Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/mv8cAQ2yrHxJZaxoHDWi9hlUa2c.roa
File:                     mv8cAQ2yrHxJZaxoHDWi9hlUa2c.roa (raw, json)
Hash identifier:          4wKagaVLjQ0wBjKo3XzJzls88RB7QBbcHsE6XL2PecQ=
Subject key identifier:   9A:FF:1C:01:0D:B2:AC:7C:49:65:AC:68:1C:35:A2:F6:19:54:6B:67
Certificate issuer:       /CN=d356ae625d9506df4a3e577b24a86fce3c73a8f8
Certificate serial:       018CC26D1F2494CEEF4288CC2C4B6B092A96
Authority key identifier: D3:56:AE:62:5D:95:06:DF:4A:3E:57:7B:24:A8:6F:CE:3C:73:A8:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/mv8cAQ2yrHxJZaxoHDWi9hlUa2c.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39590
IP address blocks:        109.105.124.0/22 maxlen: 24
                          2001:948:40::/42 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 01:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1f:24:94:ce:ef:42:88:cc:2c:4b:6b:09:2a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d356ae625d9506df4a3e577b24a86fce3c73a8f8
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aff1c010db2ac7c4965ac681c35a2f619546b67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ab:67:dd:55:59:d6:da:a4:b3:50:c4:78:fc:
                    2d:6a:9b:f5:f8:20:75:0a:e2:c0:72:92:3d:e9:7c:
                    7d:fe:d5:4b:5b:ad:35:8f:af:77:8e:e0:64:64:1b:
                    e0:0c:d5:45:8a:99:7a:0b:fa:5d:70:8d:50:57:3f:
                    b5:ed:aa:52:2b:64:7d:0b:d1:96:04:55:6b:ad:11:
                    df:70:5d:5d:34:18:b3:fe:39:f4:fc:b3:52:3b:ea:
                    5d:3c:87:6d:6b:49:46:00:02:03:12:df:5e:8d:19:
                    14:f1:2c:8a:87:af:85:de:c2:f3:6d:f1:95:86:30:
                    51:4b:5b:9c:0b:44:4c:32:76:db:4d:af:35:5c:cf:
                    53:cc:12:8f:5f:a3:1c:e3:e9:31:ea:e8:19:55:b6:
                    85:ad:04:7f:73:f4:02:30:63:d9:dd:af:b2:14:22:
                    9f:d3:51:f8:bb:f1:0d:b5:95:ee:0e:3f:cf:14:e2:
                    75:fe:a7:8b:15:d1:a2:f4:b1:d9:51:37:02:ab:e7:
                    af:71:c3:3d:d9:a0:ff:93:6d:b7:26:d8:35:ff:7f:
                    a0:37:e3:61:0a:00:6f:d9:5f:10:76:fc:41:35:e7:
                    01:b2:a4:67:ca:b3:6c:f2:c7:84:2b:c2:b6:af:8c:
                    17:d5:55:40:a8:4e:96:0d:a1:c5:e4:96:79:25:8b:
                    97:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:FF:1C:01:0D:B2:AC:7C:49:65:AC:68:1C:35:A2:F6:19:54:6B:67
            X509v3 Authority Key Identifier:
                keyid:D3:56:AE:62:5D:95:06:DF:4A:3E:57:7B:24:A8:6F:CE:3C:73:A8:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/mv8cAQ2yrHxJZaxoHDWi9hlUa2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.124.0/22
                IPv6:
                  2001:948:40::/42

    Signature Algorithm: sha256WithRSAEncryption
         7e:10:9c:b5:a3:97:5c:5b:31:4c:0c:4c:1c:43:a7:b0:fd:83:
         a2:e6:3e:d2:2f:5d:35:70:38:ca:b6:5a:e3:57:36:28:19:b0:
         f0:cd:fc:64:4d:7f:65:1c:b5:03:d2:1d:25:98:52:29:dd:82:
         24:3c:14:ef:84:4c:26:bc:90:8a:76:78:5c:a1:d3:d4:d6:94:
         e5:b2:90:cc:c4:c6:e4:ad:07:f0:fe:d5:e8:d7:ae:d0:98:30:
         b4:82:ae:c4:32:08:61:f1:d5:f9:de:e3:d0:2a:b1:d5:fb:c0:
         c2:9b:3f:4f:f7:b9:f8:17:0f:23:d8:52:1f:33:2e:fe:a3:4a:
         d0:1c:36:6a:5c:a5:3b:9d:4c:8c:c1:22:61:02:6b:1b:d0:41:
         ce:8f:38:4a:1f:c2:24:98:67:5c:b3:f7:e3:90:a8:fa:98:31:
         63:b1:80:87:06:42:84:6c:15:90:2f:52:df:74:d3:1e:33:60:
         09:f8:25:68:62:ed:ac:41:60:b1:ab:d8:d5:2d:b3:4b:d9:68:
         ad:ba:92:2b:ad:be:cd:dc:f0:0f:01:e8:30:f9:ea:44:1a:a6:
         46:7c:b0:80:87:d1:f9:80:65:78:44:c8:6f:6c:66:7f:a7:74:
         1a:c3:e4:db:22:45:c5:d9:0b:43:8a:ac:0d:bd:58:b1:87:97:
         89:8b:a3:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbR8klM7vQojMLEtrCSqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTZhZTYyNWQ5NTA2ZGY0YTNlNTc3YjI0YTg2ZmNlM2M3
M2E4ZjgwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWZmMWMwMTBkYjJhYzdjNDk2NWFjNjgxYzM1YTJmNjE5NTQ2YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhatn3VVZ1tqks1DEePwtapv1+CB1
CuLAcpI96Xx9/tVLW601j693juBkZBvgDNVFipl6C/pdcI1QVz+17apSK2R9C9GW
BFVrrRHfcF1dNBiz/jn0/LNSO+pdPIdta0lGAAIDEt9ejRkU8SyKh6+F3sLzbfGV
hjBRS1ucC0RMMnbbTa81XM9TzBKPX6Mc4+kx6ugZVbaFrQR/c/QCMGPZ3a+yFCKf
01H4u/ENtZXuDj/PFOJ1/qeLFdGi9LHZUTcCq+evccM92aD/k223Jtg1/3+gN+Nh
CgBv2V8QdvxBNecBsqRnyrNs8seEK8K2r4wX1VVAqE6WDaHF5JZ5JYuXTQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJr/HAENsqx8SWWsaBw1ovYZVGtnMB8GA1UdIwQY
MBaAFNNWrmJdlQbfSj5XeySob848c6j4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFhdVlsMlZCdDlLUGxkN0pLaHZ6anh6cVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83YTY1NDUtNTI3Ny00MGYzLWIzNjYt
MmVhODdlNmVhMmEwLzEvbXY4Y0FRMnlySHhKWmF4b0hEV2k5aGxVYTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83YTY1NDUtNTI3Ny00MGYzLWIzNjYtMmVhODdlNmVhMmEw
LzEvMDFhdVlsMlZCdDlLUGxkN0pLaHZ6anh6cVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCbWl8MA8E
AgACMAkDBwYgAQlIAEAwDQYJKoZIhvcNAQELBQADggEBAH4QnLWjl1xbMUwMTBxD
p7D9g6LmPtIvXTVwOMq2WuNXNigZsPDN/GRNf2UctQPSHSWYUindgiQ8FO+ETCa8
kIp2eFyh09TWlOWykMzExuStB/D+1ejXrtCYMLSCrsQyCGHx1fne49AqsdX7wMKb
P0/3ufgXDyPYUh8zLv6jStAcNmpcpTudTIzBImECaxvQQc6POEofwiSYZ1yz9+OQ
qPqYMWOxgIcGQoRsFZAvUt900x4zYAn4JWhi7axBYLGr2NUts0vZaK26kiutvs3c
8A8B6DD56kQapkZ8sICH0fmAZXhEyG9sZn+ndBrD5NsiRcXZC0OKrA29WLGHl4mL
o0A=
-----END CERTIFICATE-----