Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MNStlojlK6LaCE0nw_BRqRVK5us.roa
File:                     MNStlojlK6LaCE0nw_BRqRVK5us.roa (raw, json)
Hash identifier:          OK8VO4DVXYEwOT9vxhccQtF9FfXk6pvuWcDX/N33dHs=
Subject key identifier:   30:D4:AD:96:88:E5:2B:A2:DA:08:4D:27:C3:F0:51:A9:15:4A:E6:EB
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF903EF6AC6ADCEC9648AC8D0FFAD1
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MNStlojlK6LaCE0nw_BRqRVK5us.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216356
IP address blocks:        185.17.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:90:3e:f6:ac:6a:dc:ec:96:48:ac:8d:0f:fa:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30d4ad9688e52ba2da084d27c3f051a9154ae6eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:58:02:d7:fe:73:ca:bf:f0:25:4c:8e:4f:7a:
                    c8:9b:90:a0:05:ac:f8:e2:6a:18:dc:9e:3d:1a:c3:
                    e6:e6:a4:69:02:7c:04:3f:22:9c:bb:c2:29:bc:ab:
                    11:a9:b0:a2:d4:65:86:af:1f:3c:a8:c3:8a:b1:5d:
                    55:ab:f5:18:42:86:4c:7d:4c:43:05:c5:c2:9c:2f:
                    8f:47:38:15:a2:52:53:5c:a1:d4:e0:bc:cf:3e:cc:
                    77:84:d9:8b:63:d2:e8:9a:13:89:02:c2:c5:4c:98:
                    c8:30:85:00:f6:a2:72:77:51:5c:40:46:04:e5:24:
                    04:8e:01:24:e7:18:92:77:ac:84:76:ca:d5:16:7e:
                    f0:4e:24:7f:75:be:3a:47:32:73:56:ef:44:2f:d0:
                    28:2c:7e:4b:3b:ce:9d:a2:c8:d5:fd:4d:85:6f:e2:
                    e1:17:dc:5b:40:c2:54:53:3d:0c:77:ce:09:e2:85:
                    35:0e:56:35:0f:39:76:60:76:e2:5b:e6:a2:d3:9a:
                    60:8f:22:ab:f9:f7:7e:46:79:2d:36:e3:07:7d:44:
                    22:83:68:f7:92:82:80:98:8e:bf:fd:e0:f8:30:c2:
                    59:3a:51:95:b7:f9:5b:1c:3d:aa:7c:9d:35:74:4b:
                    4e:53:24:82:95:0b:a8:08:e5:c9:64:34:73:33:00:
                    38:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D4:AD:96:88:E5:2B:A2:DA:08:4D:27:C3:F0:51:A9:15:4A:E6:EB
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MNStlojlK6LaCE0nw_BRqRVK5us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:5c:73:c5:7f:6f:f8:64:6f:ed:d7:e7:dd:80:d0:c5:63:11:
         c8:d7:40:a9:bc:64:c4:6f:37:19:af:23:e4:71:46:c0:62:0b:
         c7:bd:ea:90:fa:66:26:57:d8:0f:62:fc:92:a3:b1:fa:60:bb:
         f2:53:61:83:03:b7:65:1c:48:86:66:08:1c:96:d4:bc:a0:c0:
         74:bf:cd:d4:1c:86:b8:f2:07:41:b3:e1:18:d5:02:8d:fc:58:
         dd:12:75:7d:f4:ff:a6:bf:80:04:b2:95:a1:7c:70:ba:2b:9d:
         9e:58:8b:44:2e:9c:07:f0:9a:51:d0:dc:82:48:a3:d6:6c:fe:
         98:24:81:fc:4a:ce:e3:0d:36:56:fa:50:9c:12:36:fe:38:b2:
         f3:69:4e:37:d1:10:dd:e6:8a:d2:4a:a1:f7:61:bb:30:12:bf:
         8d:dc:1b:7d:db:42:b5:5a:f0:0c:1e:19:23:f9:e1:28:79:6f:
         b9:b0:9b:47:34:a7:09:67:d0:80:87:26:ae:d0:ab:0f:6b:ec:
         30:a5:d4:79:f2:85:b3:5a:0d:b8:cd:de:5a:b1:c7:a4:90:c5:
         c4:70:38:82:c2:83:cc:ed:75:2c:5c:77:08:2a:c0:97:b2:81:
         da:50:e4:16:d6:bf:db:ba:ad:32:ee:b1:00:f4:a2:04:35:8b:
         b6:88:66:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35A+9qxq3OyWSKyND/rRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQ0YWQ5Njg4ZTUyYmEyZGEwODRkMjdjM2YwNTFhOTE1NGFlNmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lgC1/5zyr/wJUyOT3rIm5CgBaz4
4moY3J49GsPm5qRpAnwEPyKcu8IpvKsRqbCi1GWGrx88qMOKsV1Vq/UYQoZMfUxD
BcXCnC+PRzgVolJTXKHU4LzPPsx3hNmLY9LomhOJAsLFTJjIMIUA9qJyd1FcQEYE
5SQEjgEk5xiSd6yEdsrVFn7wTiR/db46RzJzVu9EL9AoLH5LO86dosjV/U2Fb+Lh
F9xbQMJUUz0Md84J4oU1DlY1Dzl2YHbiW+ai05pgjyKr+fd+RnktNuMHfUQig2j3
koKAmI6//eD4MMJZOlGVt/lbHD2qfJ01dEtOUySClQuoCOXJZDRzMwA4mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDUrZaI5Sui2ghNJ8PwUakVSubrMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvTU5TdGxvamxLNkxhQ0UwbndfQlJxUlZLNXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRGJMA0G
CSqGSIb3DQEBCwUAA4IBAQBLXHPFf2/4ZG/t1+fdgNDFYxHI10CpvGTEbzcZryPk
cUbAYgvHveqQ+mYmV9gPYvySo7H6YLvyU2GDA7dlHEiGZggcltS8oMB0v83UHIa4
8gdBs+EY1QKN/FjdEnV99P+mv4AEspWhfHC6K52eWItELpwH8JpR0NyCSKPWbP6Y
JIH8Ss7jDTZW+lCcEjb+OLLzaU430RDd5orSSqH3YbswEr+N3Bt920K1WvAMHhkj
+eEoeW+5sJtHNKcJZ9CAhyau0KsPa+wwpdR58oWzWg24zd5ascekkMXEcDiCwoPM
7XUsXHcIKsCXsoHaUOQW1r/buq0y7rEA9KIENYu2iGaZ
-----END CERTIFICATE-----