Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/MBD97V3_o0MK7Ddm40-MEcX3TaY.roa
File:                     MBD97V3_o0MK7Ddm40-MEcX3TaY.roa (raw, json)
Hash identifier:          QKTK8AfQt4SiBQsLOUEcZPOl3KZFNlacnQcqFPVHvlU=
Subject key identifier:   30:10:FD:ED:5D:FF:A3:43:0A:EC:37:66:E3:4F:8C:11:C5:F7:4D:A6
Certificate issuer:       /CN=9e0a11a6b1d189657c7fb96ec1458bafca1864f4
Certificate serial:       018CC5014107884AC81A3FC120766A5C1753
Authority key identifier: 9E:0A:11:A6:B1:D1:89:65:7C:7F:B9:6E:C1:45:8B:AF:CA:18:64:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ngoRprHRiWV8f7luwUWLr8oYZPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/MBD97V3_o0MK7Ddm40-MEcX3TaY.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211992
IP address blocks:        2001:67c:aec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/ngoRprHRiWV8f7luwUWLr8oYZPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/ngoRprHRiWV8f7luwUWLr8oYZPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ngoRprHRiWV8f7luwUWLr8oYZPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:41:07:88:4a:c8:1a:3f:c1:20:76:6a:5c:17:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e0a11a6b1d189657c7fb96ec1458bafca1864f4
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3010fded5dffa3430aec3766e34f8c11c5f74da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:71:92:92:2f:18:03:97:e0:39:55:97:11:35:
                    c9:f2:5d:a4:c9:8e:28:c6:46:96:38:3c:97:b8:45:
                    17:cc:ef:cd:09:51:1e:4e:3d:ac:7e:8d:40:01:ca:
                    0c:fe:fc:ed:2e:9c:73:33:9c:e4:ce:1f:8e:be:d7:
                    c1:a8:e3:36:21:69:fe:9d:82:5c:b3:0f:ef:27:f7:
                    11:c7:16:62:c2:be:9f:ab:85:93:83:6e:38:ae:83:
                    8d:9b:7b:20:d7:9c:1b:d4:65:c2:40:dd:19:e0:26:
                    36:8f:26:ce:fc:9d:d8:d8:78:c8:ac:f5:16:0c:df:
                    c4:66:8e:91:2d:44:c8:e2:00:eb:fc:64:5a:92:cf:
                    a0:ac:50:55:66:5e:da:67:a6:1d:1c:50:0b:be:af:
                    a8:78:19:0d:92:6c:52:e4:e1:da:84:26:d9:ce:f0:
                    ef:14:cf:75:16:dd:70:09:44:cb:36:f5:7d:f0:fc:
                    91:0e:c8:1c:f4:1e:45:07:a5:4a:a6:cf:9e:4f:29:
                    2f:b9:9a:ba:03:b7:76:9d:96:0f:1e:f7:0f:5d:be:
                    f7:db:bf:32:c7:41:d9:dc:d5:74:a7:0d:21:87:f7:
                    c2:7e:03:46:fc:40:29:87:bc:6a:48:1a:a3:b8:e4:
                    11:64:aa:0c:a2:10:40:38:49:34:48:fe:34:aa:75:
                    23:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:10:FD:ED:5D:FF:A3:43:0A:EC:37:66:E3:4F:8C:11:C5:F7:4D:A6
            X509v3 Authority Key Identifier:
                keyid:9E:0A:11:A6:B1:D1:89:65:7C:7F:B9:6E:C1:45:8B:AF:CA:18:64:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ngoRprHRiWV8f7luwUWLr8oYZPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/MBD97V3_o0MK7Ddm40-MEcX3TaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1cdace-4e00-469a-8c50-58cb830875f5/1/ngoRprHRiWV8f7luwUWLr8oYZPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:aec::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:ad:26:7f:73:6b:d0:5c:94:9b:a3:36:ec:1a:0a:b0:21:13:
         87:05:b5:80:6b:c3:40:bc:83:53:a1:91:bb:87:a7:b8:9d:4f:
         42:64:4c:09:92:c1:85:3c:d4:9b:17:b1:06:3b:2b:4c:86:92:
         98:f9:e5:84:e9:56:f9:20:91:3b:a8:61:58:32:69:12:16:e4:
         77:5e:a0:96:bf:58:82:35:99:80:cc:7b:32:44:27:7d:70:a8:
         3e:3a:73:e0:34:4c:77:67:f9:a5:4e:69:d1:ee:87:e8:2e:e7:
         d7:e4:a6:3f:de:52:32:20:71:7c:4f:06:1d:cc:4c:05:77:2b:
         6b:91:e2:3d:2c:9a:93:03:ee:60:95:0f:4d:b8:a5:80:79:90:
         52:77:a8:97:2f:ab:55:e6:1c:8b:a0:a1:77:82:b0:30:eb:54:
         27:f1:9b:b2:d5:aa:05:e3:9f:96:c3:ac:3d:71:96:8c:07:7f:
         5c:e5:a2:4b:6f:52:e3:a3:52:eb:80:01:11:32:3c:4a:78:aa:
         83:df:fb:ee:63:60:27:d2:33:56:94:b6:d9:e6:8e:f6:fd:9c:
         0f:72:10:02:7a:65:ea:36:4f:89:f9:e4:8d:0d:f9:4e:20:c1:
         c1:c0:2b:ad:28:f2:f2:a1:32:82:2c:4b:26:f9:3e:7a:93:4f:
         29:1e:0d:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAUEHiErIGj/BIHZqXBdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMGExMWE2YjFkMTg5NjU3YzdmYjk2ZWMxNDU4YmFmY2Ex
ODY0ZjQwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDEwZmRlZDVkZmZhMzQzMGFlYzM3NjZlMzRmOGMxMWM1Zjc0ZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnGSki8YA5fgOVWXETXJ8l2kyY4o
xkaWODyXuEUXzO/NCVEeTj2sfo1AAcoM/vztLpxzM5zkzh+OvtfBqOM2IWn+nYJc
sw/vJ/cRxxZiwr6fq4WTg244roONm3sg15wb1GXCQN0Z4CY2jybO/J3Y2HjIrPUW
DN/EZo6RLUTI4gDr/GRaks+grFBVZl7aZ6YdHFALvq+oeBkNkmxS5OHahCbZzvDv
FM91Ft1wCUTLNvV98PyRDsgc9B5FB6VKps+eTykvuZq6A7d2nZYPHvcPXb73278y
x0HZ3NV0pw0hh/fCfgNG/EAph7xqSBqjuOQRZKoMohBAOEk0SP40qnUjLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDAQ/e1d/6NDCuw3ZuNPjBHF902mMB8GA1UdIwQY
MBaAFJ4KEaax0YllfH+5bsFFi6/KGGT0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmdvUnBySFJpV1Y4ZjdsdXdVV0xyOG9ZWlBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xY2RhY2UtNGUwMC00NjlhLThjNTAt
NThjYjgzMDg3NWY1LzEvTUJEOTdWM19vME1LN0RkbTQwLU1FY1gzVGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xY2RhY2UtNGUwMC00NjlhLThjNTAtNThjYjgzMDg3NWY1
LzEvbmdvUnBySFJpV1Y4ZjdsdXdVV0xyOG9ZWlBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArs
MA0GCSqGSIb3DQEBCwUAA4IBAQAtrSZ/c2vQXJSbozbsGgqwIROHBbWAa8NAvINT
oZG7h6e4nU9CZEwJksGFPNSbF7EGOytMhpKY+eWE6Vb5IJE7qGFYMmkSFuR3XqCW
v1iCNZmAzHsyRCd9cKg+OnPgNEx3Z/mlTmnR7ofoLufX5KY/3lIyIHF8TwYdzEwF
dytrkeI9LJqTA+5glQ9NuKWAeZBSd6iXL6tV5hyLoKF3grAw61Qn8Zuy1aoF45+W
w6w9cZaMB39c5aJLb1Ljo1LrgAERMjxKeKqD3/vuY2An0jNWlLbZ5o72/ZwPchAC
emXqNk+J+eSNDflOIMHBwCutKPLyoTKCLEsm+T56k08pHg2U
-----END CERTIFICATE-----