Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mhgn-PeTvBQItZ11Y13-Ltwmv-Y.roa
File:                     mhgn-PeTvBQItZ11Y13-Ltwmv-Y.roa (raw, json)
Hash identifier:          jk7B8GrsMDr25HV/334Zyzb2ynx+BYJgKdIbeGvsdKU=
Subject key identifier:   9A:18:27:F8:F7:93:BC:14:08:B5:9D:75:63:5D:FE:2E:DC:26:BF:E6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017140D279CBBDBCD8B0BDB55BB883
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mhgn-PeTvBQItZ11Y13-Ltwmv-Y.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210469
IP address blocks:        2a0c:b641:580::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:40:d2:79:cb:bd:bc:d8:b0:bd:b5:5b:b8:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a1827f8f793bc1408b59d75635dfe2edc26bfe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:38:3f:db:f5:e4:68:e2:da:c4:b7:17:a1:f1:
                    5a:d3:d6:6c:9e:fb:54:98:1b:14:06:43:da:da:70:
                    8f:a6:bb:16:c5:cb:76:17:8e:37:14:65:7c:b1:58:
                    6a:3c:79:30:91:1a:97:cf:39:ab:85:6d:c0:ee:2f:
                    b1:25:b8:f3:f2:17:d9:d0:50:d3:b9:ea:13:0c:50:
                    60:04:37:15:ca:f8:f1:84:eb:b2:e4:2a:d5:e7:5f:
                    03:6b:4b:18:e7:4f:fc:cc:b9:91:9a:ed:6d:0a:74:
                    5a:e9:f1:93:46:ba:74:cd:36:ee:0b:07:c8:6e:50:
                    d9:2c:f5:a0:05:8f:23:7a:48:ce:e1:c5:5b:01:a4:
                    97:83:59:ee:70:83:15:91:7c:63:54:27:30:f8:2b:
                    f2:4a:71:cd:62:85:29:0d:ad:9d:81:b8:61:f2:b2:
                    00:cc:14:99:0c:4a:d6:1b:b5:87:ee:3f:26:af:cc:
                    51:20:95:ec:3d:72:90:cb:cd:80:23:c7:d7:03:97:
                    78:1a:48:93:c4:c5:a1:61:7e:08:20:ed:6d:9e:a4:
                    c1:5c:bd:64:4c:9e:ea:5a:20:8b:a1:3f:63:66:02:
                    6d:89:ed:5b:f4:6d:0e:75:02:3f:81:d3:9b:52:ea:
                    ef:e8:5d:cd:14:22:f3:66:62:a2:b8:4a:bd:f5:ae:
                    73:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:18:27:F8:F7:93:BC:14:08:B5:9D:75:63:5D:FE:2E:DC:26:BF:E6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mhgn-PeTvBQItZ11Y13-Ltwmv-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:580::/44

    Signature Algorithm: sha256WithRSAEncryption
         9f:dd:09:87:0f:4f:9b:2f:14:3a:a3:ca:74:65:aa:00:bc:5b:
         90:7c:0e:eb:17:bc:cd:d0:3b:74:c5:47:38:7e:8a:2d:d7:c1:
         4e:69:b1:f7:78:76:f1:c7:61:c7:11:97:dc:e8:77:55:86:82:
         ab:94:0c:a1:ff:99:44:97:a1:29:92:be:dc:d5:f8:b5:4c:8b:
         64:72:10:17:33:56:3f:69:2e:87:f4:a7:c4:9e:a7:60:44:a4:
         a7:21:1a:57:ae:77:ed:44:f5:3c:73:b7:d8:0b:9a:c2:1c:f8:
         4b:4c:e1:d3:89:56:7a:31:b9:33:6f:80:9b:9a:5c:f6:2d:cc:
         ec:73:0b:5d:92:e5:64:ec:c7:71:1b:61:2f:9f:f2:c6:27:6f:
         ad:e6:8e:2a:47:60:46:bf:5c:22:5b:3c:6d:ac:61:8b:4d:76:
         b2:af:83:c3:f9:c8:07:66:6f:9f:43:2b:62:9e:b7:c5:9f:6d:
         58:31:f9:17:da:02:a3:b2:dc:3b:31:c0:ac:83:9b:66:a2:81:
         7a:01:3e:d5:3b:4c:c4:ca:a7:90:fb:dd:b7:f2:ca:1f:91:7c:
         7c:5a:d7:09:e6:c5:96:96:1b:9c:af:c9:c7:af:0b:7d:be:76:
         9a:94:e4:e8:ce:52:b1:80:a7:bd:62:da:a6:86:c5:3d:b5:8a:
         ef:bd:17:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXFA0nnLvbzYsL21W7iDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTE4MjdmOGY3OTNiYzE0MDhiNTlkNzU2MzVkZmUyZWRjMjZiZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjg/2/XkaOLaxLcXofFa09ZsnvtU
mBsUBkPa2nCPprsWxct2F443FGV8sVhqPHkwkRqXzzmrhW3A7i+xJbjz8hfZ0FDT
ueoTDFBgBDcVyvjxhOuy5CrV518Da0sY50/8zLmRmu1tCnRa6fGTRrp0zTbuCwfI
blDZLPWgBY8jekjO4cVbAaSXg1nucIMVkXxjVCcw+CvySnHNYoUpDa2dgbhh8rIA
zBSZDErWG7WH7j8mr8xRIJXsPXKQy82AI8fXA5d4GkiTxMWhYX4IIO1tnqTBXL1k
TJ7qWiCLoT9jZgJtie1b9G0OdQI/gdObUurv6F3NFCLzZmKiuEq99a5zXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJoYJ/j3k7wUCLWddWNd/i7cJr/mMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbWhnbi1QZVR2QlFJdFoxMVkxMy1MdHdtdi1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWA
MA0GCSqGSIb3DQEBCwUAA4IBAQCf3QmHD0+bLxQ6o8p0ZaoAvFuQfA7rF7zN0Dt0
xUc4foot18FOabH3eHbxx2HHEZfc6HdVhoKrlAyh/5lEl6Epkr7c1fi1TItkchAX
M1Y/aS6H9KfEnqdgRKSnIRpXrnftRPU8c7fYC5rCHPhLTOHTiVZ6Mbkzb4Cbmlz2
LczscwtdkuVk7MdxG2Evn/LGJ2+t5o4qR2BGv1wiWzxtrGGLTXayr4PD+cgHZm+f
QytinrfFn21YMfkX2gKjstw7McCsg5tmooF6AT7VO0zEyqeQ+9238sofkXx8WtcJ
5sWWlhucr8nHrwt9vnaalOTozlKxgKe9YtqmhsU9tYrvvRdb
-----END CERTIFICATE-----