Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/MzAuNWF_AaRz8rX5YmQOEm3GPwM.roa
File:                     MzAuNWF_AaRz8rX5YmQOEm3GPwM.roa (raw, json)
Hash identifier:          onidPeK+BvXeUM9UErHDVkmfS8q42EAZWpqDSdhW19o=
Subject key identifier:   33:30:2E:35:61:7F:01:A4:73:F2:B5:F9:62:64:0E:12:6D:C6:3F:03
Certificate issuer:       /CN=08149ab3f18ec3ed36ff2a81d489af10699cb392
Certificate serial:       018CC9BC850F56A7EEC12E9C3F262F8E2102
Authority key identifier: 08:14:9A:B3:F1:8E:C3:ED:36:FF:2A:81:D4:89:AF:10:69:9C:B3:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBSas_GOw-02_yqB1ImvEGmcs5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/MzAuNWF_AaRz8rX5YmQOEm3GPwM.roa
Signing time:             Tue 02 Jan 2024 10:33:44 +0000
ROA not before:           Tue 02 Jan 2024 10:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12941
IP address blocks:        193.141.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBSas_GOw-02_yqB1ImvEGmcs5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:85:0f:56:a7:ee:c1:2e:9c:3f:26:2f:8e:21:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08149ab3f18ec3ed36ff2a81d489af10699cb392
        Validity
            Not Before: Jan  2 10:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33302e35617f01a473f2b5f962640e126dc63f03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f6:aa:8a:78:ea:46:e4:4e:fc:a5:f5:2d:ea:
                    a1:bc:32:26:5e:33:16:d1:1e:6d:23:77:25:75:af:
                    48:ba:ee:d2:ce:f5:5e:28:a2:b0:0d:72:d5:e6:8c:
                    10:55:fc:b7:37:ed:b1:89:6a:ef:3b:b0:55:1c:d1:
                    6c:7e:91:4f:e7:cb:b5:b2:6b:5e:36:ed:c6:f9:8b:
                    eb:0c:34:10:ff:1e:57:93:26:8d:62:96:6b:f4:9d:
                    11:81:bd:36:fb:28:e4:5f:c7:f1:0f:97:19:b7:6a:
                    1b:59:4f:83:59:3a:58:c8:35:00:dc:05:53:ef:b4:
                    3b:bb:02:bd:5c:30:71:36:18:51:bf:1e:03:59:34:
                    8c:13:87:77:e1:6a:2e:0f:0a:f4:1b:c0:db:58:b5:
                    29:6b:60:bd:8a:8b:d1:d8:9f:33:48:c1:bd:56:dc:
                    2e:20:5f:fb:bb:cf:ce:5d:b7:49:aa:94:76:ef:e6:
                    22:8d:eb:a6:a4:e5:62:5a:d1:5c:d3:b3:e6:03:d0:
                    44:be:c3:48:16:59:dc:c0:03:3a:a1:62:4b:4a:78:
                    69:0f:81:66:7d:48:56:b2:c0:47:86:5a:ac:fd:04:
                    78:43:9d:d7:19:45:83:f9:51:b9:e9:6d:7b:7e:60:
                    47:d2:2f:d7:4c:8b:23:d1:c4:3e:88:62:d4:67:df:
                    9d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:30:2E:35:61:7F:01:A4:73:F2:B5:F9:62:64:0E:12:6D:C6:3F:03
            X509v3 Authority Key Identifier:
                keyid:08:14:9A:B3:F1:8E:C3:ED:36:FF:2A:81:D4:89:AF:10:69:9C:B3:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBSas_GOw-02_yqB1ImvEGmcs5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/MzAuNWF_AaRz8rX5YmQOEm3GPwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/911a25-a383-48c2-bf63-d87112ca99ae/1/CBSas_GOw-02_yqB1ImvEGmcs5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e8:cc:95:78:d7:99:eb:5d:ab:b4:a3:96:de:c1:7d:33:0b:
         90:85:31:41:20:81:1a:3f:6a:14:27:ef:cd:3f:02:80:58:8a:
         fc:69:6e:ce:c6:8d:ce:4a:a7:ec:c5:16:f8:6c:64:dd:6d:f0:
         67:6f:d0:4c:e5:21:2b:35:f6:72:58:b2:81:d2:c0:79:47:1d:
         59:90:9e:4e:b6:75:2a:37:05:3b:f5:34:ca:09:ed:60:f4:fe:
         bc:98:ae:98:0b:35:4e:30:f5:92:0b:14:58:82:b9:cb:11:4d:
         e7:e1:cc:28:2e:b9:5b:97:57:5f:87:26:c2:e3:3d:d6:1a:f0:
         b1:d3:e1:42:72:79:43:ce:09:14:fd:92:43:6e:82:b4:77:45:
         ea:f1:ea:e8:f1:12:5e:bd:70:0c:d0:86:c0:5d:3b:49:b5:a6:
         53:c0:0c:83:75:a8:fb:01:f1:9b:35:9a:e8:8d:04:c0:e2:d0:
         07:eb:96:83:10:ca:42:91:5a:22:88:a5:57:ee:26:e3:39:9c:
         56:06:2c:66:c7:f2:75:22:7d:af:e1:b2:00:93:c6:95:dc:99:
         c5:48:3b:47:e1:24:0a:ef:f0:06:b5:d4:98:a2:17:a3:87:83:
         19:59:04:ce:66:31:24:d6:b1:c7:f2:af:c8:ab:09:de:dc:e9:
         e5:c9:7b:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIUPVqfuwS6cPyYvjiECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MTQ5YWIzZjE4ZWMzZWQzNmZmMmE4MWQ0ODlhZjEwNjk5
Y2IzOTIwHhcNMjQwMTAyMTAzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzMwMmUzNTYxN2YwMWE0NzNmMmI1Zjk2MjY0MGUxMjZkYzYzZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPaqinjqRuRO/KX1LeqhvDImXjMW
0R5tI3clda9Iuu7SzvVeKKKwDXLV5owQVfy3N+2xiWrvO7BVHNFsfpFP58u1smte
Nu3G+YvrDDQQ/x5XkyaNYpZr9J0Rgb02+yjkX8fxD5cZt2obWU+DWTpYyDUA3AVT
77Q7uwK9XDBxNhhRvx4DWTSME4d34WouDwr0G8DbWLUpa2C9iovR2J8zSMG9Vtwu
IF/7u8/OXbdJqpR27+YijeumpOViWtFc07PmA9BEvsNIFlncwAM6oWJLSnhpD4Fm
fUhWssBHhlqs/QR4Q53XGUWD+VG56W17fmBH0i/XTIsj0cQ+iGLUZ9+dqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMwLjVhfwGkc/K1+WJkDhJtxj8DMB8GA1UdIwQY
MBaAFAgUmrPxjsPtNv8qgdSJrxBpnLOSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0JTYXNfR093LTAyX3lxQjFJbXZFR21jczVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy85MTFhMjUtYTM4My00OGMyLWJmNjMt
ZDg3MTEyY2E5OWFlLzEvTXpBdU5XRl9BYVJ6OHJYNVltUU9FbTNHUHdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy85MTFhMjUtYTM4My00OGMyLWJmNjMtZDg3MTEyY2E5OWFl
LzEvQ0JTYXNfR093LTAyX3lxQjFJbXZFR21jczVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY1rMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ6MyVeNeZ612rtKOW3sF9MwuQhTFBIIEaP2oUJ+/N
PwKAWIr8aW7Oxo3OSqfsxRb4bGTdbfBnb9BM5SErNfZyWLKB0sB5Rx1ZkJ5OtnUq
NwU79TTKCe1g9P68mK6YCzVOMPWSCxRYgrnLEU3n4cwoLrlbl1dfhybC4z3WGvCx
0+FCcnlDzgkU/ZJDboK0d0Xq8ero8RJevXAM0IbAXTtJtaZTwAyDdaj7AfGbNZro
jQTA4tAH65aDEMpCkVoiiKVX7ibjOZxWBixmx/J1In2v4bIAk8aV3JnFSDtH4SQK
7/AGtdSYohejh4MZWQTOZjEk1rHH8q/Iqwne3OnlyXvx
-----END CERTIFICATE-----