Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/_MprdVNKWFfnW-ZXJmln6iniHZg.roa
File:                     _MprdVNKWFfnW-ZXJmln6iniHZg.roa (raw, json)
Hash identifier:          eII6YNjnO7ORggnCJykRZXks0HvgPgpLKg8Zk4i1HIQ=
Subject key identifier:   FC:CA:6B:75:53:4A:58:57:E7:5B:E6:57:26:69:67:EA:29:E2:1D:98
Certificate issuer:       /CN=23b1943087ce69623e76b2145b3479ac204ba1c9
Certificate serial:       018CC726F263A840CCEEA0D612655F7A2A08
Authority key identifier: 23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/_MprdVNKWFfnW-ZXJmln6iniHZg.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        87.236.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f2:63:a8:40:cc:ee:a0:d6:12:65:5f:7a:2a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23b1943087ce69623e76b2145b3479ac204ba1c9
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcca6b75534a5857e75be657266967ea29e21d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:01:03:2f:70:b0:a3:12:5f:a7:b7:ed:87:e3:
                    4a:7e:5a:8c:64:8e:28:35:10:6d:a7:2d:d6:10:c9:
                    62:30:74:52:2c:b4:44:be:98:f0:e6:79:7d:a1:e9:
                    6f:e0:16:08:c2:12:98:e9:af:12:5a:36:26:b9:09:
                    2f:0e:ce:97:60:03:da:ee:7b:5f:53:0b:b4:d6:1b:
                    b1:a0:62:86:5e:8b:44:5c:e9:90:cc:6f:06:7e:0f:
                    1e:eb:6a:40:be:ec:f6:49:47:ef:8a:c9:08:df:dc:
                    76:f3:47:b4:30:50:a6:a7:d5:62:1f:a0:80:62:c3:
                    08:0c:d6:30:bb:b4:36:71:7d:90:e1:02:66:77:07:
                    81:46:d1:e0:e1:ad:67:6f:3f:84:c2:fc:b2:d4:81:
                    77:d1:eb:31:e0:c9:8d:1e:f8:3a:69:ac:e9:17:90:
                    d9:d8:67:ad:e8:67:e5:1e:f7:8d:ed:33:45:c0:77:
                    12:4f:a1:f1:e7:98:84:31:e3:bd:68:0f:14:bc:2d:
                    b6:91:ee:d2:14:83:58:83:e4:a6:3f:e0:43:a7:47:
                    d8:e6:31:2f:6c:48:b7:8b:4b:bb:3b:4a:72:29:e6:
                    20:6c:ce:d7:eb:21:ff:60:9b:7a:07:eb:59:9c:5f:
                    d1:f5:9d:dd:b3:06:d7:05:be:45:eb:aa:82:59:6d:
                    77:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CA:6B:75:53:4A:58:57:E7:5B:E6:57:26:69:67:EA:29:E2:1D:98
            X509v3 Authority Key Identifier:
                keyid:23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/_MprdVNKWFfnW-ZXJmln6iniHZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:df:49:ee:20:72:d7:2e:27:c9:8a:bd:64:7f:11:68:68:96:
         0a:5c:d6:b5:13:43:1a:3d:4c:99:b2:4b:30:4d:30:59:b5:33:
         7c:68:90:fb:da:62:a8:8e:b0:a6:66:23:64:e4:86:ed:13:9f:
         af:56:32:69:df:5f:b7:97:33:54:19:e3:d1:65:6b:de:09:f6:
         f9:94:03:90:17:11:f1:2e:8d:39:e9:7d:9d:c0:88:63:73:77:
         56:a3:06:38:18:be:a7:93:9e:50:c5:cb:86:2d:a8:4e:f3:35:
         85:a4:39:17:36:8a:00:68:cf:63:68:c1:23:df:96:ba:b1:6d:
         77:5e:a7:d6:f7:9c:10:cb:13:54:a0:df:25:e5:31:6f:9d:54:
         15:b5:24:f2:09:67:ee:c8:31:92:1d:7d:b3:f3:b0:7f:50:c0:
         cb:11:28:08:96:c1:d1:46:0b:b4:fb:a9:ad:70:32:1c:4a:15:
         1e:2f:0d:a7:1a:52:61:cb:98:e1:e7:0d:9a:7f:fe:9a:e9:45:
         24:c4:44:01:6d:43:df:a1:d1:ce:ab:67:e0:fb:26:8f:82:94:
         a9:33:98:39:48:76:fd:a3:34:3b:f2:aa:85:76:d0:bd:9a:36:
         7e:bb:50:58:51:87:9f:77:bd:f5:e8:cd:fd:f4:dd:33:76:a3:
         06:00:24:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvJjqEDM7qDWEmVfeioIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYjE5NDMwODdjZTY5NjIzZTc2YjIxNDViMzQ3OWFjMjA0
YmExYzkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NhNmI3NTUzNGE1ODU3ZTc1YmU2NTcyNjY5NjdlYTI5ZTIxZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAEDL3CwoxJfp7fth+NKflqMZI4o
NRBtpy3WEMliMHRSLLREvpjw5nl9oelv4BYIwhKY6a8SWjYmuQkvDs6XYAPa7ntf
Uwu01huxoGKGXotEXOmQzG8Gfg8e62pAvuz2SUfviskI39x280e0MFCmp9ViH6CA
YsMIDNYwu7Q2cX2Q4QJmdweBRtHg4a1nbz+Ewvyy1IF30esx4MmNHvg6aazpF5DZ
2Get6GflHveN7TNFwHcST6Hx55iEMeO9aA8UvC22ke7SFINYg+SmP+BDp0fY5jEv
bEi3i0u7O0pyKeYgbM7X6yH/YJt6B+tZnF/R9Z3dswbXBb5F66qCWW13wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzKa3VTSlhX51vmVyZpZ+op4h2YMB8GA1UdIwQY
MBaAFCOxlDCHzmliPnayFFs0eawgS6HJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTkt
Zjc0MmYzOTVhYWY5LzEvX01wcmRWTktXRmZuVy1aWEptbG42aW5pSFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTktZjc0MmYzOTVhYWY5
LzEvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+xDMA0G
CSqGSIb3DQEBCwUAA4IBAQCk30nuIHLXLifJir1kfxFoaJYKXNa1E0MaPUyZsksw
TTBZtTN8aJD72mKojrCmZiNk5IbtE5+vVjJp31+3lzNUGePRZWveCfb5lAOQFxHx
Lo056X2dwIhjc3dWowY4GL6nk55QxcuGLahO8zWFpDkXNooAaM9jaMEj35a6sW13
XqfW95wQyxNUoN8l5TFvnVQVtSTyCWfuyDGSHX2z87B/UMDLESgIlsHRRgu0+6mt
cDIcShUeLw2nGlJhy5jh5w2af/6a6UUkxEQBbUPfodHOq2fg+yaPgpSpM5g5SHb9
ozQ78qqFdtC9mjZ+u1BYUYefd7316M399N0zdqMGACRU
-----END CERTIFICATE-----