Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Mg73Jgr4vsOmNjQRMNrlgFhlkgU.roa
File:                     Mg73Jgr4vsOmNjQRMNrlgFhlkgU.roa (raw, json)
Hash identifier:          ESNX9iTiyNTxuyg88/CA30/c7Po9blaV9ejWIodjKSs=
Subject key identifier:   32:0E:F7:26:0A:F8:BE:C3:A6:36:34:11:30:DA:E5:80:58:65:92:05
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CFC0A460F71572151F686FC767D0D625D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Mg73Jgr4vsOmNjQRMNrlgFhlkgU.roa
Signing time:             Fri 12 Jan 2024 04:59:40 +0000
ROA not before:           Fri 12 Jan 2024 04:59:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45650
IP address blocks:        188.253.96.0/21 maxlen: 24
                          188.253.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fc:0a:46:0f:71:57:21:51:f6:86:fc:76:7d:0d:62:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan 12 04:59:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=320ef7260af8bec3a636341130dae58058659205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0f:78:b9:17:fc:85:db:e4:43:1c:37:f9:72:
                    2c:d8:58:75:df:5c:46:c2:4b:5b:31:64:d2:64:ff:
                    23:ad:0d:fe:92:d7:47:0d:a5:2e:ba:e3:d6:52:b8:
                    aa:05:23:21:31:74:d1:2e:6f:19:c1:43:cb:71:b1:
                    73:ce:c9:b2:6f:c8:e2:38:82:7c:f9:f4:d8:a0:d4:
                    06:0f:0d:74:e5:e0:bc:b0:2f:e2:c0:2c:d2:64:6c:
                    7e:d2:ab:ed:7e:7f:ce:32:e1:86:a1:9e:e8:91:f8:
                    5f:41:ba:be:73:04:b2:69:7e:bc:f5:3e:a1:c3:8e:
                    e0:3a:78:f0:79:01:9e:31:1f:b2:c7:3d:3c:c2:f1:
                    18:74:87:da:02:c5:e0:9d:ac:fe:1d:f0:2f:0b:e7:
                    84:2e:14:23:79:6f:b8:d7:08:a8:02:ed:a4:e8:02:
                    ac:32:a5:48:54:b7:94:5d:2e:a5:6c:2d:05:fa:c2:
                    a3:c8:e2:81:18:f4:73:52:8e:4a:e0:10:0a:98:4e:
                    21:e4:ea:ed:fd:b4:13:6c:31:00:4f:4e:a3:77:cf:
                    97:e5:5a:c5:5a:c0:03:22:e0:0b:09:bb:52:92:70:
                    5a:c8:b0:6c:07:8e:46:90:c9:7e:fa:66:26:1e:3d:
                    13:87:f7:3a:3f:b5:e2:7f:e5:64:0f:1a:0b:da:e7:
                    7c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:0E:F7:26:0A:F8:BE:C3:A6:36:34:11:30:DA:E5:80:58:65:92:05
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Mg73Jgr4vsOmNjQRMNrlgFhlkgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.253.96.0-188.253.107.255

    Signature Algorithm: sha256WithRSAEncryption
         91:f3:5d:d7:21:bd:31:c4:b1:7f:cc:80:15:54:98:32:cc:a2:
         eb:6d:28:1f:ad:a4:fe:a5:89:75:4c:ba:1a:64:c9:b3:79:66:
         90:95:5d:7e:e1:c9:04:bd:47:45:5e:e2:6c:11:6a:3a:46:b0:
         03:ae:e1:f2:7a:9a:94:4b:bb:92:b7:50:0a:79:4c:9c:60:3e:
         a2:cf:46:1d:b8:56:56:9d:02:9f:d6:e2:fb:a7:d1:e7:01:71:
         03:1c:24:b0:aa:5a:f5:61:9f:de:42:ad:6a:d1:4e:68:66:61:
         79:06:75:4d:53:5b:61:17:72:77:8f:8c:d2:17:f5:e3:31:80:
         14:d1:94:a4:84:00:9c:1b:f7:da:d3:ba:27:41:c0:95:b0:e9:
         59:1c:a1:19:0c:84:f9:3d:d3:b5:df:d8:55:71:50:be:d0:07:
         bc:44:22:3c:88:bf:e1:70:71:ff:67:bf:3b:87:ec:e2:c9:bc:
         d4:7c:09:a4:ea:5d:4a:8c:49:2a:9b:fc:9d:67:e1:80:fc:76:
         18:59:f6:90:31:04:50:42:22:bc:f1:03:39:09:24:9b:00:3c:
         9e:ed:8b:b6:c0:90:36:3c:18:c9:83:d7:c8:5f:e0:bb:e0:ff:
         9d:e5:c1:f5:d7:d9:58:bd:95:73:77:ef:f3:2c:cc:23:b7:40:
         ba:3c:b7:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYz8CkYPcVchUfaG/HZ9DWJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTEyMDQ1OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjBlZjcyNjBhZjhiZWMzYTYzNjM0MTEzMGRhZTU4MDU4NjU5MjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqg94uRf8hdvkQxw3+XIs2Fh131xG
wktbMWTSZP8jrQ3+ktdHDaUuuuPWUriqBSMhMXTRLm8ZwUPLcbFzzsmyb8jiOIJ8
+fTYoNQGDw105eC8sC/iwCzSZGx+0qvtfn/OMuGGoZ7okfhfQbq+cwSyaX689T6h
w47gOnjweQGeMR+yxz08wvEYdIfaAsXgnaz+HfAvC+eELhQjeW+41wioAu2k6AKs
MqVIVLeUXS6lbC0F+sKjyOKBGPRzUo5K4BAKmE4h5Ort/bQTbDEAT06jd8+X5VrF
WsADIuALCbtSknBayLBsB45GkMl++mYmHj0Th/c6P7Xif+VkDxoL2ud8CwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDIO9yYK+L7DpjY0ETDa5YBYZZIFMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTWc3M0pncjR2c09tTmpRUk1OcmxnRmhsa2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW8/WAD
BAK8/WgwDQYJKoZIhvcNAQELBQADggEBAJHzXdchvTHEsX/MgBVUmDLMouttKB+t
pP6liXVMuhpkybN5ZpCVXX7hyQS9R0Ve4mwRajpGsAOu4fJ6mpRLu5K3UAp5TJxg
PqLPRh24VladAp/W4vun0ecBcQMcJLCqWvVhn95CrWrRTmhmYXkGdU1TW2EXcneP
jNIX9eMxgBTRlKSEAJwb99rTuidBwJWw6VkcoRkMhPk907Xf2FVxUL7QB7xEIjyI
v+Fwcf9nvzuH7OLJvNR8CaTqXUqMSSqb/J1n4YD8dhhZ9pAxBFBCIrzxAzkJJJsA
PJ7ti7bAkDY8GMmD18hf4Lvg/53lwfXX2Vi9lXN37/MszCO3QLo8tx0=
-----END CERTIFICATE-----