Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/MnRoEQdXZai1kPK79cLFZsSc1YI.roa
File:                     MnRoEQdXZai1kPK79cLFZsSc1YI.roa (raw, json)
Hash identifier:          vT8xkKjN82mqvIUR5Hxa89HhaLskUCwEEIcPYxnHHc4=
Subject key identifier:   32:74:68:11:07:57:65:A8:B5:90:F2:BB:F5:C2:C5:66:C4:9C:D5:82
Certificate issuer:       /CN=49ee1194bd81d1946c39f10f7fdfdf22d1a03112
Certificate serial:       018CC8DE77397640C1AC3C2D657C8AB1B5BF
Authority key identifier: 49:EE:11:94:BD:81:D1:94:6C:39:F1:0F:7F:DF:DF:22:D1:A0:31:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/MnRoEQdXZai1kPK79cLFZsSc1YI.roa
Signing time:             Tue 02 Jan 2024 06:31:11 +0000
ROA not before:           Tue 02 Jan 2024 06:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.83.113.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 10:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:77:39:76:40:c1:ac:3c:2d:65:7c:8a:b1:b5:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ee1194bd81d1946c39f10f7fdfdf22d1a03112
        Validity
            Not Before: Jan  2 06:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32746811075765a8b590f2bbf5c2c566c49cd582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0b:a8:ad:3c:1d:c1:51:50:44:3a:7d:b3:13:
                    b5:75:60:e3:07:76:4d:57:6a:9d:fa:a2:07:f1:38:
                    d5:16:4b:5c:3a:a0:f4:dd:d9:54:7b:65:30:35:03:
                    50:72:04:bc:97:b9:38:25:09:6d:de:5a:d4:4c:db:
                    d3:b5:bb:6f:c7:d1:e3:55:20:75:14:43:17:87:25:
                    e6:bf:81:12:8c:62:86:ff:3c:ff:f5:4d:7a:1a:25:
                    37:fb:c1:3e:cd:52:ba:c8:47:0d:f5:24:b6:4b:79:
                    bb:2f:76:8e:a7:36:87:4c:0d:7c:ba:6b:78:1e:42:
                    f1:34:f0:8f:95:5b:88:c5:42:f1:fc:dd:5b:b3:33:
                    e7:8e:97:51:29:6f:cc:87:88:8a:1f:ed:43:09:ba:
                    64:ed:c4:a1:a0:e9:d4:6b:8b:1d:34:91:c0:27:b1:
                    40:8a:79:81:2b:8d:f0:c9:08:6b:43:e7:ed:5c:f7:
                    50:8d:fb:59:e0:a3:0b:44:f6:9c:51:fd:b3:a8:d2:
                    ef:e9:96:ad:66:4d:9c:e1:d4:35:53:4f:98:ce:13:
                    df:07:f4:58:12:db:ba:fb:01:f1:66:0a:cd:0e:63:
                    e1:73:c3:17:8f:e8:71:35:1e:2a:8f:df:7f:f5:c9:
                    3e:1b:45:2e:64:b5:a7:54:b4:b6:c2:a4:a8:d4:3a:
                    21:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:74:68:11:07:57:65:A8:B5:90:F2:BB:F5:C2:C5:66:C4:9C:D5:82
            X509v3 Authority Key Identifier:
                keyid:49:EE:11:94:BD:81:D1:94:6C:39:F1:0F:7F:DF:DF:22:D1:A0:31:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/MnRoEQdXZai1kPK79cLFZsSc1YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:31:a5:65:51:fa:78:cc:3e:71:39:71:5d:17:f0:de:36:8a:
         ea:f9:bf:e2:2c:91:f8:69:6e:50:00:21:94:fd:ed:89:42:1f:
         d9:63:4b:bc:79:a7:bd:e1:13:19:90:9c:de:18:fa:d7:8b:12:
         3f:7b:1d:ce:a3:9d:33:b0:26:66:66:f0:9c:9e:b8:4c:f4:3b:
         b6:01:3f:03:fd:aa:32:1a:71:75:e1:6a:f7:7f:d8:c5:26:1a:
         4d:7b:82:47:93:4b:2a:37:31:6b:9e:88:3a:a2:11:c6:97:d0:
         a8:91:65:d0:b0:bd:b7:1b:79:cc:29:da:d3:0b:a3:29:9c:e9:
         cb:90:e4:bb:ea:58:b5:fd:d2:0b:82:82:fd:94:ad:47:32:a0:
         0f:40:3f:0b:85:b4:8d:a1:aa:a5:19:d2:0f:32:a1:7a:8c:62:
         d3:fe:20:4a:d5:00:8a:06:f6:1f:7e:d9:6d:71:ee:02:b3:c9:
         d6:bb:4d:17:a6:95:33:25:58:a0:87:66:84:1a:e0:e3:ab:24:
         17:5d:7d:6f:87:81:e6:1d:8c:e8:e3:b3:1d:0c:23:49:b7:fe:
         bd:e7:2e:3a:0a:18:67:5f:78:61:dc:73:b1:00:f1:ed:58:a1:
         bf:52:44:c1:09:13:9a:cc:48:c3:d5:87:22:77:3f:4d:ff:66:
         6d:23:ff:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3nc5dkDBrDwtZXyKsbW/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZWUxMTk0YmQ4MWQxOTQ2YzM5ZjEwZjdmZGZkZjIyZDFh
MDMxMTIwHhcNMjQwMTAyMDYzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjc0NjgxMTA3NTc2NWE4YjU5MGYyYmJmNWMyYzU2NmM0OWNkNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwuorTwdwVFQRDp9sxO1dWDjB3ZN
V2qd+qIH8TjVFktcOqD03dlUe2UwNQNQcgS8l7k4JQlt3lrUTNvTtbtvx9HjVSB1
FEMXhyXmv4ESjGKG/zz/9U16GiU3+8E+zVK6yEcN9SS2S3m7L3aOpzaHTA18umt4
HkLxNPCPlVuIxULx/N1bszPnjpdRKW/Mh4iKH+1DCbpk7cShoOnUa4sdNJHAJ7FA
inmBK43wyQhrQ+ftXPdQjftZ4KMLRPacUf2zqNLv6ZatZk2c4dQ1U0+YzhPfB/RY
Etu6+wHxZgrNDmPhc8MXj+hxNR4qj99/9ck+G0UuZLWnVLS2wqSo1DohiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJ0aBEHV2WotZDyu/XCxWbEnNWCMB8GA1UdIwQY
MBaAFEnuEZS9gdGUbDnxD3/f3yLRoDESMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2U0UmxMMkIwWlJzT2ZFUGY5X2ZJdEdnTVJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMzI0ZjQtOTc3MC00YTU4LWE2ZWYt
ZDYyZmE2MzE5ZmQ0LzEvTW5Sb0VRZFhaYWkxa1BLNzljTEZac1NjMVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMzI0ZjQtOTc3MC00YTU4LWE2ZWYtZDYyZmE2MzE5ZmQ0
LzEvU2U0UmxMMkIwWlJzT2ZFUGY5X2ZJdEdnTVJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVNxMA0G
CSqGSIb3DQEBCwUAA4IBAQBrMaVlUfp4zD5xOXFdF/DeNorq+b/iLJH4aW5QACGU
/e2JQh/ZY0u8eae94RMZkJzeGPrXixI/ex3Oo50zsCZmZvCcnrhM9Du2AT8D/aoy
GnF14Wr3f9jFJhpNe4JHk0sqNzFrnog6ohHGl9CokWXQsL23G3nMKdrTC6MpnOnL
kOS76li1/dILgoL9lK1HMqAPQD8LhbSNoaqlGdIPMqF6jGLT/iBK1QCKBvYfftlt
ce4Cs8nWu00XppUzJVigh2aEGuDjqyQXXX1vh4HmHYzo47MdDCNJt/695y46Chhn
X3hh3HOxAPHtWKG/UkTBCROazEjD1Ycidz9N/2ZtI/9k
-----END CERTIFICATE-----