Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/MwggX9A4oq6sPQWwjwAxysuhltU.roa
File:                     MwggX9A4oq6sPQWwjwAxysuhltU.roa (raw, json)
Hash identifier:          Ed1xayX+bLzMdp8GzNeQJO8AYUVWFr9qRi6mbKbyybI=
Subject key identifier:   33:08:20:5F:D0:38:A2:AE:AC:3D:05:B0:8F:00:31:CA:CB:A1:96:D5
Certificate issuer:       /CN=fe24fb2812ae2f3d4d9bb4589dd731e546979109
Certificate serial:       018CC26D79D8F1F1A02F5F8D9ECFFAADB8E2
Authority key identifier: FE:24:FB:28:12:AE:2F:3D:4D:9B:B4:58:9D:D7:31:E5:46:97:91:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_iT7KBKuLz1Nm7RYndcx5UaXkQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/MwggX9A4oq6sPQWwjwAxysuhltU.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42180
IP address blocks:        194.0.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/_iT7KBKuLz1Nm7RYndcx5UaXkQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/_iT7KBKuLz1Nm7RYndcx5UaXkQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_iT7KBKuLz1Nm7RYndcx5UaXkQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 19:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:79:d8:f1:f1:a0:2f:5f:8d:9e:cf:fa:ad:b8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe24fb2812ae2f3d4d9bb4589dd731e546979109
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3308205fd038a2aeac3d05b08f0031cacba196d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a9:a9:35:b5:e2:af:50:2e:a0:9f:fc:c0:4b:
                    99:7e:82:01:90:11:85:63:7b:e9:f5:2d:09:ab:23:
                    36:b9:71:84:90:7f:c4:86:8c:a3:4a:f8:6b:07:ec:
                    9b:47:d0:30:06:65:8d:9f:7c:cc:71:09:f0:81:be:
                    ff:55:fc:64:56:ad:b4:d0:01:50:8b:56:ef:e8:f6:
                    6a:20:a4:76:de:95:d1:b4:3a:34:58:43:69:69:f8:
                    33:d7:17:fa:5e:45:a4:51:65:de:4a:f8:f2:b7:1f:
                    08:7a:2c:92:3a:17:c1:50:cf:8a:e3:ba:76:7c:e3:
                    02:11:7b:bd:a9:25:27:9e:f1:e0:27:c7:8e:f5:f3:
                    e4:40:ba:7a:f4:cd:b7:4e:36:82:3f:3c:cf:e0:84:
                    ec:ae:54:58:55:07:16:87:41:7a:49:e1:45:83:26:
                    44:96:07:ef:03:ec:71:28:d7:03:49:01:77:19:53:
                    0a:b7:11:49:d2:f8:6b:18:3e:f4:53:40:e2:a4:89:
                    cf:df:b5:39:28:10:c7:85:eb:70:9d:45:5c:72:d0:
                    00:92:a7:4f:43:b2:4f:9f:a0:35:05:ac:06:5b:07:
                    55:29:d1:5b:21:ec:d0:b1:75:39:40:eb:09:bd:32:
                    04:ef:58:d2:4a:e9:90:96:67:cb:ee:c3:c5:ec:22:
                    d1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:08:20:5F:D0:38:A2:AE:AC:3D:05:B0:8F:00:31:CA:CB:A1:96:D5
            X509v3 Authority Key Identifier:
                keyid:FE:24:FB:28:12:AE:2F:3D:4D:9B:B4:58:9D:D7:31:E5:46:97:91:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_iT7KBKuLz1Nm7RYndcx5UaXkQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/MwggX9A4oq6sPQWwjwAxysuhltU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/_iT7KBKuLz1Nm7RYndcx5UaXkQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:d5:84:60:98:78:1e:34:41:98:94:fb:45:9b:41:75:b4:d8:
         ed:d4:38:d7:05:f5:db:54:65:94:ab:08:52:e2:e2:09:c4:12:
         a2:c5:14:55:7a:93:9d:84:d9:07:6c:f1:93:be:39:6b:8e:b6:
         bc:93:86:0e:a3:58:de:5a:45:c4:f9:63:e8:6c:25:6c:b7:7f:
         f2:b0:5f:27:52:39:04:2f:32:45:ae:71:16:80:e4:19:43:e0:
         54:a7:b7:b9:e0:a2:be:c0:15:81:94:7b:38:7f:5a:75:ee:29:
         f5:79:e9:e7:1f:6a:4c:fc:05:f0:94:52:b8:b7:5a:15:44:4f:
         57:a8:d1:f5:1a:d9:6c:34:32:34:91:1c:15:68:13:9a:9a:3a:
         88:4b:59:0a:79:e4:15:53:40:39:3c:ca:a5:f8:c8:28:f1:f8:
         30:56:9a:11:07:3b:81:6b:25:55:b1:bf:38:e3:e0:b3:f7:4f:
         d2:04:36:32:b7:40:fe:8d:c7:a6:4a:ff:a2:ac:3a:a6:dc:22:
         64:88:d1:5c:99:39:9d:b8:49:1b:39:69:f6:f8:63:6c:12:e0:
         2c:ab:16:cf:16:54:e6:c2:8c:36:0f:fb:0d:e1:47:4c:18:1a:
         98:53:b1:ec:45:a2:66:7c:3b:b6:82:3a:76:c4:17:45:bf:8b:
         d7:23:a9:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXnY8fGgL1+Nns/6rbjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMjRmYjI4MTJhZTJmM2Q0ZDliYjQ1ODlkZDczMWU1NDY5
NzkxMDkwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzA4MjA1ZmQwMzhhMmFlYWMzZDA1YjA4ZjAwMzFjYWNiYTE5NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqmpNbXir1AuoJ/8wEuZfoIBkBGF
Y3vp9S0JqyM2uXGEkH/EhoyjSvhrB+ybR9AwBmWNn3zMcQnwgb7/VfxkVq200AFQ
i1bv6PZqIKR23pXRtDo0WENpafgz1xf6XkWkUWXeSvjytx8IeiySOhfBUM+K47p2
fOMCEXu9qSUnnvHgJ8eO9fPkQLp69M23TjaCPzzP4ITsrlRYVQcWh0F6SeFFgyZE
lgfvA+xxKNcDSQF3GVMKtxFJ0vhrGD70U0DipInP37U5KBDHhetwnUVcctAAkqdP
Q7JPn6A1BawGWwdVKdFbIezQsXU5QOsJvTIE71jSSumQlmfL7sPF7CLRswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMIIF/QOKKurD0FsI8AMcrLoZbVMB8GA1UdIwQY
MBaAFP4k+ygSri89TZu0WJ3XMeVGl5EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2lUN0tCS3VMejFObTdSWW5kY3g1VWFYa1FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jNjZmZjktMTBlYS00YjQ0LTkxNjkt
YzVmNjcwMjM5NzE4LzEvTXdnZ1g5QTRvcTZzUFFXd2p3QXh5c3VobHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jNjZmZjktMTBlYS00YjQ0LTkxNjktYzVmNjcwMjM5NzE4
LzEvX2lUN0tCS3VMejFObTdSWW5kY3g1VWFYa1FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCMMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ1YRgmHgeNEGYlPtFm0F1tNjt1DjXBfXbVGWUqwhS
4uIJxBKixRRVepOdhNkHbPGTvjlrjra8k4YOo1jeWkXE+WPobCVst3/ysF8nUjkE
LzJFrnEWgOQZQ+BUp7e54KK+wBWBlHs4f1p17in1eennH2pM/AXwlFK4t1oVRE9X
qNH1GtlsNDI0kRwVaBOamjqIS1kKeeQVU0A5PMql+Mgo8fgwVpoRBzuBayVVsb84
4+Cz90/SBDYyt0D+jcemSv+irDqm3CJkiNFcmTmduEkbOWn2+GNsEuAsqxbPFlTm
wow2D/sN4UdMGBqYU7HsRaJmfDu2gjp2xBdFv4vXI6n9
-----END CERTIFICATE-----