Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/c15671-ba1b-48f2-b691-fa57c126bc2a/1/mofLVkF7U3VC7LSmImma9E7tFew.roa
File:                     mofLVkF7U3VC7LSmImma9E7tFew.roa (raw, json)
Hash identifier:          fr0zYtT7j479kZ6iLqP22E0qaeah0yj4yJ2gnYGZmjo=
Subject key identifier:   9A:87:CB:56:41:7B:53:75:42:EC:B4:A6:22:69:9A:F4:4E:ED:15:EC
Certificate issuer:       /CN=b2af8f1774e05925f24e41dee69e5b623d9ac63d
Certificate serial:       018CCA99FAA2B16D16DCF53097CFDC7D658A
Authority key identifier: B2:AF:8F:17:74:E0:59:25:F2:4E:41:DE:E6:9E:5B:62:3D:9A:C6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sq-PF3TgWSXyTkHe5p5bYj2axj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/c15671-ba1b-48f2-b691-fa57c126bc2a/1/mofLVkF7U3VC7LSmImma9E7tFew.roa
Signing time:             Tue 02 Jan 2024 14:35:37 +0000
ROA not before:           Tue 02 Jan 2024 14:35:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12637
IP address blocks:        193.200.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/c15671-ba1b-48f2-b691-fa57c126bc2a/1/sq-PF3TgWSXyTkHe5p5bYj2axj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/c15671-ba1b-48f2-b691-fa57c126bc2a/1/sq-PF3TgWSXyTkHe5p5bYj2axj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sq-PF3TgWSXyTkHe5p5bYj2axj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:fa:a2:b1:6d:16:dc:f5:30:97:cf:dc:7d:65:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2af8f1774e05925f24e41dee69e5b623d9ac63d
        Validity
            Not Before: Jan  2 14:35:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a87cb56417b537542ecb4a622699af44eed15ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:89:f8:f6:8e:61:da:bc:49:28:58:91:fc:83:
                    cf:44:8a:ee:bb:48:43:a2:67:a0:1a:bf:df:09:a2:
                    ba:3e:7a:82:23:e6:74:c1:55:49:01:24:5e:7a:1e:
                    18:35:a0:81:63:90:39:ff:ce:f1:4f:40:ac:12:c7:
                    1c:ae:a6:5c:82:b6:d6:31:b0:ea:46:6c:13:ee:5f:
                    64:25:cf:5b:f5:b8:8e:f1:bb:cd:ce:06:e3:e8:f4:
                    17:6f:5d:5f:d4:d8:3d:ca:c0:63:70:44:a4:01:6a:
                    00:39:05:b5:c0:9e:94:c2:80:67:7d:5e:d9:72:66:
                    b4:d7:94:8b:b7:43:a9:83:3b:f7:72:7b:c8:d9:dd:
                    10:49:41:67:4f:a6:4e:4b:2d:be:af:db:82:af:c9:
                    a3:43:99:64:0c:57:a8:9a:44:29:d1:34:b5:76:ce:
                    2e:1c:ac:ef:2d:88:39:e3:fa:6a:ff:17:99:af:54:
                    72:b3:50:74:71:a2:3e:05:a1:d1:06:58:d9:df:ef:
                    0e:c9:c6:ad:d6:02:11:80:65:0a:a2:f3:9d:a3:d3:
                    8f:d7:9b:b3:e4:88:b4:48:7c:07:23:be:82:be:25:
                    81:16:8d:ad:8c:24:18:37:5d:2f:45:cc:27:07:02:
                    3d:56:00:0b:c2:86:76:d0:e2:00:80:3b:35:de:a8:
                    5e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:87:CB:56:41:7B:53:75:42:EC:B4:A6:22:69:9A:F4:4E:ED:15:EC
            X509v3 Authority Key Identifier:
                keyid:B2:AF:8F:17:74:E0:59:25:F2:4E:41:DE:E6:9E:5B:62:3D:9A:C6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sq-PF3TgWSXyTkHe5p5bYj2axj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/c15671-ba1b-48f2-b691-fa57c126bc2a/1/mofLVkF7U3VC7LSmImma9E7tFew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/c15671-ba1b-48f2-b691-fa57c126bc2a/1/sq-PF3TgWSXyTkHe5p5bYj2axj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:fa:15:92:6e:ac:d1:89:51:e6:da:61:dc:d9:9b:26:78:6a:
         8b:a1:e0:eb:f8:ba:be:37:ea:a2:15:3d:e0:ee:41:6c:ed:b8:
         45:73:28:d3:89:6a:0c:c1:58:e7:07:5f:6f:12:ff:97:f1:18:
         3f:8b:8a:f0:d8:49:b7:40:55:64:ad:ba:af:32:c3:5e:eb:12:
         75:2a:d0:6e:a9:c7:8a:e6:8b:1c:23:3c:07:5c:40:a0:d6:89:
         07:10:fc:ac:6e:40:c1:60:c6:34:27:43:60:3c:46:17:6a:5f:
         ec:d6:35:97:95:13:80:af:c6:de:af:76:d3:4d:4b:f4:b5:52:
         29:8f:85:d6:58:a1:4c:4b:cc:ae:46:c1:10:9e:c9:28:38:b0:
         d7:ea:d5:8a:25:cc:e3:54:03:9a:3e:58:02:51:6a:db:03:83:
         0f:bd:e9:5b:73:5c:21:03:6c:63:e3:a2:a5:3d:fd:e6:87:b5:
         46:b2:94:0c:f9:05:0f:8a:d5:e5:d9:b6:89:0b:c9:94:b2:02:
         fb:5f:de:67:c9:f8:dc:5f:7c:cb:b8:51:66:15:cf:7c:84:c9:
         d3:2d:b8:5e:58:30:fe:c0:35:d2:5d:00:7b:e5:84:cb:83:65:
         cb:fd:7e:6e:ab:94:db:a0:4e:6a:53:2c:24:3b:5d:4f:2f:10:
         2d:8d:95:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmfqisW0W3PUwl8/cfWWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYWY4ZjE3NzRlMDU5MjVmMjRlNDFkZWU2OWU1YjYyM2Q5
YWM2M2QwHhcNMjQwMTAyMTQzNTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTg3Y2I1NjQxN2I1Mzc1NDJlY2I0YTYyMjY5OWFmNDRlZWQxNWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIn49o5h2rxJKFiR/IPPRIruu0hD
omegGr/fCaK6PnqCI+Z0wVVJASReeh4YNaCBY5A5/87xT0CsEsccrqZcgrbWMbDq
RmwT7l9kJc9b9biO8bvNzgbj6PQXb11f1Ng9ysBjcESkAWoAOQW1wJ6UwoBnfV7Z
cma015SLt0Opgzv3cnvI2d0QSUFnT6ZOSy2+r9uCr8mjQ5lkDFeomkQp0TS1ds4u
HKzvLYg54/pq/xeZr1Rys1B0caI+BaHRBljZ3+8Oycat1gIRgGUKovOdo9OP15uz
5Ii0SHwHI76CviWBFo2tjCQYN10vRcwnBwI9VgALwoZ20OIAgDs13qheawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqHy1ZBe1N1Quy0piJpmvRO7RXsMB8GA1UdIwQY
MBaAFLKvjxd04Fkl8k5B3uaeW2I9msY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3EtUEYzVGdXU1h5VGtIZTVwNWJZajJheGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9jMTU2NzEtYmExYi00OGYyLWI2OTEt
ZmE1N2MxMjZiYzJhLzEvbW9mTFZrRjdVM1ZDN0xTbUltbWE5RTd0RmV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9jMTU2NzEtYmExYi00OGYyLWI2OTEtZmE1N2MxMjZiYzJh
LzEvc3EtUEYzVGdXU1h5VGtIZTVwNWJZajJheGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcgDMA0G
CSqGSIb3DQEBCwUAA4IBAQBs+hWSbqzRiVHm2mHc2ZsmeGqLoeDr+Lq+N+qiFT3g
7kFs7bhFcyjTiWoMwVjnB19vEv+X8Rg/i4rw2Em3QFVkrbqvMsNe6xJ1KtBuqceK
5oscIzwHXECg1okHEPysbkDBYMY0J0NgPEYXal/s1jWXlROAr8ber3bTTUv0tVIp
j4XWWKFMS8yuRsEQnskoOLDX6tWKJczjVAOaPlgCUWrbA4MPvelbc1whA2xj46Kl
Pf3mh7VGspQM+QUPitXl2baJC8mUsgL7X95nyfjcX3zLuFFmFc98hMnTLbheWDD+
wDXSXQB75YTLg2XL/X5uq5TboE5qUywkO11PLxAtjZXN
-----END CERTIFICATE-----