Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/Mo2amJuwXLLt-oEmuZpUzyrASpM.roa
File:                     Mo2amJuwXLLt-oEmuZpUzyrASpM.roa (raw, json)
Hash identifier:          jYOoCLW1HhH1M7tFmCXxrq4KkD5YWbdSezqg1hZXczY=
Subject key identifier:   32:8D:9A:98:9B:B0:5C:B2:ED:FA:81:26:B9:9A:54:CF:2A:C0:4A:93
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       018E09989F87D14153005AC5545EDF3DFDDB
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/Mo2amJuwXLLt-oEmuZpUzyrASpM.roa
Signing time:             Mon 04 Mar 2024 13:13:00 +0000
ROA not before:           Mon 04 Mar 2024 13:13:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        116.199.224.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:98:9f:87:d1:41:53:00:5a:c5:54:5e:df:3d:fd:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Mar  4 13:13:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=328d9a989bb05cb2edfa8126b99a54cf2ac04a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2e:9c:b9:bb:3f:98:b2:e6:5e:10:e3:56:8e:
                    33:54:38:b1:73:23:50:8d:49:04:ee:6c:0d:64:1b:
                    3d:b8:59:e3:b3:fe:02:99:95:82:28:ea:4f:17:19:
                    95:56:4c:5b:af:9b:93:8c:c8:90:b5:61:49:45:4a:
                    fd:ec:d3:06:dd:ec:50:0d:f3:8f:77:74:d8:1f:5c:
                    43:09:28:3c:ac:20:65:8a:01:7a:35:d2:ff:08:a5:
                    b1:ad:a2:25:35:d6:cc:c3:56:58:82:af:a0:96:1e:
                    13:97:b3:20:3a:0b:f0:b2:be:f3:55:cf:74:aa:29:
                    65:22:07:3e:a6:aa:61:7d:13:65:84:b4:33:e4:57:
                    e5:9c:5c:89:71:92:18:bf:0c:d1:2a:ab:1d:5d:74:
                    b5:2f:44:b7:c9:db:43:7d:46:54:c4:c1:d0:78:63:
                    42:a1:82:76:ab:fc:e2:b1:ce:c0:d0:22:cb:63:ed:
                    18:c8:06:84:c2:fa:40:47:28:65:7c:76:8f:44:9c:
                    40:1a:ef:4c:86:8d:48:3e:04:c4:0e:95:68:82:fb:
                    b3:b7:1a:48:69:c4:56:ba:6e:66:93:dc:c9:f9:03:
                    ee:e3:bb:b4:73:0d:d0:57:31:f8:ce:e4:24:09:be:
                    5f:95:a5:32:15:92:db:48:f6:6b:61:a0:7f:7b:9b:
                    ec:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8D:9A:98:9B:B0:5C:B2:ED:FA:81:26:B9:9A:54:CF:2A:C0:4A:93
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/Mo2amJuwXLLt-oEmuZpUzyrASpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.199.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         28:80:12:f3:ef:f4:9b:38:9b:d8:e6:ff:4e:35:8f:dc:33:54:
         d7:0f:ec:16:83:a5:8d:ec:94:76:b8:6b:af:f7:b1:be:96:c4:
         65:70:02:e2:c4:a0:e2:a6:7a:cf:f7:4d:49:4c:80:09:99:fb:
         02:76:f2:aa:05:33:0d:2d:15:87:56:b6:52:0c:3a:e5:45:67:
         ae:b9:79:43:2e:ab:e5:c0:26:14:e9:a3:e7:5e:b3:59:d8:3f:
         02:b8:6f:0b:e4:65:4f:44:df:da:f8:e8:5e:bc:c8:66:4a:34:
         c4:7b:96:23:94:16:77:ea:2a:a3:45:c5:8c:75:58:02:eb:07:
         81:1b:43:1b:50:3f:a2:90:2c:c0:47:3e:6b:d7:a8:7c:9b:86:
         f1:23:d8:93:17:61:78:89:b1:84:71:81:db:1d:16:e3:88:93:
         44:51:ba:3a:a0:d5:76:de:4b:15:d7:c6:12:60:20:f3:b3:39:
         20:33:10:3f:0e:d4:90:bb:63:6e:e1:d9:82:33:f6:ea:7c:06:
         3b:03:fd:89:6e:99:fc:34:7c:ed:cd:de:c7:6a:ab:de:ac:10:
         83:7d:ae:1c:b7:5f:e7:50:8a:6c:79:25:a7:8b:08:d6:48:eb:
         79:8a:c1:27:ab:fb:34:52:58:5d:f5:91:26:7e:5e:99:6d:e5:
         db:e2:4a:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4JmJ+H0UFTAFrFVF7fPf3bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjQwMzA0MTMxMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjhkOWE5ODliYjA1Y2IyZWRmYTgxMjZiOTlhNTRjZjJhYzA0YTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhS6cubs/mLLmXhDjVo4zVDixcyNQ
jUkE7mwNZBs9uFnjs/4CmZWCKOpPFxmVVkxbr5uTjMiQtWFJRUr97NMG3exQDfOP
d3TYH1xDCSg8rCBligF6NdL/CKWxraIlNdbMw1ZYgq+glh4Tl7MgOgvwsr7zVc90
qillIgc+pqphfRNlhLQz5FflnFyJcZIYvwzRKqsdXXS1L0S3ydtDfUZUxMHQeGNC
oYJ2q/zisc7A0CLLY+0YyAaEwvpARyhlfHaPRJxAGu9Mho1IPgTEDpVogvuztxpI
acRWum5mk9zJ+QPu47u0cw3QVzH4zuQkCb5flaUyFZLbSPZrYaB/e5vskQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKNmpibsFyy7fqBJrmaVM8qwEqTMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvTW8yYW1KdXdYTEx0LW9FbXVacFV6eXJBU3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDdMfgMA0G
CSqGSIb3DQEBCwUAA4IBAQAogBLz7/SbOJvY5v9ONY/cM1TXD+wWg6WN7JR2uGuv
97G+lsRlcALixKDipnrP901JTIAJmfsCdvKqBTMNLRWHVrZSDDrlRWeuuXlDLqvl
wCYU6aPnXrNZ2D8CuG8L5GVPRN/a+OhevMhmSjTEe5YjlBZ36iqjRcWMdVgC6weB
G0MbUD+ikCzARz5r16h8m4bxI9iTF2F4ibGEcYHbHRbjiJNEUbo6oNV23ksV18YS
YCDzszkgMxA/DtSQu2Nu4dmCM/bqfAY7A/2Jbpn8NHztzd7HaqverBCDfa4ct1/n
UIpseSWniwjWSOt5isEnq/s0Ulhd9ZEmfl6ZbeXb4kpd
-----END CERTIFICATE-----