Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/d95f15-2a2d-465b-a822-c8ee46648dbf/1/MhvWAE50wkc3iJBUqAcAxpSswow.roa
File:                     MhvWAE50wkc3iJBUqAcAxpSswow.roa (raw, json)
Hash identifier:          oKAzseOxraW1Cu5QLTDmdb2JApt4G3EYO/O1eCjIMoM=
Subject key identifier:   32:1B:D6:00:4E:74:C2:47:37:88:90:54:A8:07:00:C6:94:AC:C2:8C
Certificate issuer:       /CN=976ba6229c459d7695d3529b1207e2c29b0842b1
Certificate serial:       018CC34891B1394B5F396F61BD057DC03A43
Authority key identifier: 97:6B:A6:22:9C:45:9D:76:95:D3:52:9B:12:07:E2:C2:9B:08:42:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l2umIpxFnXaV01KbEgfiwpsIQrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/d95f15-2a2d-465b-a822-c8ee46648dbf/1/MhvWAE50wkc3iJBUqAcAxpSswow.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12516
IP address blocks:        195.54.48.0/23 maxlen: 24
                          91.216.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/d95f15-2a2d-465b-a822-c8ee46648dbf/1/l2umIpxFnXaV01KbEgfiwpsIQrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/d95f15-2a2d-465b-a822-c8ee46648dbf/1/l2umIpxFnXaV01KbEgfiwpsIQrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l2umIpxFnXaV01KbEgfiwpsIQrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:91:b1:39:4b:5f:39:6f:61:bd:05:7d:c0:3a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=976ba6229c459d7695d3529b1207e2c29b0842b1
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=321bd6004e74c24737889054a80700c694acc28c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d6:5f:06:00:67:2b:b0:9d:23:8e:14:12:d5:
                    d9:0d:2f:8e:01:51:08:5f:41:72:c5:af:71:c8:fa:
                    88:c2:03:ae:33:95:f6:a9:ec:ad:58:52:86:1f:2b:
                    5a:d1:81:4c:b6:d6:69:56:bf:85:55:3e:36:54:dc:
                    42:16:ce:e4:6d:ba:30:be:17:bc:22:06:c1:c9:df:
                    7c:e7:13:e4:83:07:a1:19:ec:96:b3:0c:47:c3:b0:
                    8b:14:3f:c3:10:ed:11:3c:6d:86:f6:fe:4c:e0:f1:
                    22:86:6e:56:07:3d:e4:0b:fe:7d:fa:a0:25:ce:eb:
                    9a:a1:ec:ff:72:3b:5e:f6:38:ef:70:b3:dc:c0:6b:
                    ab:b9:92:be:86:fb:0c:90:f8:05:15:2e:ed:0d:01:
                    cb:3e:ce:1b:22:42:ef:86:26:d9:83:f6:52:ce:d5:
                    22:34:0d:f4:48:ef:45:29:43:8a:82:bb:5f:01:51:
                    78:61:17:7d:cc:26:c6:76:7e:90:da:4c:73:00:ee:
                    ac:b2:ff:16:4d:f5:76:82:ae:58:b2:4e:28:a4:f4:
                    13:06:43:4e:52:cd:6b:cb:fb:83:07:5b:36:f4:69:
                    82:3c:76:d4:99:42:58:6d:92:3d:c1:34:37:48:ee:
                    62:9b:67:f4:10:74:6d:71:94:da:e5:83:02:0c:b9:
                    60:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1B:D6:00:4E:74:C2:47:37:88:90:54:A8:07:00:C6:94:AC:C2:8C
            X509v3 Authority Key Identifier:
                keyid:97:6B:A6:22:9C:45:9D:76:95:D3:52:9B:12:07:E2:C2:9B:08:42:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l2umIpxFnXaV01KbEgfiwpsIQrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/d95f15-2a2d-465b-a822-c8ee46648dbf/1/MhvWAE50wkc3iJBUqAcAxpSswow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/d95f15-2a2d-465b-a822-c8ee46648dbf/1/l2umIpxFnXaV01KbEgfiwpsIQrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.195.0/24
                  195.54.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:aa:e6:b1:d3:58:a5:9c:3d:12:80:27:4d:52:d6:fd:48:37:
         db:df:58:5f:f2:02:58:11:3f:76:66:a4:95:19:4b:6c:11:a6:
         e2:da:85:9b:62:70:d1:7e:91:0b:13:18:13:f1:53:7d:45:6c:
         a2:40:f2:e1:6d:b5:64:d2:b6:5f:ee:37:3c:2a:21:61:c6:d4:
         39:12:9a:4a:2e:78:bf:4d:19:52:83:ce:4f:55:20:39:33:ac:
         13:79:66:b5:e3:7a:d2:b6:64:fa:35:0a:45:7c:31:6d:b6:45:
         92:3c:d3:c2:07:49:59:fa:0a:08:ff:6b:2b:5f:c2:38:89:d4:
         a5:91:d1:65:2e:52:a2:f3:a7:1c:3b:80:bb:e3:28:34:38:a6:
         46:79:93:24:a0:e9:e6:19:1b:23:a2:88:5f:d5:68:0c:09:6f:
         76:97:5f:34:58:d5:64:10:08:a0:26:22:7e:9c:65:57:f6:fa:
         87:dc:08:d3:ec:46:64:47:f7:68:3d:75:a1:73:b7:8a:6c:9d:
         d9:d7:51:17:94:9b:b2:0e:9f:cf:b9:ef:ed:d7:d2:0f:e1:7d:
         7b:3c:3a:23:6f:52:d9:43:e5:ac:39:f6:02:9c:44:ae:bb:3c:
         8e:2d:78:91:67:ba:bc:df:42:7f:0e:85:36:d8:7b:49:92:f9:
         f4:24:0e:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSJGxOUtfOW9hvQV9wDpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NmJhNjIyOWM0NTlkNzY5NWQzNTI5YjEyMDdlMmMyOWIw
ODQyYjEwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjFiZDYwMDRlNzRjMjQ3Mzc4ODkwNTRhODA3MDBjNjk0YWNjMjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9ZfBgBnK7CdI44UEtXZDS+OAVEI
X0Fyxa9xyPqIwgOuM5X2qeytWFKGHyta0YFMttZpVr+FVT42VNxCFs7kbbowvhe8
IgbByd985xPkgwehGeyWswxHw7CLFD/DEO0RPG2G9v5M4PEihm5WBz3kC/59+qAl
zuuaoez/cjte9jjvcLPcwGuruZK+hvsMkPgFFS7tDQHLPs4bIkLvhibZg/ZSztUi
NA30SO9FKUOKgrtfAVF4YRd9zCbGdn6Q2kxzAO6ssv8WTfV2gq5Ysk4opPQTBkNO
Us1ry/uDB1s29GmCPHbUmUJYbZI9wTQ3SO5im2f0EHRtcZTa5YMCDLlgrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDIb1gBOdMJHN4iQVKgHAMaUrMKMMB8GA1UdIwQY
MBaAFJdrpiKcRZ12ldNSmxIH4sKbCEKxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDJ1bUlweEZuWGFWMDFLYkVnZml3cHNJUXJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9kOTVmMTUtMmEyZC00NjViLWE4MjIt
YzhlZTQ2NjQ4ZGJmLzEvTWh2V0FFNTB3a2MzaUpCVXFBY0F4cFNzd293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9kOTVmMTUtMmEyZC00NjViLWE4MjItYzhlZTQ2NjQ4ZGJm
LzEvbDJ1bUlweEZuWGFWMDFLYkVnZml3cHNJUXJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9jDAwQB
wzYwMA0GCSqGSIb3DQEBCwUAA4IBAQByquax01ilnD0SgCdNUtb9SDfb31hf8gJY
ET92ZqSVGUtsEabi2oWbYnDRfpELExgT8VN9RWyiQPLhbbVk0rZf7jc8KiFhxtQ5
EppKLni/TRlSg85PVSA5M6wTeWa143rStmT6NQpFfDFttkWSPNPCB0lZ+goI/2sr
X8I4idSlkdFlLlKi86ccO4C74yg0OKZGeZMkoOnmGRsjoohf1WgMCW92l180WNVk
EAigJiJ+nGVX9vqH3AjT7EZkR/doPXWhc7eKbJ3Z11EXlJuyDp/Pue/t19IP4X17
PDojb1LZQ+WsOfYCnESuuzyOLXiRZ7q830J/DoU22HtJkvn0JA4y
-----END CERTIFICATE-----