Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/mcLMCofFjiVWN7qZ8rG_UY1rzDg.roa
File:                     mcLMCofFjiVWN7qZ8rG_UY1rzDg.roa (raw, json)
Hash identifier:          gPpMBO+ZqceNT2bD2O4syCquwVjzOg1ehMFTB4CIIo0=
Subject key identifier:   99:C2:CC:0A:87:C5:8E:25:56:37:BA:99:F2:B1:BF:51:8D:6B:CC:38
Certificate issuer:       /CN=4a4e2cf002d45ff9ade2ab8643adbfe083ca12d0
Certificate serial:       018CC5DC3F33DAF18B27E13D61A94AF518C5
Authority key identifier: 4A:4E:2C:F0:02:D4:5F:F9:AD:E2:AB:86:43:AD:BF:E0:83:CA:12:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sk4s8ALUX_mt4quGQ62_4IPKEtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/mcLMCofFjiVWN7qZ8rG_UY1rzDg.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202462
IP address blocks:        194.113.240.0/23 maxlen: 23
                          2001:67c:97c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/Sk4s8ALUX_mt4quGQ62_4IPKEtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/Sk4s8ALUX_mt4quGQ62_4IPKEtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sk4s8ALUX_mt4quGQ62_4IPKEtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3f:33:da:f1:8b:27:e1:3d:61:a9:4a:f5:18:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a4e2cf002d45ff9ade2ab8643adbfe083ca12d0
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99c2cc0a87c58e255637ba99f2b1bf518d6bcc38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e5:f0:c6:52:a7:6b:44:4f:4b:4f:29:fe:f3:
                    b6:1b:e4:2f:0f:8c:ee:e7:11:79:8a:a1:15:82:f9:
                    67:cc:1e:4c:8f:f7:ee:65:8f:9b:12:ca:cb:a0:99:
                    cb:8a:19:63:e6:92:26:8a:44:1d:b2:7d:43:0f:6e:
                    b3:ab:c8:75:6b:a2:fd:f2:6e:84:be:c7:a5:a4:a1:
                    ab:c5:b5:21:ed:8f:e1:a6:65:27:4b:d5:d0:81:45:
                    dd:66:f1:c1:7f:0b:d6:2c:8d:be:6f:83:fe:db:94:
                    e8:3c:f1:49:ee:59:ec:f8:85:54:27:62:5a:16:5c:
                    62:b4:56:6d:40:8c:50:4e:3f:ab:d2:0c:e4:06:9a:
                    c7:18:8d:b3:71:d0:06:2b:fe:ec:3a:e5:be:87:91:
                    ee:21:ed:65:a0:ea:f4:24:56:f8:8a:ba:b3:f0:58:
                    b5:b5:5a:5d:7d:c0:76:19:af:bd:44:49:8a:fe:dc:
                    27:48:c5:55:f2:df:28:8c:d8:ab:a9:79:e0:84:08:
                    0a:ba:81:f1:bd:d6:fc:48:3b:44:73:25:6e:63:58:
                    04:7c:45:7e:d2:4a:5f:c6:e1:f4:42:9d:9b:c1:47:
                    f1:d6:b6:89:8a:64:97:8e:6a:cd:7f:d1:5f:d3:81:
                    86:7b:6a:7a:86:97:a7:f3:07:84:66:33:70:f0:b3:
                    b3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C2:CC:0A:87:C5:8E:25:56:37:BA:99:F2:B1:BF:51:8D:6B:CC:38
            X509v3 Authority Key Identifier:
                keyid:4A:4E:2C:F0:02:D4:5F:F9:AD:E2:AB:86:43:AD:BF:E0:83:CA:12:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sk4s8ALUX_mt4quGQ62_4IPKEtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/mcLMCofFjiVWN7qZ8rG_UY1rzDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/30879c-9766-4a05-adbf-9ac81ef4592c/1/Sk4s8ALUX_mt4quGQ62_4IPKEtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.240.0/23
                IPv6:
                  2001:67c:97c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:80:94:f5:62:46:f5:5c:55:32:31:f8:41:67:a6:4d:1c:1d:
         49:4c:0f:f0:fa:0b:2e:0d:80:67:67:08:45:63:12:38:e9:13:
         b0:80:a1:dd:f8:4b:95:86:a0:24:40:39:ab:62:64:07:8f:66:
         a6:25:5b:51:0b:0b:2f:dd:55:3b:98:26:bf:00:b7:ae:60:61:
         82:cf:5e:59:ed:45:1d:fb:1a:85:b5:b4:95:66:76:bc:17:84:
         68:81:90:d8:ef:d1:88:bb:13:4f:05:6c:33:ae:42:00:ea:97:
         df:f8:75:87:a7:22:da:1b:06:02:1a:8e:5b:70:db:bc:e7:8c:
         cc:b6:43:8a:e6:90:95:04:c7:2e:a2:c6:37:1f:ae:9f:a0:d2:
         ee:83:09:0b:88:28:6f:c2:3f:b1:ef:0d:4f:54:a4:75:24:a5:
         06:a4:2d:eb:8b:95:4f:d6:9b:ef:2b:ca:9a:46:be:4d:3c:b5:
         f5:ed:c4:8b:7f:60:47:0d:d1:7e:55:58:b0:89:b0:5b:f3:4f:
         47:c9:41:15:af:eb:7f:42:ac:2d:54:34:47:a3:5d:b5:0a:9e:
         f9:9d:8e:50:5a:11:ad:fb:53:60:8b:58:8b:fb:b1:86:81:1b:
         72:75:a2:ab:22:0e:66:1e:dc:2d:c6:49:8c:ba:d5:95:8b:3a:
         03:6f:97:bc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3D8z2vGLJ+E9YalK9RjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNGUyY2YwMDJkNDVmZjlhZGUyYWI4NjQzYWRiZmUwODNj
YTEyZDAwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWMyY2MwYTg3YzU4ZTI1NTYzN2JhOTlmMmIxYmY1MThkNmJjYzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquXwxlKna0RPS08p/vO2G+QvD4zu
5xF5iqEVgvlnzB5Mj/fuZY+bEsrLoJnLihlj5pImikQdsn1DD26zq8h1a6L98m6E
vselpKGrxbUh7Y/hpmUnS9XQgUXdZvHBfwvWLI2+b4P+25ToPPFJ7lns+IVUJ2Ja
FlxitFZtQIxQTj+r0gzkBprHGI2zcdAGK/7sOuW+h5HuIe1loOr0JFb4irqz8Fi1
tVpdfcB2Ga+9REmK/twnSMVV8t8ojNirqXnghAgKuoHxvdb8SDtEcyVuY1gEfEV+
0kpfxuH0Qp2bwUfx1raJimSXjmrNf9Ff04GGe2p6hpen8weEZjNw8LOzcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJnCzAqHxY4lVje6mfKxv1GNa8w4MB8GA1UdIwQY
MBaAFEpOLPAC1F/5reKrhkOtv+CDyhLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2s0czhBTFVYX210NHF1R1E2Ml80SVBLRXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zMDg3OWMtOTc2Ni00YTA1LWFkYmYt
OWFjODFlZjQ1OTJjLzEvbWNMTUNvZkZqaVZXTjdxWjhyR19VWTFyekRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zMDg3OWMtOTc2Ni00YTA1LWFkYmYtOWFjODFlZjQ1OTJj
LzEvU2s0czhBTFVYX210NHF1R1E2Ml80SVBLRXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwnHwMA8E
AgACMAkDBwAgAQZ8CXwwDQYJKoZIhvcNAQELBQADggEBAG+AlPViRvVcVTIx+EFn
pk0cHUlMD/D6Cy4NgGdnCEVjEjjpE7CAod34S5WGoCRAOatiZAePZqYlW1ELCy/d
VTuYJr8At65gYYLPXlntRR37GoW1tJVmdrwXhGiBkNjv0Yi7E08FbDOuQgDql9/4
dYenItobBgIajltw27znjMy2Q4rmkJUExy6ixjcfrp+g0u6DCQuIKG/CP7HvDU9U
pHUkpQakLeuLlU/Wm+8ryppGvk08tfXtxIt/YEcN0X5VWLCJsFvzT0fJQRWv639C
rC1UNEejXbUKnvmdjlBaEa37U2CLWIv7sYaBG3J1oqsiDmYe3C3GSYy61ZWLOgNv
l7w=
-----END CERTIFICATE-----