Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/MVnJQ49sHBm5oBkTSCvVWU92AAI.roa
File:                     MVnJQ49sHBm5oBkTSCvVWU92AAI.roa (raw, json)
Hash identifier:          NuEIB/qiMaV/CnKAdDc64VtnAizdIzqz8lnmd7uk9YA=
Subject key identifier:   31:59:C9:43:8F:6C:1C:19:B9:A0:19:13:48:2B:D5:59:4F:76:00:02
Certificate issuer:       /CN=94306f68aea4bae124fac85f2c9aa3f5ae850113
Certificate serial:       0192C37FABDF35BA1AF19CF64A33E3FCC4B1
Authority key identifier: 94:30:6F:68:AE:A4:BA:E1:24:FA:C8:5F:2C:9A:A3:F5:AE:85:01:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lDBvaK6kuuEk-shfLJqj9a6FARM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/MVnJQ49sHBm5oBkTSCvVWU92AAI.roa
Signing time:             Fri 25 Oct 2024 11:46:17 +0000
ROA not before:           Fri 25 Oct 2024 11:46:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.81.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/lDBvaK6kuuEk-shfLJqj9a6FARM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/lDBvaK6kuuEk-shfLJqj9a6FARM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lDBvaK6kuuEk-shfLJqj9a6FARM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:7f:ab:df:35:ba:1a:f1:9c:f6:4a:33:e3:fc:c4:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94306f68aea4bae124fac85f2c9aa3f5ae850113
        Validity
            Not Before: Oct 25 11:46:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3159c9438f6c1c19b9a01913482bd5594f760002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:73:f1:78:d3:a6:cc:00:91:b7:cc:52:c5:4c:
                    aa:d9:c4:4f:e5:7c:16:c5:69:79:98:b2:90:c7:41:
                    46:b2:80:c2:38:94:1a:f5:e2:88:e7:e6:a1:70:3a:
                    23:42:b7:30:6b:c2:9d:45:80:78:78:78:5d:fb:bf:
                    1b:73:28:41:f8:2e:a4:1b:2d:e9:b3:28:da:72:5b:
                    b6:08:3f:57:05:01:22:76:c8:7e:f6:4f:03:78:f2:
                    1b:e1:53:e1:5d:6b:fa:63:d5:9b:aa:a1:c5:6c:6c:
                    72:c7:03:57:0c:7a:88:86:0b:e6:88:b1:64:04:bc:
                    c0:b8:1c:ec:d1:e1:ad:7c:ec:d8:41:83:7b:ca:e4:
                    9d:2e:bf:6f:d3:d5:eb:d9:ad:54:a1:99:f2:a4:9b:
                    d4:d8:80:ec:a3:d2:81:85:43:2e:88:e9:59:fc:1f:
                    66:a8:15:6d:69:5d:4d:4d:b8:39:1e:70:ad:9a:74:
                    07:42:fd:86:55:bb:6a:d9:65:e9:64:93:73:1d:d2:
                    51:1c:09:de:3a:8c:8c:31:f6:fc:ec:3e:14:36:29:
                    f3:73:51:30:90:5d:f4:89:a2:cb:d6:3f:85:64:cd:
                    86:1d:46:35:79:32:34:e2:a3:b5:a2:03:f3:e3:3f:
                    bb:85:2a:27:a1:21:ae:f1:71:27:01:27:12:ee:01:
                    57:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:59:C9:43:8F:6C:1C:19:B9:A0:19:13:48:2B:D5:59:4F:76:00:02
            X509v3 Authority Key Identifier:
                keyid:94:30:6F:68:AE:A4:BA:E1:24:FA:C8:5F:2C:9A:A3:F5:AE:85:01:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lDBvaK6kuuEk-shfLJqj9a6FARM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/MVnJQ49sHBm5oBkTSCvVWU92AAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5fd88e-ffb6-4652-a990-3d8bc89b4427/1/lDBvaK6kuuEk-shfLJqj9a6FARM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a9:33:e8:97:a3:d6:a8:ef:2d:b4:c0:21:b1:02:d9:32:fd:
         dd:2d:dc:3d:a5:69:c1:66:27:c1:a2:bb:fc:38:b7:1a:b3:ed:
         2b:54:d9:b9:ab:d5:7e:d2:c0:5a:a9:24:2f:71:51:ba:80:7f:
         46:1c:3b:fa:06:59:48:8f:e6:87:43:ef:c6:f8:ca:75:c2:88:
         6d:26:68:cc:04:13:96:fd:9a:da:cd:9c:dd:a0:33:1a:70:26:
         85:ee:d1:e0:20:11:2e:35:11:87:97:f8:d4:a9:ea:c5:11:54:
         8c:b2:e8:f5:ee:92:6c:fb:a2:e5:5b:05:6e:5d:c1:51:fe:c9:
         9e:2c:c2:7f:1e:5d:f8:0d:5e:d2:82:79:02:80:25:bd:ff:6a:
         64:f5:2b:aa:fc:1d:9c:6b:ad:a5:54:d8:c4:c8:9b:1b:83:bb:
         85:90:57:f5:35:57:4c:89:15:73:b4:d9:ac:6e:34:d9:38:b5:
         ac:a5:c0:17:3c:42:d5:76:7b:ed:c7:95:fa:16:6e:0f:df:65:
         c4:5e:c6:4f:a6:49:13:3b:10:8d:15:87:c8:34:f0:b3:7b:3e:
         62:fb:6f:6b:7b:72:5f:7a:29:aa:1a:e8:b9:f0:bb:d6:90:54:
         69:a6:68:3d:9c:32:2c:40:07:09:22:75:d6:df:43:60:12:38:
         6c:bc:71:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLDf6vfNboa8Zz2SjPj/MSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MzA2ZjY4YWVhNGJhZTEyNGZhYzg1ZjJjOWFhM2Y1YWU4
NTAxMTMwHhcNMjQxMDI1MTE0NjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTU5Yzk0MzhmNmMxYzE5YjlhMDE5MTM0ODJiZDU1OTRmNzYwMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnPxeNOmzACRt8xSxUyq2cRP5XwW
xWl5mLKQx0FGsoDCOJQa9eKI5+ahcDojQrcwa8KdRYB4eHhd+78bcyhB+C6kGy3p
syjaclu2CD9XBQEidsh+9k8DePIb4VPhXWv6Y9WbqqHFbGxyxwNXDHqIhgvmiLFk
BLzAuBzs0eGtfOzYQYN7yuSdLr9v09Xr2a1UoZnypJvU2IDso9KBhUMuiOlZ/B9m
qBVtaV1NTbg5HnCtmnQHQv2GVbtq2WXpZJNzHdJRHAneOoyMMfb87D4UNinzc1Ew
kF30iaLL1j+FZM2GHUY1eTI04qO1ogPz4z+7hSonoSGu8XEnAScS7gFX2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFZyUOPbBwZuaAZE0gr1VlPdgACMB8GA1UdIwQY
MBaAFJQwb2iupLrhJPrIXyyao/WuhQETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbERCdmFLNmt1dUVrLXNoZkxKcWo5YTZGQVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC81ZmQ4OGUtZmZiNi00NjUyLWE5OTAt
M2Q4YmM4OWI0NDI3LzEvTVZuSlE0OXNIQm01b0JrVFNDdlZXVTkyQUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC81ZmQ4OGUtZmZiNi00NjUyLWE5OTAtM2Q4YmM4OWI0NDI3
LzEvbERCdmFLNmt1dUVrLXNoZkxKcWo5YTZGQVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVG1MA0G
CSqGSIb3DQEBCwUAA4IBAQBFqTPol6PWqO8ttMAhsQLZMv3dLdw9pWnBZifBorv8
OLcas+0rVNm5q9V+0sBaqSQvcVG6gH9GHDv6BllIj+aHQ+/G+Mp1wohtJmjMBBOW
/ZrazZzdoDMacCaF7tHgIBEuNRGHl/jUqerFEVSMsuj17pJs+6LlWwVuXcFR/sme
LMJ/Hl34DV7SgnkCgCW9/2pk9Suq/B2ca62lVNjEyJsbg7uFkFf1NVdMiRVztNms
bjTZOLWspcAXPELVdnvtx5X6Fm4P32XEXsZPpkkTOxCNFYfINPCzez5i+29re3Jf
eimqGui58LvWkFRppmg9nDIsQAcJInXW30NgEjhsvHGd
-----END CERTIFICATE-----