Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/MG9tuUbeLOUJyZp1EogZ9Fb7gcc.roa
File:                     MG9tuUbeLOUJyZp1EogZ9Fb7gcc.roa (raw, json)
Hash identifier:          58cbm4Pb+PiU6WyIhr6liBolqw+hkLtGhjZfUEeIBss=
Subject key identifier:   30:6F:6D:B9:46:DE:2C:E5:09:C9:9A:75:12:88:19:F4:56:FB:81:C7
Certificate issuer:       /CN=34b419fa4a0a1605188318cdf4a2044992853b95
Certificate serial:       018CC3493C6F36E96C5C9FF45E57E7C5063A
Authority key identifier: 34:B4:19:FA:4A:0A:16:05:18:83:18:CD:F4:A2:04:49:92:85:3B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NLQZ-koKFgUYgxjN9KIESZKFO5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/MG9tuUbeLOUJyZp1EogZ9Fb7gcc.roa
Signing time:             Mon 01 Jan 2024 04:30:05 +0000
ROA not before:           Mon 01 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        2a00:adc0:1a00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/NLQZ-koKFgUYgxjN9KIESZKFO5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/NLQZ-koKFgUYgxjN9KIESZKFO5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NLQZ-koKFgUYgxjN9KIESZKFO5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3c:6f:36:e9:6c:5c:9f:f4:5e:57:e7:c5:06:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34b419fa4a0a1605188318cdf4a2044992853b95
        Validity
            Not Before: Jan  1 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=306f6db946de2ce509c99a75128819f456fb81c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e9:f1:6b:d1:53:35:1d:0f:38:38:b6:63:d2:
                    fc:55:4b:ae:b4:3a:58:b7:db:2c:33:a8:e2:85:17:
                    2b:84:cc:e9:a4:fd:ea:5b:f6:c8:3d:55:e4:50:03:
                    b5:21:dd:38:3d:4a:7d:e4:7f:21:0e:dd:84:0b:85:
                    4d:38:15:38:40:d5:ac:fe:6d:2c:90:62:e9:2d:d0:
                    2e:85:a4:5f:3e:9d:bb:42:f1:86:12:e2:f0:13:99:
                    d2:06:c4:e6:e9:3c:59:4d:db:dc:45:f9:21:e6:05:
                    ec:1b:cb:65:4e:19:dd:c3:a4:5c:76:21:43:a3:5d:
                    c4:0f:2b:45:c8:83:57:14:74:c7:1a:af:f0:73:2d:
                    3e:a8:f1:44:4d:af:5e:72:c0:9d:0f:99:2f:7c:e8:
                    3c:2c:2b:af:dd:2d:89:61:e7:f4:da:d0:cf:38:18:
                    f8:7f:ad:4d:1f:7f:4b:b4:be:c6:0d:4a:84:fc:c5:
                    c6:2d:00:12:bd:be:63:9f:62:22:47:81:0e:07:fc:
                    29:ce:89:dd:7f:8a:6b:0c:78:f4:f3:ee:92:ee:95:
                    86:64:08:91:4c:80:f6:08:50:d7:ad:ea:19:bc:38:
                    2a:e9:07:37:0a:3c:ee:ff:3f:ff:7a:fd:92:3b:88:
                    78:77:66:8a:d2:71:88:ce:c6:f0:79:54:d4:29:32:
                    f8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:6F:6D:B9:46:DE:2C:E5:09:C9:9A:75:12:88:19:F4:56:FB:81:C7
            X509v3 Authority Key Identifier:
                keyid:34:B4:19:FA:4A:0A:16:05:18:83:18:CD:F4:A2:04:49:92:85:3B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLQZ-koKFgUYgxjN9KIESZKFO5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/MG9tuUbeLOUJyZp1EogZ9Fb7gcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8c79fb-7a57-429d-9c33-8777544c9275/1/NLQZ-koKFgUYgxjN9KIESZKFO5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:adc0:1a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:5d:34:66:09:30:42:6c:82:02:ce:49:67:60:f7:4d:92:48:
         12:90:9d:3a:e7:9b:d3:f7:8f:d7:42:a1:96:bb:b3:e7:65:0d:
         33:78:64:76:95:a1:6a:96:02:12:5c:0b:5f:b3:47:a3:b0:f3:
         ff:0e:28:d9:6e:1a:79:d0:ee:22:6f:c3:b8:3f:90:82:dd:ba:
         09:b2:59:9a:90:6c:8f:02:fc:5d:93:8e:9f:04:6e:e9:a1:d9:
         12:25:5c:45:a1:00:42:62:33:f6:a5:8a:6a:e4:f1:6e:1d:64:
         d4:74:cd:2e:fd:27:0a:5d:cb:16:28:b7:d3:96:80:f2:c7:d0:
         4b:b0:ea:df:4f:b3:84:6c:0c:ca:24:33:7c:3e:62:e7:71:51:
         ef:e7:ce:a0:79:1a:19:d8:0c:cd:f0:06:04:63:0f:7f:90:82:
         27:5b:32:ea:b0:75:f4:ed:f0:e8:f2:36:cd:87:69:fb:08:e8:
         80:59:2b:a6:76:18:aa:de:31:e2:a6:6e:31:1c:c5:03:15:19:
         8a:40:49:2f:ca:42:b1:7f:f6:83:83:29:5f:27:af:6f:96:00:
         56:1c:a2:79:6e:2d:85:9a:70:cf:3b:65:0e:ba:2e:89:e5:a5:
         fd:f2:3a:d5:82:20:d3:72:64:80:29:98:8e:54:c6:5b:9d:29:
         d0:14:f4:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSTxvNulsXJ/0XlfnxQY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YjQxOWZhNGEwYTE2MDUxODgzMThjZGY0YTIwNDQ5OTI4
NTNiOTUwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDZmNmRiOTQ2ZGUyY2U1MDljOTlhNzUxMjg4MTlmNDU2ZmI4MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgenxa9FTNR0PODi2Y9L8VUuutDpY
t9ssM6jihRcrhMzppP3qW/bIPVXkUAO1Id04PUp95H8hDt2EC4VNOBU4QNWs/m0s
kGLpLdAuhaRfPp27QvGGEuLwE5nSBsTm6TxZTdvcRfkh5gXsG8tlThndw6RcdiFD
o13EDytFyINXFHTHGq/wcy0+qPFETa9ecsCdD5kvfOg8LCuv3S2JYef02tDPOBj4
f61NH39LtL7GDUqE/MXGLQASvb5jn2IiR4EOB/wpzondf4prDHj08+6S7pWGZAiR
TID2CFDXreoZvDgq6Qc3Cjzu/z//ev2SO4h4d2aK0nGIzsbweVTUKTL4CwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDBvbblG3izlCcmadRKIGfRW+4HHMB8GA1UdIwQY
MBaAFDS0GfpKChYFGIMYzfSiBEmShTuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkxRWi1rb0tGZ1VZZ3hqTjlLSUVTWktGTzVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84Yzc5ZmItN2E1Ny00MjlkLTljMzMt
ODc3NzU0NGM5Mjc1LzEvTUc5dHVVYmVMT1VKeVpwMUVvZ1o5RmI3Z2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84Yzc5ZmItN2E1Ny00MjlkLTljMzMtODc3NzU0NGM5Mjc1
LzEvTkxRWi1rb0tGZ1VZZ3hqTjlLSUVTWktGTzVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgCtwBow
DQYJKoZIhvcNAQELBQADggEBAEddNGYJMEJsggLOSWdg902SSBKQnTrnm9P3j9dC
oZa7s+dlDTN4ZHaVoWqWAhJcC1+zR6Ow8/8OKNluGnnQ7iJvw7g/kILdugmyWZqQ
bI8C/F2Tjp8Ebumh2RIlXEWhAEJiM/alimrk8W4dZNR0zS79JwpdyxYot9OWgPLH
0Euw6t9Ps4RsDMokM3w+YudxUe/nzqB5GhnYDM3wBgRjD3+QgidbMuqwdfTt8Ojy
Ns2HafsI6IBZK6Z2GKreMeKmbjEcxQMVGYpASS/KQrF/9oODKV8nr2+WAFYconlu
LYWacM87ZQ66Lonlpf3yOtWCINNyZIApmI5UxludKdAU9Cg=
-----END CERTIFICATE-----