Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/MXvEiO-yRBychltLNeVCG305pG0.roa
File:                     MXvEiO-yRBychltLNeVCG305pG0.roa (raw, json)
Hash identifier:          NGGKU0vaEtZ+QGKXGgEEpCzi3r9muOvXGtD3HaSjGbE=
Subject key identifier:   31:7B:C4:88:EF:B2:44:1C:9C:86:5B:4B:35:E5:42:1B:7D:39:A4:6D
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF6D434BA4E65FF7C80D5E63D9055
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/MXvEiO-yRBychltLNeVCG305pG0.roa
Signing time:             Tue 02 Jan 2024 04:30:30 +0000
ROA not before:           Tue 02 Jan 2024 04:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204348
IP address blocks:        176.236.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f6:d4:34:ba:4e:65:ff:7c:80:d5:e6:3d:90:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=317bc488efb2441c9c865b4b35e5421b7d39a46d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:68:7d:83:02:c7:af:7d:42:5f:0a:e7:b8:9b:
                    51:6b:ac:12:aa:7b:fe:5b:2d:e6:bf:00:17:e4:8c:
                    8b:fc:17:b1:ea:41:c3:68:e6:ef:18:87:98:e6:3b:
                    88:3b:27:95:e3:ae:00:ff:36:84:7c:16:b5:a9:d3:
                    10:0e:cf:76:34:aa:85:55:82:8b:8d:fb:18:c4:ad:
                    bc:da:62:57:e7:b4:bd:d8:f8:b9:77:30:f5:1f:78:
                    1e:a6:69:10:dd:7f:2d:98:56:f0:25:f1:1a:9d:45:
                    ef:08:44:1d:a6:85:9d:78:50:01:ae:be:6f:8a:39:
                    2f:09:b3:f6:02:cd:1e:22:84:89:ac:ed:83:da:4a:
                    2f:06:49:ff:b7:3b:23:bc:e7:b3:12:df:c8:5f:0e:
                    ef:ce:86:60:a6:b7:00:e7:72:51:eb:5b:bd:ea:65:
                    e0:db:20:77:f6:a2:2e:00:d0:a5:99:ca:1b:85:ca:
                    e0:4a:11:5d:f5:f1:3e:1c:32:17:f9:84:be:4f:cc:
                    e4:c4:04:18:1e:f5:74:3c:36:ad:fb:ee:7f:76:58:
                    b1:59:d8:3c:3e:b0:b3:22:df:1b:e1:15:d7:66:bb:
                    dc:1f:af:d3:2b:97:fa:ec:96:7c:e8:80:0b:ec:ac:
                    01:94:3b:9e:42:5a:5b:1f:84:ff:8b:61:4b:22:eb:
                    d8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:7B:C4:88:EF:B2:44:1C:9C:86:5B:4B:35:E5:42:1B:7D:39:A4:6D
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/MXvEiO-yRBychltLNeVCG305pG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.236.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:07:ce:28:57:eb:73:d8:77:d2:ee:89:47:8a:b4:40:8e:ad:
         b6:8e:13:d7:21:f4:19:65:a1:dc:ad:6f:14:08:6e:8a:07:c2:
         db:2e:7e:5d:74:2a:a9:0a:39:bb:7a:7d:ac:8d:32:49:04:59:
         e6:36:b6:72:1a:d3:d8:c9:a9:93:91:1c:bb:51:e5:9c:a2:05:
         57:3c:17:34:e3:ec:ee:df:38:ca:a5:26:35:29:d1:a8:16:cc:
         be:30:15:43:96:c5:c0:1c:a2:65:0f:80:24:6e:03:7f:d1:22:
         d6:03:25:9c:ea:d0:80:e8:c5:f9:db:41:d6:7b:da:07:38:28:
         50:8c:cf:a9:76:9b:82:0b:02:05:bf:84:d6:af:b5:38:a5:5a:
         27:bc:3c:31:97:1f:d5:88:da:cf:80:88:01:5e:85:d0:36:9d:
         db:9a:d3:25:bd:db:c7:e5:ce:11:62:fa:97:13:9a:de:d6:6c:
         da:e5:2e:41:13:4f:28:2c:19:d3:83:da:43:28:ca:07:c9:00:
         da:cb:af:93:7d:9f:4a:30:c7:90:f7:d2:7f:79:b2:43:5b:33:
         77:29:81:ae:64:49:49:b3:ce:b2:c2:9f:f8:4d:4b:d5:38:36:
         e0:ed:a7:b4:6f:62:4f:76:4e:4d:8a:cf:5f:43:fa:4d:90:53:
         04:c2:52:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/bUNLpOZf98gNXmPZBVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdiYzQ4OGVmYjI0NDFjOWM4NjViNGIzNWU1NDIxYjdkMzlhNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGh9gwLHr31CXwrnuJtRa6wSqnv+
Wy3mvwAX5IyL/Bex6kHDaObvGIeY5juIOyeV464A/zaEfBa1qdMQDs92NKqFVYKL
jfsYxK282mJX57S92Pi5dzD1H3gepmkQ3X8tmFbwJfEanUXvCEQdpoWdeFABrr5v
ijkvCbP2As0eIoSJrO2D2kovBkn/tzsjvOezEt/IXw7vzoZgprcA53JR61u96mXg
2yB39qIuANClmcobhcrgShFd9fE+HDIX+YS+T8zkxAQYHvV0PDat++5/dlixWdg8
PrCzIt8b4RXXZrvcH6/TK5f67JZ86IAL7KwBlDueQlpbH4T/i2FLIuvYbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF7xIjvskQcnIZbSzXlQht9OaRtMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTVh2RWlPLXlSQnljaGx0TE5lVkNHMzA1cEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOz5MA0G
CSqGSIb3DQEBCwUAA4IBAQBIB84oV+tz2HfS7olHirRAjq22jhPXIfQZZaHcrW8U
CG6KB8LbLn5ddCqpCjm7en2sjTJJBFnmNrZyGtPYyamTkRy7UeWcogVXPBc04+zu
3zjKpSY1KdGoFsy+MBVDlsXAHKJlD4AkbgN/0SLWAyWc6tCA6MX520HWe9oHOChQ
jM+pdpuCCwIFv4TWr7U4pVonvDwxlx/ViNrPgIgBXoXQNp3bmtMlvdvH5c4RYvqX
E5re1mza5S5BE08oLBnTg9pDKMoHyQDay6+TfZ9KMMeQ99J/ebJDWzN3KYGuZElJ
s86ywp/4TUvVODbg7ae0b2JPdk5Nis9fQ/pNkFMEwlJ7
-----END CERTIFICATE-----