Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/MFZCeirpLJ3p_39IJwtZ4b9bxqM.roa
File:                     MFZCeirpLJ3p_39IJwtZ4b9bxqM.roa (raw, json)
Hash identifier:          sWYklH25JW3yuau8qDkG1rjcHXhJqKsxFvlT77uSdqE=
Subject key identifier:   30:56:42:7A:2A:E9:2C:9D:E9:FF:7F:48:27:0B:59:E1:BF:5B:C6:A3
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348DAC4182995E21A9D6421AE6190C0
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/MFZCeirpLJ3p_39IJwtZ4b9bxqM.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48038
IP address blocks:        212.243.39.0/24 maxlen: 24
                          2001:918:ff3e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:da:c4:18:29:95:e2:1a:9d:64:21:ae:61:90:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3056427a2ae92c9de9ff7f48270b59e1bf5bc6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:37:a8:2d:13:57:df:7b:66:58:9d:e2:9c:77:
                    e9:33:30:25:4a:b8:e3:e6:dc:8d:7a:36:cb:3f:28:
                    17:4f:79:65:3e:d2:74:fa:39:62:c9:5f:f3:b8:72:
                    3e:d6:d8:05:0b:0d:19:52:3b:5c:5a:1f:b3:3e:3e:
                    fc:d1:1f:48:7a:24:82:07:a4:33:75:51:3e:a7:6b:
                    5f:54:22:b0:eb:b0:22:67:91:2d:ff:42:d8:93:41:
                    77:14:c9:cd:ab:2d:fe:86:2f:95:f3:5d:67:e3:cc:
                    aa:30:ed:a5:15:65:a7:02:18:8e:6a:28:27:ec:f4:
                    8d:eb:e3:2a:79:6d:38:72:a2:16:4d:c7:09:e9:b1:
                    b9:ce:0c:f5:e5:f8:72:91:a7:29:a9:95:84:ba:16:
                    0c:1f:31:6c:27:4c:12:38:23:d0:2f:be:09:1c:0f:
                    53:7f:7e:80:11:79:e7:52:ad:1e:95:23:b5:c8:3c:
                    8a:c2:f2:19:7c:ab:a7:1d:e8:81:72:4f:00:62:8c:
                    f5:63:0e:3a:6d:05:13:51:7e:cc:25:25:f3:74:90:
                    45:0c:79:e2:e5:d1:5c:2a:a6:13:ba:60:31:6a:9f:
                    96:44:63:22:9e:22:93:be:ac:87:d9:ea:ed:c7:3e:
                    d7:97:f8:20:1e:4e:09:84:8f:06:44:2e:cd:ea:98:
                    34:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:56:42:7A:2A:E9:2C:9D:E9:FF:7F:48:27:0B:59:E1:BF:5B:C6:A3
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/MFZCeirpLJ3p_39IJwtZ4b9bxqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.243.39.0/24
                IPv6:
                  2001:918:ff3e::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:38:b8:b2:ce:3c:2e:5f:24:6b:eb:40:bb:af:76:82:d4:5c:
         f9:f9:f1:b8:1d:dd:17:df:54:58:54:74:0d:a4:4d:04:08:ee:
         72:0b:20:f4:63:7d:7d:37:28:60:f7:ff:35:e2:da:2e:78:1f:
         96:37:e7:d8:a7:2e:32:c8:1a:3c:60:ff:43:16:0c:b5:c7:4f:
         86:c0:7d:0e:40:f3:10:1e:72:86:e4:9b:81:5a:d2:6e:73:b9:
         7b:14:b6:87:45:66:0c:94:38:5c:65:d2:80:f4:01:2c:e6:c0:
         cd:4d:53:a7:58:12:d6:bc:fe:bf:70:61:dd:9b:8e:83:33:c4:
         29:c4:28:4c:36:57:11:97:84:ad:6c:01:63:95:07:d5:5b:d5:
         55:7f:9a:02:63:c2:49:cf:8e:6f:34:87:b0:ce:ad:d4:8a:d6:
         88:e9:32:80:9f:90:b7:f9:3b:b6:08:43:4c:40:8c:7f:f4:6e:
         40:1b:56:8d:f2:9a:3e:6e:a7:e8:82:67:fe:7b:90:c4:22:02:
         46:3f:29:f8:e9:01:3d:46:b7:f2:73:22:22:f5:bd:07:82:a4:
         31:3a:ce:c8:12:67:8f:7a:d9:ba:1a:92:64:5f:51:e8:24:13:
         96:81:5f:49:98:f9:9d:52:f6:b3:69:b1:00:6d:28:3d:a1:07:
         1e:a9:a6:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSNrEGCmV4hqdZCGuYZDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU2NDI3YTJhZTkyYzlkZTlmZjdmNDgyNzBiNTllMWJmNWJjNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjeoLRNX33tmWJ3inHfpMzAlSrjj
5tyNejbLPygXT3llPtJ0+jliyV/zuHI+1tgFCw0ZUjtcWh+zPj780R9IeiSCB6Qz
dVE+p2tfVCKw67AiZ5Et/0LYk0F3FMnNqy3+hi+V811n48yqMO2lFWWnAhiOaign
7PSN6+MqeW04cqIWTccJ6bG5zgz15fhykacpqZWEuhYMHzFsJ0wSOCPQL74JHA9T
f36AEXnnUq0elSO1yDyKwvIZfKunHeiBck8AYoz1Yw46bQUTUX7MJSXzdJBFDHni
5dFcKqYTumAxap+WRGMiniKTvqyH2ertxz7Xl/ggHk4JhI8GRC7N6pg0dQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDBWQnoq6Syd6f9/SCcLWeG/W8ajMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvTUZaQ2VpcnBMSjNwXzM5SUp3dFo0YjlieHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1PMnMA8E
AgACMAkDBwAgAQkY/z4wDQYJKoZIhvcNAQELBQADggEBACg4uLLOPC5fJGvrQLuv
doLUXPn58bgd3RffVFhUdA2kTQQI7nILIPRjfX03KGD3/zXi2i54H5Y359inLjLI
Gjxg/0MWDLXHT4bAfQ5A8xAecobkm4Fa0m5zuXsUtodFZgyUOFxl0oD0ASzmwM1N
U6dYEta8/r9wYd2bjoMzxCnEKEw2VxGXhK1sAWOVB9Vb1VV/mgJjwknPjm80h7DO
rdSK1ojpMoCfkLf5O7YIQ0xAjH/0bkAbVo3ymj5up+iCZ/57kMQiAkY/KfjpAT1G
t/JzIiL1vQeCpDE6zsgSZ4962boakmRfUegkE5aBX0mY+Z1S9rNpsQBtKD2hBx6p
piA=
-----END CERTIFICATE-----