Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/MBEw3s1YK6gMnlLBS_HY_I6dXL0.roa
File:                     MBEw3s1YK6gMnlLBS_HY_I6dXL0.roa (raw, json)
Hash identifier:          TGsqPFOM94XlRADPk88aV7n1QTbGuMOdA4zHnHJ8ZcM=
Subject key identifier:   30:11:30:DE:CD:58:2B:A8:0C:9E:52:C1:4B:F1:D8:FC:8E:9D:5C:BD
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018CC2DB3A4EA4DD8A7AE7EB080A008223D3
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/MBEw3s1YK6gMnlLBS_HY_I6dXL0.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        45.154.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:48:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3a:4e:a4:dd:8a:7a:e7:eb:08:0a:00:82:23:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=301130decd582ba80c9e52c14bf1d8fc8e9d5cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e7:74:78:2a:cc:a8:1e:ef:e9:8c:87:d0:cf:
                    87:dc:b1:d6:f1:7b:38:10:81:b9:48:2c:a2:ab:d8:
                    14:27:d2:89:d8:79:31:a5:dd:9d:06:e4:38:ab:84:
                    6a:6e:53:ac:4a:6d:70:38:9f:e8:8b:b5:cb:1a:1f:
                    a8:a3:27:f6:21:35:4f:8e:26:4b:71:1c:8e:42:4b:
                    50:69:a1:fb:18:44:d2:c1:c0:dc:16:b4:f8:23:38:
                    07:fd:53:2b:ae:ce:3c:d9:73:4b:4d:3a:98:0d:64:
                    85:07:f7:83:11:d8:1c:0d:1f:73:56:46:0b:8e:b2:
                    23:bd:59:07:6a:26:e9:f0:5f:e0:42:b2:8f:81:bf:
                    be:4c:a4:fc:f9:8d:aa:c1:d1:63:07:fc:d3:e5:97:
                    25:32:d4:94:0f:44:61:d1:a4:22:e1:10:43:60:2d:
                    88:6c:f6:50:25:06:d8:f5:3c:1e:c1:9e:14:2d:e9:
                    5c:77:7c:a8:95:8e:a1:b8:a7:d0:09:4b:1d:e1:64:
                    1f:3e:98:ff:10:eb:64:45:55:ba:a7:29:54:be:6e:
                    bf:0d:a0:99:01:47:d2:c8:2e:71:cf:77:ea:b4:37:
                    55:fd:60:f6:cd:47:10:9e:1b:28:e4:55:3f:a9:f0:
                    ef:0d:55:9c:ec:0b:15:d7:35:b3:28:70:8b:57:ea:
                    ba:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:11:30:DE:CD:58:2B:A8:0C:9E:52:C1:4B:F1:D8:FC:8E:9D:5C:BD
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/MBEw3s1YK6gMnlLBS_HY_I6dXL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:66:69:65:0d:30:9c:03:c3:fc:7f:d1:11:5c:ad:25:14:9f:
         e9:2b:09:07:b2:76:a0:87:24:4b:dc:3c:2d:3f:01:16:94:77:
         28:59:15:19:1d:33:6b:15:76:88:61:09:aa:4d:cf:f0:5f:5e:
         de:7d:15:c5:08:c6:b6:5c:e6:a9:d7:58:3c:36:03:06:92:0e:
         ba:96:55:c4:84:27:54:a3:47:06:06:e5:5b:6e:13:ca:4a:2b:
         22:59:b4:c6:38:d6:40:2c:50:72:7d:3b:85:64:0f:73:cd:27:
         04:c0:df:69:98:82:69:6d:4e:f0:27:1a:09:21:ca:28:6e:a5:
         80:c2:77:cf:63:41:a1:f5:0a:8f:80:fc:25:ab:34:0b:76:bd:
         43:87:18:89:bd:07:89:47:56:c0:c9:fd:96:b6:7e:6b:60:16:
         69:73:c9:b2:6d:75:63:57:af:58:1a:88:8d:1e:c4:03:9b:4a:
         a7:ac:0d:ee:77:e3:51:e3:af:03:8c:55:28:f2:e4:83:b6:8e:
         fb:1e:ac:1e:38:94:a3:a8:00:bb:9c:d1:17:3a:9a:e8:1e:15:
         99:3e:0e:32:a8:dd:8c:e6:5d:f5:b1:da:01:e5:8b:4b:ef:05:
         15:f9:3d:ef:99:4d:75:18:61:c0:4f:8e:93:b6:b1:28:b4:cb:
         79:ae:49:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zpOpN2KeufrCAoAgiPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDExMzBkZWNkNTgyYmE4MGM5ZTUyYzE0YmYxZDhmYzhlOWQ1Y2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhed0eCrMqB7v6YyH0M+H3LHW8Xs4
EIG5SCyiq9gUJ9KJ2Hkxpd2dBuQ4q4RqblOsSm1wOJ/oi7XLGh+ooyf2ITVPjiZL
cRyOQktQaaH7GETSwcDcFrT4IzgH/VMrrs482XNLTTqYDWSFB/eDEdgcDR9zVkYL
jrIjvVkHaibp8F/gQrKPgb++TKT8+Y2qwdFjB/zT5ZclMtSUD0Rh0aQi4RBDYC2I
bPZQJQbY9TwewZ4ULelcd3yolY6huKfQCUsd4WQfPpj/EOtkRVW6pylUvm6/DaCZ
AUfSyC5xz3fqtDdV/WD2zUcQnhso5FU/qfDvDVWc7AsV1zWzKHCLV+q6ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDARMN7NWCuoDJ5SwUvx2PyOnVy9MB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvTUJFdzNzMVlLNmdNbmxMQlNfSFlfSTZkWEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZqdMA0G
CSqGSIb3DQEBCwUAA4IBAQCBZmllDTCcA8P8f9ERXK0lFJ/pKwkHsnaghyRL3Dwt
PwEWlHcoWRUZHTNrFXaIYQmqTc/wX17efRXFCMa2XOap11g8NgMGkg66llXEhCdU
o0cGBuVbbhPKSisiWbTGONZALFByfTuFZA9zzScEwN9pmIJpbU7wJxoJIcoobqWA
wnfPY0Gh9QqPgPwlqzQLdr1DhxiJvQeJR1bAyf2Wtn5rYBZpc8mybXVjV69YGoiN
HsQDm0qnrA3ud+NR468DjFUo8uSDto77HqweOJSjqAC7nNEXOproHhWZPg4yqN2M
5l31sdoB5YtL7wUV+T3vmU11GGHAT46TtrEotMt5rkm8
-----END CERTIFICATE-----