Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/MbmLFVlz3Z_PtoogvlV5R2w4dyw.roa
File:                     MbmLFVlz3Z_PtoogvlV5R2w4dyw.roa (raw, json)
Hash identifier:          9rSQ+ACHazOG/xbp0K7+Pt3Duxbq9J4eIQPdKQUNgkM=
Subject key identifier:   31:B9:8B:15:59:73:DD:9F:CF:B6:8A:20:BE:55:79:47:6C:38:77:2C
Certificate issuer:       /CN=3cde2470c8563949487a3e78743c544c99ec8a64
Certificate serial:       018E2D39C9890A2CF21E09E9A8E0AE00BF24
Authority key identifier: 3C:DE:24:70:C8:56:39:49:48:7A:3E:78:74:3C:54:4C:99:EC:8A:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN4kcMhWOUlIej54dDxUTJnsimQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/MbmLFVlz3Z_PtoogvlV5R2w4dyw.roa
Signing time:             Mon 11 Mar 2024 11:15:45 +0000
ROA not before:           Mon 11 Mar 2024 11:15:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        86.111.192.0/22 maxlen: 22
                          86.111.192.0/24 maxlen: 24
                          86.111.193.0/24 maxlen: 24
                          86.111.194.0/24 maxlen: 24
                          86.111.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/PN4kcMhWOUlIej54dDxUTJnsimQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/PN4kcMhWOUlIej54dDxUTJnsimQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN4kcMhWOUlIej54dDxUTJnsimQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:39:c9:89:0a:2c:f2:1e:09:e9:a8:e0:ae:00:bf:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cde2470c8563949487a3e78743c544c99ec8a64
        Validity
            Not Before: Mar 11 11:15:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31b98b155973dd9fcfb68a20be5579476c38772c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:52:57:e5:dc:5d:c4:76:99:bb:1f:57:f5:78:
                    b4:8a:d5:31:0e:ed:68:b9:c7:80:da:c5:5a:92:90:
                    f8:1a:eb:f0:a7:fb:dc:c7:f8:0b:f5:4f:56:33:2c:
                    e5:e2:49:ff:3d:61:56:38:a1:e5:dd:43:ae:a4:8c:
                    f8:30:08:c8:28:81:a5:85:6b:62:c5:34:9a:45:6b:
                    fa:8c:c8:fb:24:e7:7a:d6:b8:52:ac:6b:52:9b:66:
                    67:71:cc:70:6e:e8:d5:55:89:1a:68:7b:48:50:d9:
                    6a:bd:0e:fe:a6:26:4d:8f:c4:e0:6b:3b:f9:13:53:
                    d7:c5:b1:30:98:78:d6:88:43:bb:70:a5:3e:1d:22:
                    c8:0c:fe:db:2f:2c:ec:a1:9f:2e:0a:d7:86:c2:8f:
                    f8:f2:61:76:a8:eb:1c:c2:75:df:73:e9:e1:69:62:
                    d6:ca:94:ab:12:f3:5d:19:08:61:1e:21:a5:0b:67:
                    d7:f2:63:02:ea:20:40:34:7d:c9:43:41:19:a9:62:
                    e9:0e:c9:59:19:4f:3d:ad:bf:1f:f8:8a:19:90:3c:
                    7c:a0:be:98:03:8c:74:a4:d4:b9:9b:7c:e0:15:03:
                    24:9c:dc:54:5c:3c:61:ca:d4:a4:f7:b3:b9:a7:5e:
                    22:df:2f:aa:2c:17:09:f4:41:0f:1d:3e:30:01:e1:
                    7d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B9:8B:15:59:73:DD:9F:CF:B6:8A:20:BE:55:79:47:6C:38:77:2C
            X509v3 Authority Key Identifier:
                keyid:3C:DE:24:70:C8:56:39:49:48:7A:3E:78:74:3C:54:4C:99:EC:8A:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN4kcMhWOUlIej54dDxUTJnsimQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/MbmLFVlz3Z_PtoogvlV5R2w4dyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/fa79cf-8c4c-4094-a1f5-44171b2f599e/1/PN4kcMhWOUlIej54dDxUTJnsimQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.111.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:47:78:6f:68:40:1f:0b:0e:9a:fb:49:57:ab:9c:b0:ee:24:
         cc:45:43:50:8b:27:14:96:46:1d:12:3f:45:b0:b1:b9:72:f2:
         07:91:b4:7a:aa:1e:c8:6f:a9:3c:ab:3d:e8:46:85:7d:74:9e:
         3b:e7:22:5e:53:61:80:02:02:4a:a8:df:40:cc:54:c7:a4:fa:
         39:9a:df:9e:b1:27:4a:ac:bc:8d:d3:50:be:f4:4a:c3:f3:43:
         71:fc:e2:51:79:a5:14:1d:71:a2:b5:20:f1:58:20:7c:fb:b7:
         ec:bd:25:17:9c:2f:39:b2:1a:7a:cd:a5:50:6d:d3:6d:d6:dd:
         59:ad:9e:5d:ea:cc:ad:46:84:01:ba:d2:cd:1e:7b:7d:b8:b0:
         e5:19:e9:63:3c:94:4f:fa:17:71:66:b6:34:30:21:87:4f:8f:
         c5:4f:22:ca:50:92:27:e5:54:d7:e4:cd:ee:b1:95:92:1e:4a:
         e3:b9:0f:19:54:90:b5:87:1d:f8:d0:03:aa:4f:7f:0f:5b:a1:
         46:9d:24:99:da:da:4e:1f:bf:fc:db:06:8a:c2:f1:bf:c0:ec:
         0a:4d:38:30:be:5c:13:b5:1d:4e:f2:0e:ef:03:6c:39:af:c5:
         b3:ff:4e:f1:fc:78:91:1a:c6:07:f7:da:51:fa:6b:5f:9b:ae:
         ae:bc:5b:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tOcmJCizyHgnpqOCuAL8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZGUyNDcwYzg1NjM5NDk0ODdhM2U3ODc0M2M1NDRjOTll
YzhhNjQwHhcNMjQwMzExMTExNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI5OGIxNTU5NzNkZDlmY2ZiNjhhMjBiZTU1Nzk0NzZjMzg3NzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1JX5dxdxHaZux9X9Xi0itUxDu1o
uceA2sVakpD4Guvwp/vcx/gL9U9WMyzl4kn/PWFWOKHl3UOupIz4MAjIKIGlhWti
xTSaRWv6jMj7JOd61rhSrGtSm2ZnccxwbujVVYkaaHtIUNlqvQ7+piZNj8Tgazv5
E1PXxbEwmHjWiEO7cKU+HSLIDP7bLyzsoZ8uCteGwo/48mF2qOscwnXfc+nhaWLW
ypSrEvNdGQhhHiGlC2fX8mMC6iBANH3JQ0EZqWLpDslZGU89rb8f+IoZkDx8oL6Y
A4x0pNS5m3zgFQMknNxUXDxhytSk97O5p14i3y+qLBcJ9EEPHT4wAeF99wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG5ixVZc92fz7aKIL5VeUdsOHcsMB8GA1UdIwQY
MBaAFDzeJHDIVjlJSHo+eHQ8VEyZ7IpkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE40a2NNaFdPVWxJZWo1NGREeFVUSm5zaW1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9mYTc5Y2YtOGM0Yy00MDk0LWExZjUt
NDQxNzFiMmY1OTllLzEvTWJtTEZWbHozWl9QdG9vZ3ZsVjVSMnc0ZHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9mYTc5Y2YtOGM0Yy00MDk0LWExZjUtNDQxNzFiMmY1OTll
LzEvUE40a2NNaFdPVWxJZWo1NGREeFVUSm5zaW1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVm/AMA0G
CSqGSIb3DQEBCwUAA4IBAQBbR3hvaEAfCw6a+0lXq5yw7iTMRUNQiycUlkYdEj9F
sLG5cvIHkbR6qh7Ib6k8qz3oRoV9dJ475yJeU2GAAgJKqN9AzFTHpPo5mt+esSdK
rLyN01C+9ErD80Nx/OJReaUUHXGitSDxWCB8+7fsvSUXnC85shp6zaVQbdNt1t1Z
rZ5d6sytRoQButLNHnt9uLDlGeljPJRP+hdxZrY0MCGHT4/FTyLKUJIn5VTX5M3u
sZWSHkrjuQ8ZVJC1hx340AOqT38PW6FGnSSZ2tpOH7/82waKwvG/wOwKTTgwvlwT
tR1O8g7vA2w5r8Wz/07x/HiRGsYH99pR+mtfm66uvFvo
-----END CERTIFICATE-----