Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/7efb35-9787-46f0-b799-d5c211eb3956/1/Mmb_XF89xpPBXi7k71pjYu_bK0Y.roa
File:                     Mmb_XF89xpPBXi7k71pjYu_bK0Y.roa (raw, json)
Hash identifier:          dyRmmUNDybyk5IcroEOZIgvmpfSbkA3RrvpBXguUf34=
Subject key identifier:   32:66:FF:5C:5F:3D:C6:93:C1:5E:2E:E4:EF:5A:63:62:EF:DB:2B:46
Certificate issuer:       /CN=98fb7f08f956d3af95719c537fb3f9b7e33006b3
Certificate serial:       018CC794EEF842812EF8541AE42A9D0C5AEF
Authority key identifier: 98:FB:7F:08:F9:56:D3:AF:95:71:9C:53:7F:B3:F9:B7:E3:30:06:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mPt_CPlW06-VcZxTf7P5t-MwBrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/7efb35-9787-46f0-b799-d5c211eb3956/1/Mmb_XF89xpPBXi7k71pjYu_bK0Y.roa
Signing time:             Tue 02 Jan 2024 00:31:15 +0000
ROA not before:           Tue 02 Jan 2024 00:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202213
IP address blocks:        185.112.228.0/22 maxlen: 22
                          185.112.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/7efb35-9787-46f0-b799-d5c211eb3956/1/mPt_CPlW06-VcZxTf7P5t-MwBrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/7efb35-9787-46f0-b799-d5c211eb3956/1/mPt_CPlW06-VcZxTf7P5t-MwBrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mPt_CPlW06-VcZxTf7P5t-MwBrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ee:f8:42:81:2e:f8:54:1a:e4:2a:9d:0c:5a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98fb7f08f956d3af95719c537fb3f9b7e33006b3
        Validity
            Not Before: Jan  2 00:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3266ff5c5f3dc693c15e2ee4ef5a6362efdb2b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:60:c8:97:df:90:bc:55:d7:89:d2:74:b0:5c:
                    cb:e3:4f:88:ff:98:3f:5a:3d:47:95:cf:6f:32:9c:
                    91:5e:4c:55:00:98:a8:fe:b7:b1:ed:43:11:f7:ed:
                    f2:75:6f:10:e4:da:26:2f:1a:11:3b:e6:ec:b9:06:
                    66:08:ac:4c:6b:7d:d5:98:95:7d:5f:48:40:2a:ad:
                    a4:26:b5:69:a0:37:73:16:2d:2c:2f:08:56:45:7f:
                    c0:f1:bb:ad:3d:d1:39:fd:71:5b:76:f8:92:b6:2c:
                    36:e1:ed:7a:2c:d3:bc:98:ff:ea:3b:ab:d9:fc:6c:
                    ac:b1:db:ac:06:17:45:5b:9b:c0:3d:9a:bf:a2:a1:
                    a0:40:64:76:e3:f2:d1:9d:73:75:73:83:9e:af:b1:
                    4f:d7:a5:85:b9:7f:7c:8d:a7:d9:22:7e:5a:c1:24:
                    00:95:7e:a0:5c:d8:f4:6a:84:3f:58:2e:66:45:96:
                    54:a6:65:53:29:c6:a1:fb:6b:93:4a:0f:05:2b:c0:
                    4d:2b:ef:e1:b2:ca:d3:b5:2a:e1:ad:79:a4:e2:44:
                    b3:bc:af:9d:b9:f6:c7:3c:6d:f2:76:4f:cd:cb:67:
                    ea:a1:1a:51:74:a1:43:28:44:46:91:1d:b8:24:bf:
                    34:69:92:cb:d2:89:c2:68:69:78:6f:d7:c9:74:97:
                    0b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:66:FF:5C:5F:3D:C6:93:C1:5E:2E:E4:EF:5A:63:62:EF:DB:2B:46
            X509v3 Authority Key Identifier:
                keyid:98:FB:7F:08:F9:56:D3:AF:95:71:9C:53:7F:B3:F9:B7:E3:30:06:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mPt_CPlW06-VcZxTf7P5t-MwBrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7efb35-9787-46f0-b799-d5c211eb3956/1/Mmb_XF89xpPBXi7k71pjYu_bK0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7efb35-9787-46f0-b799-d5c211eb3956/1/mPt_CPlW06-VcZxTf7P5t-MwBrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:f0:e1:43:47:83:12:5c:10:dd:2e:e4:ca:43:96:ec:d7:17:
         e8:61:da:2f:01:4b:a7:85:fb:7a:84:ff:d5:f8:c7:28:b2:c1:
         97:b2:1d:60:ba:14:da:7c:64:db:d3:41:49:26:1f:ff:00:9a:
         dc:69:b6:4a:7f:4d:de:d7:b2:4c:56:a7:ad:a6:78:f2:60:d0:
         32:97:51:bd:51:71:f2:aa:05:53:8d:eb:61:f9:4b:50:19:9d:
         70:9e:00:9c:bc:85:c0:52:66:de:08:d4:32:62:d0:15:78:1e:
         c6:f6:c1:f2:d7:ff:e2:a7:3c:6e:55:94:f2:91:d3:d1:e8:67:
         2b:fa:6f:aa:1b:1a:f0:20:a4:46:ac:ac:0b:0e:4e:3d:6d:01:
         72:18:4e:d2:7a:d2:b4:a5:71:e5:b2:e5:77:65:4a:2c:25:9a:
         12:69:af:ba:6c:63:df:dc:20:aa:a5:9d:34:8f:3f:df:e4:fb:
         a1:24:dc:1c:18:d5:1d:00:51:be:de:ed:49:5b:d9:22:1b:f4:
         a0:b6:c4:5d:e6:c2:cb:23:e2:dd:b4:53:76:cb:10:71:ad:dc:
         89:c1:d2:d4:fa:2a:00:1d:ff:11:a5:cf:e7:c1:52:8f:a6:49:
         45:64:6a:c3:53:5d:37:0c:ae:1d:80:df:fb:f4:c8:b9:55:32:
         6f:f7:83:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlO74QoEu+FQa5CqdDFrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZmI3ZjA4Zjk1NmQzYWY5NTcxOWM1MzdmYjNmOWI3ZTMz
MDA2YjMwHhcNMjQwMTAyMDAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjY2ZmY1YzVmM2RjNjkzYzE1ZTJlZTRlZjVhNjM2MmVmZGIyYjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2DIl9+QvFXXidJ0sFzL40+I/5g/
Wj1Hlc9vMpyRXkxVAJio/rex7UMR9+3ydW8Q5NomLxoRO+bsuQZmCKxMa33VmJV9
X0hAKq2kJrVpoDdzFi0sLwhWRX/A8butPdE5/XFbdviStiw24e16LNO8mP/qO6vZ
/GyssdusBhdFW5vAPZq/oqGgQGR24/LRnXN1c4Oer7FP16WFuX98jafZIn5awSQA
lX6gXNj0aoQ/WC5mRZZUpmVTKcah+2uTSg8FK8BNK+/hssrTtSrhrXmk4kSzvK+d
ufbHPG3ydk/Ny2fqoRpRdKFDKERGkR24JL80aZLL0onCaGl4b9fJdJcLzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJm/1xfPcaTwV4u5O9aY2Lv2ytGMB8GA1UdIwQY
MBaAFJj7fwj5VtOvlXGcU3+z+bfjMAazMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVB0X0NQbFcwNi1WY1p4VGY3UDV0LU13QnJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83ZWZiMzUtOTc4Ny00NmYwLWI3OTkt
ZDVjMjExZWIzOTU2LzEvTW1iX1hGODl4cFBCWGk3azcxcGpZdV9iSzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83ZWZiMzUtOTc4Ny00NmYwLWI3OTktZDVjMjExZWIzOTU2
LzEvbVB0X0NQbFcwNi1WY1p4VGY3UDV0LU13QnJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXDkMA0G
CSqGSIb3DQEBCwUAA4IBAQAA8OFDR4MSXBDdLuTKQ5bs1xfoYdovAUunhft6hP/V
+McossGXsh1guhTafGTb00FJJh//AJrcabZKf03e17JMVqetpnjyYNAyl1G9UXHy
qgVTjeth+UtQGZ1wngCcvIXAUmbeCNQyYtAVeB7G9sHy1//ipzxuVZTykdPR6Gcr
+m+qGxrwIKRGrKwLDk49bQFyGE7SetK0pXHlsuV3ZUosJZoSaa+6bGPf3CCqpZ00
jz/f5PuhJNwcGNUdAFG+3u1JW9kiG/SgtsRd5sLLI+LdtFN2yxBxrdyJwdLU+ioA
Hf8Rpc/nwVKPpklFZGrDU103DK4dgN/79Mi5VTJv94OT
-----END CERTIFICATE-----