Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/MeXfvI0QR8Kazzc5G6NQWGFBC0Q.roa
File:                     MeXfvI0QR8Kazzc5G6NQWGFBC0Q.roa (raw, json)
Hash identifier:          gjBdPiMOUFwHBvfo4MfETK2C0a1PdbQmIIov2n3CfAU=
Subject key identifier:   31:E5:DF:BC:8D:10:47:C2:9A:CF:37:39:1B:A3:50:58:61:41:0B:44
Certificate issuer:       /CN=bc87b9cfc3ee0c44965ea209c04fd8e8f48fa42f
Certificate serial:       018CC8DF2E1D4025AB2E070B83FB19DABF5E
Authority key identifier: BC:87:B9:CF:C3:EE:0C:44:96:5E:A2:09:C0:4F:D8:E8:F4:8F:A4:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/MeXfvI0QR8Kazzc5G6NQWGFBC0Q.roa
Signing time:             Tue 02 Jan 2024 06:31:58 +0000
ROA not before:           Tue 02 Jan 2024 06:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39401
IP address blocks:        193.93.24.0/22 maxlen: 24
                          91.192.236.0/22 maxlen: 24
                          2a0d:9a00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2e:1d:40:25:ab:2e:07:0b:83:fb:19:da:bf:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc87b9cfc3ee0c44965ea209c04fd8e8f48fa42f
        Validity
            Not Before: Jan  2 06:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31e5dfbc8d1047c29acf37391ba3505861410b44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dc:e4:b7:0c:82:64:fd:e3:52:88:0c:af:e4:
                    77:b4:e5:ed:85:51:7c:6e:4b:05:f8:51:f6:b2:3f:
                    00:59:b6:0b:cb:5b:0c:6c:70:6b:9d:67:f8:52:38:
                    ea:b4:ef:bf:73:50:9a:81:4f:96:e4:11:f0:c5:af:
                    57:b9:83:70:8c:ac:4d:8d:c2:9a:40:7f:ef:48:33:
                    76:3d:a1:58:82:c4:8d:52:87:d0:30:b4:d6:ca:85:
                    2b:64:27:77:e5:df:13:63:27:05:5c:d8:bf:f9:15:
                    fd:f6:fd:10:96:19:8c:02:79:47:33:e4:6e:d0:ca:
                    92:59:b5:90:fd:ff:2f:52:56:93:d8:47:65:78:02:
                    aa:d8:19:da:91:18:66:94:a8:f8:36:a0:d3:37:a3:
                    97:d2:b6:33:0c:98:70:4f:a0:55:ea:38:9b:72:1a:
                    02:cd:76:6a:6b:40:21:a2:80:3c:b7:cf:00:b5:cf:
                    2f:b0:d0:03:13:44:0f:ae:f6:df:e5:a2:ce:88:88:
                    6e:28:b1:3f:2e:3f:b0:37:f5:41:ae:0e:40:1d:a1:
                    32:5b:90:38:c6:ae:75:8a:4b:ea:99:63:e2:69:ec:
                    b9:7d:5a:66:b0:16:76:03:fa:0e:00:de:f9:15:6a:
                    18:cd:d9:ec:c3:70:eb:5f:37:33:ea:0a:21:51:46:
                    a2:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E5:DF:BC:8D:10:47:C2:9A:CF:37:39:1B:A3:50:58:61:41:0B:44
            X509v3 Authority Key Identifier:
                keyid:BC:87:B9:CF:C3:EE:0C:44:96:5E:A2:09:C0:4F:D8:E8:F4:8F:A4:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vIe5z8PuDESWXqIJwE_Y6PSPpC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/MeXfvI0QR8Kazzc5G6NQWGFBC0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/57e8d7-49ab-4d1e-a808-45fabe3f9f33/1/vIe5z8PuDESWXqIJwE_Y6PSPpC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.236.0/22
                  193.93.24.0/22
                IPv6:
                  2a0d:9a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:45:81:32:d2:8b:ad:a5:d1:49:46:b4:5f:36:e7:72:b1:5b:
         91:85:ff:c0:54:3e:88:4d:5f:ae:ae:70:f1:e1:38:76:82:73:
         09:68:d5:49:ab:f5:51:79:f9:76:b1:e7:77:28:2c:13:97:c9:
         64:60:9c:23:45:37:35:0f:60:e3:f7:cb:09:c4:d4:0a:7f:19:
         0f:7e:47:09:ec:35:24:66:a4:4d:f2:90:4c:9d:f0:12:34:5e:
         49:f2:94:bd:8e:04:97:c0:72:6e:24:81:7a:c9:7b:dd:36:99:
         9c:7a:9d:d6:29:8b:d3:42:58:65:04:31:19:0f:c9:78:77:fc:
         cd:8b:a4:79:0e:0b:97:a1:63:62:69:ba:7b:91:5a:50:de:ce:
         cf:f4:f3:59:cf:c6:1d:90:55:81:c0:41:72:dd:d5:4f:4a:b3:
         ac:32:83:f1:3d:61:9b:25:60:f3:00:60:5f:9f:be:8e:f8:b8:
         52:9f:14:8c:9a:fc:ed:d5:6c:7d:86:38:a1:2e:d9:b4:01:ba:
         d4:cd:1b:8d:6a:07:97:23:87:ae:63:7e:a2:1c:23:8e:0f:4e:
         aa:67:90:17:e8:77:81:dd:74:11:53:11:8b:0c:12:51:5e:ff:
         03:04:fe:69:7d:51:f6:7a:bf:d4:78:ee:6f:66:eb:4e:32:57:
         d5:24:8a:df
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3y4dQCWrLgcLg/sZ2r9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjODdiOWNmYzNlZTBjNDQ5NjVlYTIwOWMwNGZkOGU4ZjQ4
ZmE0MmYwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWU1ZGZiYzhkMTA0N2MyOWFjZjM3MzkxYmEzNTA1ODYxNDEwYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdzktwyCZP3jUogMr+R3tOXthVF8
bksF+FH2sj8AWbYLy1sMbHBrnWf4UjjqtO+/c1CagU+W5BHwxa9XuYNwjKxNjcKa
QH/vSDN2PaFYgsSNUofQMLTWyoUrZCd35d8TYycFXNi/+RX99v0QlhmMAnlHM+Ru
0MqSWbWQ/f8vUlaT2EdleAKq2BnakRhmlKj4NqDTN6OX0rYzDJhwT6BV6jibchoC
zXZqa0AhooA8t88Atc8vsNADE0QPrvbf5aLOiIhuKLE/Lj+wN/VBrg5AHaEyW5A4
xq51ikvqmWPiaey5fVpmsBZ2A/oOAN75FWoYzdnsw3DrXzcz6gohUUaifwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDHl37yNEEfCms83ORujUFhhQQtEMB8GA1UdIwQY
MBaAFLyHuc/D7gxEll6iCcBP2Oj0j6QvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkllNXo4UHVERVNXWHFJSndFX1k2UFNQcEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS81N2U4ZDctNDlhYi00ZDFlLWE4MDgt
NDVmYWJlM2Y5ZjMzLzEvTWVYZnZJMFFSOEthenpjNUc2TlFXR0ZCQzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS81N2U4ZDctNDlhYi00ZDFlLWE4MDgtNDVmYWJlM2Y5ZjMz
LzEvdkllNXo4UHVERVNXWHFJSndFX1k2UFNQcEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8DsAwQC
wV0YMA0EAgACMAcDBQAqDZoAMA0GCSqGSIb3DQEBCwUAA4IBAQBYRYEy0outpdFJ
RrRfNudysVuRhf/AVD6ITV+urnDx4Th2gnMJaNVJq/VRefl2sed3KCwTl8lkYJwj
RTc1D2Dj98sJxNQKfxkPfkcJ7DUkZqRN8pBMnfASNF5J8pS9jgSXwHJuJIF6yXvd
Npmcep3WKYvTQlhlBDEZD8l4d/zNi6R5DguXoWNiabp7kVpQ3s7P9PNZz8YdkFWB
wEFy3dVPSrOsMoPxPWGbJWDzAGBfn76O+LhSnxSMmvzt1Wx9hjihLtm0AbrUzRuN
ageXI4euY36iHCOOD06qZ5AX6HeB3XQRUxGLDBJRXv8DBP5pfVH2er/UeO5vZutO
MlfVJIrf
-----END CERTIFICATE-----