRkNjBjZjE0ZDc1
YjllZjYwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NhMzI5MjQzZjM0Zjc0NmQxYjgyOTg1OTM3MzBkNGVjNzRiOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh5uastjWX2tT1fPfyNVnycVBuZZ
gjuixs6fFeeRoiuM7NxUJXdO76xWlplSpTIgdgW3Vke24ewRwH9qiOhP/33QRlIG
P/V7Djz10dlLoknh/FPfw43/NiKvAtXs3bweAyAalujd5Kaz4HaO21JUmm/aM/8o
ppd0zEIrrGFOTfvZxuLUDG5nLORWFeXjiQeha+VwuBVr80b1W2Bz3gB9FNfgkyic
sn/vnscmZKP7emWY8ntSa9qrdEJ7C0/DEajmnzDrIaf54kVQpEEo/NDUGoMQO8+f
Hb4qVjXVOM6R7dZD/NUnhNfM3544Lv1mO4zi4MXBY27okgv5VrKJBfhxYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzKMpJD8090bRuCmFk3MNTsdLlCMB8GA1UdIwQY
MBaAFJkX93fnGsNBIu2zXt1gzxTXW572MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTkt
YTg4ZjU3NDE1MmI2LzEvX01veWtrUHpUM1J0RzRLWVdUY3cxT3gwdVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTktYTg4ZjU3NDE1MmI2
LzEvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubJpMA0G
CSqGSIb3DQEBCwUAA4IBAQCQnDcXW0WN3tYi72RMQV88ZoAb/7JBfqSLghF62duP
vVj1D7qYF2Yj3KOXU0rXmtglBN0Uuqnp1VEgLskLPLBM5w6EMXJCAgeabMHRSzu1
BCnDaWO7tA1vTyPJLwEw4u36sLC3/bwTkdlBrGyloVVRSc+Sa3Dcn6rrEozKVPTo
KWp1CiB6Qn4vsrhnyOxaJENRXhFOptlFXau1+dli7GbE0Lxb1SgARKpn1jpEVRwy
bzE8n1lSEdRLzJKd8P/HhZH9CMB/XUdBNeqn7xIfdBYUYjdF7CWbMyURJ6/bgc0a
2vrpR4N03PSd78uYqUy9qO2xEMCvOyPw4rAnvzEdu5y3
-----END CERTIFICATE-----