Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/MkxsWqmJBElxhaf-HYIUkQtTzeY.roa
File:                     MkxsWqmJBElxhaf-HYIUkQtTzeY.roa (raw, json)
Hash identifier:          xepf2SXRd3p9dfJ84UjtAmaE4NHIXSJoCAF26AXizCA=
Subject key identifier:   32:4C:6C:5A:A9:89:04:49:71:85:A7:FE:1D:82:14:91:0B:53:CD:E6
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       0192CA955502BB18C71B4688CD2E7C136735
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/MkxsWqmJBElxhaf-HYIUkQtTzeY.roa
Signing time:             Sat 26 Oct 2024 20:47:17 +0000
ROA not before:           Sat 26 Oct 2024 20:47:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22427
IP address blocks:        188.209.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ca:95:55:02:bb:18:c7:1b:46:88:cd:2e:7c:13:67:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Oct 26 20:47:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=324c6c5aa98904497185a7fe1d8214910b53cde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2b:c5:ef:30:58:10:4c:91:49:17:9c:a7:0e:
                    88:d4:98:e8:3f:bc:33:55:33:65:85:01:8e:8e:b8:
                    80:0f:23:28:cf:66:e9:46:28:07:0d:83:2d:cd:8a:
                    6a:ea:71:63:cf:e2:de:7e:d0:aa:d9:16:f7:d3:4e:
                    c5:99:19:28:29:5f:57:03:f9:60:ba:ee:4d:46:f3:
                    b0:84:f8:ad:fb:7a:43:dc:58:a9:38:a5:ea:f5:8f:
                    42:f2:e5:30:da:8c:60:96:7d:c4:0b:27:8d:cf:52:
                    38:a8:f2:15:4b:0f:dd:6e:0c:a8:da:26:b4:ce:77:
                    e0:02:9e:44:6a:4c:ad:6a:c0:a7:ce:4c:c6:4c:a7:
                    47:c2:3c:ff:37:0d:d2:eb:29:23:1d:d4:d3:1f:62:
                    54:49:85:34:5b:7f:10:08:1a:8b:a8:e5:3c:22:52:
                    f2:27:88:93:c2:ed:f4:e6:57:69:5e:7c:3a:35:19:
                    1b:0e:69:62:30:d6:f3:7b:cd:bc:74:60:8a:eb:df:
                    de:fa:6f:a1:e3:b6:01:41:cd:d8:f6:ce:13:c2:e1:
                    22:a1:60:b4:96:34:79:45:16:33:ac:35:3a:95:a3:
                    c3:ce:52:69:5c:4a:b8:88:e3:2c:24:08:cb:69:54:
                    4d:5b:14:08:df:f1:fb:c2:56:96:d6:3b:fa:5d:f1:
                    8d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4C:6C:5A:A9:89:04:49:71:85:A7:FE:1D:82:14:91:0B:53:CD:E6
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/MkxsWqmJBElxhaf-HYIUkQtTzeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:a8:ae:72:a7:81:8a:ea:9e:2e:04:fb:11:b3:8d:7e:16:0a:
         56:fa:c7:3b:a9:14:d8:9b:ac:b4:6f:fd:21:b7:94:83:18:10:
         e9:23:46:a9:12:a3:bf:32:2f:40:a0:84:fa:79:bb:d6:ad:13:
         8d:23:4e:d5:f8:46:c0:0b:61:3a:44:76:ab:0b:f7:f0:d4:4c:
         d0:64:30:94:9a:f8:95:c2:88:4f:68:77:f3:13:0c:d6:27:b5:
         85:aa:87:02:16:e8:6f:b5:31:67:b9:11:63:1d:00:3c:94:fa:
         a2:76:7f:b1:26:a0:d2:a2:80:83:5c:b2:a0:c5:92:fd:21:b3:
         0b:67:e4:df:39:6c:4d:80:e8:40:49:c0:eb:6a:af:7f:09:b8:
         a5:1b:aa:7c:25:51:94:75:78:e5:63:6e:63:8c:fd:2f:2d:42:
         00:cb:c0:47:2f:5b:6e:13:71:cd:63:83:8e:89:25:e8:27:ab:
         36:d3:97:e9:23:0e:77:37:9c:ac:42:ab:6c:23:49:24:4d:fa:
         8b:01:04:93:3f:26:63:ef:2b:1a:42:54:30:9a:d8:b3:6f:e0:
         f6:a4:62:e5:fc:36:8b:92:a5:c6:75:59:5f:eb:30:34:69:22:
         59:75:0b:c8:1d:65:6b:e3:87:18:e3:66:bf:74:d1:92:79:ab:
         13:03:1f:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLKlVUCuxjHG0aIzS58E2c1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQxMDI2MjA0NzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRjNmM1YWE5ODkwNDQ5NzE4NWE3ZmUxZDgyMTQ5MTBiNTNjZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxivF7zBYEEyRSRecpw6I1JjoP7wz
VTNlhQGOjriADyMoz2bpRigHDYMtzYpq6nFjz+LeftCq2Rb3007FmRkoKV9XA/lg
uu5NRvOwhPit+3pD3FipOKXq9Y9C8uUw2oxgln3ECyeNz1I4qPIVSw/dbgyo2ia0
znfgAp5EakytasCnzkzGTKdHwjz/Nw3S6ykjHdTTH2JUSYU0W38QCBqLqOU8IlLy
J4iTwu305ldpXnw6NRkbDmliMNbze828dGCK69/e+m+h47YBQc3Y9s4TwuEioWC0
ljR5RRYzrDU6laPDzlJpXEq4iOMsJAjLaVRNWxQI3/H7wlaW1jv6XfGNTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJMbFqpiQRJcYWn/h2CFJELU83mMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvTWt4c1dxbUpCRWx4aGFmLUhZSVVrUXRUemVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGDMA0G
CSqGSIb3DQEBCwUAA4IBAQAMqK5yp4GK6p4uBPsRs41+FgpW+sc7qRTYm6y0b/0h
t5SDGBDpI0apEqO/Mi9AoIT6ebvWrRONI07V+EbAC2E6RHarC/fw1EzQZDCUmviV
wohPaHfzEwzWJ7WFqocCFuhvtTFnuRFjHQA8lPqidn+xJqDSooCDXLKgxZL9IbML
Z+TfOWxNgOhAScDraq9/CbilG6p8JVGUdXjlY25jjP0vLUIAy8BHL1tuE3HNY4OO
iSXoJ6s205fpIw53N5ysQqtsI0kkTfqLAQSTPyZj7ysaQlQwmtizb+D2pGLl/DaL
kqXGdVlf6zA0aSJZdQvIHWVr44cY42a/dNGSeasTAx/u
-----END CERTIFICATE-----