Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/MTA5BPdCsq2R0_tjWBkvr2oeYjw.roa
File:                     MTA5BPdCsq2R0_tjWBkvr2oeYjw.roa (raw, json)
Hash identifier:          jhDOfE16/FGdNVVqC4EydQFSLTSUGP1BiTk1suhShV8=
Subject key identifier:   31:30:39:04:F7:42:B2:AD:91:D3:FB:63:58:19:2F:AF:6A:1E:62:3C
Certificate issuer:       /CN=e980fb9530a36ff7b7430d50d44b8fb6d6dca937
Certificate serial:       018CC5DC37D3B681E4955520A0BDF91598E0
Authority key identifier: E9:80:FB:95:30:A3:6F:F7:B7:43:0D:50:D4:4B:8F:B6:D6:DC:A9:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/MTA5BPdCsq2R0_tjWBkvr2oeYjw.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21500
IP address blocks:        194.54.186.0/24 maxlen: 24
                          194.54.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:37:d3:b6:81:e4:95:55:20:a0:bd:f9:15:98:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e980fb9530a36ff7b7430d50d44b8fb6d6dca937
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31303904f742b2ad91d3fb6358192faf6a1e623c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cf:c7:b2:cc:1e:bb:8b:77:21:7e:bc:02:f9:
                    32:75:eb:85:0b:34:b5:fa:2f:a0:bb:f6:9d:f1:6d:
                    fe:60:44:8a:09:51:cc:b3:5e:a2:98:f8:b4:a9:11:
                    25:41:15:20:e5:17:cb:3b:3d:9d:60:14:4d:11:8b:
                    af:83:6b:46:dc:a2:7b:ba:a9:b5:5d:71:97:dc:ee:
                    9b:7c:1c:98:ae:48:f1:49:8f:48:9a:3a:a4:2e:3f:
                    19:56:67:a6:6f:df:f2:fe:05:e5:4f:30:21:5c:da:
                    8c:67:33:83:66:f9:61:0f:e8:92:7d:34:8b:63:f8:
                    97:9d:f0:b5:db:77:54:14:57:fe:68:7f:e4:32:c9:
                    e4:d4:fc:f7:7a:4c:a1:c6:4c:12:54:4c:7e:36:2c:
                    cc:6f:11:02:82:9c:c3:e7:6f:e3:3c:23:cd:5a:0a:
                    74:18:1f:f6:39:41:3b:4a:9a:a1:3f:94:46:89:b7:
                    12:f5:18:9c:4d:61:fb:fe:be:ef:a0:7b:29:06:1e:
                    27:4b:97:73:c6:37:1e:19:49:3d:5d:a8:2c:38:b8:
                    8a:a5:57:6b:6d:bd:22:d3:82:ee:bb:bc:f7:f1:cd:
                    b1:95:77:3f:67:ee:52:03:ac:c8:fa:45:1c:62:54:
                    31:5c:ef:28:18:11:f9:3a:27:3f:ad:17:53:be:d6:
                    46:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:30:39:04:F7:42:B2:AD:91:D3:FB:63:58:19:2F:AF:6A:1E:62:3C
            X509v3 Authority Key Identifier:
                keyid:E9:80:FB:95:30:A3:6F:F7:B7:43:0D:50:D4:4B:8F:B6:D6:DC:A9:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/MTA5BPdCsq2R0_tjWBkvr2oeYjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/45a04c-cb0d-4c0c-8bf1-48f39fde0eea/1/6YD7lTCjb_e3Qw1Q1EuPttbcqTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:94:a4:bb:bf:dc:0c:ec:6a:c9:62:cd:1f:1d:11:7a:1a:40:
         bf:c7:b2:db:b9:57:02:5e:96:23:f3:40:00:62:44:8b:b9:fe:
         14:ed:9e:9c:18:41:92:51:87:fe:50:13:55:a1:d9:e7:7a:c8:
         e4:2d:f7:43:05:d1:65:f9:3e:c6:75:56:27:7a:28:a4:90:90:
         b7:95:b7:2c:d9:ad:cf:7f:80:f1:37:e9:d0:e5:e6:26:42:ff:
         18:68:dd:dc:da:fb:7a:8d:7f:b5:25:ee:0f:81:f6:89:56:8b:
         fe:d9:7f:06:e9:70:79:5c:70:4e:fb:90:c6:ab:60:18:72:20:
         3b:6f:26:28:28:19:2c:03:ad:7f:b0:45:4f:0e:4c:75:8f:5f:
         9c:6d:4a:f8:72:64:5a:57:71:6d:33:eb:d4:3a:72:e0:0c:68:
         10:16:4f:7c:0a:e0:af:75:1a:7e:bb:5b:40:53:ed:ec:2b:71:
         ce:64:94:a5:b5:bf:1c:aa:1e:9b:a4:ad:10:d4:c3:c8:d8:c2:
         fc:1b:81:93:32:0f:25:4c:cc:e8:04:b6:72:3b:cb:8d:95:70:
         fe:78:e6:21:d5:8e:16:ef:c6:37:f4:6d:eb:4c:c3:f1:3a:35:
         e0:34:cf:ac:23:09:21:7f:bb:97:0b:7f:62:29:06:05:dc:ba:
         96:7e:49:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DfTtoHklVUgoL35FZjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ODBmYjk1MzBhMzZmZjdiNzQzMGQ1MGQ0NGI4ZmI2ZDZk
Y2E5MzcwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTMwMzkwNGY3NDJiMmFkOTFkM2ZiNjM1ODE5MmZhZjZhMWU2MjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8/Hssweu4t3IX68AvkydeuFCzS1
+i+gu/ad8W3+YESKCVHMs16imPi0qRElQRUg5RfLOz2dYBRNEYuvg2tG3KJ7uqm1
XXGX3O6bfByYrkjxSY9ImjqkLj8ZVmemb9/y/gXlTzAhXNqMZzODZvlhD+iSfTSL
Y/iXnfC123dUFFf+aH/kMsnk1Pz3ekyhxkwSVEx+NizMbxECgpzD52/jPCPNWgp0
GB/2OUE7SpqhP5RGibcS9RicTWH7/r7voHspBh4nS5dzxjceGUk9XagsOLiKpVdr
bb0i04Luu7z38c2xlXc/Z+5SA6zI+kUcYlQxXO8oGBH5Oic/rRdTvtZGwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEwOQT3QrKtkdP7Y1gZL69qHmI8MB8GA1UdIwQY
MBaAFOmA+5Uwo2/3t0MNUNRLj7bW3Kk3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNllEN2xUQ2piX2UzUXcxUTFFdVB0dGJjcVRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80NWEwNGMtY2IwZC00YzBjLThiZjEt
NDhmMzlmZGUwZWVhLzEvTVRBNUJQZENzcTJSMF90aldCa3ZyMm9lWWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80NWEwNGMtY2IwZC00YzBjLThiZjEtNDhmMzlmZGUwZWVh
LzEvNllEN2xUQ2piX2UzUXcxUTFFdVB0dGJjcVRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwja6MA0G
CSqGSIb3DQEBCwUAA4IBAQCulKS7v9wM7GrJYs0fHRF6GkC/x7LbuVcCXpYj80AA
YkSLuf4U7Z6cGEGSUYf+UBNVodnnesjkLfdDBdFl+T7GdVYneiikkJC3lbcs2a3P
f4DxN+nQ5eYmQv8YaN3c2vt6jX+1Je4PgfaJVov+2X8G6XB5XHBO+5DGq2AYciA7
byYoKBksA61/sEVPDkx1j1+cbUr4cmRaV3FtM+vUOnLgDGgQFk98CuCvdRp+u1tA
U+3sK3HOZJSltb8cqh6bpK0Q1MPI2ML8G4GTMg8lTMzoBLZyO8uNlXD+eOYh1Y4W
78Y39G3rTMPxOjXgNM+sIwkhf7uXC39iKQYF3LqWfklh
-----END CERTIFICATE-----