Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/MCL_wL9Pc5rM-eP2FHZZBifCNw8.roa
File:                     MCL_wL9Pc5rM-eP2FHZZBifCNw8.roa (raw, json)
Hash identifier:          g+HwdgxN1nHjhzgcvklgx3q9ZyrxCr5M+eOYwI6FgYM=
Subject key identifier:   30:22:FF:C0:BF:4F:73:9A:CC:F9:E3:F6:14:76:59:06:27:C2:37:0F
Certificate issuer:       /CN=f5882f33f7480dcc7b87637aea76368289d75c2d
Certificate serial:       019251169A10CAC700494E528AA9A74FF55D
Authority key identifier: F5:88:2F:33:F7:48:0D:CC:7B:87:63:7A:EA:76:36:82:89:D7:5C:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9YgvM_dIDcx7h2N66nY2gonXXC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/MCL_wL9Pc5rM-eP2FHZZBifCNw8.roa
Signing time:             Thu 03 Oct 2024 06:34:48 +0000
ROA not before:           Thu 03 Oct 2024 06:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        195.10.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/9YgvM_dIDcx7h2N66nY2gonXXC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/9YgvM_dIDcx7h2N66nY2gonXXC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9YgvM_dIDcx7h2N66nY2gonXXC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:16:9a:10:ca:c7:00:49:4e:52:8a:a9:a7:4f:f5:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5882f33f7480dcc7b87637aea76368289d75c2d
        Validity
            Not Before: Oct  3 06:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3022ffc0bf4f739accf9e3f61476590627c2370f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:34:19:ec:a3:bb:31:e2:32:73:0b:a4:ed:85:
                    76:93:07:e1:a0:92:6b:e7:bb:b9:cd:b6:b8:2e:4a:
                    92:a5:3e:97:59:c5:dc:7a:24:a3:7d:5f:97:e1:d7:
                    5d:9c:0f:e2:2b:c9:34:62:1f:3e:75:81:d5:b0:16:
                    37:2e:7a:d4:62:21:ac:b7:b8:68:f7:e4:42:65:07:
                    3f:c7:d6:55:27:6d:2e:39:b9:2d:56:19:36:b4:d0:
                    99:f5:21:96:27:e5:ee:9d:c0:f5:60:30:82:8a:d6:
                    67:05:5b:12:29:87:5a:87:5c:d0:59:38:8f:4a:19:
                    62:0e:23:8e:45:94:ab:d2:6b:61:5f:8a:d1:6f:ce:
                    cb:73:30:b7:2f:93:61:00:1f:2f:a3:78:95:a6:5b:
                    32:09:84:be:c0:5d:c0:cd:10:01:bc:3c:69:c8:97:
                    07:fd:32:b7:35:18:98:07:1f:09:4d:f1:d5:5b:bf:
                    dd:02:c0:87:37:d9:42:7c:c4:19:ba:16:c5:36:db:
                    18:44:c4:dd:5f:01:7b:d9:56:53:27:ab:2d:2d:ed:
                    d0:c6:ab:90:00:be:35:58:15:24:d4:7e:ad:59:19:
                    59:bd:d5:33:27:d4:d0:ac:38:9b:34:0e:68:ee:93:
                    c3:33:ca:40:50:30:32:dc:cb:37:e9:76:31:ad:88:
                    83:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:22:FF:C0:BF:4F:73:9A:CC:F9:E3:F6:14:76:59:06:27:C2:37:0F
            X509v3 Authority Key Identifier:
                keyid:F5:88:2F:33:F7:48:0D:CC:7B:87:63:7A:EA:76:36:82:89:D7:5C:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YgvM_dIDcx7h2N66nY2gonXXC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/MCL_wL9Pc5rM-eP2FHZZBifCNw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/92ff2a-a16a-4a78-99b2-a95105f16e66/1/9YgvM_dIDcx7h2N66nY2gonXXC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:67:f9:73:ed:7d:2d:fb:46:bd:57:80:42:ce:a6:c3:ea:93:
         cd:ea:c4:8f:6d:30:bd:b9:47:dd:ec:57:ef:d9:39:f8:ad:26:
         42:f1:bc:77:5c:9a:64:71:4d:8a:7b:8c:2b:60:0b:0b:31:a7:
         8d:8d:54:81:1b:c0:5e:e7:f6:bd:6d:a5:9a:ce:08:ae:d5:e9:
         79:cf:ea:17:96:ce:39:60:55:84:d4:aa:a8:8f:ae:89:24:0d:
         13:9d:f2:07:80:49:97:f6:54:2d:1b:01:ce:2e:09:27:c5:60:
         66:1a:f9:77:20:b5:f8:81:ec:20:47:2e:fc:9d:af:cd:79:94:
         f6:a6:af:85:18:2f:04:ed:bd:08:fd:87:9b:b0:89:47:8d:4c:
         49:23:70:3c:8f:04:6a:86:5e:d6:d0:ad:f0:7b:78:4e:55:06:
         f9:53:81:2d:68:7b:3d:39:01:d9:5d:af:30:10:a7:66:12:ff:
         0f:ec:b7:59:c0:aa:c5:51:09:89:da:0d:b3:2e:e2:8f:1f:74:
         92:bd:30:7f:d5:c1:6c:bd:12:e4:fe:39:d7:98:5a:5b:a5:89:
         c6:6d:ad:9c:1a:21:cd:0f:ce:ce:5d:c1:18:fa:fa:9b:9d:50:
         cb:1b:65:4e:90:58:41:ce:67:7c:68:44:43:30:41:2e:d7:ac:
         e1:71:e9:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRFpoQyscASU5SiqmnT/VdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ODgyZjMzZjc0ODBkY2M3Yjg3NjM3YWVhNzYzNjgyODlk
NzVjMmQwHhcNMjQxMDAzMDYzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDIyZmZjMGJmNGY3MzlhY2NmOWUzZjYxNDc2NTkwNjI3YzIzNzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDQZ7KO7MeIycwuk7YV2kwfhoJJr
57u5zba4LkqSpT6XWcXceiSjfV+X4dddnA/iK8k0Yh8+dYHVsBY3LnrUYiGst7ho
9+RCZQc/x9ZVJ20uObktVhk2tNCZ9SGWJ+XuncD1YDCCitZnBVsSKYdah1zQWTiP
ShliDiOORZSr0mthX4rRb87LczC3L5NhAB8vo3iVplsyCYS+wF3AzRABvDxpyJcH
/TK3NRiYBx8JTfHVW7/dAsCHN9lCfMQZuhbFNtsYRMTdXwF72VZTJ6stLe3QxquQ
AL41WBUk1H6tWRlZvdUzJ9TQrDibNA5o7pPDM8pAUDAy3Ms36XYxrYiDhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAi/8C/T3OazPnj9hR2WQYnwjcPMB8GA1UdIwQY
MBaAFPWILzP3SA3Me4djeup2NoKJ11wtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVlndk1fZElEY3g3aDJONjZuWTJnb25YWEMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85MmZmMmEtYTE2YS00YTc4LTk5YjIt
YTk1MTA1ZjE2ZTY2LzEvTUNMX3dMOVBjNXJNLWVQMkZIWlpCaWZDTnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85MmZmMmEtYTE2YS00YTc4LTk5YjItYTk1MTA1ZjE2ZTY2
LzEvOVlndk1fZElEY3g3aDJONjZuWTJnb25YWEMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrPMA0G
CSqGSIb3DQEBCwUAA4IBAQDMZ/lz7X0t+0a9V4BCzqbD6pPN6sSPbTC9uUfd7Ffv
2Tn4rSZC8bx3XJpkcU2Ke4wrYAsLMaeNjVSBG8Be5/a9baWazgiu1el5z+oXls45
YFWE1Kqoj66JJA0TnfIHgEmX9lQtGwHOLgknxWBmGvl3ILX4gewgRy78na/NeZT2
pq+FGC8E7b0I/YebsIlHjUxJI3A8jwRqhl7W0K3we3hOVQb5U4EtaHs9OQHZXa8w
EKdmEv8P7LdZwKrFUQmJ2g2zLuKPH3SSvTB/1cFsvRLk/jnXmFpbpYnGba2cGiHN
D87OXcEY+vqbnVDLG2VOkFhBzmd8aERDMEEu16zhcenw
-----END CERTIFICATE-----