Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/MV5NL6H-6oZXTsEalmSaR7jDyrE.roa
File:                     MV5NL6H-6oZXTsEalmSaR7jDyrE.roa (raw, json)
Hash identifier:          WLLPFrQiVOzRSxqz1s0aCqM+ltm8wfxZWijsc+FtHPI=
Subject key identifier:   31:5E:4D:2F:A1:FE:EA:86:57:4E:C1:1A:96:64:9A:47:B8:C3:CA:B1
Certificate issuer:       /CN=71601c0b8b13cc121017f6d25117ac1fd0664344
Certificate serial:       018CC4939A553F385D023C443791A248157D
Authority key identifier: 71:60:1C:0B:8B:13:CC:12:10:17:F6:D2:51:17:AC:1F:D0:66:43:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cWAcC4sTzBIQF_bSUResH9BmQ0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/MV5NL6H-6oZXTsEalmSaR7jDyrE.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49540
IP address blocks:        78.152.128.0/19 maxlen: 19
                          185.147.228.0/22 maxlen: 22
                          37.114.64.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/cWAcC4sTzBIQF_bSUResH9BmQ0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/cWAcC4sTzBIQF_bSUResH9BmQ0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cWAcC4sTzBIQF_bSUResH9BmQ0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9a:55:3f:38:5d:02:3c:44:37:91:a2:48:15:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71601c0b8b13cc121017f6d25117ac1fd0664344
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=315e4d2fa1feea86574ec11a96649a47b8c3cab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:45:24:f2:c4:0f:fe:0a:ab:4a:f9:f6:81:2f:
                    22:41:52:fa:2b:18:05:46:85:9e:05:8c:81:fa:96:
                    2d:cc:be:cc:64:e4:48:07:52:21:5a:b5:9d:c3:d0:
                    38:cc:90:6d:e4:56:c5:18:63:3e:9c:11:8b:c1:88:
                    e6:bd:9f:df:7f:cb:4b:bd:bf:23:bf:ff:39:f8:11:
                    03:ab:e7:6c:bb:0b:c2:9d:8a:62:50:bd:24:bf:62:
                    29:6b:99:59:67:75:27:5e:f0:7d:85:ff:05:d0:74:
                    d2:64:12:4f:a0:f9:66:2b:cf:81:85:8d:48:33:ff:
                    a9:2f:fb:f0:b1:10:53:58:24:17:dc:ab:eb:3e:8c:
                    51:09:e3:36:c0:2f:6f:31:1e:97:e1:c1:9d:72:86:
                    b4:c9:6e:66:04:ad:31:c8:da:9d:29:a2:df:b0:8a:
                    93:61:7a:c5:24:3f:c4:e9:ab:5b:94:7e:7e:34:60:
                    7f:35:52:48:6a:14:4f:92:45:cc:35:94:60:bd:00:
                    14:e7:60:21:65:ed:02:43:d5:a2:f5:d2:f6:b2:55:
                    f2:80:83:27:86:d0:3f:e8:47:e3:38:26:bc:1a:f7:
                    83:cb:05:c5:f2:3b:f8:15:61:e1:a0:d0:62:9b:37:
                    92:f0:df:45:b6:04:80:40:6c:a6:0c:dd:27:42:ef:
                    28:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:5E:4D:2F:A1:FE:EA:86:57:4E:C1:1A:96:64:9A:47:B8:C3:CA:B1
            X509v3 Authority Key Identifier:
                keyid:71:60:1C:0B:8B:13:CC:12:10:17:F6:D2:51:17:AC:1F:D0:66:43:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cWAcC4sTzBIQF_bSUResH9BmQ0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/MV5NL6H-6oZXTsEalmSaR7jDyrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/cWAcC4sTzBIQF_bSUResH9BmQ0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.64.0/21
                  78.152.128.0/19
                  185.147.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ef:3c:a5:0a:6b:0c:16:27:9e:5a:eb:2a:ec:a7:c8:60:2f:9e:
         25:ed:ef:7c:da:6f:2b:8f:bf:fa:9b:ce:7e:eb:6e:5d:94:7f:
         d0:de:97:19:0c:75:e0:83:36:40:46:ce:ea:5e:29:f5:79:73:
         6e:86:45:b9:12:6f:57:f1:03:a4:34:72:22:66:16:58:75:94:
         c9:d5:b5:9e:68:7b:64:4e:41:08:0c:b3:2a:94:4e:7a:11:35:
         9c:91:13:d2:83:a5:80:74:de:da:43:3a:69:38:18:06:28:34:
         d5:cf:be:54:7b:d1:23:c1:12:6c:b7:e0:a8:b8:0b:5a:fa:06:
         a1:5e:e7:a3:ba:33:9a:93:12:33:c1:ff:49:8d:a0:a8:14:e0:
         51:37:15:9d:9b:e9:27:e9:91:3e:12:09:2f:81:f5:5f:53:a7:
         37:03:7a:f3:1b:ac:76:2c:3d:dd:35:b6:e4:21:eb:43:70:3b:
         96:b4:57:af:bb:38:da:c1:7e:65:da:c7:46:c2:07:1e:42:e6:
         6e:28:ee:c7:1f:6c:3c:b0:84:48:07:63:1a:98:4f:90:78:4d:
         7f:3b:01:42:6d:49:da:72:70:1e:3e:14:73:1c:00:81:f8:a8:
         9b:c2:02:55:a4:63:c4:a3:3a:cf:96:e6:a0:44:a9:72:8a:b1:
         53:66:d0:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEk5pVPzhdAjxEN5GiSBV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNjAxYzBiOGIxM2NjMTIxMDE3ZjZkMjUxMTdhYzFmZDA2
NjQzNDQwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTVlNGQyZmExZmVlYTg2NTc0ZWMxMWE5NjY0OWE0N2I4YzNjYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEUk8sQP/gqrSvn2gS8iQVL6KxgF
RoWeBYyB+pYtzL7MZORIB1IhWrWdw9A4zJBt5FbFGGM+nBGLwYjmvZ/ff8tLvb8j
v/85+BEDq+dsuwvCnYpiUL0kv2Ipa5lZZ3UnXvB9hf8F0HTSZBJPoPlmK8+BhY1I
M/+pL/vwsRBTWCQX3KvrPoxRCeM2wC9vMR6X4cGdcoa0yW5mBK0xyNqdKaLfsIqT
YXrFJD/E6atblH5+NGB/NVJIahRPkkXMNZRgvQAU52AhZe0CQ9Wi9dL2slXygIMn
htA/6EfjOCa8GveDywXF8jv4FWHhoNBimzeS8N9FtgSAQGymDN0nQu8omQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDFeTS+h/uqGV07BGpZkmke4w8qxMB8GA1UdIwQY
MBaAFHFgHAuLE8wSEBf20lEXrB/QZkNEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1dBY0M0c1R6QklRRl9iU1VSZXNIOUJtUTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kNWE0OWEtNGYxYS00OTYxLTljMWYt
NzZiMDMyNWMzYjA3LzEvTVY1Tkw2SC02b1pYVHNFYWxtU2FSN2pEeXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kNWE0OWEtNGYxYS00OTYxLTljMWYtNzZiMDMyNWMzYjA3
LzEvY1dBY0M0c1R6QklRRl9iU1VSZXNIOUJtUTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJXJAAwQF
TpiAAwQCuZPkMA0GCSqGSIb3DQEBCwUAA4IBAQDvPKUKawwWJ55a6yrsp8hgL54l
7e982m8rj7/6m85+625dlH/Q3pcZDHXggzZARs7qXin1eXNuhkW5Em9X8QOkNHIi
ZhZYdZTJ1bWeaHtkTkEIDLMqlE56ETWckRPSg6WAdN7aQzppOBgGKDTVz75Ue9Ej
wRJst+CouAta+gahXuejujOakxIzwf9JjaCoFOBRNxWdm+kn6ZE+EgkvgfVfU6c3
A3rzG6x2LD3dNbbkIetDcDuWtFevuzjawX5l2sdGwgceQuZuKO7HH2w8sIRIB2Ma
mE+QeE1/OwFCbUnacnAePhRzHACB+KibwgJVpGPEozrPluagRKlyirFTZtAI
-----END CERTIFICATE-----