Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/MDA_A-VaNck0MaUysMae8bWl7Aw.roa
File:                     MDA_A-VaNck0MaUysMae8bWl7Aw.roa (raw, json)
Hash identifier:          e6gWd82jNXlbvL7/IcI1+GM6owV57kRyo4Y8ze6V+c0=
Subject key identifier:   30:30:3F:03:E5:5A:35:C9:34:31:A5:32:B0:C6:9E:F1:B5:A5:EC:0C
Certificate issuer:       /CN=ec65d31440bf75d25c606f7915c236ca614464a2
Certificate serial:       018CC26D10CCAC92835CC27AD386F291EF8E
Authority key identifier: EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/MDA_A-VaNck0MaUysMae8bWl7Aw.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205257
IP address blocks:        185.80.33.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:cc:ac:92:83:5c:c2:7a:d3:86:f2:91:ef:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec65d31440bf75d25c606f7915c236ca614464a2
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30303f03e55a35c93431a532b0c69ef1b5a5ec0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:18:a0:d4:04:83:b8:b0:c1:74:7a:88:d4:e1:
                    48:22:d0:fa:76:a4:c2:68:2b:96:cf:2c:74:40:3a:
                    b7:c7:0a:8f:69:aa:b4:1e:a6:28:80:4b:f3:aa:cb:
                    bb:20:68:da:72:49:32:bd:d7:1e:0e:d3:c1:df:a6:
                    88:bd:f1:14:2a:79:19:d2:c5:9f:76:1b:00:fc:63:
                    5b:cc:32:89:71:42:60:6e:4f:b0:3e:f5:91:44:5c:
                    50:07:91:2e:cb:ea:0f:97:b0:cb:e8:96:0b:01:f2:
                    ac:83:be:fd:d0:56:34:c9:a6:dd:96:40:25:44:a2:
                    7c:5e:0c:73:e6:df:86:61:db:b8:4d:34:44:bd:1e:
                    8f:ac:5d:da:40:29:93:57:9c:e7:5c:e1:24:97:35:
                    6c:66:87:be:ce:9a:14:b3:8b:62:e6:5f:74:9d:9c:
                    c2:71:2f:ed:e2:14:80:34:93:43:68:45:87:00:7b:
                    8d:21:45:fd:d2:07:7b:04:01:53:0b:7b:4b:91:ad:
                    dd:27:67:56:f0:94:53:2d:02:a1:89:4d:c5:11:83:
                    73:71:04:28:51:8d:50:06:b0:2c:56:9b:1e:5f:aa:
                    e5:69:d7:69:13:dc:26:8b:5e:62:f9:4d:fe:be:6c:
                    20:8b:2b:24:b7:4f:bc:03:d6:04:8c:a4:b5:9b:19:
                    ac:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:30:3F:03:E5:5A:35:C9:34:31:A5:32:B0:C6:9E:F1:B5:A5:EC:0C
            X509v3 Authority Key Identifier:
                keyid:EC:65:D3:14:40:BF:75:D2:5C:60:6F:79:15:C2:36:CA:61:44:64:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GXTFEC_ddJcYG95FcI2ymFEZKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/MDA_A-VaNck0MaUysMae8bWl7Aw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2a6df5-8236-412d-ad79-e29589e8964a/1/7GXTFEC_ddJcYG95FcI2ymFEZKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:34:69:dc:62:da:32:65:4c:2e:15:81:66:b1:db:ff:db:ba:
         c5:7f:6d:86:51:0e:b4:d7:06:3b:ac:5d:ab:c1:6f:fd:03:c4:
         88:bf:01:f9:3e:2e:d1:1e:4b:25:09:7f:4c:13:1f:fb:f7:5d:
         60:c8:df:67:1b:d2:11:1a:b8:2a:5d:17:e7:66:93:91:dc:3c:
         b6:31:a7:03:2c:58:70:4c:64:b0:1a:17:03:1a:c0:61:85:5d:
         48:fc:04:7d:99:b3:5e:ac:59:fd:57:c3:d2:71:7d:b3:cb:73:
         d1:3b:09:bf:fc:4f:dd:77:4b:da:4a:97:51:8e:b1:c5:d8:c8:
         3a:51:09:24:b6:88:63:ca:f2:66:0a:32:38:bf:20:ff:56:be:
         ac:85:20:1c:dc:e7:7c:ff:ca:e6:91:68:ea:7d:cc:b1:ed:30:
         74:49:fc:b9:42:50:6b:57:06:c1:2d:85:4e:20:a7:f7:f5:db:
         49:db:b6:9c:3b:3e:f6:28:1d:bb:fe:5e:90:2b:a0:96:0e:4b:
         2b:00:00:c7:73:da:2c:02:a5:10:75:ca:81:e1:ae:18:d6:a5:
         b9:3f:e3:9c:20:fc:55:c2:e0:59:52:0b:02:85:5e:c9:1d:ce:
         69:c4:8b:d9:0a:98:ce:e2:55:16:89:a4:c8:0d:5f:9b:d0:14:
         49:e2:d5:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRDMrJKDXMJ604byke+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNjVkMzE0NDBiZjc1ZDI1YzYwNmY3OTE1YzIzNmNhNjE0
NDY0YTIwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMwM2YwM2U1NWEzNWM5MzQzMWE1MzJiMGM2OWVmMWI1YTVlYzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBig1ASDuLDBdHqI1OFIItD6dqTC
aCuWzyx0QDq3xwqPaaq0HqYogEvzqsu7IGjackkyvdceDtPB36aIvfEUKnkZ0sWf
dhsA/GNbzDKJcUJgbk+wPvWRRFxQB5Euy+oPl7DL6JYLAfKsg7790FY0yabdlkAl
RKJ8Xgxz5t+GYdu4TTREvR6PrF3aQCmTV5znXOEklzVsZoe+zpoUs4ti5l90nZzC
cS/t4hSANJNDaEWHAHuNIUX90gd7BAFTC3tLka3dJ2dW8JRTLQKhiU3FEYNzcQQo
UY1QBrAsVpseX6rladdpE9wmi15i+U3+vmwgiyskt0+8A9YEjKS1mxmslwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAwPwPlWjXJNDGlMrDGnvG1pewMMB8GA1UdIwQY
MBaAFOxl0xRAv3XSXGBveRXCNsphRGSiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzkt
ZTI5NTg5ZTg5NjRhLzEvTURBX0EtVmFOY2swTWFVeXNNYWU4YldsN0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yYTZkZjUtODIzNi00MTJkLWFkNzktZTI5NTg5ZTg5NjRh
LzEvN0dYVEZFQ19kZEpjWUc5NUZjSTJ5bUZFWktJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVAhMA0G
CSqGSIb3DQEBCwUAA4IBAQAfNGncYtoyZUwuFYFmsdv/27rFf22GUQ601wY7rF2r
wW/9A8SIvwH5Pi7RHkslCX9MEx/7911gyN9nG9IRGrgqXRfnZpOR3Dy2MacDLFhw
TGSwGhcDGsBhhV1I/AR9mbNerFn9V8PScX2zy3PROwm//E/dd0vaSpdRjrHF2Mg6
UQkktohjyvJmCjI4vyD/Vr6shSAc3Od8/8rmkWjqfcyx7TB0Sfy5QlBrVwbBLYVO
IKf39dtJ27acOz72KB27/l6QK6CWDksrAADHc9osAqUQdcqB4a4Y1qW5P+OcIPxV
wuBZUgsChV7JHc5pxIvZCpjO4lUWiaTIDV+b0BRJ4tXY
-----END CERTIFICATE-----