Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d88b46-6ef9-4624-8984-bfa6d340787a/1/Mw0xTII4Rzwhpa5fMLsLrljkt6M.roa
File:                     Mw0xTII4Rzwhpa5fMLsLrljkt6M.roa (raw, json)
Hash identifier:          skC2/kD4ofggQOa8n6zxVSzwvswD6wdFwHDSsnLAFcc=
Subject key identifier:   33:0D:31:4C:82:38:47:3C:21:A5:AE:5F:30:BB:0B:AE:58:E4:B7:A3
Certificate issuer:       /CN=3f28b1bea0b5897723ea7c5fbbdd7ccd2952b05c
Certificate serial:       018CC56ED501F40AA5CFB7306869CBCBA93D
Authority key identifier: 3F:28:B1:BE:A0:B5:89:77:23:EA:7C:5F:BB:DD:7C:CD:29:52:B0:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PyixvqC1iXcj6nxfu918zSlSsFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/d88b46-6ef9-4624-8984-bfa6d340787a/1/Mw0xTII4Rzwhpa5fMLsLrljkt6M.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44598
IP address blocks:        185.150.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/d88b46-6ef9-4624-8984-bfa6d340787a/1/PyixvqC1iXcj6nxfu918zSlSsFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/d88b46-6ef9-4624-8984-bfa6d340787a/1/PyixvqC1iXcj6nxfu918zSlSsFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PyixvqC1iXcj6nxfu918zSlSsFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d5:01:f4:0a:a5:cf:b7:30:68:69:cb:cb:a9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f28b1bea0b5897723ea7c5fbbdd7ccd2952b05c
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=330d314c8238473c21a5ae5f30bb0bae58e4b7a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4c:eb:c1:b7:6d:bb:29:ab:42:d5:b6:67:80:
                    7c:32:33:69:0e:c8:71:4b:19:60:0c:fe:74:c0:53:
                    af:64:87:c5:40:2f:fa:56:25:3f:f1:5f:a7:9f:13:
                    7e:e0:3b:fc:cf:75:42:2f:15:65:f8:ae:00:86:b4:
                    2f:dd:b5:ab:75:c4:3b:d7:d7:9f:78:4d:d6:6d:2e:
                    2e:37:8b:27:c0:4d:18:7a:87:b5:42:98:40:f1:e6:
                    f1:6d:30:00:b2:c7:35:b4:9d:72:74:fd:db:ab:14:
                    a0:fb:35:0b:b9:9b:2f:19:8d:68:c3:cd:86:3a:55:
                    23:c1:e9:32:11:20:9b:75:45:27:60:9d:19:b5:81:
                    31:0c:04:06:5a:79:88:34:87:02:14:ad:10:4e:db:
                    8e:7c:46:15:4e:0d:aa:4c:47:08:84:3a:b6:02:12:
                    ba:6f:ae:62:8a:9d:df:9d:dc:b7:90:1c:21:10:ee:
                    3e:17:02:f7:18:b7:23:cf:a9:c3:ed:73:e8:ef:d0:
                    a0:3f:1e:ce:d3:51:7e:22:37:6b:49:4f:71:6f:a1:
                    00:62:42:cf:d9:ca:39:9f:31:d4:2b:1f:31:a0:e6:
                    00:d4:2e:03:f2:a5:88:fc:42:8d:87:ef:db:ed:de:
                    ab:ec:ef:05:6b:ba:ab:69:d1:7b:c9:23:fc:b6:73:
                    27:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0D:31:4C:82:38:47:3C:21:A5:AE:5F:30:BB:0B:AE:58:E4:B7:A3
            X509v3 Authority Key Identifier:
                keyid:3F:28:B1:BE:A0:B5:89:77:23:EA:7C:5F:BB:DD:7C:CD:29:52:B0:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PyixvqC1iXcj6nxfu918zSlSsFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d88b46-6ef9-4624-8984-bfa6d340787a/1/Mw0xTII4Rzwhpa5fMLsLrljkt6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d88b46-6ef9-4624-8984-bfa6d340787a/1/PyixvqC1iXcj6nxfu918zSlSsFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:9b:7c:fd:32:13:35:db:5e:98:18:93:f3:5f:18:42:fa:47:
         fd:90:b2:15:01:42:d4:a1:e6:2f:b7:b6:43:fc:f8:65:8c:a7:
         a1:25:7f:33:eb:6e:73:84:18:25:26:48:8b:9e:a5:cd:f7:19:
         0e:41:4b:19:2d:86:2f:e2:6a:6c:bc:23:63:78:03:0a:5a:ae:
         75:2b:d9:0b:9f:98:55:69:10:53:d4:7d:df:6b:18:8a:95:ea:
         c1:26:3f:db:d9:ab:94:a7:90:ce:bb:ff:1c:d4:28:c6:07:61:
         6a:99:13:68:f4:75:cd:6e:63:a0:21:33:b9:6c:61:27:30:4a:
         a5:98:15:bf:95:57:8b:a0:d3:92:32:84:e8:86:e9:a9:8d:37:
         8d:9f:4e:64:7b:a9:bd:e2:ca:38:06:e7:3d:7d:2f:63:44:d1:
         f8:40:93:d1:54:3c:70:83:73:57:76:37:77:9f:7e:79:4a:23:
         ba:fd:0b:70:65:b7:b6:14:7d:68:65:9d:aa:e4:4e:af:24:c3:
         10:9e:c5:f2:0f:b6:b3:02:e1:9a:6a:88:57:c3:83:f5:79:a1:
         d1:18:d2:f4:0e:57:9e:c5:ca:30:17:41:b4:8a:c3:6a:27:3e:
         58:b3:6e:f4:26:3f:5e:de:9a:67:12:34:f3:05:71:7c:a9:b5:
         be:21:7f:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtUB9Aqlz7cwaGnLy6k9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjhiMWJlYTBiNTg5NzcyM2VhN2M1ZmJiZGQ3Y2NkMjk1
MmIwNWMwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBkMzE0YzgyMzg0NzNjMjFhNWFlNWYzMGJiMGJhZTU4ZTRiN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EzrwbdtuymrQtW2Z4B8MjNpDshx
SxlgDP50wFOvZIfFQC/6ViU/8V+nnxN+4Dv8z3VCLxVl+K4AhrQv3bWrdcQ719ef
eE3WbS4uN4snwE0Yeoe1QphA8ebxbTAAssc1tJ1ydP3bqxSg+zULuZsvGY1ow82G
OlUjwekyESCbdUUnYJ0ZtYExDAQGWnmINIcCFK0QTtuOfEYVTg2qTEcIhDq2AhK6
b65iip3fndy3kBwhEO4+FwL3GLcjz6nD7XPo79CgPx7O01F+IjdrSU9xb6EAYkLP
2co5nzHUKx8xoOYA1C4D8qWI/EKNh+/b7d6r7O8Fa7qradF7ySP8tnMnBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMNMUyCOEc8IaWuXzC7C65Y5LejMB8GA1UdIwQY
MBaAFD8osb6gtYl3I+p8X7vdfM0pUrBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHlpeHZxQzFpWGNqNm54ZnU5MTh6U2xTc0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kODhiNDYtNmVmOS00NjI0LTg5ODQt
YmZhNmQzNDA3ODdhLzEvTXcweFRJSTRSendocGE1Zk1Mc0xybGprdDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kODhiNDYtNmVmOS00NjI0LTg5ODQtYmZhNmQzNDA3ODdh
LzEvUHlpeHZxQzFpWGNqNm54ZnU5MTh6U2xTc0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZZcMA0G
CSqGSIb3DQEBCwUAA4IBAQCvm3z9MhM1216YGJPzXxhC+kf9kLIVAULUoeYvt7ZD
/PhljKehJX8z625zhBglJkiLnqXN9xkOQUsZLYYv4mpsvCNjeAMKWq51K9kLn5hV
aRBT1H3faxiKlerBJj/b2auUp5DOu/8c1CjGB2FqmRNo9HXNbmOgITO5bGEnMEql
mBW/lVeLoNOSMoTohumpjTeNn05ke6m94so4Buc9fS9jRNH4QJPRVDxwg3NXdjd3
n355SiO6/QtwZbe2FH1oZZ2q5E6vJMMQnsXyD7azAuGaaohXw4P1eaHRGNL0Dlee
xcowF0G0isNqJz5Ys270Jj9e3ppnEjTzBXF8qbW+IX/3
-----END CERTIFICATE-----