Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MRP-oT_6G5OLLzqETaiDgEMUkUk.roa
File:                     MRP-oT_6G5OLLzqETaiDgEMUkUk.roa (raw, json)
Hash identifier:          RrtpFLYFD4F/8xMDGz5j0Bm0n46cNZZjdIiOnU+UyOs=
Subject key identifier:   31:13:FE:A1:3F:FA:1B:93:8B:2F:3A:84:4D:A8:83:80:43:14:91:49
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018E0A268DC8560F6B155FB3A28730D2B753
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MRP-oT_6G5OLLzqETaiDgEMUkUk.roa
Signing time:             Mon 04 Mar 2024 15:48:02 +0000
ROA not before:           Mon 04 Mar 2024 15:48:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39087
IP address blocks:        46.8.6.0/23 maxlen: 32
                          109.248.36.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:26:8d:c8:56:0f:6b:15:5f:b3:a2:87:30:d2:b7:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Mar  4 15:48:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3113fea13ffa1b938b2f3a844da8838043149149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:87:f3:96:33:8b:87:ad:26:89:b9:d9:0e:23:
                    c6:a3:77:9f:a8:d1:81:f0:6d:5d:fe:93:47:46:c5:
                    17:85:f4:fe:d9:a1:74:65:9a:ca:6f:dd:24:2f:e1:
                    35:7c:a4:ef:47:69:72:42:1f:30:3b:45:ab:ae:4f:
                    d7:87:a8:b8:61:8e:c4:8f:56:51:c4:29:be:cb:05:
                    eb:57:b8:8c:02:b5:a8:b5:a9:c9:a6:bb:bf:1f:5d:
                    84:4d:dc:f5:8b:f4:48:d4:9c:92:35:74:37:f6:2d:
                    f5:37:46:cc:24:d5:e9:95:6f:23:12:9c:ea:ff:c2:
                    c6:a8:3f:49:f4:89:9a:6f:ce:35:59:91:a9:3b:fd:
                    77:c8:e3:e0:5f:5a:90:f0:5e:4a:71:26:f5:14:c4:
                    ce:57:5f:5a:f6:0e:53:0b:e5:a7:92:67:8d:27:94:
                    c7:3e:83:67:87:e4:04:cc:dc:c3:37:e8:44:b4:5e:
                    7f:55:92:71:79:3a:e6:4d:f5:de:87:78:b9:38:8b:
                    c0:99:14:a3:97:ed:e5:9a:55:76:a3:0b:68:bf:36:
                    aa:78:c4:c9:eb:3b:2e:c5:65:c9:5a:e3:ab:05:09:
                    88:ed:1f:25:b1:a6:8a:55:68:e8:ec:0f:bd:b1:bf:
                    1b:82:63:0e:68:65:b7:0a:fa:c5:4f:31:ee:dd:22:
                    0f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:13:FE:A1:3F:FA:1B:93:8B:2F:3A:84:4D:A8:83:80:43:14:91:49
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/MRP-oT_6G5OLLzqETaiDgEMUkUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.6.0/23
                  109.248.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:a6:d3:de:de:25:84:f4:e8:7a:8e:8f:90:11:88:fe:6c:be:
         81:d3:13:7c:38:34:cf:22:e3:51:31:71:82:b5:15:f1:5d:49:
         57:41:9d:db:3e:a2:4d:6b:5d:56:08:e3:5a:bb:78:f2:f8:e6:
         31:0c:ec:8b:b7:38:51:af:b4:de:61:59:15:75:5f:1f:9f:fe:
         cc:29:47:7b:7d:fa:62:6a:a2:03:89:3d:0d:ce:ef:59:3c:00:
         3b:39:d3:59:56:3b:37:f9:1e:4f:66:cb:fd:d3:7d:e3:e8:57:
         84:69:cc:49:f0:bd:4c:58:a9:7e:17:1d:9f:be:05:c6:a0:f3:
         cd:a6:c1:5c:f5:6e:7f:40:6d:f2:eb:b0:d6:f5:c0:10:4e:b1:
         d9:88:b3:a6:b0:38:65:41:23:41:d8:32:d9:af:34:48:13:ed:
         aa:89:e3:d8:02:17:87:61:96:de:64:49:b5:bc:a1:cd:10:04:
         1a:3c:43:ec:f1:e3:a4:93:ee:85:b4:a2:dc:cd:5f:e1:6f:f8:
         4c:9e:f9:cd:4b:56:05:11:12:22:2e:d2:b2:b3:fd:34:14:bb:
         b6:d2:be:3b:52:e1:a4:86:39:0c:e2:21:39:e8:3a:13:65:78:
         fc:82:a3:08:88:82:10:a4:1b:68:3b:0d:3b:3e:40:1a:5d:1d:
         6b:cb:29:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4KJo3IVg9rFV+zoocw0rdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMzA0MTU0ODAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTEzZmVhMTNmZmExYjkzOGIyZjNhODQ0ZGE4ODM4MDQzMTQ5MTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IfzljOLh60mibnZDiPGo3efqNGB
8G1d/pNHRsUXhfT+2aF0ZZrKb90kL+E1fKTvR2lyQh8wO0Wrrk/Xh6i4YY7Ej1ZR
xCm+ywXrV7iMArWotanJpru/H12ETdz1i/RI1JySNXQ39i31N0bMJNXplW8jEpzq
/8LGqD9J9Imab841WZGpO/13yOPgX1qQ8F5KcSb1FMTOV19a9g5TC+WnkmeNJ5TH
PoNnh+QEzNzDN+hEtF5/VZJxeTrmTfXeh3i5OIvAmRSjl+3lmlV2owtovzaqeMTJ
6zsuxWXJWuOrBQmI7R8lsaaKVWjo7A+9sb8bgmMOaGW3CvrFTzHu3SIPRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDET/qE/+huTiy86hE2og4BDFJFJMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvTVJQLW9UXzZHNU9MTHpxRVRhaURnRU1Va1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLggGAwQB
bfgkMA0GCSqGSIb3DQEBCwUAA4IBAQBCptPe3iWE9Oh6jo+QEYj+bL6B0xN8ODTP
IuNRMXGCtRXxXUlXQZ3bPqJNa11WCONau3jy+OYxDOyLtzhRr7TeYVkVdV8fn/7M
KUd7ffpiaqIDiT0Nzu9ZPAA7OdNZVjs3+R5PZsv9033j6FeEacxJ8L1MWKl+Fx2f
vgXGoPPNpsFc9W5/QG3y67DW9cAQTrHZiLOmsDhlQSNB2DLZrzRIE+2qiePYAheH
YZbeZEm1vKHNEAQaPEPs8eOkk+6FtKLczV/hb/hMnvnNS1YFERIiLtKys/00FLu2
0r47UuGkhjkM4iE56DoTZXj8gqMIiIIQpBtoOw07PkAaXR1ryykx
-----END CERTIFICATE-----