Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/mfxHns3N7D8tkQX5Z8Xquif41D4.roa
File:                     mfxHns3N7D8tkQX5Z8Xquif41D4.roa (raw, json)
Hash identifier:          MgsKQKn9BjsLzMObrNcokLNv3bhrEwwVoXyS6/6Lyw8=
Subject key identifier:   99:FC:47:9E:CD:CD:EC:3F:2D:91:05:F9:67:C5:EA:BA:27:F8:D4:3E
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296079F7C2C3C64F7A183A38A785DF
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/mfxHns3N7D8tkQX5Z8Xquif41D4.roa
Signing time:             Tue 02 Jan 2024 12:32:38 +0000
ROA not before:           Tue 02 Jan 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207778
IP address blocks:        2a0e:8f02:2020::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:60:79:f7:c2:c3:c6:4f:7a:18:3a:38:a7:85:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99fc479ecdcdec3f2d9105f967c5eaba27f8d43e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e7:6a:e1:a1:dd:a8:e5:16:3c:1f:ac:63:74:
                    48:f2:35:39:1b:76:f9:df:84:80:45:b1:29:48:92:
                    4e:66:cd:4a:82:56:04:24:1d:61:78:02:f6:cb:9b:
                    a8:f1:5b:12:d5:56:1b:88:a3:d3:d7:e5:50:1c:08:
                    42:06:ab:c7:73:18:e9:bd:ff:8a:5a:88:19:26:dc:
                    f4:74:b7:8c:0a:3c:a9:b8:b7:a8:18:64:2b:45:61:
                    7e:8d:d8:bb:3a:b8:36:9f:71:7a:90:61:ba:60:56:
                    a6:e5:f5:db:66:37:fa:4e:33:68:35:81:74:e0:75:
                    f1:7c:4f:68:b8:69:96:89:15:a6:56:4c:01:94:8d:
                    16:95:da:89:60:5b:14:99:6d:49:ea:f3:a1:43:07:
                    9a:60:95:59:25:aa:3b:3a:e2:79:72:c2:b1:1c:5b:
                    72:04:7d:a5:c1:9e:ed:38:b1:93:d8:4a:ae:c0:ff:
                    ef:19:ad:3e:5a:bb:a6:71:44:3d:2b:70:66:39:eb:
                    5e:3b:d4:fa:9a:35:e8:09:6b:20:a0:38:17:3e:c9:
                    c5:70:ec:f3:41:b7:bc:3a:a6:8f:3b:04:89:7f:dc:
                    05:e8:93:ff:8e:b2:a8:07:af:e4:d1:43:1c:18:97:
                    dc:62:fc:f4:d2:55:6e:32:7c:71:9c:ef:82:44:ae:
                    c9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FC:47:9E:CD:CD:EC:3F:2D:91:05:F9:67:C5:EA:BA:27:F8:D4:3E
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/mfxHns3N7D8tkQX5Z8Xquif41D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2020::/44

    Signature Algorithm: sha256WithRSAEncryption
         2c:a5:fc:1d:a2:f6:45:61:5b:2b:28:2d:0f:a4:b4:d2:0c:98:
         d6:ea:76:5a:6b:86:bf:ef:f0:7f:23:70:45:af:81:a1:e1:ef:
         8d:8c:6a:44:ad:08:96:3c:74:5a:0b:0a:5b:6b:03:a4:39:89:
         86:90:36:15:71:6a:f0:3b:d1:cd:42:c6:06:f4:9c:27:3d:d3:
         3c:1c:68:32:70:aa:a6:cd:20:3b:58:df:f8:cd:d6:92:2d:b8:
         2c:10:22:1b:48:eb:6b:79:c0:0e:95:0e:e7:c8:d1:c7:ae:fa:
         33:28:64:24:ed:1c:0b:d2:0a:4c:dc:75:a9:13:0d:aa:82:dc:
         57:ee:4d:74:e3:09:cc:3b:35:68:87:71:c7:98:e4:f6:f9:47:
         03:74:5e:31:c5:f8:b9:02:56:26:6a:13:f1:0e:5e:15:ad:b3:
         eb:12:59:1c:fc:0e:f1:ef:76:71:38:33:ed:99:a0:f0:f9:c8:
         bd:9a:2b:fa:35:0a:d9:5d:ec:59:bb:aa:5c:11:d0:23:27:ca:
         b7:9b:38:e0:a3:4a:9e:6d:80:ec:76:fa:84:ab:1f:0f:af:e1:
         69:51:c6:36:c2:ed:df:3a:6a:aa:06:b3:d3:54:58:d0:89:b1:
         fd:4d:7e:9c:b2:a5:cd:77:fb:7f:09:b2:63:fe:58:d8:b6:26:
         40:89:9a:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWB598LDxk96GDo4p4XfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZjNDc5ZWNkY2RlYzNmMmQ5MTA1Zjk2N2M1ZWFiYTI3ZjhkNDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOdq4aHdqOUWPB+sY3RI8jU5G3b5
34SARbEpSJJOZs1KglYEJB1heAL2y5uo8VsS1VYbiKPT1+VQHAhCBqvHcxjpvf+K
WogZJtz0dLeMCjypuLeoGGQrRWF+jdi7Org2n3F6kGG6YFam5fXbZjf6TjNoNYF0
4HXxfE9ouGmWiRWmVkwBlI0WldqJYFsUmW1J6vOhQweaYJVZJao7OuJ5csKxHFty
BH2lwZ7tOLGT2EquwP/vGa0+WrumcUQ9K3BmOeteO9T6mjXoCWsgoDgXPsnFcOzz
Qbe8OqaPOwSJf9wF6JP/jrKoB6/k0UMcGJfcYvz00lVuMnxxnO+CRK7J3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJn8R57Nzew/LZEF+WfF6ron+NQ+MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbWZ4SG5zM043RDh0a1FYNVo4WHF1aWY0MUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAspfwdovZFYVsrKC0PpLTSDJjW6nZaa4a/7/B/
I3BFr4Gh4e+NjGpErQiWPHRaCwpbawOkOYmGkDYVcWrwO9HNQsYG9JwnPdM8HGgy
cKqmzSA7WN/4zdaSLbgsECIbSOtrecAOlQ7nyNHHrvozKGQk7RwL0gpM3HWpEw2q
gtxX7k104wnMOzVoh3HHmOT2+UcDdF4xxfi5AlYmahPxDl4VrbPrElkc/A7x73Zx
ODPtmaDw+ci9miv6NQrZXexZu6pcEdAjJ8q3mzjgo0qebYDsdvqEqx8Pr+FpUcY2
wu3fOmqqBrPTVFjQibH9TX6csqXNd/t/CbJj/ljYtiZAiZpQ
-----END CERTIFICATE-----