Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/ba7854-886d-4148-a208-5c78639264aa/1/MwwdOT2I5Iy2c6-lg3CWBbBAZ5c.roa
File:                     MwwdOT2I5Iy2c6-lg3CWBbBAZ5c.roa (raw, json)
Hash identifier:          n8slOc5oDhc4OBbl4fx69Uf2ka0+xT/2A2maSGHZTWQ=
Subject key identifier:   33:0C:1D:39:3D:88:E4:8C:B6:73:AF:A5:83:70:96:05:B0:40:67:97
Certificate issuer:       /CN=cb173e8a827e636c4f251ef363bd94ea90a04cbf
Certificate serial:       018CC8013407D94B41CCEA2B88A571F58D68
Authority key identifier: CB:17:3E:8A:82:7E:63:6C:4F:25:1E:F3:63:BD:94:EA:90:A0:4C:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yxc-ioJ-Y2xPJR7zY72U6pCgTL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/ba7854-886d-4148-a208-5c78639264aa/1/MwwdOT2I5Iy2c6-lg3CWBbBAZ5c.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        91.208.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/ba7854-886d-4148-a208-5c78639264aa/1/yxc-ioJ-Y2xPJR7zY72U6pCgTL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/ba7854-886d-4148-a208-5c78639264aa/1/yxc-ioJ-Y2xPJR7zY72U6pCgTL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yxc-ioJ-Y2xPJR7zY72U6pCgTL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:07:d9:4b:41:cc:ea:2b:88:a5:71:f5:8d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb173e8a827e636c4f251ef363bd94ea90a04cbf
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=330c1d393d88e48cb673afa583709605b0406797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ae:4e:79:a9:4d:61:23:90:7e:c8:57:67:83:
                    e3:74:cc:b2:9a:16:c7:86:a2:ec:31:fc:5f:f4:50:
                    a5:bc:b4:5e:a5:6f:cb:b5:83:85:f6:cb:4f:94:1f:
                    8b:84:df:c6:f6:41:13:36:be:cd:6e:8c:20:58:9d:
                    05:38:e4:8c:35:45:7f:3c:4b:9c:0d:41:99:b0:4d:
                    e1:67:24:2a:31:b5:6b:44:4e:e6:1e:13:ef:69:89:
                    59:a8:34:bf:4b:1b:7a:13:17:b7:91:79:06:6b:de:
                    60:7a:c3:8a:94:35:19:88:0d:47:f2:e6:f9:7f:bc:
                    48:b1:ba:ff:9a:4f:6d:fc:09:0b:19:7a:d4:0a:0f:
                    6d:3f:97:4e:05:94:a0:d3:94:79:ef:04:61:3b:d1:
                    7d:d6:60:48:fb:44:c4:08:e0:59:d9:5d:e2:60:7a:
                    eb:a4:08:45:6b:95:ad:b7:5b:72:d1:f5:1b:3b:27:
                    42:1c:ce:7d:de:a5:cf:bb:05:2e:78:1f:ff:92:97:
                    6f:47:d5:d0:74:0c:93:a4:90:84:a9:37:92:ee:33:
                    42:51:76:83:6d:4b:58:e2:b7:d4:b8:1e:57:c7:3e:
                    f7:2f:7f:9c:66:4a:df:50:ff:95:69:5b:9d:91:11:
                    1c:51:6b:ad:5f:bd:e8:ea:ba:62:2b:10:ed:32:de:
                    41:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0C:1D:39:3D:88:E4:8C:B6:73:AF:A5:83:70:96:05:B0:40:67:97
            X509v3 Authority Key Identifier:
                keyid:CB:17:3E:8A:82:7E:63:6C:4F:25:1E:F3:63:BD:94:EA:90:A0:4C:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yxc-ioJ-Y2xPJR7zY72U6pCgTL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/ba7854-886d-4148-a208-5c78639264aa/1/MwwdOT2I5Iy2c6-lg3CWBbBAZ5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/ba7854-886d-4148-a208-5c78639264aa/1/yxc-ioJ-Y2xPJR7zY72U6pCgTL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:09:8f:89:48:3c:d9:e7:c4:63:9e:fa:b9:86:9a:c6:44:d4:
         be:49:ad:fe:62:4a:9a:a3:a5:8b:e8:ae:25:f8:85:4d:ac:37:
         87:3b:d3:86:fd:83:28:c0:01:30:ed:27:43:09:8c:74:62:fa:
         ef:66:81:19:fa:d2:99:9a:13:c5:35:17:2f:0b:40:a4:89:55:
         32:cd:2b:9d:c5:1e:fb:42:c1:e1:58:02:42:85:ee:50:85:a9:
         3e:df:5d:42:8c:15:19:02:ca:0f:c2:72:b9:d8:01:92:55:8a:
         c5:e8:c7:d8:a8:2e:02:23:42:0e:7f:4c:01:9b:07:21:9a:43:
         15:53:95:e3:48:cf:6f:af:39:e7:bb:18:77:b4:0f:42:db:0f:
         ab:fd:5f:27:ac:04:dd:79:ad:b4:27:42:6c:0c:fb:07:bd:dc:
         2a:a9:72:f6:5c:87:2f:cc:cb:65:ae:0a:58:89:1b:d7:46:2c:
         98:e1:1c:6a:87:c9:f1:d9:f2:55:e4:48:ea:94:ee:d1:b8:9b:
         52:73:9c:ae:89:b4:d4:69:7b:63:ab:d1:6e:4f:76:75:d1:36:
         b7:ee:b5:1c:da:18:f6:df:06:80:7b:d1:80:7d:3c:27:0c:cd:
         6f:17:64:17:a8:fe:36:0f:a8:0d:70:88:0e:8a:8b:08:a1:75:
         e4:e2:68:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATQH2UtBzOoriKVx9Y1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMTczZThhODI3ZTYzNmM0ZjI1MWVmMzYzYmQ5NGVhOTBh
MDRjYmYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBjMWQzOTNkODhlNDhjYjY3M2FmYTU4MzcwOTYwNWIwNDA2Nzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva5OealNYSOQfshXZ4PjdMyymhbH
hqLsMfxf9FClvLRepW/LtYOF9stPlB+LhN/G9kETNr7NbowgWJ0FOOSMNUV/PEuc
DUGZsE3hZyQqMbVrRE7mHhPvaYlZqDS/Sxt6Exe3kXkGa95gesOKlDUZiA1H8ub5
f7xIsbr/mk9t/AkLGXrUCg9tP5dOBZSg05R57wRhO9F91mBI+0TECOBZ2V3iYHrr
pAhFa5Wtt1ty0fUbOydCHM593qXPuwUueB//kpdvR9XQdAyTpJCEqTeS7jNCUXaD
bUtY4rfUuB5Xxz73L3+cZkrfUP+VaVudkREcUWutX73o6rpiKxDtMt5B9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMMHTk9iOSMtnOvpYNwlgWwQGeXMB8GA1UdIwQY
MBaAFMsXPoqCfmNsTyUe82O9lOqQoEy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXhjLWlvSi1ZMnhQSlI3elk3MlU2cENnVEw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iYTc4NTQtODg2ZC00MTQ4LWEyMDgt
NWM3ODYzOTI2NGFhLzEvTXd3ZE9UMkk1SXkyYzYtbGczQ1dCYkJBWjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iYTc4NTQtODg2ZC00MTQ4LWEyMDgtNWM3ODYzOTI2NGFh
LzEveXhjLWlvSi1ZMnhQSlI3elk3MlU2cENnVEw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AFMA0G
CSqGSIb3DQEBCwUAA4IBAQCzCY+JSDzZ58Rjnvq5hprGRNS+Sa3+Ykqao6WL6K4l
+IVNrDeHO9OG/YMowAEw7SdDCYx0YvrvZoEZ+tKZmhPFNRcvC0CkiVUyzSudxR77
QsHhWAJChe5Qhak+311CjBUZAsoPwnK52AGSVYrF6MfYqC4CI0IOf0wBmwchmkMV
U5XjSM9vrznnuxh3tA9C2w+r/V8nrATdea20J0JsDPsHvdwqqXL2XIcvzMtlrgpY
iRvXRiyY4Rxqh8nx2fJV5EjqlO7RuJtSc5yuibTUaXtjq9FuT3Z10Ta37rUc2hj2
3waAe9GAfTwnDM1vF2QXqP42D6gNcIgOiosIoXXk4mgj
-----END CERTIFICATE-----