Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/964035-381a-41b0-9fdd-f65d33a9926b/1/MVMZ2o9W57Vd7ES0109m7bb9o9g.roa
File:                     MVMZ2o9W57Vd7ES0109m7bb9o9g.roa (raw, json)
Hash identifier:          pTusHSPh9Yp2w2mVckxpXNmaV7Fk1w0f7YjS2oKfm5w=
Subject key identifier:   31:53:19:DA:8F:56:E7:B5:5D:EC:44:B4:D7:4F:66:ED:B6:FD:A3:D8
Certificate issuer:       /CN=fc59549f6dd2b83144b880c23f06fba3b25d3986
Certificate serial:       018CC794A6DF334F12BC0A2032B3A84BFB8D
Authority key identifier: FC:59:54:9F:6D:D2:B8:31:44:B8:80:C2:3F:06:FB:A3:B2:5D:39:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_FlUn23SuDFEuIDCPwb7o7JdOYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/964035-381a-41b0-9fdd-f65d33a9926b/1/MVMZ2o9W57Vd7ES0109m7bb9o9g.roa
Signing time:             Tue 02 Jan 2024 00:30:57 +0000
ROA not before:           Tue 02 Jan 2024 00:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198841
IP address blocks:        91.239.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/964035-381a-41b0-9fdd-f65d33a9926b/1/_FlUn23SuDFEuIDCPwb7o7JdOYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/964035-381a-41b0-9fdd-f65d33a9926b/1/_FlUn23SuDFEuIDCPwb7o7JdOYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_FlUn23SuDFEuIDCPwb7o7JdOYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a6:df:33:4f:12:bc:0a:20:32:b3:a8:4b:fb:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc59549f6dd2b83144b880c23f06fba3b25d3986
        Validity
            Not Before: Jan  2 00:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=315319da8f56e7b55dec44b4d74f66edb6fda3d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f9:2d:20:03:1a:21:32:f3:d0:31:c6:be:1a:
                    30:72:d9:9d:91:af:8b:dd:7f:1a:e2:eb:99:f9:15:
                    78:29:f8:ab:a9:e7:1a:98:50:00:9e:ac:90:21:85:
                    44:51:0c:20:32:d3:6c:33:24:ae:41:f9:1e:d8:74:
                    bd:0f:30:fa:01:19:82:5f:6a:b2:00:73:ca:fd:8a:
                    8a:94:79:c5:ba:f9:3e:1f:f5:4a:df:a4:80:35:d1:
                    1d:dd:d8:0e:bd:90:25:db:29:94:47:0b:b0:dd:48:
                    37:95:0e:4d:73:7b:14:ad:33:71:13:00:5e:ac:0c:
                    11:c1:d8:ed:cd:94:97:30:90:7e:b8:4e:cc:e0:92:
                    39:b0:3e:ab:50:ef:c9:92:d8:65:36:44:d9:84:80:
                    01:24:2c:0c:c9:54:89:05:7d:a8:90:5a:33:1a:00:
                    ab:fa:b3:7d:a6:7f:c3:8c:0f:5e:bd:88:9d:40:2e:
                    05:aa:54:de:3b:22:27:ec:3b:ec:03:a9:c8:92:56:
                    07:63:2a:7f:d1:d4:9f:6b:31:ca:95:94:6c:2f:c2:
                    3c:64:91:5c:66:27:6f:f3:37:94:ba:dd:29:99:49:
                    ea:52:1e:09:3f:71:91:d6:0b:52:31:05:f2:58:98:
                    22:da:d9:c2:61:5d:f4:31:b8:79:5a:ce:1c:47:b4:
                    b5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:53:19:DA:8F:56:E7:B5:5D:EC:44:B4:D7:4F:66:ED:B6:FD:A3:D8
            X509v3 Authority Key Identifier:
                keyid:FC:59:54:9F:6D:D2:B8:31:44:B8:80:C2:3F:06:FB:A3:B2:5D:39:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_FlUn23SuDFEuIDCPwb7o7JdOYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/964035-381a-41b0-9fdd-f65d33a9926b/1/MVMZ2o9W57Vd7ES0109m7bb9o9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/964035-381a-41b0-9fdd-f65d33a9926b/1/_FlUn23SuDFEuIDCPwb7o7JdOYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:69:60:a0:95:c6:4d:de:50:26:77:74:56:93:41:8e:96:3b:
         0e:77:76:b9:ff:2b:d7:11:63:09:8c:66:f6:64:45:fb:cf:30:
         78:9d:9a:f4:3b:19:bd:10:13:08:d6:6e:f8:61:10:51:e4:01:
         d9:3b:60:35:e4:fd:22:f7:49:94:58:0b:5d:af:a4:8f:4d:3f:
         46:f6:cd:a3:6a:b9:a3:ae:7f:ab:dc:ea:2f:fb:db:5f:45:d2:
         c6:fd:53:6c:4c:ea:03:71:bd:e4:77:82:a9:96:39:1b:d7:04:
         e7:d5:3d:12:fb:6f:c4:1b:9e:e8:64:38:ca:30:2b:d1:71:76:
         00:6c:c4:13:78:bd:03:b3:30:74:d7:e7:df:b5:cf:f4:70:af:
         c9:5f:00:f3:b1:cc:2c:58:7c:b6:7a:8d:26:88:06:43:56:df:
         56:1d:c9:b4:3c:b1:05:7e:f1:53:db:4a:1f:41:d2:cb:6b:0b:
         57:e1:f6:61:d5:e7:de:4a:37:64:31:05:20:fe:6c:02:ff:59:
         4c:fd:ec:d3:e0:45:06:c2:98:a6:f3:3a:39:de:2b:98:ab:5d:
         aa:77:de:b6:9e:4c:fa:13:dc:cb:df:61:bc:5e:66:12:8b:37:
         ca:1f:29:c3:3d:56:a3:da:cf:b0:c7:29:15:10:ad:39:4e:72:
         a3:fa:a6:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKbfM08SvAogMrOoS/uNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNTk1NDlmNmRkMmI4MzE0NGI4ODBjMjNmMDZmYmEzYjI1
ZDM5ODYwHhcNMjQwMTAyMDAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTUzMTlkYThmNTZlN2I1NWRlYzQ0YjRkNzRmNjZlZGI2ZmRhM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfktIAMaITLz0DHGvhowctmdka+L
3X8a4uuZ+RV4KfirqecamFAAnqyQIYVEUQwgMtNsMySuQfke2HS9DzD6ARmCX2qy
AHPK/YqKlHnFuvk+H/VK36SANdEd3dgOvZAl2ymURwuw3Ug3lQ5Nc3sUrTNxEwBe
rAwRwdjtzZSXMJB+uE7M4JI5sD6rUO/JkthlNkTZhIABJCwMyVSJBX2okFozGgCr
+rN9pn/DjA9evYidQC4FqlTeOyIn7DvsA6nIklYHYyp/0dSfazHKlZRsL8I8ZJFc
Zidv8zeUut0pmUnqUh4JP3GR1gtSMQXyWJgi2tnCYV30Mbh5Ws4cR7S17wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFTGdqPVue1XexEtNdPZu22/aPYMB8GA1UdIwQY
MBaAFPxZVJ9t0rgxRLiAwj8G+6OyXTmGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ZsVW4yM1N1REZFdUlEQ1B3YjdvN0pkT1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy85NjQwMzUtMzgxYS00MWIwLTlmZGQt
ZjY1ZDMzYTk5MjZiLzEvTVZNWjJvOVc1N1ZkN0VTMDEwOW03YmI5bzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy85NjQwMzUtMzgxYS00MWIwLTlmZGQtZjY1ZDMzYTk5MjZi
LzEvX0ZsVW4yM1N1REZFdUlEQ1B3YjdvN0pkT1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/zMA0G
CSqGSIb3DQEBCwUAA4IBAQCQaWCglcZN3lAmd3RWk0GOljsOd3a5/yvXEWMJjGb2
ZEX7zzB4nZr0Oxm9EBMI1m74YRBR5AHZO2A15P0i90mUWAtdr6SPTT9G9s2jarmj
rn+r3Oov+9tfRdLG/VNsTOoDcb3kd4Kpljkb1wTn1T0S+2/EG57oZDjKMCvRcXYA
bMQTeL0DszB01+fftc/0cK/JXwDzscwsWHy2eo0miAZDVt9WHcm0PLEFfvFT20of
QdLLawtX4fZh1efeSjdkMQUg/mwC/1lM/ezT4EUGwpim8zo53iuYq12qd962nkz6
E9zL32G8XmYSizfKHynDPVaj2s+wxykVEK05TnKj+qbN
-----END CERTIFICATE-----