Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/MFmrcG-hs_DKCOtsJFV21X2JOWI.roa
File:                     MFmrcG-hs_DKCOtsJFV21X2JOWI.roa (raw, json)
Hash identifier:          ChPrR4t9BqXR5cWuXnAG35Bhk8rgGbW6GHg1ZKP4/p0=
Subject key identifier:   30:59:AB:70:6F:A1:B3:F0:CA:08:EB:6C:24:55:76:D5:7D:89:39:62
Certificate issuer:       /CN=9d9a0c84b30720f4d4ce4bdba01dd0544d028ecd
Certificate serial:       018CC3B6F8AC0F36967B42CFC6F106E53FC2
Authority key identifier: 9D:9A:0C:84:B3:07:20:F4:D4:CE:4B:DB:A0:1D:D0:54:4D:02:8E:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/MFmrcG-hs_DKCOtsJFV21X2JOWI.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198651
IP address blocks:        185.207.33.0/24 maxlen: 24
                          185.207.34.0/24 maxlen: 24
                          185.207.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f8:ac:0f:36:96:7b:42:cf:c6:f1:06:e5:3f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d9a0c84b30720f4d4ce4bdba01dd0544d028ecd
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3059ab706fa1b3f0ca08eb6c245576d57d893962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ff:b0:16:74:ac:f2:29:1c:ea:ff:e6:93:ac:
                    a3:43:d3:f1:e3:31:1b:03:ce:fe:52:d9:aa:5a:ce:
                    70:0d:fc:9f:87:3a:3f:c4:c7:6f:9d:38:8d:f8:00:
                    5b:ce:fb:67:cc:e4:c8:8b:48:02:1e:36:79:3c:b7:
                    59:40:c1:9d:8f:48:8d:a9:b9:82:70:26:e0:97:c1:
                    32:9f:e2:de:ab:d8:c9:9e:f2:95:98:42:64:85:5b:
                    a9:00:ef:c3:f7:32:f5:a9:e5:e3:49:ac:8d:ba:cd:
                    cb:ef:ad:5f:a3:36:01:d4:15:4b:cb:36:26:52:e6:
                    fb:10:c2:7e:0d:80:fe:27:e8:80:2a:8b:91:5c:45:
                    a4:a1:e0:66:94:92:d6:ad:02:90:f5:b4:7b:04:73:
                    5c:19:16:3b:4e:5d:57:8b:cf:63:85:71:cd:db:40:
                    25:2c:d7:66:13:26:5e:4e:29:46:ab:22:e5:96:6d:
                    8e:73:cb:a1:75:34:6a:97:15:f7:df:63:17:bb:7d:
                    c3:3c:70:2b:5f:b2:f5:e4:cf:a5:13:b3:dc:4c:bd:
                    78:16:b5:4f:e3:f2:b0:81:a1:25:e3:cc:9b:31:dd:
                    59:75:dc:57:c8:d6:a3:59:80:d9:ac:22:69:f3:29:
                    cf:78:ee:f2:4f:d0:f6:7d:5d:a7:45:18:5a:ac:95:
                    71:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:59:AB:70:6F:A1:B3:F0:CA:08:EB:6C:24:55:76:D5:7D:89:39:62
            X509v3 Authority Key Identifier:
                keyid:9D:9A:0C:84:B3:07:20:F4:D4:CE:4B:DB:A0:1D:D0:54:4D:02:8E:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/MFmrcG-hs_DKCOtsJFV21X2JOWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.33.0-185.207.35.255

    Signature Algorithm: sha256WithRSAEncryption
         78:3a:5c:96:52:d3:af:4d:8a:8c:ac:34:c8:60:9f:ac:a0:66:
         51:48:14:76:f8:23:4a:aa:b4:84:ca:8d:c8:82:a4:f0:3d:da:
         dd:be:f5:cd:46:2b:b8:9a:78:c1:e0:cb:6b:bb:e6:8b:6d:54:
         cb:3b:31:0c:56:a4:ff:64:91:7d:26:e7:24:e7:ad:ab:a4:4f:
         7d:38:bd:3a:93:46:00:4c:ae:8d:95:09:be:62:01:b7:5e:05:
         f5:d0:8e:03:f1:76:4f:f6:2c:7e:fc:4d:46:8f:dc:c2:2f:6a:
         c3:5a:b1:9a:ef:03:df:56:28:3e:7b:03:7c:fb:0a:d5:2b:f5:
         b0:00:b3:fb:95:63:2e:b7:84:f0:8c:64:38:32:86:40:b4:6c:
         73:5d:47:fc:b6:9c:f5:be:b4:b7:76:35:80:b7:49:c2:19:c7:
         c2:d6:ab:cb:fb:42:ac:ef:8f:8e:cb:2d:4c:82:c9:8d:48:96:
         e8:3f:02:d8:bc:c4:48:e6:a6:4c:84:aa:ae:0f:f7:9e:b1:17:
         fb:c4:1b:c6:27:8f:09:eb:f0:91:95:bc:a4:91:ba:34:83:88:
         97:be:a5:aa:0f:cf:04:71:21:b1:a1:66:23:44:0e:48:38:87:
         03:50:8a:ac:cc:0b:e1:a3:fe:89:cf:f9:3c:81:36:42:cb:00:
         d4:6a:cf:25
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtvisDzaWe0LPxvEG5T/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOWEwYzg0YjMwNzIwZjRkNGNlNGJkYmEwMWRkMDU0NGQw
MjhlY2QwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU5YWI3MDZmYTFiM2YwY2EwOGViNmMyNDU1NzZkNTdkODkzOTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhf+wFnSs8ikc6v/mk6yjQ9Px4zEb
A87+UtmqWs5wDfyfhzo/xMdvnTiN+ABbzvtnzOTIi0gCHjZ5PLdZQMGdj0iNqbmC
cCbgl8Eyn+Leq9jJnvKVmEJkhVupAO/D9zL1qeXjSayNus3L761fozYB1BVLyzYm
Uub7EMJ+DYD+J+iAKouRXEWkoeBmlJLWrQKQ9bR7BHNcGRY7Tl1Xi89jhXHN20Al
LNdmEyZeTilGqyLllm2Oc8uhdTRqlxX332MXu33DPHArX7L15M+lE7PcTL14FrVP
4/KwgaEl48ybMd1ZddxXyNajWYDZrCJp8ynPeO7yT9D2fV2nRRharJVxyQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDBZq3BvobPwygjrbCRVdtV9iTliMB8GA1UdIwQY
MBaAFJ2aDISzByD01M5L26Ad0FRNAo7NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblpvTWhMTUhJUFRVemt2Ym9CM1FWRTBDanMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xZThkNGQtNTNiZi00YWNiLWJjMGMt
NTJjYWQ2Njc1ZmM2LzEvTUZtcmNHLWhzX0RLQ090c0pGVjIxWDJKT1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xZThkNGQtNTNiZi00YWNiLWJjMGMtNTJjYWQ2Njc1ZmM2
LzEvblpvTWhMTUhJUFRVemt2Ym9CM1FWRTBDanMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5zyED
BAK5zyAwDQYJKoZIhvcNAQELBQADggEBAHg6XJZS069NioysNMhgn6ygZlFIFHb4
I0qqtITKjciCpPA92t2+9c1GK7iaeMHgy2u75ottVMs7MQxWpP9kkX0m5yTnrauk
T304vTqTRgBMro2VCb5iAbdeBfXQjgPxdk/2LH78TUaP3MIvasNasZrvA99WKD57
A3z7CtUr9bAAs/uVYy63hPCMZDgyhkC0bHNdR/y2nPW+tLd2NYC3ScIZx8LWq8v7
Qqzvj47LLUyCyY1Ilug/Ati8xEjmpkyEqq4P956xF/vEG8Ynjwnr8JGVvKSRujSD
iJe+paoPzwRxIbGhZiNEDkg4hwNQiqzMC+Gj/onP+TyBNkLLANRqzyU=
-----END CERTIFICATE-----