Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/45adde-27b5-4d99-9319-d7c00750ed94/1/MSnHBIOL0Bltj-Q0mkBqryaUsS4.roa
File:                     MSnHBIOL0Bltj-Q0mkBqryaUsS4.roa (raw, json)
Hash identifier:          R8xRgK2CEN6mE5gSyGtBAs14gnmUzJFq4i62UURLtRQ=
Subject key identifier:   31:29:C7:04:83:8B:D0:19:6D:8F:E4:34:9A:40:6A:AF:26:94:B1:2E
Certificate issuer:       /CN=e776c51980c751ea5e31dddac8ef61fb56c9700f
Certificate serial:       01944A17C38E6977905523640F36A0406C61
Authority key identifier: E7:76:C5:19:80:C7:51:EA:5E:31:DD:DA:C8:EF:61:FB:56:C9:70:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/53bFGYDHUepeMd3ayO9h-1bJcA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/45adde-27b5-4d99-9319-d7c00750ed94/1/MSnHBIOL0Bltj-Q0mkBqryaUsS4.roa
Signing time:             Thu 09 Jan 2025 08:04:18 +0000
ROA not before:           Thu 09 Jan 2025 08:04:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213630
IP address blocks:        193.106.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/45adde-27b5-4d99-9319-d7c00750ed94/1/53bFGYDHUepeMd3ayO9h-1bJcA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/45adde-27b5-4d99-9319-d7c00750ed94/1/53bFGYDHUepeMd3ayO9h-1bJcA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/53bFGYDHUepeMd3ayO9h-1bJcA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:17:c3:8e:69:77:90:55:23:64:0f:36:a0:40:6c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e776c51980c751ea5e31dddac8ef61fb56c9700f
        Validity
            Not Before: Jan  9 08:04:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3129c704838bd0196d8fe4349a406aaf2694b12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:61:5d:a1:74:ed:7c:60:6b:a6:e8:07:82:3b:
                    3d:d4:ca:68:3a:a1:8a:ba:fe:ba:f0:94:91:3f:2d:
                    b0:ee:97:9b:5b:71:38:6a:66:c0:c9:10:0f:ea:40:
                    df:d5:8d:0a:c8:95:ec:c4:4b:9e:ea:e5:2d:28:b3:
                    1d:df:6e:6e:ae:26:20:20:85:7f:7e:e9:58:d6:e6:
                    55:ef:00:19:9f:cf:d5:2b:ff:81:0b:51:66:ce:a1:
                    90:96:86:1c:16:ff:f2:fc:44:bc:66:e6:8c:62:58:
                    f6:bf:27:d9:1d:13:16:03:5a:ff:bc:17:58:0c:80:
                    b5:11:02:04:dc:6c:c9:d0:c3:cd:e6:8e:86:32:e2:
                    9b:e7:77:4a:91:51:6e:4b:0c:d9:9c:7e:2c:d5:1f:
                    8f:72:79:60:e1:39:f2:e4:ff:7c:41:9e:01:59:b1:
                    fd:02:14:68:be:69:b7:74:a8:d1:ba:9b:00:db:14:
                    db:df:33:e9:0b:f9:f7:60:46:2d:07:b1:50:50:6d:
                    4f:b2:7c:47:33:44:29:e3:d2:36:33:90:a1:78:c2:
                    92:97:02:c6:aa:a0:81:ee:68:f8:ff:a4:20:fa:86:
                    19:2e:f4:fb:b2:f4:03:f5:50:87:d9:fe:25:97:97:
                    5e:12:55:70:ff:39:89:3b:dc:06:29:f8:34:28:0d:
                    8b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:29:C7:04:83:8B:D0:19:6D:8F:E4:34:9A:40:6A:AF:26:94:B1:2E
            X509v3 Authority Key Identifier:
                keyid:E7:76:C5:19:80:C7:51:EA:5E:31:DD:DA:C8:EF:61:FB:56:C9:70:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/53bFGYDHUepeMd3ayO9h-1bJcA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/45adde-27b5-4d99-9319-d7c00750ed94/1/MSnHBIOL0Bltj-Q0mkBqryaUsS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/45adde-27b5-4d99-9319-d7c00750ed94/1/53bFGYDHUepeMd3ayO9h-1bJcA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:f9:b4:8f:8e:19:cb:91:f1:2a:2e:82:1f:13:95:91:a7:3f:
         84:f5:8a:6b:54:66:a7:60:2a:66:83:1b:0f:0f:5c:1a:c7:fc:
         0d:2c:a9:5a:0d:05:c6:b1:30:66:59:99:15:b5:fc:fe:2c:e8:
         b9:de:11:fe:04:58:81:d8:89:66:ef:43:b9:96:59:90:2c:c6:
         a4:74:9b:0d:de:36:05:42:f3:59:1e:ff:f7:2b:f5:bc:d4:89:
         e1:c7:94:94:bb:a0:2a:53:88:5e:0f:4f:83:6c:c9:bf:b2:35:
         c3:36:97:e3:7f:cd:52:12:8b:37:f0:32:23:2b:e1:a0:27:7b:
         84:ea:b8:5c:bc:c2:4f:ad:9d:70:f6:77:6f:03:83:da:9c:36:
         a2:4b:85:58:00:02:94:19:a8:51:4e:e0:45:27:c1:fd:70:cc:
         19:37:c5:10:39:2f:f0:0f:01:d3:26:ed:76:30:66:74:f1:5b:
         08:c3:56:28:5e:1f:a3:7d:3c:30:aa:96:08:1a:7b:6e:56:0e:
         28:3c:d0:c8:af:6e:f6:a9:38:46:ca:c5:9c:9d:8a:45:88:ac:
         57:9d:66:05:3b:73:41:df:92:ba:88:08:ec:c7:c8:ea:02:5b:
         cb:27:c1:11:fb:c8:2c:18:b1:16:1a:67:1b:20:f9:f8:49:f2:
         90:8e:cb:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKF8OOaXeQVSNkDzagQGxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NzZjNTE5ODBjNzUxZWE1ZTMxZGRkYWM4ZWY2MWZiNTZj
OTcwMGYwHhcNMjUwMTA5MDgwNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI5YzcwNDgzOGJkMDE5NmQ4ZmU0MzQ5YTQwNmFhZjI2OTRiMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGFdoXTtfGBrpugHgjs91MpoOqGK
uv668JSRPy2w7pebW3E4ambAyRAP6kDf1Y0KyJXsxEue6uUtKLMd325uriYgIIV/
fulY1uZV7wAZn8/VK/+BC1FmzqGQloYcFv/y/ES8ZuaMYlj2vyfZHRMWA1r/vBdY
DIC1EQIE3GzJ0MPN5o6GMuKb53dKkVFuSwzZnH4s1R+Pcnlg4Tny5P98QZ4BWbH9
AhRovmm3dKjRupsA2xTb3zPpC/n3YEYtB7FQUG1PsnxHM0Qp49I2M5CheMKSlwLG
qqCB7mj4/6Qg+oYZLvT7svQD9VCH2f4ll5deElVw/zmJO9wGKfg0KA2LJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEpxwSDi9AZbY/kNJpAaq8mlLEuMB8GA1UdIwQY
MBaAFOd2xRmAx1HqXjHd2sjvYftWyXAPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTNiRkdZREhVZXBlTWQzYXlPOWgtMWJKY0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80NWFkZGUtMjdiNS00ZDk5LTkzMTkt
ZDdjMDA3NTBlZDk0LzEvTVNuSEJJT0wwQmx0ai1RMG1rQnFyeWFVc1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80NWFkZGUtMjdiNS00ZDk5LTkzMTktZDdjMDA3NTBlZDk0
LzEvNTNiRkdZREhVZXBlTWQzYXlPOWgtMWJKY0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWpgMA0G
CSqGSIb3DQEBCwUAA4IBAQAz+bSPjhnLkfEqLoIfE5WRpz+E9YprVGanYCpmgxsP
D1wax/wNLKlaDQXGsTBmWZkVtfz+LOi53hH+BFiB2Ilm70O5llmQLMakdJsN3jYF
QvNZHv/3K/W81Inhx5SUu6AqU4heD0+DbMm/sjXDNpfjf81SEos38DIjK+GgJ3uE
6rhcvMJPrZ1w9ndvA4PanDaiS4VYAAKUGahRTuBFJ8H9cMwZN8UQOS/wDwHTJu12
MGZ08VsIw1YoXh+jfTwwqpYIGntuVg4oPNDIr272qThGysWcnYpFiKxXnWYFO3NB
35K6iAjsx8jqAlvLJ8ER+8gsGLEWGmcbIPn4SfKQjsvO
-----END CERTIFICATE-----