Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/mtPWPS76MlAi56Y3LLwGQSNSmAE.roa
File:                     mtPWPS76MlAi56Y3LLwGQSNSmAE.roa (raw, json)
Hash identifier:          HQF3f2iDPhCpB/t1pRlRBnaxtAboLoQhQaMvlL1/O/Y=
Subject key identifier:   9A:D3:D6:3D:2E:FA:32:50:22:E7:A6:37:2C:BC:06:41:23:52:98:01
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       018CC56E2FA9F6BB8A29A2DC0810ACF01B8D
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/mtPWPS76MlAi56Y3LLwGQSNSmAE.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8595
IP address blocks:        82.194.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2f:a9:f6:bb:8a:29:a2:dc:08:10:ac:f0:1b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ad3d63d2efa325022e7a6372cbc064123529801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b4:91:20:38:92:92:86:60:7b:97:2d:ce:1b:
                    6d:55:31:ec:df:4e:08:0c:d9:c6:0d:2f:75:78:8a:
                    19:f9:56:b2:37:aa:3d:1c:33:b1:20:2c:87:cc:f2:
                    3b:40:0e:c2:c3:91:4e:99:09:9f:34:a4:76:9c:9b:
                    bb:cb:71:46:a0:e2:52:a7:27:45:f9:17:81:2e:e4:
                    96:68:11:25:b2:ab:e7:d3:b7:e7:36:cf:67:b5:8d:
                    4f:ad:34:d1:66:64:1e:5a:aa:0c:69:09:2b:28:10:
                    c9:2b:8e:47:f4:ee:f6:28:b5:64:a9:d2:71:f1:00:
                    2b:ef:b6:5d:0d:66:45:f2:81:10:c0:e2:d9:cf:6a:
                    c1:b8:ad:64:82:d6:45:2c:01:de:ba:79:8b:1c:7c:
                    55:05:27:3b:46:b1:10:d8:62:19:e2:7d:8d:67:30:
                    84:82:c7:bd:65:7b:85:07:52:1b:3a:66:02:28:ba:
                    c6:a3:a5:f2:6d:fe:a0:75:8c:5d:f4:32:cf:9b:ba:
                    38:22:72:90:e7:3c:1a:51:49:00:fa:50:2e:2a:20:
                    bd:43:dd:f7:2a:b5:96:90:09:a2:b5:4d:02:ea:28:
                    63:c1:e1:6a:49:5b:63:b2:2c:df:87:e0:71:de:c5:
                    24:08:17:59:83:d4:3d:37:cf:c6:7b:94:49:c3:87:
                    f2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D3:D6:3D:2E:FA:32:50:22:E7:A6:37:2C:BC:06:41:23:52:98:01
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/mtPWPS76MlAi56Y3LLwGQSNSmAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.194.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:3a:50:fd:3e:62:77:7f:a3:c7:5b:cd:38:fb:ea:af:b1:84:
         2f:c5:01:c9:e7:aa:7b:00:5f:32:72:17:24:15:d4:15:7f:b7:
         1f:c8:f2:11:b1:9c:5c:6f:91:b4:01:90:2e:dc:e7:04:77:a4:
         c2:96:a8:06:38:74:6b:32:c3:67:76:32:bb:09:37:96:42:f7:
         40:b1:32:ef:37:00:44:bf:53:d7:fb:8d:9e:1f:82:1a:bd:4f:
         d9:7c:37:b4:89:c1:51:c4:64:70:27:18:fb:34:ff:f9:3d:01:
         33:e0:03:06:d2:eb:72:1c:88:6f:b4:38:49:d6:32:14:6f:a1:
         96:75:dd:01:61:fa:04:34:42:11:90:57:ef:a0:2d:57:e8:8f:
         b6:72:41:d6:77:4b:08:03:55:ef:02:ec:a3:d5:7f:c7:71:ce:
         7a:eb:2a:45:91:91:85:b7:70:70:d7:29:da:6f:50:e1:02:79:
         7d:e4:47:03:dd:e0:41:ec:7c:63:85:a4:77:85:bf:74:a9:c0:
         c6:6e:2b:dc:0e:a1:42:1b:43:3c:36:79:75:36:39:44:cf:68:
         b5:6e:a8:de:9f:f1:c8:f7:ba:1b:27:c6:82:e6:79:ea:f6:16:
         1d:eb:ed:69:a6:c4:e6:1c:c2:91:a5:56:de:bd:bd:fd:1f:0f:
         38:86:60:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbi+p9ruKKaLcCBCs8BuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQzZDYzZDJlZmEzMjUwMjJlN2E2MzcyY2JjMDY0MTIzNTI5ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrSRIDiSkoZge5ctzhttVTHs304I
DNnGDS91eIoZ+VayN6o9HDOxICyHzPI7QA7Cw5FOmQmfNKR2nJu7y3FGoOJSpydF
+ReBLuSWaBElsqvn07fnNs9ntY1PrTTRZmQeWqoMaQkrKBDJK45H9O72KLVkqdJx
8QAr77ZdDWZF8oEQwOLZz2rBuK1kgtZFLAHeunmLHHxVBSc7RrEQ2GIZ4n2NZzCE
gse9ZXuFB1IbOmYCKLrGo6Xybf6gdYxd9DLPm7o4InKQ5zwaUUkA+lAuKiC9Q933
KrWWkAmitU0C6ihjweFqSVtjsizfh+Bx3sUkCBdZg9Q9N8/Ge5RJw4fyFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrT1j0u+jJQIuemNyy8BkEjUpgBMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvbXRQV1BTNzZNbEFpNTZZM0xMd0dRU05TbUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUsLyMA0G
CSqGSIb3DQEBCwUAA4IBAQA5OlD9PmJ3f6PHW804++qvsYQvxQHJ56p7AF8ychck
FdQVf7cfyPIRsZxcb5G0AZAu3OcEd6TClqgGOHRrMsNndjK7CTeWQvdAsTLvNwBE
v1PX+42eH4IavU/ZfDe0icFRxGRwJxj7NP/5PQEz4AMG0utyHIhvtDhJ1jIUb6GW
dd0BYfoENEIRkFfvoC1X6I+2ckHWd0sIA1XvAuyj1X/Hcc566ypFkZGFt3Bw1yna
b1DhAnl95EcD3eBB7HxjhaR3hb90qcDGbivcDqFCG0M8Nnl1NjlEz2i1bqjen/HI
97obJ8aC5nnq9hYd6+1ppsTmHMKRpVbevb39Hw84hmBW
-----END CERTIFICATE-----