Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/MztRw1VgttFeLoCBv5C3tsFuz1E.roa
File:                     MztRw1VgttFeLoCBv5C3tsFuz1E.roa (raw, json)
Hash identifier:          hy5DRa8SjKLsKaVUg4ZDd2wjVikDlHQl3jC9Z1Tk3pw=
Subject key identifier:   33:3B:51:C3:55:60:B6:D1:5E:2E:80:81:BF:90:B7:B6:C1:6E:CF:51
Certificate issuer:       /CN=afa474a5ea601c809291ee79bae3918964d0871e
Certificate serial:       018CC2DB01983AE0313CA1B4DA5186EB93D6
Authority key identifier: AF:A4:74:A5:EA:60:1C:80:92:91:EE:79:BA:E3:91:89:64:D0:87:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r6R0pepgHICSke55uuORiWTQhx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/MztRw1VgttFeLoCBv5C3tsFuz1E.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39803
IP address blocks:        195.189.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/r6R0pepgHICSke55uuORiWTQhx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/r6R0pepgHICSke55uuORiWTQhx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r6R0pepgHICSke55uuORiWTQhx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:98:3a:e0:31:3c:a1:b4:da:51:86:eb:93:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afa474a5ea601c809291ee79bae3918964d0871e
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=333b51c35560b6d15e2e8081bf90b7b6c16ecf51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f3:80:1a:4b:2e:0a:6c:a9:c6:af:17:fc:52:
                    0a:1f:24:67:46:28:f1:a5:a8:5a:00:7b:3c:ce:2b:
                    5a:80:43:bc:c2:c1:e3:9b:7d:97:f6:37:78:f8:ef:
                    8a:e8:27:31:85:d8:29:5a:14:04:bc:59:c8:88:b1:
                    0c:08:ae:9d:9a:47:5c:7b:6d:19:29:a7:4a:b3:0e:
                    d3:e7:f5:cb:8a:b2:a9:7e:96:61:2a:f7:c8:3e:a2:
                    73:06:4a:61:e6:d9:6f:9d:db:77:d6:cc:b7:f0:b8:
                    11:88:e7:87:5a:9f:af:24:97:d8:f8:2d:9e:00:51:
                    ff:46:a8:1c:5a:cc:70:a1:5b:7f:9d:54:bd:e7:d1:
                    e2:ab:67:ee:d7:55:99:29:94:a8:f0:82:9e:fc:a0:
                    10:95:dd:14:4b:19:e9:c5:06:38:1a:1a:2c:30:6c:
                    d6:1e:34:40:a2:5f:f1:9b:7a:37:5d:28:77:2a:1a:
                    32:a7:6a:fa:d9:22:aa:e1:04:db:3b:0a:2d:26:b2:
                    ff:e8:db:a7:fb:4d:05:84:d5:e3:bb:6f:b2:4f:a3:
                    57:2d:b8:b1:90:3f:b3:12:45:75:f3:76:37:d6:5d:
                    3a:d9:e0:c5:d5:a2:99:4c:65:6a:fb:f9:d0:3f:fc:
                    26:53:3f:06:32:09:b3:43:32:00:99:55:31:9b:24:
                    29:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:3B:51:C3:55:60:B6:D1:5E:2E:80:81:BF:90:B7:B6:C1:6E:CF:51
            X509v3 Authority Key Identifier:
                keyid:AF:A4:74:A5:EA:60:1C:80:92:91:EE:79:BA:E3:91:89:64:D0:87:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r6R0pepgHICSke55uuORiWTQhx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/MztRw1VgttFeLoCBv5C3tsFuz1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/cc4d76-3ae9-491e-9bd2-193cc61bce61/1/r6R0pepgHICSke55uuORiWTQhx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:cb:f1:81:e3:80:d2:79:f3:1a:40:aa:3f:1e:5f:a4:93:88:
         73:be:a4:b7:c1:3f:99:16:85:f1:98:23:1e:5a:66:f0:3d:d7:
         88:1f:be:e7:6a:1c:a9:2c:97:64:67:b9:e7:10:95:fe:a5:d3:
         69:b8:df:5d:bf:b3:2f:fb:96:9b:cd:6e:36:d6:9c:f7:2c:7c:
         52:a1:d2:5c:c1:c4:c8:1f:5c:4e:92:7b:01:bf:86:a8:9c:0d:
         d8:ee:4f:5f:b0:4e:b3:0a:54:73:45:f5:94:bd:a6:fb:19:b6:
         68:66:33:26:a5:3f:0d:3e:eb:82:b2:7a:f1:89:ba:da:59:59:
         7b:11:c8:bd:f2:af:f6:86:4e:fb:bd:61:20:39:5b:41:e4:12:
         c2:fd:03:15:a8:b1:d7:98:20:bb:d5:82:4b:34:a3:a4:5e:cc:
         b7:de:d5:b8:1e:60:bf:10:19:a7:ee:a2:72:51:b0:26:e9:01:
         35:1e:46:9d:df:c8:96:b9:a2:59:45:52:f1:3a:b2:b4:f3:4f:
         22:9c:98:92:2b:23:b7:73:b0:dd:2d:4b:d0:c4:9b:92:a4:28:
         32:70:e1:45:f9:7c:fd:cb:44:0e:12:43:6f:e1:06:e7:b8:31:
         cd:34:83:e5:e2:fa:72:77:62:76:a8:3a:55:36:d4:d4:74:30:
         40:58:59:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wGYOuAxPKG02lGG65PWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYTQ3NGE1ZWE2MDFjODA5MjkxZWU3OWJhZTM5MTg5NjRk
MDg3MWUwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNiNTFjMzU1NjBiNmQxNWUyZTgwODFiZjkwYjdiNmMxNmVjZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/OAGksuCmypxq8X/FIKHyRnRijx
pahaAHs8zitagEO8wsHjm32X9jd4+O+K6CcxhdgpWhQEvFnIiLEMCK6dmkdce20Z
KadKsw7T5/XLirKpfpZhKvfIPqJzBkph5tlvndt31sy38LgRiOeHWp+vJJfY+C2e
AFH/RqgcWsxwoVt/nVS959Hiq2fu11WZKZSo8IKe/KAQld0USxnpxQY4GhosMGzW
HjRAol/xm3o3XSh3Khoyp2r62SKq4QTbOwotJrL/6Nun+00FhNXju2+yT6NXLbix
kD+zEkV183Y31l062eDF1aKZTGVq+/nQP/wmUz8GMgmzQzIAmVUxmyQpxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDM7UcNVYLbRXi6Agb+Qt7bBbs9RMB8GA1UdIwQY
MBaAFK+kdKXqYByAkpHuebrjkYlk0IceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjZSMHBlcGdISUNTa2U1NXV1T1JpV1RRaHg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9jYzRkNzYtM2FlOS00OTFlLTliZDIt
MTkzY2M2MWJjZTYxLzEvTXp0UncxVmd0dEZlTG9DQnY1QzN0c0Z1ejFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9jYzRkNzYtM2FlOS00OTFlLTliZDItMTkzY2M2MWJjZTYx
LzEvcjZSMHBlcGdISUNTa2U1NXV1T1JpV1RRaHg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw72KMA0G
CSqGSIb3DQEBCwUAA4IBAQCKy/GB44DSefMaQKo/Hl+kk4hzvqS3wT+ZFoXxmCMe
WmbwPdeIH77nahypLJdkZ7nnEJX+pdNpuN9dv7Mv+5abzW421pz3LHxSodJcwcTI
H1xOknsBv4aonA3Y7k9fsE6zClRzRfWUvab7GbZoZjMmpT8NPuuCsnrxibraWVl7
Eci98q/2hk77vWEgOVtB5BLC/QMVqLHXmCC71YJLNKOkXsy33tW4HmC/EBmn7qJy
UbAm6QE1Hkad38iWuaJZRVLxOrK0808inJiSKyO3c7DdLUvQxJuSpCgycOFF+Xz9
y0QOEkNv4QbnuDHNNIPl4vpyd2J2qDpVNtTUdDBAWFn7
-----END CERTIFICATE-----