Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/MEFuouRdyYupys37C42vx4trO4Q.roa
File:                     MEFuouRdyYupys37C42vx4trO4Q.roa (raw, json)
Hash identifier:          HFej5hL/DtUaosiZ3ff5LDeF0Rn58lz8+2N9WU82ryk=
Subject key identifier:   30:41:6E:A2:E4:5D:C9:8B:A9:CA:CD:FB:0B:8D:AF:C7:8B:6B:3B:84
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E950BFD67B96B4383BB922569762D
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/MEFuouRdyYupys37C42vx4trO4Q.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61420
IP address blocks:        176.41.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:95:0b:fd:67:b9:6b:43:83:bb:92:25:69:76:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30416ea2e45dc98ba9cacdfb0b8dafc78b6b3b84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0b:0d:a3:9a:28:04:c7:e7:8b:a9:73:7c:fb:
                    de:16:d8:df:75:62:e8:8e:ad:0c:af:2e:4f:71:6d:
                    46:f7:cc:eb:59:ec:ea:91:84:0b:d3:e1:5c:cc:ba:
                    21:df:e4:6d:1f:a3:f4:83:78:8f:bf:07:c2:1b:2c:
                    86:74:0d:ae:0b:dc:51:24:3d:04:c3:36:ab:4e:33:
                    a6:72:29:63:9a:e8:10:1d:2a:36:f4:25:9e:c5:ec:
                    f7:90:39:8a:d9:71:e7:c4:f7:9c:26:b0:76:be:1a:
                    2c:a5:96:c5:52:bb:40:b4:e9:2d:1c:9f:75:e9:d5:
                    95:db:06:58:10:1b:ad:ce:30:24:1b:f4:35:10:5e:
                    02:4a:d5:f3:7b:34:de:02:d2:3f:4a:e8:4b:83:3f:
                    55:3d:6a:8c:73:3c:64:2f:c4:67:ca:8d:26:e6:72:
                    56:c0:7e:ae:d0:05:ef:35:e9:a9:59:ce:08:cf:7e:
                    ff:52:a3:2d:44:35:cd:70:9f:6f:00:f0:ba:60:34:
                    e5:b1:27:28:b5:ed:8a:df:82:22:d0:d7:00:6d:86:
                    1a:8c:05:52:3d:1d:1b:7a:9b:f4:3d:73:90:4a:6f:
                    1c:20:f6:ef:46:2c:f2:55:15:fa:24:fa:dd:19:4c:
                    c3:31:fe:1f:d5:46:5a:e7:b9:64:8e:d6:d8:12:fa:
                    0a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:41:6E:A2:E4:5D:C9:8B:A9:CA:CD:FB:0B:8D:AF:C7:8B:6B:3B:84
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/MEFuouRdyYupys37C42vx4trO4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.41.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:59:9c:1a:f0:fd:41:dd:b8:2f:c8:60:e2:75:64:a9:a8:5e:
         5c:2c:5d:77:14:8c:be:1f:5c:77:4b:4d:f6:3a:66:d8:6e:d4:
         d8:7b:87:bc:22:68:0f:d2:d8:9a:33:6d:65:07:45:ca:26:4b:
         ff:1e:a4:c7:bb:8a:45:b6:9a:60:38:4c:f2:92:ff:ad:48:be:
         d2:02:30:8d:98:15:4e:9c:fd:68:07:e2:52:bb:ef:94:a4:88:
         37:dd:df:65:07:7f:ea:c8:8d:94:75:c6:ae:27:57:68:45:77:
         dc:6a:7b:5e:f4:3a:2d:ce:ff:78:42:9f:7e:45:af:4c:32:86:
         db:e5:1a:b6:b4:07:25:5a:df:29:34:d3:7a:4d:d6:91:7b:be:
         45:1f:5b:bf:82:68:34:69:c3:9c:67:b0:af:a3:dd:9c:86:9b:
         45:92:ac:24:ac:52:27:de:37:2d:48:59:1a:2b:13:9c:c1:de:
         70:34:32:b5:be:21:b0:59:84:ed:26:79:e6:36:49:7c:8c:01:
         55:ae:a2:d8:c4:28:c5:04:15:03:5c:23:9a:5b:20:32:01:a1:
         5f:6d:46:34:4d:a0:a6:bc:a1:08:f0:bb:ed:25:c9:e2:9d:ab:
         45:97:02:c2:e4:51:7f:4f:05:ef:1d:a9:46:d3:4b:d0:de:69:
         5d:51:77:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpUL/We5a0ODu5IlaXYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDQxNmVhMmU0NWRjOThiYTljYWNkZmIwYjhkYWZjNzhiNmIzYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAsNo5ooBMfni6lzfPveFtjfdWLo
jq0Mry5PcW1G98zrWezqkYQL0+FczLoh3+RtH6P0g3iPvwfCGyyGdA2uC9xRJD0E
wzarTjOmciljmugQHSo29CWexez3kDmK2XHnxPecJrB2vhospZbFUrtAtOktHJ91
6dWV2wZYEButzjAkG/Q1EF4CStXzezTeAtI/SuhLgz9VPWqMczxkL8Rnyo0m5nJW
wH6u0AXvNempWc4Iz37/UqMtRDXNcJ9vAPC6YDTlsScote2K34Ii0NcAbYYajAVS
PR0bepv0PXOQSm8cIPbvRizyVRX6JPrdGUzDMf4f1UZa57lkjtbYEvoKMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBBbqLkXcmLqcrN+wuNr8eLazuEMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvTUVGdW91UmR5WXVweXMzN0M0MnZ4NHRyTzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsCmFMA0G
CSqGSIb3DQEBCwUAA4IBAQCwWZwa8P1B3bgvyGDidWSpqF5cLF13FIy+H1x3S032
OmbYbtTYe4e8ImgP0tiaM21lB0XKJkv/HqTHu4pFtppgOEzykv+tSL7SAjCNmBVO
nP1oB+JSu++UpIg33d9lB3/qyI2UdcauJ1doRXfcante9Dotzv94Qp9+Ra9MMobb
5Rq2tAclWt8pNNN6TdaRe75FH1u/gmg0acOcZ7Cvo92chptFkqwkrFIn3jctSFka
KxOcwd5wNDK1viGwWYTtJnnmNkl8jAFVrqLYxCjFBBUDXCOaWyAyAaFfbUY0TaCm
vKEI8LvtJcninatFlwLC5FF/TwXvHalG00vQ3mldUXcb
-----END CERTIFICATE-----