Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/MTckVLo32sMls5KM9TC1YJRfScs.roa
File:                     MTckVLo32sMls5KM9TC1YJRfScs.roa (raw, json)
Hash identifier:          4CLC82KjVGjzjbMAyc7bkj2lirVcDwnrUOm2MJsBDco=
Subject key identifier:   31:37:24:54:BA:37:DA:C3:25:B3:92:8C:F5:30:B5:60:94:5F:49:CB
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       018CC794FBB15A792F61B993BCF24DFDB44A
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/MTckVLo32sMls5KM9TC1YJRfScs.roa
Signing time:             Tue 02 Jan 2024 00:31:18 +0000
ROA not before:           Tue 02 Jan 2024 00:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273708
IP address blocks:        45.84.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:fb:b1:5a:79:2f:61:b9:93:bc:f2:4d:fd:b4:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 00:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31372454ba37dac325b3928cf530b560945f49cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b6:d6:f6:14:a1:93:7f:e7:0a:f5:e9:66:d8:
                    5e:30:04:93:27:55:8d:82:d2:a5:23:11:a6:90:91:
                    33:24:85:56:d2:0e:e4:c9:4d:b2:85:9a:bf:d2:29:
                    a9:94:50:52:b4:3e:4b:f4:4c:28:b4:1b:f2:d9:49:
                    86:7c:81:2a:b8:44:dd:5b:6b:93:55:c5:98:5f:da:
                    ba:b0:a1:f8:ca:ed:bd:8e:9c:f9:64:80:a3:aa:3e:
                    bd:d8:56:b1:26:f8:2f:96:08:2f:2a:1d:70:21:9f:
                    ac:fb:a0:be:8f:11:e8:a8:46:a5:cf:45:5a:1a:fa:
                    05:12:86:64:e2:0d:06:3c:99:94:ff:13:a7:3e:8b:
                    17:c3:83:f8:e6:6a:f6:be:92:c4:53:9f:38:38:3a:
                    37:e3:fa:e2:4b:21:30:60:b6:94:16:f2:5b:2a:43:
                    98:3a:ba:94:14:21:0d:ab:2e:6a:af:77:9e:8a:65:
                    e6:76:d8:a7:69:2d:e0:28:47:d0:0c:aa:1f:2f:8d:
                    7c:cb:39:86:e0:20:d2:ff:56:fd:8b:83:46:79:8a:
                    97:f9:f4:17:f3:e2:af:f0:01:76:87:a7:15:0f:cf:
                    88:35:ee:b6:b2:49:18:5f:fa:67:6a:fd:4d:4f:8d:
                    44:40:35:12:30:37:99:fe:fc:c2:5e:27:81:f4:9f:
                    d0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:37:24:54:BA:37:DA:C3:25:B3:92:8C:F5:30:B5:60:94:5F:49:CB
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/MTckVLo32sMls5KM9TC1YJRfScs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4f:54:7b:73:bf:38:ae:8a:b0:11:fd:b2:a9:38:bc:cf:8b:
         09:8d:e5:a2:e1:07:88:17:fa:13:c5:68:51:93:33:ed:d1:7a:
         18:11:48:49:d9:97:ad:82:e4:f8:d6:55:e1:ea:bc:e0:e8:22:
         34:7f:ee:c7:c6:16:8f:9d:e1:cc:50:b6:14:93:de:56:92:2e:
         d6:95:fc:42:d8:14:41:e4:98:e8:9a:ac:63:54:fb:14:16:28:
         f7:e2:81:01:2d:04:c8:34:74:16:69:3a:b1:4b:b1:4d:34:f0:
         d2:81:35:cf:51:f9:e6:f7:24:d7:7e:33:5b:52:9a:c8:95:cc:
         a8:60:83:67:bf:dc:10:c1:ac:67:a2:2c:b2:53:c9:55:0e:43:
         9c:5f:f6:3b:c7:89:3c:7c:06:f9:24:79:a9:77:df:e5:c2:47:
         b6:b2:02:d4:19:ca:42:7e:f4:22:de:45:35:63:94:5b:11:87:
         d2:bb:a0:74:3e:aa:14:28:30:e8:82:65:3b:7a:d6:d2:c4:18:
         e6:81:87:2c:0f:b5:13:a2:d8:59:ef:e1:c4:18:b9:c6:8a:d4:
         c9:90:b4:f6:d9:03:07:86:2b:65:56:5f:98:c6:6a:18:46:08:
         81:2e:df:76:76:7e:f3:92:38:03:85:fb:2b:8e:0b:a5:1e:84:
         54:fe:e7:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPuxWnkvYbmTvPJN/bRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjQwMTAyMDAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTM3MjQ1NGJhMzdkYWMzMjViMzkyOGNmNTMwYjU2MDk0NWY0OWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrbW9hShk3/nCvXpZtheMASTJ1WN
gtKlIxGmkJEzJIVW0g7kyU2yhZq/0implFBStD5L9EwotBvy2UmGfIEquETdW2uT
VcWYX9q6sKH4yu29jpz5ZICjqj692FaxJvgvlggvKh1wIZ+s+6C+jxHoqEalz0Va
GvoFEoZk4g0GPJmU/xOnPosXw4P45mr2vpLEU584ODo34/riSyEwYLaUFvJbKkOY
OrqUFCENqy5qr3eeimXmdtinaS3gKEfQDKofL418yzmG4CDS/1b9i4NGeYqX+fQX
8+Kv8AF2h6cVD8+INe62skkYX/pnav1NT41EQDUSMDeZ/vzCXieB9J/QVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDE3JFS6N9rDJbOSjPUwtWCUX0nLMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvTVRja1ZMbzMyc01sczVLTTlUQzFZSlJmU2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTzMA0G
CSqGSIb3DQEBCwUAA4IBAQB2T1R7c784roqwEf2yqTi8z4sJjeWi4QeIF/oTxWhR
kzPt0XoYEUhJ2ZetguT41lXh6rzg6CI0f+7HxhaPneHMULYUk95Wki7WlfxC2BRB
5JjomqxjVPsUFij34oEBLQTINHQWaTqxS7FNNPDSgTXPUfnm9yTXfjNbUprIlcyo
YINnv9wQwaxnoiyyU8lVDkOcX/Y7x4k8fAb5JHmpd9/lwke2sgLUGcpCfvQi3kU1
Y5RbEYfSu6B0PqoUKDDogmU7etbSxBjmgYcsD7UTothZ7+HEGLnGitTJkLT22QMH
hitlVl+YxmoYRgiBLt92dn7zkjgDhfsrjgulHoRU/ufu
-----END CERTIFICATE-----