Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/MO1f_mWetN3Qqgel_Zi_JlKt6NI.roa
File:                     MO1f_mWetN3Qqgel_Zi_JlKt6NI.roa (raw, json)
Hash identifier:          uNy7oAN2wqKNLBTihVTPK48lR8C7nPtfUS73jeTJ+eg=
Subject key identifier:   30:ED:5F:FE:65:9E:B4:DD:D0:AA:07:A5:FD:98:BF:26:52:AD:E8:D2
Certificate issuer:       /CN=fd261d45319e8375187436da44bf5b9adb044a7f
Certificate serial:       018CC42528D67EC72861FD194F0A34A89D11
Authority key identifier: FD:26:1D:45:31:9E:83:75:18:74:36:DA:44:BF:5B:9A:DB:04:4A:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/MO1f_mWetN3Qqgel_Zi_JlKt6NI.roa
Signing time:             Mon 01 Jan 2024 08:30:18 +0000
ROA not before:           Mon 01 Jan 2024 08:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207733
IP address blocks:        178.250.134.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:28:d6:7e:c7:28:61:fd:19:4f:0a:34:a8:9d:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd261d45319e8375187436da44bf5b9adb044a7f
        Validity
            Not Before: Jan  1 08:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30ed5ffe659eb4ddd0aa07a5fd98bf2652ade8d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:72:5e:74:3e:8c:93:6f:04:0d:01:97:c4:07:
                    b5:4d:63:d1:ce:71:04:09:1d:bc:81:70:2b:c9:13:
                    04:02:ea:45:72:89:82:66:d1:4f:3d:fa:b8:0b:ff:
                    d6:3d:84:dd:7f:ec:37:c5:51:33:79:88:ff:7d:82:
                    5c:29:ba:ad:70:9e:fa:f0:d9:d2:c8:c9:97:ef:3c:
                    72:7e:5e:a6:25:b4:99:c2:33:de:ee:51:c6:51:d6:
                    5b:ce:5f:3e:8f:87:2b:86:7e:d2:25:1c:98:48:76:
                    c2:31:62:fb:b2:f9:42:8d:73:eb:01:22:de:df:92:
                    f1:ac:22:e0:5d:ea:cb:db:95:5e:9e:4a:04:0f:e2:
                    89:c0:b7:f6:50:70:7f:d3:87:ba:1a:1f:53:19:b9:
                    16:39:1b:f7:b0:f7:b4:e6:40:cf:e5:5c:51:f7:35:
                    bc:bf:ce:a9:eb:ad:f1:2f:51:51:64:85:ac:03:76:
                    a4:fd:b4:93:14:9b:24:c1:1b:ff:39:60:8e:76:bf:
                    6a:4a:f4:21:a4:23:a5:fa:5f:92:ff:f5:12:ab:8c:
                    d6:71:05:3b:e6:37:f6:b5:16:6f:64:b8:83:ae:15:
                    54:73:1c:af:90:d5:31:54:28:af:15:bb:d2:75:9f:
                    02:2e:d0:a0:36:0d:19:05:6d:12:18:ae:9f:29:ed:
                    6c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:ED:5F:FE:65:9E:B4:DD:D0:AA:07:A5:FD:98:BF:26:52:AD:E8:D2
            X509v3 Authority Key Identifier:
                keyid:FD:26:1D:45:31:9E:83:75:18:74:36:DA:44:BF:5B:9A:DB:04:4A:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_SYdRTGeg3UYdDbaRL9bmtsESn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/MO1f_mWetN3Qqgel_Zi_JlKt6NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/582b17-f46f-41eb-8fd4-eb5093b231c1/1/_SYdRTGeg3UYdDbaRL9bmtsESn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:62:8b:4c:f9:86:d2:e5:3f:be:63:8d:ef:36:55:d4:ab:6f:
         b5:78:4c:e2:41:f4:15:44:0c:31:31:53:b9:0f:d6:c7:28:e3:
         4e:65:57:3b:7b:47:ef:0d:fc:fe:f2:4f:2a:cd:a3:40:eb:35:
         ea:73:a9:52:ca:ca:f4:a2:e8:a3:19:78:e0:4e:dd:a5:19:ac:
         a6:25:a4:a1:09:d0:2a:80:32:b6:a0:06:04:14:35:47:18:de:
         e8:76:48:8d:ef:22:2e:7e:6b:87:fe:0b:5f:a7:2e:7c:de:7f:
         c7:3e:0d:a7:47:8e:70:da:64:dc:ab:57:a4:fe:98:4b:e7:5e:
         64:e9:1f:13:2b:e6:b2:1d:23:c7:7a:0b:79:8f:67:ba:07:29:
         82:3c:48:4a:4f:fd:5e:5f:ba:03:1b:ba:07:51:ab:75:ae:b8:
         8a:07:83:e7:03:56:9d:13:e1:b4:c2:38:c6:e6:d8:97:4e:91:
         2a:1d:2d:43:8b:92:09:62:61:86:a0:82:c1:c0:ac:d6:b7:db:
         65:2a:ab:3f:23:45:8c:e8:69:95:ee:e5:f0:1c:ab:ae:77:fc:
         8e:7e:c7:88:cb:fc:64:62:8c:d4:62:1e:1f:00:ce:f3:6d:aa:
         63:7e:99:5c:24:cd:0c:a5:a0:60:22:17:7d:2e:dc:24:cc:47:
         bf:39:2e:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSjWfscoYf0ZTwo0qJ0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMjYxZDQ1MzE5ZTgzNzUxODc0MzZkYTQ0YmY1YjlhZGIw
NDRhN2YwHhcNMjQwMTAxMDgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGVkNWZmZTY1OWViNGRkZDBhYTA3YTVmZDk4YmYyNjUyYWRlOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnJedD6Mk28EDQGXxAe1TWPRznEE
CR28gXAryRMEAupFcomCZtFPPfq4C//WPYTdf+w3xVEzeYj/fYJcKbqtcJ768NnS
yMmX7zxyfl6mJbSZwjPe7lHGUdZbzl8+j4crhn7SJRyYSHbCMWL7svlCjXPrASLe
35LxrCLgXerL25VenkoED+KJwLf2UHB/04e6Gh9TGbkWORv3sPe05kDP5VxR9zW8
v86p663xL1FRZIWsA3ak/bSTFJskwRv/OWCOdr9qSvQhpCOl+l+S//USq4zWcQU7
5jf2tRZvZLiDrhVUcxyvkNUxVCivFbvSdZ8CLtCgNg0ZBW0SGK6fKe1sLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDtX/5lnrTd0KoHpf2YvyZSrejSMB8GA1UdIwQY
MBaAFP0mHUUxnoN1GHQ22kS/W5rbBEp/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1NZZFJUR2VnM1VZZERiYVJMOWJtdHNFU244LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS81ODJiMTctZjQ2Zi00MWViLThmZDQt
ZWI1MDkzYjIzMWMxLzEvTU8xZl9tV2V0TjNRcWdlbF9aaV9KbEt0Nk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS81ODJiMTctZjQ2Zi00MWViLThmZDQtZWI1MDkzYjIzMWMx
LzEvX1NZZFJUR2VnM1VZZERiYVJMOWJtdHNFU244LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsvqGMA0G
CSqGSIb3DQEBCwUAA4IBAQC7YotM+YbS5T++Y43vNlXUq2+1eEziQfQVRAwxMVO5
D9bHKONOZVc7e0fvDfz+8k8qzaNA6zXqc6lSysr0ouijGXjgTt2lGaymJaShCdAq
gDK2oAYEFDVHGN7odkiN7yIufmuH/gtfpy583n/HPg2nR45w2mTcq1ek/phL515k
6R8TK+ayHSPHegt5j2e6BymCPEhKT/1eX7oDG7oHUat1rriKB4PnA1adE+G0wjjG
5tiXTpEqHS1Di5IJYmGGoILBwKzWt9tlKqs/I0WM6GmV7uXwHKuud/yOfseIy/xk
YozUYh4fAM7zbapjfplcJM0MpaBgIhd9LtwkzEe/OS7X
-----END CERTIFICATE-----