Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/MXfLOY6jW9u54zPN4gxmtuLHqXU.roa
File:                     MXfLOY6jW9u54zPN4gxmtuLHqXU.roa (raw, json)
Hash identifier:          gCJP3d+PMb8/KX6dArcYT7YcwE2AH7TLp9HzOC5s44w=
Subject key identifier:   31:77:CB:39:8E:A3:5B:DB:B9:E3:33:CD:E2:0C:66:B6:E2:C7:A9:75
Certificate issuer:       /CN=a647893fb5b348e68a66d55a28f278cbf3931df4
Certificate serial:       018CC56EB900F2FECB728431F9C21AFABA95
Authority key identifier: A6:47:89:3F:B5:B3:48:E6:8A:66:D5:5A:28:F2:78:CB:F3:93:1D:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/MXfLOY6jW9u54zPN4gxmtuLHqXU.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.207.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 02:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b9:00:f2:fe:cb:72:84:31:f9:c2:1a:fa:ba:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a647893fb5b348e68a66d55a28f278cbf3931df4
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3177cb398ea35bdbb9e333cde20c66b6e2c7a975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:75:e6:6d:83:39:c4:92:08:7f:08:e3:04:
                    eb:a9:67:dd:36:c5:41:dd:e6:d9:dd:c6:2e:c3:f2:
                    e0:1a:2d:67:ee:34:4b:2c:1e:63:5b:42:4e:00:22:
                    4e:bf:28:64:a5:b1:ac:44:cd:63:1f:38:df:4e:9b:
                    ae:12:dd:a8:c0:9d:9e:75:96:42:9e:45:f1:af:ee:
                    2e:7d:c9:24:f1:a8:cc:d5:25:a9:cc:f8:7a:2f:f7:
                    ea:12:22:e1:3e:8e:08:2d:de:01:e9:3b:7b:33:fb:
                    8a:4b:6b:6d:08:75:54:b5:a9:c0:fa:72:a5:33:dd:
                    fb:69:db:b2:4d:2f:1c:21:bd:32:32:d0:e2:b9:83:
                    0e:42:99:60:e6:7f:26:b8:12:41:2d:11:7f:c8:ed:
                    bd:2f:9b:a7:4b:f5:c9:bd:b9:f4:aa:eb:2a:8f:c7:
                    e7:d7:75:69:b3:c9:e5:29:d5:56:c9:70:1d:4b:14:
                    cd:65:75:84:c2:44:a5:20:ef:70:9e:98:b6:eb:f4:
                    ef:62:cb:13:77:fb:0a:a4:76:9a:96:fc:64:65:56:
                    bb:85:0c:68:05:7d:a5:d2:80:08:0a:72:ea:d4:86:
                    67:63:10:4e:e4:62:cf:be:84:54:d3:ef:85:a5:fe:
                    68:27:71:d6:6b:52:1f:e7:ca:6a:68:e8:36:75:fb:
                    20:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:77:CB:39:8E:A3:5B:DB:B9:E3:33:CD:E2:0C:66:B6:E2:C7:A9:75
            X509v3 Authority Key Identifier:
                keyid:A6:47:89:3F:B5:B3:48:E6:8A:66:D5:5A:28:F2:78:CB:F3:93:1D:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/MXfLOY6jW9u54zPN4gxmtuLHqXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/da8cb1-1bfc-43fd-a0d2-d624496ddcc8/1/pkeJP7WzSOaKZtVaKPJ4y_OTHfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:cb:13:15:13:1c:20:c4:c2:a6:79:97:16:d8:9d:4c:80:c1:
         75:6e:03:8d:af:8a:80:16:04:22:99:ef:f9:50:e6:96:7d:c2:
         0d:88:d4:3b:0f:50:22:66:37:42:23:3c:fd:58:d8:df:37:19:
         2b:d7:15:42:6d:7b:70:56:19:31:d3:a7:d0:fd:33:19:23:c4:
         e0:93:c4:91:06:4d:3a:59:98:23:87:58:10:33:c8:39:cc:a1:
         be:7d:48:94:ae:01:b9:48:b3:b3:88:aa:44:71:51:39:b4:33:
         18:37:67:48:12:ef:b3:88:67:1e:15:9d:98:88:45:2a:ae:92:
         6f:9d:66:eb:d7:44:e6:98:dc:e1:6d:3e:ca:21:04:7e:9a:00:
         f6:30:88:50:24:32:0e:dc:fa:b9:99:1b:a5:17:59:44:b4:0a:
         74:81:25:94:8a:3f:e1:d7:0e:8f:f9:79:25:bf:0b:60:26:c7:
         56:58:72:5f:4f:5c:23:e8:73:d9:e7:c3:e3:c9:72:67:88:00:
         b1:89:29:48:8f:66:fe:0e:6e:38:e9:fb:d7:45:d9:36:36:0b:
         f9:3a:78:9a:d5:00:99:3e:7f:75:6c:0b:d0:1f:15:b5:fb:82:
         22:93:17:4f:df:a5:8b:e0:aa:1c:90:ba:e8:3e:47:37:17:06:
         13:fe:a8:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrkA8v7LcoQx+cIa+rqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NDc4OTNmYjViMzQ4ZTY4YTY2ZDU1YTI4ZjI3OGNiZjM5
MzFkZjQwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc3Y2IzOThlYTM1YmRiYjllMzMzY2RlMjBjNjZiNmUyYzdhOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4R15m2DOcSSCH8I4wTrqWfdNsVB
3ebZ3cYuw/LgGi1n7jRLLB5jW0JOACJOvyhkpbGsRM1jHzjfTpuuEt2owJ2edZZC
nkXxr+4ufckk8ajM1SWpzPh6L/fqEiLhPo4ILd4B6Tt7M/uKS2ttCHVUtanA+nKl
M937aduyTS8cIb0yMtDiuYMOQplg5n8muBJBLRF/yO29L5unS/XJvbn0qusqj8fn
13Vps8nlKdVWyXAdSxTNZXWEwkSlIO9wnpi26/TvYssTd/sKpHaalvxkZVa7hQxo
BX2l0oAICnLq1IZnYxBO5GLPvoRU0++Fpf5oJ3HWa1If58pqaOg2dfsg2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF3yzmOo1vbueMzzeIMZrbix6l1MB8GA1UdIwQY
MBaAFKZHiT+1s0jmimbVWijyeMvzkx30MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGtlSlA3V3pTT2FLWnRWYUtQSjR5X09USGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kYThjYjEtMWJmYy00M2ZkLWEwZDIt
ZDYyNDQ5NmRkY2M4LzEvTVhmTE9ZNmpXOXU1NHpQTjRneG10dUxIcVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kYThjYjEtMWJmYy00M2ZkLWEwZDItZDYyNDQ5NmRkY2M4
LzEvcGtlSlA3V3pTT2FLWnRWYUtQSjR5X09USGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc+GMA0G
CSqGSIb3DQEBCwUAA4IBAQACyxMVExwgxMKmeZcW2J1MgMF1bgONr4qAFgQime/5
UOaWfcINiNQ7D1AiZjdCIzz9WNjfNxkr1xVCbXtwVhkx06fQ/TMZI8Tgk8SRBk06
WZgjh1gQM8g5zKG+fUiUrgG5SLOziKpEcVE5tDMYN2dIEu+ziGceFZ2YiEUqrpJv
nWbr10TmmNzhbT7KIQR+mgD2MIhQJDIO3Pq5mRulF1lEtAp0gSWUij/h1w6P+Xkl
vwtgJsdWWHJfT1wj6HPZ58PjyXJniACxiSlIj2b+Dm446fvXRdk2Ngv5Onia1QCZ
Pn91bAvQHxW1+4IikxdP36WL4KockLroPkc3FwYT/qj+
-----END CERTIFICATE-----