Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/MOuJNuTtS_3zpyA-EJQAFpKzsxY.roa
File:                     MOuJNuTtS_3zpyA-EJQAFpKzsxY.roa (raw, json)
Hash identifier:          fN5oCjndweqxT08Th9pQ1pWOFDnUR9RBRZ8NNXiGPAQ=
Subject key identifier:   30:EB:89:36:E4:ED:4B:FD:F3:A7:20:3E:10:94:00:16:92:B3:B3:16
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AD5BDD3CA4615635FC19DCEF6DEA7
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/MOuJNuTtS_3zpyA-EJQAFpKzsxY.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48108
IP address blocks:        94.131.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d5:bd:d3:ca:46:15:63:5f:c1:9d:ce:f6:de:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30eb8936e4ed4bfdf3a7203e1094001692b3b316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e0:a7:9e:61:80:27:77:de:60:f0:69:0f:bb:
                    d3:70:a2:30:05:7b:fe:91:20:e8:15:e1:3e:92:25:
                    43:ff:cd:53:4e:46:16:29:53:59:d3:95:65:e2:bc:
                    ba:be:74:7c:bf:d4:be:da:05:9c:04:76:7c:73:98:
                    1d:9b:77:3e:93:4d:17:9d:e8:c1:98:52:27:66:a9:
                    95:dc:8b:b1:93:ae:bb:0c:83:8b:86:a0:ff:62:b1:
                    ec:74:0e:3a:91:ef:aa:47:31:ff:42:44:60:6f:df:
                    8e:68:f3:3d:bf:ec:5b:72:e4:63:d0:2b:bd:f1:9e:
                    49:85:25:99:dd:da:e1:d0:ce:79:eb:50:58:d9:f8:
                    9e:a6:b9:86:ee:a8:b1:bd:a3:a7:31:76:b0:84:74:
                    44:2d:3d:57:81:58:cf:35:ec:17:80:c3:e9:9d:46:
                    95:60:9a:91:fb:64:9f:d1:2a:2d:71:c5:57:5d:2c:
                    63:a9:ff:7c:e0:86:90:44:33:bf:8b:8e:7a:ae:de:
                    c2:dd:74:d1:13:51:3b:b8:9d:4d:63:f7:39:4e:cb:
                    36:52:c6:7e:c7:95:79:2b:68:dc:7f:6b:b7:85:7a:
                    b3:62:77:c3:2b:0f:18:9c:e6:80:b9:92:9a:ff:da:
                    b3:0d:ad:dc:1a:ed:07:21:2e:aa:19:e8:f7:18:0c:
                    c9:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:EB:89:36:E4:ED:4B:FD:F3:A7:20:3E:10:94:00:16:92:B3:B3:16
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/MOuJNuTtS_3zpyA-EJQAFpKzsxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e2:d8:e4:d2:e8:8e:f9:a1:1a:e0:81:b8:18:d3:b8:eb:0c:
         4f:63:ef:d1:99:dd:9c:eb:d8:5f:ec:31:d9:ed:cb:54:4b:9f:
         92:06:9b:aa:33:92:57:db:74:5d:d8:e7:96:95:7d:20:c7:53:
         50:e0:7c:9c:83:b0:f1:60:ae:ee:0a:a1:45:0e:c2:8a:fb:0a:
         4a:56:21:60:0c:13:0b:ac:41:52:89:43:f0:32:46:45:79:2c:
         1e:0a:5b:3b:a3:34:9d:c3:71:09:be:74:49:b7:99:80:a3:32:
         ec:92:51:de:3f:a0:e9:9d:40:c4:ec:e6:6b:a0:32:9c:cc:0a:
         68:f4:b3:90:3f:c9:53:be:7d:ed:3b:dc:e0:98:75:ee:5c:ec:
         d5:80:0c:09:03:da:62:73:fc:5d:3c:4e:03:36:12:cf:97:5a:
         6c:3c:f0:da:72:dd:76:fb:ac:a6:19:c3:b8:b7:3e:4e:37:8b:
         37:0e:13:1a:5d:95:c7:89:dd:bb:6c:a6:8b:b0:f2:dd:c3:a5:
         cd:9b:d2:8d:b3:22:c0:a9:9c:ee:26:53:a3:9d:fd:cd:7f:c0:
         e1:c0:04:99:0c:eb:0d:87:28:8f:fa:56:9d:18:77:27:da:ff:
         c7:1b:c4:1e:c6:05:c2:3c:55:56:d1:e9:ed:d2:14:fe:b0:02:
         2e:e8:89:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStW908pGFWNfwZ3O9t6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGViODkzNmU0ZWQ0YmZkZjNhNzIwM2UxMDk0MDAxNjkyYjNiMzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+CnnmGAJ3feYPBpD7vTcKIwBXv+
kSDoFeE+kiVD/81TTkYWKVNZ05Vl4ry6vnR8v9S+2gWcBHZ8c5gdm3c+k00XnejB
mFInZqmV3Iuxk667DIOLhqD/YrHsdA46ke+qRzH/QkRgb9+OaPM9v+xbcuRj0Cu9
8Z5JhSWZ3drh0M5561BY2fieprmG7qixvaOnMXawhHRELT1XgVjPNewXgMPpnUaV
YJqR+2Sf0SotccVXXSxjqf984IaQRDO/i456rt7C3XTRE1E7uJ1NY/c5Tss2UsZ+
x5V5K2jcf2u3hXqzYnfDKw8YnOaAuZKa/9qzDa3cGu0HIS6qGej3GAzJSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDriTbk7Uv986cgPhCUABaSs7MWMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvTU91Sk51VHRTXzN6cHlBLUVKUUFGcEt6c3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoNoMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ4tjk0uiO+aEa4IG4GNO46wxPY+/Rmd2c69hf7DHZ
7ctUS5+SBpuqM5JX23Rd2OeWlX0gx1NQ4Hycg7DxYK7uCqFFDsKK+wpKViFgDBML
rEFSiUPwMkZFeSweCls7ozSdw3EJvnRJt5mAozLsklHeP6DpnUDE7OZroDKczApo
9LOQP8lTvn3tO9zgmHXuXOzVgAwJA9pic/xdPE4DNhLPl1psPPDact12+6ymGcO4
tz5ON4s3DhMaXZXHid27bKaLsPLdw6XNm9KNsyLAqZzuJlOjnf3Nf8DhwASZDOsN
hyiP+ladGHcn2v/HG8QexgXCPFVW0ent0hT+sAIu6Imh
-----END CERTIFICATE-----