Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/MCGuu7vmwd0gm4URl4snj6R8G14.roa
File:                     MCGuu7vmwd0gm4URl4snj6R8G14.roa (raw, json)
Hash identifier:          YF86go7zLpq/psgZYpEX3vjeWK7haIiIp4uW/0CA5zA=
Subject key identifier:   30:21:AE:BB:BB:E6:C1:DD:20:9B:85:11:97:8B:27:8F:A4:7C:1B:5E
Certificate issuer:       /CN=f22bed3f37cd72826511c574560deb55542550e4
Certificate serial:       018CC26D11D5E82FE921E05F1F067D753364
Authority key identifier: F2:2B:ED:3F:37:CD:72:82:65:11:C5:74:56:0D:EB:55:54:25:50:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/MCGuu7vmwd0gm4URl4snj6R8G14.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29396
IP address blocks:        46.22.176.0/23 maxlen: 24
                          195.189.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:11:d5:e8:2f:e9:21:e0:5f:1f:06:7d:75:33:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f22bed3f37cd72826511c574560deb55542550e4
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3021aebbbbe6c1dd209b8511978b278fa47c1b5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:59:93:41:90:32:83:43:a2:3c:07:c1:10:ac:
                    dd:79:4c:7c:4e:c5:a5:c5:25:12:92:a6:78:27:fb:
                    99:96:f3:ab:b1:d6:27:3e:c5:87:da:93:ad:f1:79:
                    0b:91:2d:7f:84:d5:9c:73:94:ae:97:5d:39:9a:0c:
                    f3:87:e4:a1:4c:71:fa:eb:f3:0a:92:59:d3:dd:f0:
                    c5:c9:bf:4b:1d:62:2e:39:a0:fd:df:a5:d7:ca:21:
                    72:55:6d:1d:9f:90:44:39:b1:75:75:65:80:cd:d0:
                    a0:49:8f:d2:a5:c0:87:f2:07:b6:ff:59:48:34:8e:
                    27:aa:b3:56:48:e9:64:92:8f:1f:71:c4:77:85:12:
                    d1:90:81:2d:e9:9a:cd:42:8d:bd:ea:6b:5e:11:06:
                    83:04:06:82:82:54:6e:39:81:c5:67:ce:93:c1:2f:
                    c9:76:eb:7b:77:4b:fc:46:ca:94:be:96:70:fc:7c:
                    cc:c3:9c:b9:5f:1a:5f:08:08:06:15:ad:d2:75:d4:
                    6d:d6:75:de:90:f7:6f:23:59:6d:2b:9b:71:a8:29:
                    dd:90:37:99:87:0c:fe:19:49:1b:7e:a9:79:ea:d4:
                    6e:41:bb:e3:c9:dd:5a:71:18:b9:50:84:97:41:e1:
                    69:0c:aa:09:69:12:41:15:46:a7:38:ad:ae:71:a0:
                    49:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:21:AE:BB:BB:E6:C1:DD:20:9B:85:11:97:8B:27:8F:A4:7C:1B:5E
            X509v3 Authority Key Identifier:
                keyid:F2:2B:ED:3F:37:CD:72:82:65:11:C5:74:56:0D:EB:55:54:25:50:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/MCGuu7vmwd0gm4URl4snj6R8G14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.176.0/23
                  195.189.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:c5:fe:f2:e7:e9:cf:fc:b5:7b:96:2b:9d:83:75:14:f0:17:
         b9:f5:c2:de:02:40:16:d9:34:a0:7d:df:50:2b:0f:1d:f5:73:
         91:46:17:54:8e:bd:a1:87:06:db:90:e6:0a:d0:70:9c:16:f0:
         36:70:07:49:04:6b:4b:74:30:cc:e5:fa:f8:f8:99:a8:49:05:
         2a:95:19:e9:d7:81:10:dc:da:c2:20:1d:3f:42:98:e1:f3:b0:
         3f:72:4a:96:ff:ce:b3:aa:8e:08:dc:e8:bd:72:ae:7b:c2:40:
         25:36:e2:4f:26:e7:56:f6:9e:3f:77:91:25:a7:98:d6:39:85:
         19:c2:5b:69:e7:c7:3b:a8:51:50:0a:7b:00:38:c5:27:2f:bb:
         bf:e7:54:f2:d6:d2:33:48:8b:a8:0d:0c:60:0c:71:5b:b7:52:
         ef:0f:15:1f:4a:ca:0b:2b:97:27:df:83:b9:a3:38:27:28:2b:
         d1:26:fb:55:ea:70:ab:de:56:fa:95:40:12:6b:b7:7d:f4:d9:
         60:7a:98:c4:93:0e:d6:f3:d5:03:10:12:59:b0:de:e9:c3:be:
         d2:0f:2a:21:7a:07:65:c1:b3:92:07:a5:b1:c3:82:8f:74:a4:
         74:68:e3:6b:2b:25:36:3e:49:65:0e:5f:26:2f:5f:a6:d1:3a:
         82:19:86:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbRHV6C/pIeBfHwZ9dTNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMmJlZDNmMzdjZDcyODI2NTExYzU3NDU2MGRlYjU1NTQy
NTUwZTQwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDIxYWViYmJiZTZjMWRkMjA5Yjg1MTE5NzhiMjc4ZmE0N2MxYjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVmTQZAyg0OiPAfBEKzdeUx8TsWl
xSUSkqZ4J/uZlvOrsdYnPsWH2pOt8XkLkS1/hNWcc5Sul105mgzzh+ShTHH66/MK
klnT3fDFyb9LHWIuOaD936XXyiFyVW0dn5BEObF1dWWAzdCgSY/SpcCH8ge2/1lI
NI4nqrNWSOlkko8fccR3hRLRkIEt6ZrNQo296mteEQaDBAaCglRuOYHFZ86TwS/J
dut7d0v8RsqUvpZw/HzMw5y5XxpfCAgGFa3SddRt1nXekPdvI1ltK5txqCndkDeZ
hwz+GUkbfql56tRuQbvjyd1acRi5UISXQeFpDKoJaRJBFUanOK2ucaBJzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDAhrru75sHdIJuFEZeLJ4+kfBteMB8GA1UdIwQY
MBaAFPIr7T83zXKCZRHFdFYN61VUJVDkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGl2dFB6Zk5jb0psRWNWMFZnM3JWVlFsVU9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yOTRmYTEtZTkzOC00Y2QyLTlhODkt
MjkwNjJlODcwYjY0LzEvTUNHdXU3dm13ZDBnbTRVUmw0c25qNlI4RzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yOTRmYTEtZTkzOC00Y2QyLTlhODktMjkwNjJlODcwYjY0
LzEvOGl2dFB6Zk5jb0psRWNWMFZnM3JWVlFsVU9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLhawAwQC
w70UMA0GCSqGSIb3DQEBCwUAA4IBAQBnxf7y5+nP/LV7liudg3UU8Be59cLeAkAW
2TSgfd9QKw8d9XORRhdUjr2hhwbbkOYK0HCcFvA2cAdJBGtLdDDM5fr4+JmoSQUq
lRnp14EQ3NrCIB0/Qpjh87A/ckqW/86zqo4I3Oi9cq57wkAlNuJPJudW9p4/d5El
p5jWOYUZwltp58c7qFFQCnsAOMUnL7u/51Ty1tIzSIuoDQxgDHFbt1LvDxUfSsoL
K5cn34O5ozgnKCvRJvtV6nCr3lb6lUASa7d99NlgepjEkw7W89UDEBJZsN7pw77S
DyohegdlwbOSB6Wxw4KPdKR0aONrKyU2PkllDl8mL1+m0TqCGYb/
-----END CERTIFICATE-----