Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/MPoBn62aJcWRZREL6bYSr3u0Ufg.roa
File:                     MPoBn62aJcWRZREL6bYSr3u0Ufg.roa (raw, json)
Hash identifier:          DW85oTtl1k7coMlzptdYrEA/eF+wu9PgyL8e1/UZJmQ=
Subject key identifier:   30:FA:01:9F:AD:9A:25:C5:91:65:11:0B:E9:B6:12:AF:7B:B4:51:F8
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       018CC3B747DDE058DDC598A8A0E535642E7F
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/MPoBn62aJcWRZREL6bYSr3u0Ufg.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59476
IP address blocks:        176.99.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:dd:e0:58:dd:c5:98:a8:a0:e5:35:64:2e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30fa019fad9a25c59165110be9b612af7bb451f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:da:aa:4e:46:49:0c:f2:d9:47:18:66:7f:38:
                    ef:83:28:0b:ba:c1:0a:ab:ec:c5:59:0b:da:b1:dc:
                    65:19:be:98:0f:d5:a3:cd:2d:db:73:ca:a8:47:4a:
                    6c:d5:d0:18:1d:88:75:dc:f6:52:4a:c1:c7:01:0b:
                    64:55:72:c0:d9:e2:75:96:9a:d4:4c:a0:9f:84:40:
                    99:bc:49:b1:15:21:11:0f:39:16:fb:c5:e4:20:50:
                    13:6e:5a:83:f6:38:bb:0c:ee:0b:c6:b3:dd:cf:6e:
                    86:63:aa:80:cf:a9:d6:25:36:af:f8:95:bd:97:90:
                    f7:d4:72:cf:cd:5d:33:e6:b4:10:79:94:1c:8a:95:
                    d4:29:7c:a8:fb:1d:56:e3:10:8b:d0:1e:97:b3:71:
                    75:27:d2:02:fa:08:3e:24:70:d5:a7:c5:7d:73:d4:
                    c9:73:f3:ca:d2:91:62:59:9d:e4:dd:9a:71:79:0e:
                    2d:ca:16:34:f1:50:b0:ce:da:72:bd:9e:5a:4c:d0:
                    24:87:2b:90:b5:30:39:c3:a7:e7:a4:c2:37:f0:1c:
                    92:2a:6e:c9:b6:54:81:1d:d2:bd:f0:87:cc:df:4a:
                    bf:50:38:58:b7:84:eb:c4:f7:ad:2c:85:3d:48:d7:
                    26:62:b0:48:f0:d2:69:06:54:34:a4:e8:88:42:c6:
                    c9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:FA:01:9F:AD:9A:25:C5:91:65:11:0B:E9:B6:12:AF:7B:B4:51:F8
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/MPoBn62aJcWRZREL6bYSr3u0Ufg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.99.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bb:67:61:4a:80:6c:3f:11:97:82:42:17:14:ac:2e:5a:54:c8:
         ed:70:e7:1f:cf:3d:f6:e8:fb:50:81:8d:57:be:ce:5b:b9:b8:
         53:d6:9a:f3:4f:64:1d:24:21:36:25:46:8c:3e:43:b9:66:85:
         87:d8:13:ec:77:de:b3:03:5c:5e:70:22:2b:ad:98:1c:34:38:
         b6:52:b6:91:d4:76:b4:34:61:bb:26:ad:0d:e1:db:2f:fc:2a:
         5c:e8:c9:4a:78:97:df:09:a8:ea:9e:c7:a1:f8:41:ee:b2:f1:
         a1:0c:4d:14:f8:15:26:32:75:fd:fe:6c:9f:a2:01:bf:e9:9f:
         be:53:9d:f7:ac:94:a0:3c:b4:7e:37:9f:ed:cf:8a:69:c9:91:
         20:fb:fd:e5:17:ba:35:68:d5:51:10:32:cb:fa:0e:fd:1e:9e:
         22:e8:d5:9b:16:19:a7:4a:f2:6a:50:42:89:65:97:d8:23:32:
         d5:06:37:fb:c5:71:50:71:36:27:3a:eb:08:52:47:10:6f:24:
         d6:9f:54:55:09:69:0b:12:49:da:1d:15:67:4e:81:d3:96:5d:
         26:58:0a:ed:eb:1f:ff:17:e9:04:2f:78:ac:24:f8:a3:e2:42:
         97:e5:10:61:7d:c8:6b:83:cc:c7:a2:d4:8c:54:0f:da:6e:39:
         05:31:1f:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0fd4FjdxZiooOU1ZC5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGZhMDE5ZmFkOWEyNWM1OTE2NTExMGJlOWI2MTJhZjdiYjQ1MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdqqTkZJDPLZRxhmfzjvgygLusEK
q+zFWQvasdxlGb6YD9WjzS3bc8qoR0ps1dAYHYh13PZSSsHHAQtkVXLA2eJ1lprU
TKCfhECZvEmxFSERDzkW+8XkIFATblqD9ji7DO4LxrPdz26GY6qAz6nWJTav+JW9
l5D31HLPzV0z5rQQeZQcipXUKXyo+x1W4xCL0B6Xs3F1J9IC+gg+JHDVp8V9c9TJ
c/PK0pFiWZ3k3ZpxeQ4tyhY08VCwztpyvZ5aTNAkhyuQtTA5w6fnpMI38BySKm7J
tlSBHdK98IfM30q/UDhYt4TrxPetLIU9SNcmYrBI8NJpBlQ0pOiIQsbJIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDD6AZ+tmiXFkWURC+m2Eq97tFH4MB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvTVBvQm42MmFKY1dSWlJFTDZiWVNyM3UwVWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGM4MA0G
CSqGSIb3DQEBCwUAA4IBAQC7Z2FKgGw/EZeCQhcUrC5aVMjtcOcfzz326PtQgY1X
vs5bubhT1przT2QdJCE2JUaMPkO5ZoWH2BPsd96zA1xecCIrrZgcNDi2UraR1Ha0
NGG7Jq0N4dsv/Cpc6MlKeJffCajqnseh+EHusvGhDE0U+BUmMnX9/myfogG/6Z++
U533rJSgPLR+N5/tz4ppyZEg+/3lF7o1aNVREDLL+g79Hp4i6NWbFhmnSvJqUEKJ
ZZfYIzLVBjf7xXFQcTYnOusIUkcQbyTWn1RVCWkLEknaHRVnToHTll0mWArt6x//
F+kEL3isJPij4kKX5RBhfchrg8zHotSMVA/abjkFMR9i
-----END CERTIFICATE-----