Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/Mcr2grpdZ6ceJcF7dJAFb5qY09c.roa
File:                     Mcr2grpdZ6ceJcF7dJAFb5qY09c.roa (raw, json)
Hash identifier:          qz8niuYFBYG7dAq3MamzEb9NmZfRLOCRyXOmOfohvVI=
Subject key identifier:   31:CA:F6:82:BA:5D:67:A7:1E:25:C1:7B:74:90:05:6F:9A:98:D3:D7
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC5003319945877ED1E8CECD49A444B65
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/Mcr2grpdZ6ceJcF7dJAFb5qY09c.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        45.83.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:33:19:94:58:77:ed:1e:8c:ec:d4:9a:44:4b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31caf682ba5d67a71e25c17b7490056f9a98d3d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:dd:e2:44:0e:02:6b:4a:d6:97:64:75:53:7e:
                    18:99:28:a3:04:af:52:e9:9a:9a:e4:92:fa:77:ea:
                    0c:30:80:04:95:c1:bc:e0:f1:52:a8:2f:8f:1e:fa:
                    3b:50:da:be:fd:f1:48:24:a1:a4:17:c2:2a:78:37:
                    59:d5:51:ad:dc:31:65:7b:db:78:f4:82:0c:27:f3:
                    4e:a7:26:4a:7e:be:a0:cd:8c:17:7f:a6:72:60:5b:
                    27:20:73:d7:dd:ff:e6:cd:4f:4b:b2:94:f8:02:e2:
                    33:f3:00:d1:82:34:89:ed:f3:5b:a8:8d:79:3b:9a:
                    15:76:a6:a9:7c:7a:8a:36:a6:e3:f5:ad:f7:92:eb:
                    32:06:3c:4e:be:09:61:3b:a8:e0:29:78:57:0e:7d:
                    f9:c6:9a:79:44:02:b2:50:90:1e:d0:1d:a1:43:4b:
                    a6:fd:75:3e:8a:79:13:d3:32:5e:e6:dc:5c:d3:56:
                    64:c5:03:2b:67:48:e8:27:82:ea:a0:c9:df:58:2e:
                    2c:fd:8a:26:3d:1e:ff:66:67:a1:b8:58:08:06:60:
                    a5:3d:66:d9:f7:b5:b4:f4:a4:8f:11:2a:e9:b6:f1:
                    50:ba:cc:0d:13:50:81:46:22:b5:0d:a9:d1:95:a8:
                    45:fd:8c:8a:82:e0:ef:e7:f4:18:ac:66:dc:a2:4a:
                    56:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:CA:F6:82:BA:5D:67:A7:1E:25:C1:7B:74:90:05:6F:9A:98:D3:D7
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/Mcr2grpdZ6ceJcF7dJAFb5qY09c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:56:56:17:9b:16:5a:36:9f:d4:d0:5e:9c:3b:cb:76:4a:9d:
         db:e7:b7:e5:06:26:8d:f2:5d:82:39:e8:fa:2a:bd:ca:22:84:
         df:71:22:34:f4:99:a6:cd:d8:a6:be:a7:01:02:b9:39:85:36:
         c6:b7:94:d3:5d:6a:e5:a8:0d:29:af:12:4e:54:5c:f2:82:f6:
         0d:22:d0:18:eb:27:bd:9f:ca:b8:4f:dd:d6:27:e2:dc:cf:0f:
         d4:bd:3f:56:87:dd:cb:c1:88:b4:88:6c:bc:95:1e:bc:86:0d:
         e6:0b:c7:4f:42:4f:08:77:6d:be:4e:c6:ee:8b:f4:c0:7c:a6:
         12:08:bd:d8:c9:84:ab:0d:8b:d5:4e:54:3c:a6:f5:6a:22:85:
         e6:5f:63:8f:ad:57:4d:c9:7a:31:5a:d4:a8:f5:a0:4b:52:a7:
         a8:08:94:40:dc:10:57:f9:a3:a1:d2:13:9e:80:76:85:ab:1a:
         7d:fd:d4:e4:5c:5d:55:02:cc:25:90:fe:07:69:09:b0:b2:84:
         b5:ee:ac:ec:4e:e9:35:58:b7:09:34:79:a4:78:3c:f5:ee:60:
         88:cb:31:4a:61:33:15:cf:dc:6a:4f:13:c9:c9:19:f3:28:4b:
         1d:be:fc:26:f5:6b:97:7b:70:74:01:62:cc:b2:b1:dd:95:e1:
         26:de:16:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADMZlFh37R6M7NSaREtlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWNhZjY4MmJhNWQ2N2E3MWUyNWMxN2I3NDkwMDU2ZjlhOThkM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt3iRA4Ca0rWl2R1U34YmSijBK9S
6Zqa5JL6d+oMMIAElcG84PFSqC+PHvo7UNq+/fFIJKGkF8IqeDdZ1VGt3DFle9t4
9IIMJ/NOpyZKfr6gzYwXf6ZyYFsnIHPX3f/mzU9LspT4AuIz8wDRgjSJ7fNbqI15
O5oVdqapfHqKNqbj9a33kusyBjxOvglhO6jgKXhXDn35xpp5RAKyUJAe0B2hQ0um
/XU+inkT0zJe5txc01ZkxQMrZ0joJ4LqoMnfWC4s/YomPR7/ZmehuFgIBmClPWbZ
97W09KSPESrptvFQuswNE1CBRiK1DanRlahF/YyKguDv5/QYrGbcokpWIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHK9oK6XWenHiXBe3SQBW+amNPXMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvTWNyMmdycGRaNmNlSmNGN2RKQUZiNXFZMDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVPuMA0G
CSqGSIb3DQEBCwUAA4IBAQCyVlYXmxZaNp/U0F6cO8t2Sp3b57flBiaN8l2COej6
Kr3KIoTfcSI09JmmzdimvqcBArk5hTbGt5TTXWrlqA0prxJOVFzygvYNItAY6ye9
n8q4T93WJ+Lczw/UvT9Wh93LwYi0iGy8lR68hg3mC8dPQk8Id22+Tsbui/TAfKYS
CL3YyYSrDYvVTlQ8pvVqIoXmX2OPrVdNyXoxWtSo9aBLUqeoCJRA3BBX+aOh0hOe
gHaFqxp9/dTkXF1VAswlkP4HaQmwsoS17qzsTuk1WLcJNHmkeDz17mCIyzFKYTMV
z9xqTxPJyRnzKEsdvvwm9WuXe3B0AWLMsrHdleEm3hZA
-----END CERTIFICATE-----