Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/MSR_7VYucX1j62nT-NuetbLNTLc.roa
File:                     MSR_7VYucX1j62nT-NuetbLNTLc.roa (raw, json)
Hash identifier:          ZH5xj+BDu5offBuaSE9ktb4RRBFrbyuDDLJ+5/t0mkI=
Subject key identifier:   31:24:7F:ED:56:2E:71:7D:63:EB:69:D3:F8:DB:9E:B5:B2:CD:4C:B7
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B6916BBD04ABF2D55241BDEF41620
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/MSR_7VYucX1j62nT-NuetbLNTLc.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136778
IP address blocks:        45.131.178.0/24 maxlen: 24
                          91.238.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:16:bb:d0:4a:bf:2d:55:24:1b:de:f4:16:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31247fed562e717d63eb69d3f8db9eb5b2cd4cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4d:5b:02:75:1f:31:0d:a3:be:39:78:09:77:
                    17:23:c8:1c:d4:d1:31:02:5e:93:8d:34:fb:12:9d:
                    9c:46:ee:78:43:88:3b:07:ad:c4:05:0b:cf:bd:dc:
                    58:63:b0:7a:10:a4:be:80:5a:04:40:36:20:69:f7:
                    c2:b9:44:be:2c:75:78:a8:b3:4c:99:2a:ed:6c:2f:
                    6a:ab:f0:88:80:84:39:35:d0:4a:a9:ac:3e:1c:4d:
                    75:42:88:c9:55:4b:50:91:0e:7e:20:12:7e:4b:b8:
                    45:5f:22:b0:d6:c3:92:cd:7f:32:ec:68:73:d9:70:
                    46:34:51:66:c2:b4:25:5a:a7:c6:c6:d5:c0:7d:21:
                    2c:31:37:47:58:88:85:ad:5a:34:5d:6f:e4:52:84:
                    63:13:35:0d:ec:97:59:12:f0:02:64:2e:d3:01:9a:
                    9d:0c:34:4b:70:8f:90:1a:12:28:8f:92:2a:f9:32:
                    cf:a0:5f:b2:07:9e:bd:57:f2:39:62:e6:46:f3:ab:
                    59:24:4b:a8:c1:41:df:ae:be:38:98:d2:de:60:75:
                    7b:99:79:9d:ce:d8:3c:69:38:53:55:6f:fb:81:75:
                    9d:ac:be:c0:c2:b8:f7:58:ef:5a:b7:11:41:f1:43:
                    23:9d:47:68:d5:1d:60:fe:c8:57:5e:c3:8d:70:89:
                    8f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:24:7F:ED:56:2E:71:7D:63:EB:69:D3:F8:DB:9E:B5:B2:CD:4C:B7
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/MSR_7VYucX1j62nT-NuetbLNTLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.178.0/24
                  91.238.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5b:ce:ee:34:ec:d1:54:e4:41:cb:87:96:ee:b5:20:70:bd:
         87:54:40:78:72:b7:4e:67:c5:d9:f9:15:cd:82:d4:79:3f:62:
         d9:3b:6a:79:13:dd:62:4d:b8:8c:9c:26:17:7f:6b:9c:89:d7:
         e8:52:ab:ad:f2:45:5e:e1:ca:8a:fc:3a:03:da:0b:dd:6a:56:
         14:9e:48:00:aa:d7:1d:14:80:b1:5f:f0:c1:45:4b:c8:7b:4e:
         1c:fa:48:83:bb:5b:5b:65:ee:67:8b:de:f4:8a:cb:c8:ce:f1:
         e7:0e:be:0f:62:01:f2:c6:7a:0c:56:a3:94:9b:74:ae:7a:80:
         44:8d:b3:ae:d0:07:64:65:c3:b0:92:03:8e:86:f8:c8:b6:87:
         77:8d:08:ca:76:b9:6b:b1:87:00:13:ac:ae:e9:00:b5:07:88:
         2e:1f:98:6c:3f:37:8d:89:7b:01:a5:a5:90:b3:c4:01:5b:fc:
         b4:64:92:6f:27:10:50:47:dc:9a:a1:5a:ea:23:bc:3f:f8:f5:
         bc:43:ec:52:2f:2c:1c:cb:4a:1f:d8:c8:d9:ac:b5:10:66:5f:
         5f:51:18:81:ad:57:80:22:d3:d1:94:42:ce:1a:05:09:92:76:
         cc:c3:92:65:69:79:0f:af:bb:95:67:f4:66:33:5d:8c:24:5f:
         f1:b1:7e:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS2kWu9BKvy1VJBve9BYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI0N2ZlZDU2MmU3MTdkNjNlYjY5ZDNmOGRiOWViNWIyY2Q0Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU1bAnUfMQ2jvjl4CXcXI8gc1NEx
Al6TjTT7Ep2cRu54Q4g7B63EBQvPvdxYY7B6EKS+gFoEQDYgaffCuUS+LHV4qLNM
mSrtbC9qq/CIgIQ5NdBKqaw+HE11QojJVUtQkQ5+IBJ+S7hFXyKw1sOSzX8y7Ghz
2XBGNFFmwrQlWqfGxtXAfSEsMTdHWIiFrVo0XW/kUoRjEzUN7JdZEvACZC7TAZqd
DDRLcI+QGhIoj5Iq+TLPoF+yB569V/I5YuZG86tZJEuowUHfrr44mNLeYHV7mXmd
ztg8aThTVW/7gXWdrL7Awrj3WO9atxFB8UMjnUdo1R1g/shXXsONcImPiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDEkf+1WLnF9Y+tp0/jbnrWyzUy3MB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvTVNSXzdWWXVjWDFqNjJuVC1OdWV0YkxOVExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYOyAwQA
W+5yMA0GCSqGSIb3DQEBCwUAA4IBAQAkW87uNOzRVORBy4eW7rUgcL2HVEB4crdO
Z8XZ+RXNgtR5P2LZO2p5E91iTbiMnCYXf2ucidfoUqut8kVe4cqK/DoD2gvdalYU
nkgAqtcdFICxX/DBRUvIe04c+kiDu1tbZe5ni970isvIzvHnDr4PYgHyxnoMVqOU
m3SueoBEjbOu0AdkZcOwkgOOhvjItod3jQjKdrlrsYcAE6yu6QC1B4guH5hsPzeN
iXsBpaWQs8QBW/y0ZJJvJxBQR9yaoVrqI7w/+PW8Q+xSLywcy0of2MjZrLUQZl9f
URiBrVeAItPRlELOGgUJknbMw5JlaXkPr7uVZ/RmM12MJF/xsX7S
-----END CERTIFICATE-----