Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/Mwo4_iNwaab4yIkqCp7QX9lO6Dw.roa
File:                     Mwo4_iNwaab4yIkqCp7QX9lO6Dw.roa (raw, json)
Hash identifier:          MF55q7N/kiR7GWvraIgfdsFW/aiTTP874a+fT33yg4A=
Subject key identifier:   33:0A:38:FE:23:70:69:A6:F8:C8:89:2A:0A:9E:D0:5F:D9:4E:E8:3C
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018CC86F86E252D818E20F21B078283CBA3E
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/Mwo4_iNwaab4yIkqCp7QX9lO6Dw.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49538
IP address blocks:        213.192.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:86:e2:52:d8:18:e2:0f:21:b0:78:28:3c:ba:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=330a38fe237069a6f8c8892a0a9ed05fd94ee83c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:01:77:d6:c2:ec:bf:aa:5e:8e:fd:81:0f:84:
                    54:b8:d6:aa:52:94:a8:56:ce:55:e9:e0:3b:4c:03:
                    95:54:30:a5:8c:a1:dc:9a:db:95:02:3e:87:61:e4:
                    c9:55:c8:07:26:20:4f:4b:6f:73:e5:6f:6c:fa:2c:
                    94:bb:30:08:7f:64:12:8d:b4:9a:98:08:e8:82:78:
                    f4:b4:bb:8c:31:f1:3c:3c:2b:9b:72:ae:16:e6:05:
                    3f:b6:59:5b:1a:4c:2d:bb:7c:dc:c5:a9:27:1d:9b:
                    fc:68:f6:84:f8:05:01:76:b6:40:58:53:4e:b2:ef:
                    55:c1:ae:9c:3e:f7:04:af:ef:a3:70:7d:20:5f:d5:
                    03:94:2f:46:c4:da:fd:87:93:d1:f1:b8:bd:0f:98:
                    ab:ae:4d:18:80:ec:d5:42:77:f2:d8:06:0e:72:e1:
                    0d:9d:97:39:4a:ed:51:b0:a8:13:d5:db:0b:81:ea:
                    f9:9a:c8:f9:53:64:a8:92:a2:01:f4:cc:b7:2c:02:
                    19:92:ac:5d:0a:f0:c3:3e:74:2e:6f:15:ad:b0:25:
                    32:99:f4:1c:05:6b:16:00:f1:26:ab:10:56:6a:0e:
                    42:10:a5:0c:3b:5c:c5:9f:46:ad:99:82:de:f7:0c:
                    05:44:33:36:54:d3:61:55:70:57:47:91:7a:16:81:
                    4f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0A:38:FE:23:70:69:A6:F8:C8:89:2A:0A:9E:D0:5F:D9:4E:E8:3C
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/Mwo4_iNwaab4yIkqCp7QX9lO6Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:b4:f9:ce:60:1c:69:1d:09:7e:20:5c:a6:f6:9a:ae:f5:b1:
         01:f5:8b:6a:5b:11:11:7a:bb:f9:43:e9:a5:97:bd:28:69:5c:
         a2:50:3a:8f:68:1f:6b:cd:19:13:0d:89:3c:e9:d2:a5:ed:a2:
         56:dd:9f:e2:18:ab:f5:50:b2:c1:3e:6b:1c:ae:fd:4a:af:b2:
         b8:19:c8:ff:34:81:31:e0:bb:d6:a5:a6:4d:b8:9a:fe:e8:f5:
         6a:90:64:7b:c0:9d:45:e2:be:f6:a7:1a:bb:dd:c0:17:fb:3e:
         ea:7d:ff:11:de:5c:da:9d:d5:f5:db:56:6a:15:9b:15:75:14:
         32:41:01:64:04:91:a7:78:38:08:27:fb:bc:14:0d:a3:a5:46:
         d1:0b:cf:8a:7d:fd:0b:ab:6c:73:af:70:6d:66:82:8d:5c:c4:
         0a:10:f8:0d:0e:d6:78:64:18:7e:de:04:f0:54:a1:71:dd:8b:
         a0:1e:da:1a:32:d5:7e:8d:2c:52:4d:a3:87:27:ba:0c:0d:e0:
         56:6a:8c:21:90:e5:98:6f:13:d4:93:e9:91:8e:71:2f:a7:de:
         70:c9:02:ae:07:b2:63:0b:66:a8:ce:0f:b5:4b:b9:a7:0a:da:
         76:25:2f:00:59:4c:4d:9a:55:d5:d0:c2:bf:e6:cd:08:b9:e4:
         f9:fa:f1:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4biUtgY4g8hsHgoPLo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBhMzhmZTIzNzA2OWE2ZjhjODg5MmEwYTllZDA1ZmQ5NGVlODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAF31sLsv6pejv2BD4RUuNaqUpSo
Vs5V6eA7TAOVVDCljKHcmtuVAj6HYeTJVcgHJiBPS29z5W9s+iyUuzAIf2QSjbSa
mAjognj0tLuMMfE8PCubcq4W5gU/tllbGkwtu3zcxaknHZv8aPaE+AUBdrZAWFNO
su9Vwa6cPvcEr++jcH0gX9UDlC9GxNr9h5PR8bi9D5irrk0YgOzVQnfy2AYOcuEN
nZc5Su1RsKgT1dsLger5msj5U2SokqIB9My3LAIZkqxdCvDDPnQubxWtsCUymfQc
BWsWAPEmqxBWag5CEKUMO1zFn0atmYLe9wwFRDM2VNNhVXBXR5F6FoFPiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMKOP4jcGmm+MiJKgqe0F/ZTug8MB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvTXdvNF9pTndhYWI0eUlrcUNwN1FYOWxPNkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1cDsMA0G
CSqGSIb3DQEBCwUAA4IBAQBAtPnOYBxpHQl+IFym9pqu9bEB9YtqWxERerv5Q+ml
l70oaVyiUDqPaB9rzRkTDYk86dKl7aJW3Z/iGKv1ULLBPmscrv1Kr7K4Gcj/NIEx
4LvWpaZNuJr+6PVqkGR7wJ1F4r72pxq73cAX+z7qff8R3lzandX121ZqFZsVdRQy
QQFkBJGneDgIJ/u8FA2jpUbRC8+Kff0Lq2xzr3BtZoKNXMQKEPgNDtZ4ZBh+3gTw
VKFx3YugHtoaMtV+jSxSTaOHJ7oMDeBWaowhkOWYbxPUk+mRjnEvp95wyQKuB7Jj
C2aozg+1S7mnCtp2JS8AWUxNmlXV0MK/5s0IueT5+vFs
-----END CERTIFICATE-----