Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/MU-C7KWV3VmU3PQPW-KS9igyA0Q.roa
File:                     MU-C7KWV3VmU3PQPW-KS9igyA0Q.roa (raw, json)
Hash identifier:          DbBBWsCnYvJ0U6rJRFxM3QnqbxKZkSH+2qNo3gWcpDs=
Subject key identifier:   31:4F:82:EC:A5:95:DD:59:94:DC:F4:0F:5B:E2:92:F6:28:32:03:44
Certificate issuer:       /CN=a9dfc89812340507a2a2e1e74d11824def813f39
Certificate serial:       018CCA99471E329F60C6D3546FEDDB9D4D7E
Authority key identifier: A9:DF:C8:98:12:34:05:07:A2:A2:E1:E7:4D:11:82:4D:EF:81:3F:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qd_ImBI0BQeiouHnTRGCTe-BPzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/MU-C7KWV3VmU3PQPW-KS9igyA0Q.roa
Signing time:             Tue 02 Jan 2024 14:34:52 +0000
ROA not before:           Tue 02 Jan 2024 14:34:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42160
IP address blocks:        91.234.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/qd_ImBI0BQeiouHnTRGCTe-BPzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/qd_ImBI0BQeiouHnTRGCTe-BPzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qd_ImBI0BQeiouHnTRGCTe-BPzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:47:1e:32:9f:60:c6:d3:54:6f:ed:db:9d:4d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9dfc89812340507a2a2e1e74d11824def813f39
        Validity
            Not Before: Jan  2 14:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=314f82eca595dd5994dcf40f5be292f628320344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:da:e1:b1:3d:3a:7e:14:7b:5b:01:97:63:58:
                    71:9d:73:72:a8:20:31:0b:bb:5a:78:48:15:7b:ee:
                    27:67:5e:e8:3e:46:08:29:0e:85:13:f9:92:66:21:
                    e8:66:fe:1a:0c:c2:92:fd:6d:dd:ff:d0:a5:5b:d3:
                    be:0f:cd:20:56:8f:ab:21:ce:e2:86:bd:60:3f:51:
                    1f:40:e1:40:63:d9:37:18:cb:f7:71:b4:08:35:cd:
                    cf:48:55:79:e4:48:49:ee:28:f3:68:d4:56:1e:33:
                    ba:16:ad:14:90:a1:ad:af:7a:53:50:9a:86:10:05:
                    85:ea:db:86:b2:59:c6:8f:30:1e:4f:e1:f9:cd:e8:
                    f6:0c:c8:20:45:6d:ea:5d:00:f2:77:17:34:16:17:
                    a6:e2:84:1b:8d:af:bf:18:7e:b3:4a:54:31:f4:86:
                    a2:ef:f3:89:e2:70:1b:d8:c7:ba:0a:08:3d:00:a3:
                    df:31:eb:54:67:af:20:af:38:32:f9:db:1f:c3:e6:
                    a2:cf:46:3f:f9:7e:dd:e4:d4:81:b3:75:f4:c8:9f:
                    e8:05:21:5e:5d:c0:f8:12:62:5c:ee:6b:36:19:b0:
                    03:2f:69:af:13:2d:1e:e2:f2:70:34:5e:2b:5c:c5:
                    5c:4d:bb:41:62:2d:a7:f4:f2:f3:f7:7c:f1:ff:3b:
                    6e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4F:82:EC:A5:95:DD:59:94:DC:F4:0F:5B:E2:92:F6:28:32:03:44
            X509v3 Authority Key Identifier:
                keyid:A9:DF:C8:98:12:34:05:07:A2:A2:E1:E7:4D:11:82:4D:EF:81:3F:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qd_ImBI0BQeiouHnTRGCTe-BPzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/MU-C7KWV3VmU3PQPW-KS9igyA0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/f7d58e-33da-4319-b54b-704403fff82e/1/qd_ImBI0BQeiouHnTRGCTe-BPzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:43:15:87:e8:92:f1:cb:26:d9:e0:41:9c:f9:35:1d:72:7e:
         c4:23:5f:bf:3e:72:7d:25:2a:33:70:a4:63:d8:cc:ef:9a:1d:
         77:4a:d9:03:ec:ba:0a:b8:85:c6:70:7e:a7:4c:7c:9a:7b:7f:
         50:86:48:5d:46:3b:7c:4a:42:18:f3:c0:14:62:5f:e7:5f:bf:
         dc:80:31:ee:7e:b3:75:cf:f1:7a:b7:d5:a8:85:06:72:d9:da:
         28:a0:1a:2c:eb:3b:fa:72:ad:2c:67:cd:7f:a2:98:21:5c:74:
         c2:46:81:31:78:34:da:50:11:32:e1:5e:db:a8:a8:76:58:d0:
         71:24:89:74:2b:d4:a6:2c:a9:1f:6a:bb:ab:19:d9:a3:ae:05:
         0f:4a:fb:d5:f7:73:10:99:20:d9:40:b6:80:6c:7b:ca:b7:77:
         64:15:62:f5:52:41:38:5c:44:a4:42:02:19:06:8e:49:08:80:
         0e:08:c0:9d:3a:b4:ac:56:4e:8c:8e:4f:2a:50:00:2c:cd:43:
         36:56:7e:0e:ce:d6:99:22:03:6f:f0:c8:1c:ab:41:e6:c4:af:
         96:b9:c9:d0:e4:7b:8c:a9:27:87:64:28:5e:a7:77:90:6c:a5:
         63:66:2b:0f:9f:8a:3e:ad:97:47:08:78:c0:17:79:7f:8a:1e:
         9e:31:f6:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmUceMp9gxtNUb+3bnU1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZGZjODk4MTIzNDA1MDdhMmEyZTFlNzRkMTE4MjRkZWY4
MTNmMzkwHhcNMjQwMTAyMTQzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRmODJlY2E1OTVkZDU5OTRkY2Y0MGY1YmUyOTJmNjI4MzIwMzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5drhsT06fhR7WwGXY1hxnXNyqCAx
C7taeEgVe+4nZ17oPkYIKQ6FE/mSZiHoZv4aDMKS/W3d/9ClW9O+D80gVo+rIc7i
hr1gP1EfQOFAY9k3GMv3cbQINc3PSFV55EhJ7ijzaNRWHjO6Fq0UkKGtr3pTUJqG
EAWF6tuGslnGjzAeT+H5zej2DMggRW3qXQDydxc0Fhem4oQbja+/GH6zSlQx9Iai
7/OJ4nAb2Me6Cgg9AKPfMetUZ68grzgy+dsfw+aiz0Y/+X7d5NSBs3X0yJ/oBSFe
XcD4EmJc7ms2GbADL2mvEy0e4vJwNF4rXMVcTbtBYi2n9PLz93zx/ztu9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFPguylld1ZlNz0D1vikvYoMgNEMB8GA1UdIwQY
MBaAFKnfyJgSNAUHoqLh500Rgk3vgT85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRfSW1CSTBCUWVpb3VIblRSR0NUZS1CUHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mN2Q1OGUtMzNkYS00MzE5LWI1NGIt
NzA0NDAzZmZmODJlLzEvTVUtQzdLV1YzVm1VM1BRUFctS1M5aWd5QTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mN2Q1OGUtMzNkYS00MzE5LWI1NGItNzA0NDAzZmZmODJl
LzEvcWRfSW1CSTBCUWVpb3VIblRSR0NUZS1CUHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rLMA0G
CSqGSIb3DQEBCwUAA4IBAQA8QxWH6JLxyybZ4EGc+TUdcn7EI1+/PnJ9JSozcKRj
2Mzvmh13StkD7LoKuIXGcH6nTHyae39QhkhdRjt8SkIY88AUYl/nX7/cgDHufrN1
z/F6t9WohQZy2doooBos6zv6cq0sZ81/opghXHTCRoExeDTaUBEy4V7bqKh2WNBx
JIl0K9SmLKkfarurGdmjrgUPSvvV93MQmSDZQLaAbHvKt3dkFWL1UkE4XESkQgIZ
Bo5JCIAOCMCdOrSsVk6Mjk8qUAAszUM2Vn4OztaZIgNv8Mgcq0HmxK+WucnQ5HuM
qSeHZChep3eQbKVjZisPn4o+rZdHCHjAF3l/ih6eMfan
-----END CERTIFICATE-----