Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Mo2B_g5f2F1BvdsID4Sk9tLf4HE.roa
File:                     Mo2B_g5f2F1BvdsID4Sk9tLf4HE.roa (raw, json)
Hash identifier:          MGMqR8K6iovrnkZXVYbykix02m5sG4vME8e13xKoKp8=
Subject key identifier:   32:8D:81:FE:0E:5F:D8:5D:41:BD:DB:08:0F:84:A4:F6:D2:DF:E0:71
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D5C79837890AA5F9FD9F87531B0D
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Mo2B_g5f2F1BvdsID4Sk9tLf4HE.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24949
IP address blocks:        194.209.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d5:c7:98:37:89:0a:a5:f9:fd:9f:87:53:1b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=328d81fe0e5fd85d41bddb080f84a4f6d2dfe071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:38:1e:b6:1f:5d:af:f7:fb:c1:e1:6f:c8:5e:
                    f6:10:c7:f7:c2:d7:81:4f:cd:1c:9d:c2:ed:4c:bb:
                    fe:ce:8a:bd:9b:27:4a:d2:ee:85:09:c7:52:40:a6:
                    34:6e:bf:d9:f1:41:38:9f:49:9f:44:ab:0d:0e:1c:
                    c9:da:9b:f6:cc:d7:bc:38:81:a6:80:a1:f5:34:75:
                    68:81:83:33:83:47:84:42:ce:25:95:80:90:8f:87:
                    b4:53:f8:e8:cf:6c:d7:a8:80:c4:0d:15:b8:a8:79:
                    7f:5b:85:ca:e4:b0:8e:be:00:ae:b3:ad:58:bd:1a:
                    bd:ce:24:ed:dc:a7:e9:b8:9a:54:58:19:20:cd:8f:
                    39:eb:03:e9:01:73:76:5a:2b:b1:85:6b:7e:41:f8:
                    70:1b:5c:49:7c:97:05:3b:16:fb:cd:f9:95:8c:6c:
                    24:a8:81:7c:76:1e:d6:a2:0e:eb:63:00:d5:ae:46:
                    56:18:0b:28:d3:e2:d9:40:60:a6:16:56:a5:f6:61:
                    b8:27:60:04:ce:95:19:d1:4b:b0:0a:85:66:36:82:
                    26:68:2a:e1:43:e0:64:fe:c3:67:8a:5f:0c:c5:12:
                    f9:ff:bd:cd:c2:60:f1:f9:36:d3:15:d0:e5:a8:78:
                    c9:34:d0:fe:28:d2:38:4b:ad:92:f1:ad:10:cc:99:
                    cd:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8D:81:FE:0E:5F:D8:5D:41:BD:DB:08:0F:84:A4:F6:D2:DF:E0:71
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Mo2B_g5f2F1BvdsID4Sk9tLf4HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:b5:96:a3:c2:75:11:e2:bd:f4:54:e7:47:3c:c0:56:e9:80:
         6a:83:a2:9a:76:67:a6:98:7d:23:a6:fc:1d:61:53:81:73:bb:
         ed:1d:2e:27:d4:31:ba:0e:ba:6f:49:1c:09:a0:1f:db:ac:35:
         47:48:15:83:4b:8c:54:72:45:6e:94:b1:3c:b2:6d:e0:2d:47:
         25:85:63:39:1d:0e:fb:dc:c5:3a:82:3b:2b:8a:e5:89:4b:1e:
         19:1a:25:2a:25:3a:3a:09:ba:05:3f:99:f6:4d:11:76:27:a5:
         f5:58:e8:ed:76:e8:02:d9:db:f7:19:8c:73:89:36:fc:d9:e8:
         ba:21:3a:96:ca:7b:02:17:f3:15:a3:ed:00:b2:8e:58:3b:df:
         e2:8c:52:29:04:8e:ef:d4:89:c5:59:8b:c5:a3:f6:a8:ce:8c:
         7c:cf:d0:f8:a9:d7:e9:be:db:84:1b:ba:e3:17:30:70:ac:79:
         03:0f:b6:82:74:fc:f5:7c:de:24:d9:9b:24:3b:99:a0:9a:d7:
         eb:82:32:8d:7c:40:1f:1b:27:2e:db:fb:68:86:c4:44:35:c4:
         12:ed:cd:d9:3e:1a:45:e5:af:cc:b3:b5:ec:4c:89:9c:52:30:
         6f:ea:a0:a8:7f:5d:9d:5e:8d:a2:da:72:0a:3d:35:7e:1a:82:
         b2:99:10:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNXHmDeJCqX5/Z+HUxsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjhkODFmZTBlNWZkODVkNDFiZGRiMDgwZjg0YTRmNmQyZGZlMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDgeth9dr/f7weFvyF72EMf3wteB
T80cncLtTLv+zoq9mydK0u6FCcdSQKY0br/Z8UE4n0mfRKsNDhzJ2pv2zNe8OIGm
gKH1NHVogYMzg0eEQs4llYCQj4e0U/joz2zXqIDEDRW4qHl/W4XK5LCOvgCus61Y
vRq9ziTt3KfpuJpUWBkgzY856wPpAXN2WiuxhWt+QfhwG1xJfJcFOxb7zfmVjGwk
qIF8dh7Wog7rYwDVrkZWGAso0+LZQGCmFlal9mG4J2AEzpUZ0UuwCoVmNoImaCrh
Q+Bk/sNnil8MxRL5/73NwmDx+TbTFdDlqHjJNND+KNI4S62S8a0QzJnNQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKNgf4OX9hdQb3bCA+EpPbS3+BxMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvTW8yQl9nNWYyRjFCdmRzSUQ0U2s5dExmNEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtGSMA0G
CSqGSIb3DQEBCwUAA4IBAQC1tZajwnUR4r30VOdHPMBW6YBqg6KadmemmH0jpvwd
YVOBc7vtHS4n1DG6DrpvSRwJoB/brDVHSBWDS4xUckVulLE8sm3gLUclhWM5HQ77
3MU6gjsriuWJSx4ZGiUqJTo6CboFP5n2TRF2J6X1WOjtdugC2dv3GYxziTb82ei6
ITqWynsCF/MVo+0Aso5YO9/ijFIpBI7v1InFWYvFo/aozox8z9D4qdfpvtuEG7rj
FzBwrHkDD7aCdPz1fN4k2ZskO5mgmtfrgjKNfEAfGycu2/tohsRENcQS7c3ZPhpF
5a/Ms7XsTImcUjBv6qCof12dXo2i2nIKPTV+GoKymRCq
-----END CERTIFICATE-----