Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/MnrXTM_45p8IiiNrMGWXrbCg6CA.roa
File:                     MnrXTM_45p8IiiNrMGWXrbCg6CA.roa (raw, json)
Hash identifier:          pDLi4/zuHHoDuDHyBZq20ZEgLGbgU0iz1aQlrDV5Xzc=
Subject key identifier:   32:7A:D7:4C:CF:F8:E6:9F:08:8A:23:6B:30:65:97:AD:B0:A0:E8:20
Certificate issuer:       /CN=fb70de840fd6bf4b0afd1274e44efd1b8665762c
Certificate serial:       018CC86F09B689CBFBE39E6278D3C5CEA90C
Authority key identifier: FB:70:DE:84:0F:D6:BF:4B:0A:FD:12:74:E4:4E:FD:1B:86:65:76:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3DehA_Wv0sK_RJ05E79G4Zldiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/MnrXTM_45p8IiiNrMGWXrbCg6CA.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        46.254.111.0/24 maxlen: 24
                          2a11:c900::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/1-3DehA_Wv0sK_RJ05E79G4Zldiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/1-3DehA_Wv0sK_RJ05E79G4Zldiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3DehA_Wv0sK_RJ05E79G4Zldiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:03:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:09:b6:89:cb:fb:e3:9e:62:78:d3:c5:ce:a9:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb70de840fd6bf4b0afd1274e44efd1b8665762c
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327ad74ccff8e69f088a236b306597adb0a0e820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:05:5a:0f:41:91:e0:91:ac:2d:d4:8d:d0:24:
                    fb:18:1f:5b:7d:27:c6:3f:9f:35:1c:4d:1f:38:6d:
                    0d:4c:03:a9:18:fd:3c:e6:21:02:12:05:e6:0a:03:
                    9a:7a:e4:5f:e4:db:38:d0:57:aa:f0:e4:d8:b8:44:
                    00:f7:cd:d6:9b:ea:a0:02:d1:24:9e:23:69:a0:1e:
                    34:98:8e:fc:91:29:74:c6:1b:e8:70:ad:52:f3:08:
                    7f:3a:b8:fd:c0:83:b4:96:6b:c9:4c:ef:b0:6f:64:
                    55:0b:74:56:e0:1b:f3:45:87:9b:89:1c:d7:66:27:
                    78:ad:12:69:c2:9e:fe:de:55:4a:a0:dc:1f:7e:0a:
                    bc:c8:a7:3c:95:df:ae:35:d4:f5:18:28:bd:2f:f3:
                    e8:57:94:3a:af:bc:29:83:22:e0:a5:3f:f3:15:15:
                    1e:bb:8b:9d:04:9f:3f:a7:27:2c:a1:60:34:e1:07:
                    54:c9:59:f2:7d:83:bc:2d:b3:da:a0:ee:af:ad:c8:
                    b7:06:94:46:ed:7f:89:f5:23:71:74:61:7c:cf:54:
                    0b:df:dc:02:53:d8:28:dd:02:2e:72:2a:43:af:37:
                    16:a3:d8:fe:e9:c7:aa:3e:ee:59:e0:a8:60:d2:bd:
                    6d:1d:c4:45:18:6f:ef:f0:1e:72:42:28:9a:de:76:
                    3e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7A:D7:4C:CF:F8:E6:9F:08:8A:23:6B:30:65:97:AD:B0:A0:E8:20
            X509v3 Authority Key Identifier:
                keyid:FB:70:DE:84:0F:D6:BF:4B:0A:FD:12:74:E4:4E:FD:1B:86:65:76:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3DehA_Wv0sK_RJ05E79G4Zldiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/MnrXTM_45p8IiiNrMGWXrbCg6CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/1-3DehA_Wv0sK_RJ05E79G4Zldiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.111.0/24
                IPv6:
                  2a11:c900::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:7b:03:e2:e8:c1:63:70:77:b4:4b:21:41:7d:d3:97:b0:f5:
         65:52:b4:df:8e:c3:ba:f9:be:ca:42:14:1b:fc:ad:70:15:6f:
         c1:97:68:56:3e:ee:b0:e0:cd:ce:f6:01:a3:c1:18:42:ce:55:
         8c:7b:99:fc:3f:8b:24:da:18:29:4a:87:f2:c8:67:0c:05:98:
         0b:6a:10:23:17:a3:0f:c6:66:93:90:0c:fe:71:27:79:f1:5b:
         e9:9b:8b:94:73:a9:bb:3a:e5:fc:31:bc:4f:42:59:9b:e9:98:
         af:0f:f0:46:f5:4b:f4:97:bc:a4:aa:8e:32:7b:e4:0c:92:30:
         3b:2b:09:8e:f8:e0:68:00:36:ac:63:34:f5:77:a9:d4:d3:b3:
         2d:d5:e2:0a:a8:ab:c6:2e:d3:bf:59:ad:3e:40:1f:a6:fd:67:
         0b:af:ba:ec:52:13:b6:66:67:78:ce:35:da:94:3a:4d:b5:7a:
         25:13:8f:c6:fc:f3:3b:91:fc:0c:87:e8:9a:13:cd:cb:d3:e3:
         a9:16:9a:7a:3a:a3:97:72:6f:06:2e:17:f3:1a:57:cc:4c:ca:
         45:0d:3a:4e:4a:68:9b:83:dc:a7:b3:3a:c6:d7:23:23:3a:9a:
         5d:68:1a:71:bf:00:e6:fd:0d:0d:de:2e:74:6c:fb:8f:16:b1:
         18:c3:a3:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIbwm2icv7455ieNPFzqkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzBkZTg0MGZkNmJmNGIwYWZkMTI3NGU0NGVmZDFiODY2
NTc2MmMwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdhZDc0Y2NmZjhlNjlmMDg4YTIzNmIzMDY1OTdhZGIwYTBlODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAVaD0GR4JGsLdSN0CT7GB9bfSfG
P581HE0fOG0NTAOpGP085iECEgXmCgOaeuRf5Ns40Feq8OTYuEQA983Wm+qgAtEk
niNpoB40mI78kSl0xhvocK1S8wh/Orj9wIO0lmvJTO+wb2RVC3RW4BvzRYebiRzX
Zid4rRJpwp7+3lVKoNwffgq8yKc8ld+uNdT1GCi9L/PoV5Q6r7wpgyLgpT/zFRUe
u4udBJ8/pycsoWA04QdUyVnyfYO8LbPaoO6vrci3BpRG7X+J9SNxdGF8z1QL39wC
U9go3QIucipDrzcWo9j+6ceqPu5Z4Khg0r1tHcRFGG/v8B5yQiia3nY+yQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDJ610zP+OafCIojazBll62woOggMB8GA1UdIwQY
MBaAFPtw3oQP1r9LCv0SdORO/RuGZXYsMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zRGVoQV9XdjBzS19SSjA1RTc5RzRabGRpdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvOWEzZWFjLWY4NjItNDc4OS1hYzIx
LWQ5NDQ0YTNkMGNlMC8xL01uclhUTV80NXA4SWlpTnJNR1dYcmJDZzZDQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGEvOWEzZWFjLWY4NjItNDc4OS1hYzIxLWQ5NDQ0YTNkMGNl
MC8xLzEtM0RlaEFfV3Ywc0tfUkowNUU3OUc0WmxkaXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAAu/m8w
DQQCAAIwBwMFAyoRyQAwDQYJKoZIhvcNAQELBQADggEBAJt7A+LowWNwd7RLIUF9
05ew9WVStN+Ow7r5vspCFBv8rXAVb8GXaFY+7rDgzc72AaPBGELOVYx7mfw/iyTa
GClKh/LIZwwFmAtqECMXow/GZpOQDP5xJ3nxW+mbi5Rzqbs65fwxvE9CWZvpmK8P
8Eb1S/SXvKSqjjJ75AySMDsrCY744GgANqxjNPV3qdTTsy3V4gqoq8Yu079ZrT5A
H6b9ZwuvuuxSE7ZmZ3jONdqUOk21eiUTj8b88zuR/AyH6JoTzcvT46kWmno6o5dy
bwYuF/MaV8xMykUNOk5KaJuD3KezOsbXIyM6ml1oGnG/AOb9DQ3eLnRs+48WsRjD
o1Q=
-----END CERTIFICATE-----