Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/MSpZQbf714dG4v4hvcCHcKTmxz0.roa
File:                     MSpZQbf714dG4v4hvcCHcKTmxz0.roa (raw, json)
Hash identifier:          dMNLUfoMLbUeIoPwsycC5nLlDMg7FfgRLCg5BQDHTzU=
Subject key identifier:   31:2A:59:41:B7:FB:D7:87:46:E2:FE:21:BD:C0:87:70:A4:E6:C7:3D
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0E20043CBEB01467448F49D28875
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/MSpZQbf714dG4v4hvcCHcKTmxz0.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210842
IP address blocks:        2a05:b0c2:1000::/36 maxlen: 36
                          2a05:b0c2::/36 maxlen: 36
                          2a05:b0c2::/35 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0e:20:04:3c:be:b0:14:67:44:8f:49:d2:88:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=312a5941b7fbd78746e2fe21bdc08770a4e6c73d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:86:fc:ae:78:c5:6c:41:76:24:34:4a:66:d4:
                    ae:b8:0b:42:b5:65:4a:f6:ac:9c:44:0f:d4:cb:23:
                    0c:d9:40:e7:ee:a2:72:98:21:2c:59:24:44:47:ce:
                    7d:bb:cf:76:e5:34:af:cd:67:08:42:bc:55:7e:f1:
                    7b:11:e1:b6:a7:f4:a3:06:b5:26:b7:7a:eb:7b:f3:
                    15:be:8b:50:94:5d:36:19:d3:61:3e:66:8e:57:97:
                    27:d7:55:57:42:a4:46:7e:af:aa:ad:d9:4b:13:ea:
                    5e:6d:bf:b6:2d:a7:44:d4:11:a3:37:54:26:44:75:
                    d6:bc:be:ef:41:ad:eb:08:15:84:89:b8:6e:2d:ed:
                    8c:10:57:b8:55:26:0a:9a:39:e5:99:a5:d8:95:5a:
                    b1:a3:c8:99:de:a3:41:fa:39:c7:19:2e:38:85:9e:
                    39:76:cb:7f:70:0f:b1:21:ee:2a:65:ad:b6:5a:00:
                    2b:c0:92:33:82:00:82:0c:4b:3b:3b:e4:56:1c:f5:
                    ff:5c:ff:d9:48:11:2a:43:91:39:03:31:02:3f:02:
                    6d:81:36:7a:ed:2d:10:e2:b6:0d:0d:ec:dc:ae:93:
                    0d:fc:d9:9c:c8:56:b4:0a:b4:ce:40:8e:e3:4f:56:
                    c1:14:d2:73:c9:bb:da:c7:16:ca:1a:b2:0a:b1:5d:
                    60:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2A:59:41:B7:FB:D7:87:46:E2:FE:21:BD:C0:87:70:A4:E6:C7:3D
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/MSpZQbf714dG4v4hvcCHcKTmxz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c2::/35

    Signature Algorithm: sha256WithRSAEncryption
         76:6a:75:58:52:6a:68:04:5e:4b:29:8d:65:05:07:0c:3c:32:
         4c:a9:72:ec:7e:20:d7:35:32:5b:ab:a1:df:44:ff:f9:d7:0f:
         55:28:ed:2b:a8:16:e3:d3:91:d1:a4:3c:4e:62:e8:86:d7:2f:
         4c:93:e4:0e:9a:23:4e:64:45:86:b2:f9:b4:4d:49:8c:19:56:
         b7:8b:54:d7:56:59:31:ee:a0:75:15:c6:3c:83:02:c6:18:62:
         b5:4d:89:4c:22:c9:c9:71:da:bc:e9:a5:45:26:92:2f:9d:7a:
         5f:21:9d:e1:7a:3c:b1:26:a7:31:a9:f6:d7:c7:15:87:4e:38:
         c5:f9:ce:f3:19:a0:87:c0:4a:58:d2:16:94:fb:a6:c7:e0:06:
         93:84:76:a5:d0:9c:e1:b5:33:30:a5:f5:77:4a:62:90:b9:eb:
         22:f6:b1:c8:58:af:d8:38:94:be:bf:3f:7a:89:b7:da:6d:ec:
         e9:c8:6d:36:d6:e7:9f:38:ca:fc:af:83:65:64:25:c6:dc:fb:
         eb:49:b1:73:dc:c9:cc:2f:04:ab:64:c9:c3:15:cc:41:36:e7:
         81:02:43:92:ab:83:87:d9:1d:4b:26:a2:80:1b:b7:7a:e7:59:
         3b:21:c0:2e:2c:17:00:21:78:ae:7f:21:84:0e:84:7d:61:4c:
         8a:54:61:3e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3A4gBDy+sBRnRI9J0oh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTJhNTk0MWI3ZmJkNzg3NDZlMmZlMjFiZGMwODc3MGE0ZTZjNzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54b8rnjFbEF2JDRKZtSuuAtCtWVK
9qycRA/UyyMM2UDn7qJymCEsWSRER859u8925TSvzWcIQrxVfvF7EeG2p/SjBrUm
t3rre/MVvotQlF02GdNhPmaOV5cn11VXQqRGfq+qrdlLE+pebb+2LadE1BGjN1Qm
RHXWvL7vQa3rCBWEibhuLe2MEFe4VSYKmjnlmaXYlVqxo8iZ3qNB+jnHGS44hZ45
dst/cA+xIe4qZa22WgArwJIzggCCDEs7O+RWHPX/XP/ZSBEqQ5E5AzECPwJtgTZ6
7S0Q4rYNDezcrpMN/NmcyFa0CrTOQI7jT1bBFNJzybvaxxbKGrIKsV1gAQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDEqWUG3+9eHRuL+Ib3Ah3Ck5sc9MB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvTVNwWlFiZjcxNGRHNHY0aHZjQ0hjS1RteHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKgWwwgAw
DQYJKoZIhvcNAQELBQADggEBAHZqdVhSamgEXkspjWUFBww8Mkypcux+INc1Mlur
od9E//nXD1Uo7SuoFuPTkdGkPE5i6IbXL0yT5A6aI05kRYay+bRNSYwZVreLVNdW
WTHuoHUVxjyDAsYYYrVNiUwiyclx2rzppUUmki+del8hneF6PLEmpzGp9tfHFYdO
OMX5zvMZoIfASljSFpT7psfgBpOEdqXQnOG1MzCl9XdKYpC56yL2schYr9g4lL6/
P3qJt9pt7OnIbTbW5584yvyvg2VkJcbc++tJsXPcycwvBKtkycMVzEE254ECQ5Kr
g4fZHUsmooAbt3rnWTshwC4sFwAheK5/IYQOhH1hTIpUYT4=
-----END CERTIFICATE-----