Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/MxLHYKG8ALqiNIkQkd8HYgBqI7w.roa
File:                     MxLHYKG8ALqiNIkQkd8HYgBqI7w.roa (raw, json)
Hash identifier:          RffIZ+7NuRyGihm5ZdP1RJx1BbyL6lJQnGGIK/EHCqA=
Subject key identifier:   33:12:C7:60:A1:BC:00:BA:A2:34:89:10:91:DF:07:62:00:6A:23:BC
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC727313F89313CCDAE1EA5B6FDC178E1
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/MxLHYKG8ALqiNIkQkd8HYgBqI7w.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        194.107.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:3f:89:31:3c:cd:ae:1e:a5:b6:fd:c1:78:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3312c760a1bc00baa234891091df0762006a23bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:13:8b:a0:95:1e:bc:9c:79:8d:f2:d9:4f:e5:
                    cd:6c:81:c5:b6:96:68:e5:ca:4b:2a:a5:b5:a4:5f:
                    ba:52:f4:0d:74:98:7e:23:e4:1e:ed:2a:08:72:34:
                    c2:0b:2a:9c:11:38:7c:ba:a7:8f:52:35:8e:bf:56:
                    94:a4:da:ec:dd:a2:c6:31:60:3d:0c:2e:01:9e:1e:
                    26:78:98:4a:ac:65:a6:cd:87:69:ea:23:a7:50:7b:
                    08:dd:cd:9c:50:83:b1:13:cc:fc:db:2e:20:3d:77:
                    84:1b:c3:5b:75:fb:29:22:23:60:ff:40:33:b6:e2:
                    89:74:94:c2:92:7d:30:30:5c:eb:8d:56:10:28:19:
                    4d:f1:1b:dc:68:c9:45:46:e6:94:67:e7:fe:0e:1e:
                    f4:35:66:69:72:51:8d:f5:b6:98:6a:ae:1b:a8:6a:
                    83:54:08:ee:da:36:f6:89:5e:24:1f:ba:36:9b:ce:
                    da:b8:0e:e1:01:ba:81:24:cc:6c:ea:db:e1:83:e9:
                    07:29:c1:5c:0c:eb:71:c5:7c:be:d9:f2:00:6c:8f:
                    7c:3a:ec:1b:20:23:46:cf:34:cd:ce:39:45:7a:2b:
                    d0:be:d5:f3:14:b2:9f:f2:09:e7:30:db:80:f1:26:
                    c6:5d:c3:24:79:3c:de:be:a8:b0:1c:58:de:f1:97:
                    68:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:12:C7:60:A1:BC:00:BA:A2:34:89:10:91:DF:07:62:00:6A:23:BC
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/MxLHYKG8ALqiNIkQkd8HYgBqI7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:56:e1:32:bb:50:71:31:c7:6e:98:24:e8:58:bc:b9:21:44:
         76:f9:71:6d:1e:76:cc:4c:93:2c:27:b9:c2:19:27:47:d1:4b:
         31:f7:a8:53:ef:44:4c:8e:ad:80:72:79:75:94:d6:47:66:1d:
         ba:e0:77:95:2e:7d:b2:99:64:6d:05:bc:fa:0a:ee:b8:19:dc:
         6f:bd:46:1e:96:48:7d:36:d4:98:62:00:8a:98:01:fe:ac:81:
         12:64:7d:d6:6f:fe:8c:35:22:c2:7e:19:b6:e1:1e:23:18:ab:
         2c:49:b7:e3:f3:5f:dd:a5:ea:3f:95:ae:ff:a2:fd:f2:be:03:
         dd:79:ae:2f:9e:69:62:6c:f4:7e:72:c0:71:28:b9:40:7b:53:
         52:fa:fa:ce:b7:06:2e:a0:85:c7:d1:85:71:e7:f4:6a:4f:89:
         1a:65:fe:ad:60:6d:8b:5d:ec:04:38:13:90:04:5e:27:e2:17:
         ff:39:40:dd:76:ea:87:ff:da:c2:fa:80:54:4b:ae:83:7e:3b:
         d0:bd:e9:75:05:be:1d:8c:2e:52:2e:2d:a1:63:b0:94:de:51:
         2e:51:8c:44:6b:45:1a:93:a8:89:05:b5:f2:26:90:bb:54:67:
         55:f8:41:6f:69:30:d5:d7:38:56:46:4e:53:75:5b:c7:89:88:
         4f:ae:92:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzE/iTE8za4epbb9wXjhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzEyYzc2MGExYmMwMGJhYTIzNDg5MTA5MWRmMDc2MjAwNmEyM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBOLoJUevJx5jfLZT+XNbIHFtpZo
5cpLKqW1pF+6UvQNdJh+I+Qe7SoIcjTCCyqcETh8uqePUjWOv1aUpNrs3aLGMWA9
DC4Bnh4meJhKrGWmzYdp6iOnUHsI3c2cUIOxE8z82y4gPXeEG8NbdfspIiNg/0Az
tuKJdJTCkn0wMFzrjVYQKBlN8RvcaMlFRuaUZ+f+Dh70NWZpclGN9baYaq4bqGqD
VAju2jb2iV4kH7o2m87auA7hAbqBJMxs6tvhg+kHKcFcDOtxxXy+2fIAbI98Ouwb
ICNGzzTNzjlFeivQvtXzFLKf8gnnMNuA8SbGXcMkeTzevqiwHFje8ZdoaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMSx2ChvAC6ojSJEJHfB2IAaiO8MB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvTXhMSFlLRzhBTHFpTklrUWtkOEhZZ0JxSTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmugMA0G
CSqGSIb3DQEBCwUAA4IBAQBhVuEyu1BxMcdumCToWLy5IUR2+XFtHnbMTJMsJ7nC
GSdH0Usx96hT70RMjq2Acnl1lNZHZh264HeVLn2ymWRtBbz6Cu64GdxvvUYelkh9
NtSYYgCKmAH+rIESZH3Wb/6MNSLCfhm24R4jGKssSbfj81/dpeo/la7/ov3yvgPd
ea4vnmlibPR+csBxKLlAe1NS+vrOtwYuoIXH0YVx5/RqT4kaZf6tYG2LXewEOBOQ
BF4n4hf/OUDdduqH/9rC+oBUS66DfjvQvel1Bb4djC5SLi2hY7CU3lEuUYxEa0Ua
k6iJBbXyJpC7VGdV+EFvaTDV1zhWRk5TdVvHiYhPrpLV
-----END CERTIFICATE-----