Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MfnRHrVnzOYsalOWpZzKmrKOP2s.roa
File:                     MfnRHrVnzOYsalOWpZzKmrKOP2s.roa (raw, json)
Hash identifier:          jC3gXY1SO+MFwxsDo40BEakFFFnY+nSCUtvP5S10hVw=
Subject key identifier:   31:F9:D1:1E:B5:67:CC:E6:2C:6A:53:96:A5:9C:CA:9A:B2:8E:3F:6B
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF7C27929035E5D39EDF93E31904CA
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MfnRHrVnzOYsalOWpZzKmrKOP2s.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        77.92.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7c:27:92:90:35:e5:d3:9e:df:93:e3:19:04:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31f9d11eb567cce62c6a5396a59cca9ab28e3f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ed:3c:1e:d8:ce:45:9f:b5:f4:b8:05:57:ca:
                    f0:ec:b6:ef:07:ea:46:05:5d:52:46:47:58:cd:e2:
                    47:62:63:f0:f5:8d:9b:77:63:0c:48:21:1b:b5:29:
                    70:2c:bd:e3:62:1c:e3:d4:8e:ea:89:bb:1c:7b:a8:
                    28:7d:cb:d5:e3:5b:2a:94:37:9d:e1:75:4e:48:f9:
                    cb:5f:83:3f:cd:f0:66:e0:b7:62:1f:06:c6:ed:5f:
                    65:ba:69:ef:dd:7f:36:7d:64:65:9a:53:fa:fc:34:
                    5f:4b:bf:70:00:31:6b:f0:6b:49:17:80:6e:c3:ad:
                    f4:21:46:68:a5:7e:ea:75:99:be:94:0a:0a:ec:62:
                    e7:31:d9:e8:29:98:f6:ed:50:14:7b:09:db:52:d1:
                    bc:b9:d7:8a:30:3b:e4:a4:a9:52:46:e4:e6:a6:36:
                    74:0f:23:dc:f4:76:0c:c6:7f:c8:68:68:3e:c6:15:
                    cf:48:44:26:7b:d6:8e:cc:72:d8:42:b8:de:20:0d:
                    81:09:b6:03:9f:b8:67:28:61:66:17:5e:4e:35:eb:
                    e5:dd:68:06:cd:9d:40:af:ce:35:1f:ce:c3:41:b0:
                    17:d0:fd:c9:2c:eb:dc:ea:b8:b3:da:49:d6:ea:47:
                    e6:14:b7:0a:66:7a:0f:d1:4d:13:96:58:82:bc:d1:
                    ca:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F9:D1:1E:B5:67:CC:E6:2C:6A:53:96:A5:9C:CA:9A:B2:8E:3F:6B
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MfnRHrVnzOYsalOWpZzKmrKOP2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.92.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ef:18:f7:92:29:f8:5f:44:50:e2:6f:3b:44:da:bf:6c:73:
         c3:75:21:cc:52:b6:ad:f4:d1:fc:47:15:39:cf:55:6e:df:1b:
         bc:86:e5:20:86:9c:74:9e:e5:64:e1:b7:1c:69:68:ac:61:dc:
         a1:46:32:8a:c7:af:e6:ea:56:f9:5e:0c:ca:39:25:b0:20:c7:
         ba:06:bf:44:18:ba:05:ee:7d:69:ad:ec:5a:45:9c:74:dc:c8:
         cd:d2:86:f9:a3:f3:55:81:32:ee:e1:05:9b:23:50:9b:cc:f6:
         b4:c3:6a:08:f3:11:5d:34:b1:ce:0b:ff:87:0e:b8:80:8d:59:
         11:43:48:fa:03:d5:ec:fd:9e:78:ae:6a:6b:cb:da:c4:a6:98:
         b1:8a:df:86:94:5d:5a:32:48:41:7f:c4:be:62:a6:b0:87:c5:
         34:90:e9:5f:25:1f:92:d7:d8:02:a7:79:25:6f:d1:4b:de:f7:
         a3:02:d5:05:ae:fd:40:48:5a:a4:e8:12:5e:ea:4b:15:db:1f:
         9e:e8:2f:b0:7a:26:17:ab:50:6e:ab:3a:fe:b6:d8:b3:13:6c:
         70:d6:c6:dc:19:a9:3d:2c:99:57:c4:34:32:0f:c3:5e:b0:17:
         6d:7a:cc:0c:4f:c4:d0:e1:16:e8:86:b1:4f:03:26:57:e4:d3:
         42:bb:a1:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33wnkpA15dOe35PjGQTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWY5ZDExZWI1NjdjY2U2MmM2YTUzOTZhNTljY2E5YWIyOGUzZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+08HtjORZ+19LgFV8rw7LbvB+pG
BV1SRkdYzeJHYmPw9Y2bd2MMSCEbtSlwLL3jYhzj1I7qibsce6gofcvV41sqlDed
4XVOSPnLX4M/zfBm4LdiHwbG7V9lumnv3X82fWRlmlP6/DRfS79wADFr8GtJF4Bu
w630IUZopX7qdZm+lAoK7GLnMdnoKZj27VAUewnbUtG8udeKMDvkpKlSRuTmpjZ0
DyPc9HYMxn/IaGg+xhXPSEQme9aOzHLYQrjeIA2BCbYDn7hnKGFmF15ONevl3WgG
zZ1Ar841H87DQbAX0P3JLOvc6riz2knW6kfmFLcKZnoP0U0TlliCvNHKEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDH50R61Z8zmLGpTlqWcypqyjj9rMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvTWZuUkhyVm56T1lzYWxPV3BaekttcktPUDJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVyXMA0G
CSqGSIb3DQEBCwUAA4IBAQCV7xj3kin4X0RQ4m87RNq/bHPDdSHMUrat9NH8RxU5
z1Vu3xu8huUghpx0nuVk4bccaWisYdyhRjKKx6/m6lb5XgzKOSWwIMe6Br9EGLoF
7n1prexaRZx03MjN0ob5o/NVgTLu4QWbI1CbzPa0w2oI8xFdNLHOC/+HDriAjVkR
Q0j6A9Xs/Z54rmpry9rEppixit+GlF1aMkhBf8S+Yqawh8U0kOlfJR+S19gCp3kl
b9FL3vejAtUFrv1ASFqk6BJe6ksV2x+e6C+weiYXq1Buqzr+ttizE2xw1sbcGak9
LJlXxDQyD8NesBdteswMT8TQ4RbohrFPAyZX5NNCu6Eg
-----END CERTIFICATE-----