Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MJUxuWQumlu8Gc2gTyWZYfBz-NU.roa
File:                     MJUxuWQumlu8Gc2gTyWZYfBz-NU.roa (raw, json)
Hash identifier:          XMlST6BZ9HM4/jGYQHvgECg4IUx55lz14NZ0igrJqJM=
Subject key identifier:   30:95:31:B9:64:2E:9A:5B:BC:19:CD:A0:4F:25:99:61:F0:73:F8:D5
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01930152277E963577161C4DA4092BB1362B
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MJUxuWQumlu8Gc2gTyWZYfBz-NU.roa
Signing time:             Wed 06 Nov 2024 11:53:01 +0000
ROA not before:           Wed 06 Nov 2024 11:53:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213912
IP address blocks:        46.8.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:52:27:7e:96:35:77:16:1c:4d:a4:09:2b:b1:36:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Nov  6 11:53:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=309531b9642e9a5bbc19cda04f259961f073f8d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:97:e3:52:b2:9a:1a:13:14:52:e5:aa:18:a0:
                    45:8e:ac:32:73:11:62:83:99:db:dd:f6:89:7d:6b:
                    64:c6:3e:8a:3c:99:f9:dc:2e:50:90:f4:ea:8e:44:
                    86:60:03:6c:73:7c:de:23:35:a3:ba:09:3a:8e:cc:
                    6d:53:32:f2:71:3f:3f:24:18:41:3f:a9:b6:b7:38:
                    25:a2:53:06:9c:41:fd:59:13:a4:8b:c6:b8:58:af:
                    ec:0f:db:51:10:e7:01:9f:d7:a8:96:2c:d2:1c:83:
                    12:46:65:49:fe:09:d3:ab:94:b6:e5:db:50:e5:f9:
                    a9:67:ee:15:7a:28:84:3e:11:64:f6:67:27:b1:a1:
                    e4:01:23:77:29:33:97:68:02:cf:25:96:7c:33:65:
                    17:8d:02:c1:10:d3:f2:b3:cc:33:3e:cf:e4:4e:43:
                    d2:ec:4b:79:66:70:60:28:a1:50:4d:5c:65:95:ce:
                    80:5b:37:1a:b3:6d:03:df:9e:c2:64:0f:da:df:95:
                    88:6f:94:75:bc:24:2f:62:2c:c5:a6:c7:50:dd:2a:
                    f0:e2:c2:f2:c6:33:3b:49:41:5b:4b:c9:b1:8b:28:
                    40:87:a6:08:c6:dd:af:74:80:23:0d:ad:39:f8:84:
                    d4:ea:c9:6b:21:d5:a8:6b:5c:84:0d:f6:e7:4c:43:
                    c7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:95:31:B9:64:2E:9A:5B:BC:19:CD:A0:4F:25:99:61:F0:73:F8:D5
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MJUxuWQumlu8Gc2gTyWZYfBz-NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f4:68:45:4c:bd:de:0c:36:9b:e3:ca:b3:c4:f6:cc:82:38:
         22:1c:82:1a:57:72:03:a5:1a:83:79:b7:42:de:c5:63:c3:b4:
         63:50:0b:37:26:2e:8b:72:39:90:31:a0:bc:89:0e:d0:89:f1:
         34:fd:03:52:58:d4:3d:7f:6a:45:e7:30:20:8d:0c:0b:bf:e9:
         16:2d:8e:63:8b:93:37:19:24:63:73:f1:68:79:e4:65:2a:11:
         77:b4:67:97:db:6f:82:a1:76:73:0b:52:98:d7:fc:12:f8:26:
         b2:e5:67:ac:a8:ab:dc:13:f6:42:18:f2:ee:6b:30:00:0e:75:
         25:31:8d:b5:64:2e:10:b8:96:fb:42:d8:2a:40:d8:07:7f:b2:
         a0:56:0a:d9:c8:8e:b5:6e:14:fa:86:37:a9:05:7f:3c:e1:d7:
         df:e3:ee:ee:1b:c6:a6:e5:80:fd:e4:00:15:fb:52:41:05:60:
         2a:e0:aa:1b:3e:5d:7b:7e:18:9f:ae:c8:ab:4a:81:81:47:55:
         ee:93:12:ad:8b:8e:d5:43:cf:51:d6:1e:26:d2:6d:72:ae:ea:
         ec:0b:e2:fa:66:96:52:af:bc:5d:83:9b:58:44:cb:b5:53:15:
         42:f0:b5:66:3d:7c:08:8e:08:a8:ff:e7:88:70:cf:1d:7e:8a:
         43:49:0c:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMBUid+ljV3FhxNpAkrsTYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQxMTA2MTE1MzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk1MzFiOTY0MmU5YTViYmMxOWNkYTA0ZjI1OTk2MWYwNzNmOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JfjUrKaGhMUUuWqGKBFjqwycxFi
g5nb3faJfWtkxj6KPJn53C5QkPTqjkSGYANsc3zeIzWjugk6jsxtUzLycT8/JBhB
P6m2tzglolMGnEH9WROki8a4WK/sD9tREOcBn9eolizSHIMSRmVJ/gnTq5S25dtQ
5fmpZ+4VeiiEPhFk9mcnsaHkASN3KTOXaALPJZZ8M2UXjQLBENPys8wzPs/kTkPS
7Et5ZnBgKKFQTVxllc6AWzcas20D357CZA/a35WIb5R1vCQvYizFpsdQ3Srw4sLy
xjM7SUFbS8mxiyhAh6YIxt2vdIAjDa05+ITU6slrIdWoa1yEDfbnTEPH9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCVMblkLppbvBnNoE8lmWHwc/jVMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvTUpVeHVXUXVtbHU4R2MyZ1R5V1pZZkJ6LU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALghCMA0G
CSqGSIb3DQEBCwUAA4IBAQAn9GhFTL3eDDab48qzxPbMgjgiHIIaV3IDpRqDebdC
3sVjw7RjUAs3Ji6LcjmQMaC8iQ7QifE0/QNSWNQ9f2pF5zAgjQwLv+kWLY5ji5M3
GSRjc/FoeeRlKhF3tGeX22+CoXZzC1KY1/wS+Cay5WesqKvcE/ZCGPLuazAADnUl
MY21ZC4QuJb7QtgqQNgHf7KgVgrZyI61bhT6hjepBX884dff4+7uG8am5YD95AAV
+1JBBWAq4KobPl17fhifrsirSoGBR1XukxKti47VQ89R1h4m0m1yrursC+L6ZpZS
r7xdg5tYRMu1UxVC8LVmPXwIjgio/+eIcM8dfopDSQyE
-----END CERTIFICATE-----