Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/MnshzeUBB5mQPJ5OJWFC4sLo_M4.roa
File:                     MnshzeUBB5mQPJ5OJWFC4sLo_M4.roa (raw, json)
Hash identifier:          8UnoD/z7HEvI0N2fP9LHfbTR8QAZyJo81Zpq/cOCVWQ=
Subject key identifier:   32:7B:21:CD:E5:01:07:99:90:3C:9E:4E:25:61:42:E2:C2:E8:FC:CE
Certificate issuer:       /CN=57b89f5cc78219ea1273f9f53c5b9e33bc5dbeb5
Certificate serial:       01904964B2E233C852FD53240326BFEE84EC
Authority key identifier: 57:B8:9F:5C:C7:82:19:EA:12:73:F9:F5:3C:5B:9E:33:BC:5D:BE:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V7ifXMeCGeoSc_n1PFueM7xdvrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/MnshzeUBB5mQPJ5OJWFC4sLo_M4.roa
Signing time:             Mon 24 Jun 2024 08:37:34 +0000
ROA not before:           Mon 24 Jun 2024 08:37:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        80.75.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/V7ifXMeCGeoSc_n1PFueM7xdvrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/V7ifXMeCGeoSc_n1PFueM7xdvrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V7ifXMeCGeoSc_n1PFueM7xdvrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:64:b2:e2:33:c8:52:fd:53:24:03:26:bf:ee:84:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57b89f5cc78219ea1273f9f53c5b9e33bc5dbeb5
        Validity
            Not Before: Jun 24 08:37:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327b21cde5010799903c9e4e256142e2c2e8fcce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:18:af:c4:45:3e:e4:df:3b:00:eb:4a:e0:04:
                    b1:ab:37:8f:24:87:42:46:61:39:8f:4e:a2:28:6d:
                    77:68:b6:98:e5:09:39:6f:6a:b9:72:da:2f:1c:d6:
                    81:c0:59:3a:f5:ad:a6:f6:44:52:43:ef:63:52:65:
                    62:70:09:2f:4e:b5:dd:6b:e6:98:76:c7:90:72:3f:
                    b9:e3:92:3b:95:dd:31:52:b9:61:c5:1e:3e:5f:93:
                    78:b8:82:e3:5b:b0:73:40:29:ce:ac:b9:1d:7c:d8:
                    a8:c8:fb:a6:29:db:cf:44:f5:74:ed:6b:81:d4:f5:
                    8a:b5:6c:71:88:4a:1e:03:75:4d:56:b3:a3:b2:52:
                    89:4b:6e:94:d4:19:81:b4:be:ce:be:3b:63:25:72:
                    f5:0f:41:e8:98:31:88:5e:5d:11:5e:84:03:10:31:
                    a9:7b:35:9b:76:a6:04:8f:6d:b7:9d:a8:26:e1:6e:
                    37:3e:82:4b:7a:c7:e0:3e:9e:50:96:83:c2:dc:17:
                    c7:f1:d4:e0:2b:92:a7:43:da:fd:ad:b2:68:ee:a2:
                    39:07:f7:f1:89:93:92:47:e7:b9:92:a2:e9:99:07:
                    a1:3d:71:00:e6:16:06:99:ac:93:08:84:59:1f:d9:
                    f8:a1:e0:0a:99:79:4b:ee:5a:b9:b5:71:d7:28:2e:
                    fe:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7B:21:CD:E5:01:07:99:90:3C:9E:4E:25:61:42:E2:C2:E8:FC:CE
            X509v3 Authority Key Identifier:
                keyid:57:B8:9F:5C:C7:82:19:EA:12:73:F9:F5:3C:5B:9E:33:BC:5D:BE:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7ifXMeCGeoSc_n1PFueM7xdvrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/MnshzeUBB5mQPJ5OJWFC4sLo_M4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/083198-49a7-4864-a46d-6375e1645604/1/V7ifXMeCGeoSc_n1PFueM7xdvrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:34:7a:d5:1b:b3:42:93:0b:58:5d:2d:da:a5:3f:cb:7b:43:
         48:a3:69:ed:29:b5:98:02:6c:80:1a:2e:fa:e4:92:2c:79:26:
         9d:a6:62:3c:c2:ce:d2:6a:26:cb:50:c1:ea:54:07:78:87:90:
         f2:78:5b:3e:48:85:be:ad:74:59:d9:0b:1a:9c:75:0c:e3:a8:
         2f:e8:23:41:3e:f7:c4:39:3f:01:78:f7:ef:de:a2:23:c3:e2:
         78:01:28:fe:ba:d0:ef:78:3a:e4:2f:d9:c2:a6:00:42:03:d4:
         29:a6:ca:b8:48:70:32:d1:b9:a8:6d:8c:4b:5b:36:8d:c3:75:
         85:02:74:51:92:02:0d:91:e9:dc:c9:d2:7c:e4:cb:5f:48:69:
         54:41:91:e8:e3:7a:fc:da:08:c9:21:85:ac:20:3f:c9:24:d8:
         6b:6d:9b:da:21:dd:44:df:f4:a7:49:13:c0:8f:c9:36:83:2f:
         7d:a1:19:cc:21:be:da:19:e1:85:9a:14:a4:bf:b9:41:8e:69:
         1d:3d:7c:fa:20:f1:54:e7:9f:19:29:76:54:69:77:af:f8:54:
         d6:c7:a4:53:14:9d:08:76:dc:3a:12:3c:8c:ee:56:9a:0c:0c:
         8e:cb:9b:a2:91:af:e2:7a:89:2c:18:3a:f0:11:62:5e:41:b0:
         7e:69:28:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBJZLLiM8hS/VMkAya/7oTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3Yjg5ZjVjYzc4MjE5ZWExMjczZjlmNTNjNWI5ZTMzYmM1
ZGJlYjUwHhcNMjQwNjI0MDgzNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdiMjFjZGU1MDEwNzk5OTAzYzllNGUyNTYxNDJlMmMyZThmY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhivxEU+5N87AOtK4ASxqzePJIdC
RmE5j06iKG13aLaY5Qk5b2q5ctovHNaBwFk69a2m9kRSQ+9jUmVicAkvTrXda+aY
dseQcj+545I7ld0xUrlhxR4+X5N4uILjW7BzQCnOrLkdfNioyPumKdvPRPV07WuB
1PWKtWxxiEoeA3VNVrOjslKJS26U1BmBtL7OvjtjJXL1D0HomDGIXl0RXoQDEDGp
ezWbdqYEj223nagm4W43PoJLesfgPp5QloPC3BfH8dTgK5KnQ9r9rbJo7qI5B/fx
iZOSR+e5kqLpmQehPXEA5hYGmayTCIRZH9n4oeAKmXlL7lq5tXHXKC7+hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJ7Ic3lAQeZkDyeTiVhQuLC6PzOMB8GA1UdIwQY
MBaAFFe4n1zHghnqEnP59TxbnjO8Xb61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdpZlhNZUNHZW9TY19uMVBGdWVNN3hkdnJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wODMxOTgtNDlhNy00ODY0LWE0NmQt
NjM3NWUxNjQ1NjA0LzEvTW5zaHplVUJCNW1RUEo1T0pXRkM0c0xvX000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wODMxOTgtNDlhNy00ODY0LWE0NmQtNjM3NWUxNjQ1NjA0
LzEvVjdpZlhNZUNHZW9TY19uMVBGdWVNN3hkdnJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEvXMA0G
CSqGSIb3DQEBCwUAA4IBAQAoNHrVG7NCkwtYXS3apT/Le0NIo2ntKbWYAmyAGi76
5JIseSadpmI8ws7SaibLUMHqVAd4h5DyeFs+SIW+rXRZ2QsanHUM46gv6CNBPvfE
OT8BePfv3qIjw+J4ASj+utDveDrkL9nCpgBCA9Qppsq4SHAy0bmobYxLWzaNw3WF
AnRRkgINkencydJ85MtfSGlUQZHo43r82gjJIYWsID/JJNhrbZvaId1E3/SnSRPA
j8k2gy99oRnMIb7aGeGFmhSkv7lBjmkdPXz6IPFU558ZKXZUaXev+FTWx6RTFJ0I
dtw6EjyM7laaDAyOy5uika/ieoksGDrwEWJeQbB+aSgD
-----END CERTIFICATE-----