Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/MwHfLJ9Q5bBSy-aM9QY_04WjN3Y.roa
File:                     MwHfLJ9Q5bBSy-aM9QY_04WjN3Y.roa (raw, json)
Hash identifier:          h6+1OppKAOcB8uPRzEXa5LdH6WcKnQwjGLqsT2EpuOc=
Subject key identifier:   33:01:DF:2C:9F:50:E5:B0:52:CB:E6:8C:F5:06:3F:D3:85:A3:37:76
Certificate issuer:       /CN=10771dd7dea22e35fdaf19b51b839f43721270ba
Certificate serial:       018DF4D139B531C2D3271671D01308B67AF5
Authority key identifier: 10:77:1D:D7:DE:A2:2E:35:FD:AF:19:B5:1B:83:9F:43:72:12:70:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHcd196iLjX9rxm1G4OfQ3IScLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/MwHfLJ9Q5bBSy-aM9QY_04WjN3Y.roa
Signing time:             Thu 29 Feb 2024 12:22:48 +0000
ROA not before:           Thu 29 Feb 2024 12:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        212.146.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/EHcd196iLjX9rxm1G4OfQ3IScLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/EHcd196iLjX9rxm1G4OfQ3IScLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHcd196iLjX9rxm1G4OfQ3IScLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:d1:39:b5:31:c2:d3:27:16:71:d0:13:08:b6:7a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10771dd7dea22e35fdaf19b51b839f43721270ba
        Validity
            Not Before: Feb 29 12:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3301df2c9f50e5b052cbe68cf5063fd385a33776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:57:ef:da:0a:b0:03:93:fd:0d:cf:54:78:7c:
                    0d:19:7e:01:9c:57:d1:08:a1:8a:30:b3:d4:71:b8:
                    2b:22:01:28:8f:d0:77:00:c8:6c:17:69:a4:cd:8c:
                    e2:e9:e4:0f:a3:f9:fc:51:4d:e7:0f:5e:79:d0:7d:
                    86:26:16:b5:1e:d2:37:8e:7f:59:25:db:61:3b:1c:
                    91:ca:d1:dc:ac:42:63:65:9c:bd:80:24:75:90:c2:
                    fb:32:eb:76:ff:52:26:c2:07:24:3e:2b:f7:27:4e:
                    b8:fd:e9:6e:a2:75:14:d2:7a:af:71:82:45:be:0d:
                    f2:87:fd:60:c6:04:db:6f:a4:7d:d6:86:a2:70:03:
                    82:60:b5:6c:d0:2d:71:74:f3:e4:04:a3:11:1b:b6:
                    d9:64:ae:a3:cf:67:d1:b9:a0:c2:ed:91:bb:dd:e8:
                    7b:1e:9d:e2:4f:18:2a:b5:fd:82:21:a1:63:71:4b:
                    ad:04:4a:41:37:af:ef:2e:5f:53:97:19:18:6e:41:
                    ff:c6:1b:d9:39:fc:11:34:4d:2b:56:64:e1:07:67:
                    8e:0c:9f:d8:0c:18:de:c6:a5:0c:e1:12:a7:71:50:
                    1a:88:8f:71:dd:b2:4a:d3:40:ad:ee:11:bd:af:36:
                    c4:77:11:5e:38:9a:fd:0a:85:8d:54:ab:33:a9:f2:
                    33:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:01:DF:2C:9F:50:E5:B0:52:CB:E6:8C:F5:06:3F:D3:85:A3:37:76
            X509v3 Authority Key Identifier:
                keyid:10:77:1D:D7:DE:A2:2E:35:FD:AF:19:B5:1B:83:9F:43:72:12:70:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHcd196iLjX9rxm1G4OfQ3IScLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/MwHfLJ9Q5bBSy-aM9QY_04WjN3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/75148a-e40e-409f-8a0b-da851a715fa4/1/EHcd196iLjX9rxm1G4OfQ3IScLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.146.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:d6:53:1d:84:d5:6f:6b:d6:ac:e3:84:6b:1d:ca:73:e5:2b:
         61:14:d7:e8:28:f7:0e:d2:c8:5f:93:94:2d:e2:66:ce:ca:bb:
         06:6b:27:e0:e1:a0:2d:c5:de:ac:e0:d7:81:5d:8f:60:58:12:
         08:b2:6d:90:48:08:b1:42:f9:65:3e:bf:62:e0:07:72:fb:2a:
         61:c0:79:0b:44:f3:27:8f:be:2f:33:90:36:d7:2e:ea:0c:47:
         83:e6:f8:7f:2a:c0:33:a9:bb:30:ee:3d:55:8a:e7:dc:f4:80:
         3d:fa:fc:29:82:ef:8c:50:25:16:15:4a:bc:e8:95:65:1f:8b:
         c0:19:43:3a:d4:8e:7e:b1:c2:6a:c5:70:b3:f8:6e:d9:af:9a:
         18:9c:c7:f9:54:3a:18:eb:da:c2:b5:69:b9:91:38:17:8d:f2:
         d8:7e:ac:46:ac:eb:cf:71:db:49:d7:90:85:a5:94:10:f6:ad:
         cc:6f:f0:c6:a2:b8:a9:02:df:cd:b5:32:89:61:a3:5a:c4:07:
         71:61:cd:9c:30:0a:15:bb:4f:be:f9:2c:45:3a:9d:55:a3:dd:
         6f:78:7c:49:80:b4:ed:70:51:19:c2:71:69:82:af:78:3f:f8:
         ad:84:b5:ab:bb:00:7e:53:bc:f8:14:d0:66:a2:e5:d0:e2:84:
         e6:6d:18:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY300Tm1McLTJxZx0BMItnr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzcxZGQ3ZGVhMjJlMzVmZGFmMTliNTFiODM5ZjQzNzIx
MjcwYmEwHhcNMjQwMjI5MTIyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzAxZGYyYzlmNTBlNWIwNTJjYmU2OGNmNTA2M2ZkMzg1YTMzNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlfv2gqwA5P9Dc9UeHwNGX4BnFfR
CKGKMLPUcbgrIgEoj9B3AMhsF2mkzYzi6eQPo/n8UU3nD1550H2GJha1HtI3jn9Z
JdthOxyRytHcrEJjZZy9gCR1kML7Mut2/1ImwgckPiv3J064/eluonUU0nqvcYJF
vg3yh/1gxgTbb6R91oaicAOCYLVs0C1xdPPkBKMRG7bZZK6jz2fRuaDC7ZG73eh7
Hp3iTxgqtf2CIaFjcUutBEpBN6/vLl9TlxkYbkH/xhvZOfwRNE0rVmThB2eODJ/Y
DBjexqUM4RKncVAaiI9x3bJK00Ct7hG9rzbEdxFeOJr9CoWNVKszqfIzrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMB3yyfUOWwUsvmjPUGP9OFozd2MB8GA1UdIwQY
MBaAFBB3Hdfeoi41/a8ZtRuDn0NyEnC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhjZDE5NmlMalg5cnhtMUc0T2ZRM0lTY0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy83NTE0OGEtZTQwZS00MDlmLThhMGIt
ZGE4NTFhNzE1ZmE0LzEvTXdIZkxKOVE1YkJTeS1hTTlRWV8wNFdqTjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy83NTE0OGEtZTQwZS00MDlmLThhMGItZGE4NTFhNzE1ZmE0
LzEvRUhjZDE5NmlMalg5cnhtMUc0T2ZRM0lTY0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1JKGMA0G
CSqGSIb3DQEBCwUAA4IBAQBX1lMdhNVva9as44RrHcpz5SthFNfoKPcO0shfk5Qt
4mbOyrsGayfg4aAtxd6s4NeBXY9gWBIIsm2QSAixQvllPr9i4Ady+yphwHkLRPMn
j74vM5A21y7qDEeD5vh/KsAzqbsw7j1Viufc9IA9+vwpgu+MUCUWFUq86JVlH4vA
GUM61I5+scJqxXCz+G7Zr5oYnMf5VDoY69rCtWm5kTgXjfLYfqxGrOvPcdtJ15CF
pZQQ9q3Mb/DGoripAt/NtTKJYaNaxAdxYc2cMAoVu0+++SxFOp1Vo91veHxJgLTt
cFEZwnFpgq94P/ithLWruwB+U7z4FNBmouXQ4oTmbRhY
-----END CERTIFICATE-----