Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/MfyrWdrwgVDlSIfJqAbAiVj-Xzw.roa
File:                     MfyrWdrwgVDlSIfJqAbAiVj-Xzw.roa (raw, json)
Hash identifier:          mCAAn5k/s90DUjpzdtSCdyyzGZnO64KosNEF8qM1Rtk=
Subject key identifier:   31:FC:AB:59:DA:F0:81:50:E5:48:87:C9:A8:06:C0:89:58:FE:5F:3C
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       018CC4253775DD354215AAA363121EE4E7EB
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/MfyrWdrwgVDlSIfJqAbAiVj-Xzw.roa
Signing time:             Mon 01 Jan 2024 08:30:22 +0000
ROA not before:           Mon 01 Jan 2024 08:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203172
IP address blocks:        185.188.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:37:75:dd:35:42:15:aa:a3:63:12:1e:e4:e7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Jan  1 08:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31fcab59daf08150e54887c9a806c08958fe5f3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:06:ce:cf:7f:df:27:1f:06:a4:28:86:e1:b3:
                    00:93:a1:8a:62:28:3c:1a:3a:29:24:9a:dc:1a:e0:
                    0e:84:76:03:11:fb:02:ca:ed:f6:a1:d2:99:97:c1:
                    34:75:34:c6:cf:68:ee:a0:c9:0a:b6:18:cb:99:db:
                    40:c2:37:3d:94:b9:dd:6e:b1:50:79:04:49:61:02:
                    4c:6b:4d:24:d3:70:32:8e:f4:4b:ae:86:1a:bf:73:
                    db:bc:f9:85:d6:11:80:6a:f3:94:89:d3:cd:ae:1a:
                    68:e8:56:c3:e3:05:13:31:1f:be:a7:98:38:e7:a3:
                    9e:5d:20:76:29:15:05:37:b1:01:ff:2b:6f:8a:90:
                    52:4c:62:d0:04:d1:c8:e8:c9:f2:ba:08:f4:bb:5a:
                    dc:2f:a5:2f:2b:16:d6:55:8f:28:f0:a0:94:27:40:
                    a0:07:52:2f:83:76:4e:5d:d9:7c:30:f3:00:4a:5f:
                    c4:cd:a1:69:9d:df:c9:f0:de:1a:00:1a:bc:08:ee:
                    bf:73:09:1e:44:85:aa:22:be:71:d0:49:31:15:62:
                    b0:e9:94:8b:51:dd:8d:2e:15:35:33:5a:ef:8b:77:
                    41:d3:db:a7:ff:a4:3e:16:0f:ac:f8:4f:e2:74:0d:
                    96:24:d9:dd:1d:88:ee:74:d5:9d:0d:1f:d7:ee:34:
                    9c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:FC:AB:59:DA:F0:81:50:E5:48:87:C9:A8:06:C0:89:58:FE:5F:3C
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/MfyrWdrwgVDlSIfJqAbAiVj-Xzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:7b:0c:2a:59:2f:fa:31:54:80:e6:ca:15:a7:4b:89:0f:3a:
         df:9d:88:2c:41:dc:67:18:fe:54:75:2a:2b:e9:10:c2:df:7f:
         1a:bd:ca:77:be:84:0f:08:f5:19:25:f2:1f:55:90:a1:51:01:
         04:0e:fe:a4:23:1b:33:b6:c6:5c:bb:6c:8e:dd:8b:b7:2b:8b:
         34:3a:50:7f:ee:73:69:ce:e0:db:37:8f:3d:cb:62:17:28:3d:
         fe:35:40:34:e6:70:52:c9:08:3f:24:bd:29:5e:ed:f4:2b:8c:
         82:f8:f2:41:20:84:dc:24:07:c9:d1:8e:c0:83:f0:e5:08:25:
         35:76:56:ce:b9:40:ce:3d:f0:e1:0c:2c:40:08:d7:88:6e:49:
         d8:ec:18:3a:86:53:4a:11:5d:f8:00:49:8b:a4:2b:72:1f:a3:
         84:cc:c5:1f:86:62:eb:23:b7:d3:65:f4:60:a0:9e:2d:cb:e6:
         65:f0:88:7a:44:28:ae:68:6a:28:95:fc:f0:93:ff:20:a7:70:
         e0:b7:61:79:f8:03:12:19:49:93:36:b5:2f:00:d4:c0:d8:cf:
         d9:22:9e:0a:cb:8f:ef:56:01:bb:1b:4e:85:0a:f1:4d:23:5c:
         92:f2:ac:85:4a:86:d8:ba:e3:37:c8:d7:4b:56:22:59:43:2a:
         aa:91:59:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTd13TVCFaqjYxIe5OfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjQwMTAxMDgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWZjYWI1OWRhZjA4MTUwZTU0ODg3YzlhODA2YzA4OTU4ZmU1ZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngbOz3/fJx8GpCiG4bMAk6GKYig8
GjopJJrcGuAOhHYDEfsCyu32odKZl8E0dTTGz2juoMkKthjLmdtAwjc9lLndbrFQ
eQRJYQJMa00k03AyjvRLroYav3PbvPmF1hGAavOUidPNrhpo6FbD4wUTMR++p5g4
56OeXSB2KRUFN7EB/ytvipBSTGLQBNHI6Mnyugj0u1rcL6UvKxbWVY8o8KCUJ0Cg
B1Ivg3ZOXdl8MPMASl/EzaFpnd/J8N4aABq8CO6/cwkeRIWqIr5x0EkxFWKw6ZSL
Ud2NLhU1M1rvi3dB09un/6Q+Fg+s+E/idA2WJNndHYjudNWdDR/X7jSc4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDH8q1na8IFQ5UiHyagGwIlY/l88MB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvTWZ5cldkcndnVkRsU0lmSnFBYkFpVmotWHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubyPMA0G
CSqGSIb3DQEBCwUAA4IBAQAEewwqWS/6MVSA5soVp0uJDzrfnYgsQdxnGP5UdSor
6RDC338avcp3voQPCPUZJfIfVZChUQEEDv6kIxsztsZcu2yO3Yu3K4s0OlB/7nNp
zuDbN489y2IXKD3+NUA05nBSyQg/JL0pXu30K4yC+PJBIITcJAfJ0Y7Ag/DlCCU1
dlbOuUDOPfDhDCxACNeIbknY7Bg6hlNKEV34AEmLpCtyH6OEzMUfhmLrI7fTZfRg
oJ4ty+Zl8Ih6RCiuaGoolfzwk/8gp3Dgt2F5+AMSGUmTNrUvANTA2M/ZIp4Ky4/v
VgG7G06FCvFNI1yS8qyFSobYuuM3yNdLViJZQyqqkVn5
-----END CERTIFICATE-----