Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/MTuwmq70VyvKNrrrj3bqTZKCjq4.roa
File:                     MTuwmq70VyvKNrrrj3bqTZKCjq4.roa (raw, json)
Hash identifier:          Sk2sKinrFYXLhITq8cYjeAUCzoyYxB4aE81mM2Vn5Ss=
Subject key identifier:   31:3B:B0:9A:AE:F4:57:2B:CA:36:BA:EB:8F:76:EA:4D:92:82:8E:AE
Certificate issuer:       /CN=8888818c4ecf1d5deb4ea93667470a7a114d9a07
Certificate serial:       018CC94CCB95E34E07A0497D3A8E5717E6D5
Authority key identifier: 88:88:81:8C:4E:CF:1D:5D:EB:4E:A9:36:67:47:0A:7A:11:4D:9A:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iIiBjE7PHV3rTqk2Z0cKehFNmgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/MTuwmq70VyvKNrrrj3bqTZKCjq4.roa
Signing time:             Tue 02 Jan 2024 08:31:42 +0000
ROA not before:           Tue 02 Jan 2024 08:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        192.33.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/iIiBjE7PHV3rTqk2Z0cKehFNmgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/iIiBjE7PHV3rTqk2Z0cKehFNmgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iIiBjE7PHV3rTqk2Z0cKehFNmgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:cb:95:e3:4e:07:a0:49:7d:3a:8e:57:17:e6:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8888818c4ecf1d5deb4ea93667470a7a114d9a07
        Validity
            Not Before: Jan  2 08:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=313bb09aaef4572bca36baeb8f76ea4d92828eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fd:7f:ba:e4:ff:9d:67:98:ee:fb:5a:0e:65:
                    7e:30:ff:e1:37:2e:35:f7:35:f3:bd:d3:26:59:d5:
                    69:77:5b:e6:4b:25:b5:86:d5:69:32:b3:12:ca:99:
                    b4:09:c3:2b:ce:88:a4:53:17:14:a1:11:d0:ba:f0:
                    a5:41:fa:d9:80:7c:4f:ce:8d:55:0f:9d:e3:72:bb:
                    04:46:ac:9b:39:fd:e2:43:ae:f2:2d:90:03:d7:00:
                    85:ca:46:eb:e0:98:7c:9c:87:4d:89:46:77:da:52:
                    f4:7e:c4:f0:e0:40:2d:e6:8e:fd:8a:1a:a7:3f:af:
                    b0:29:6c:d4:e6:68:0f:f5:5d:14:7b:8f:75:0d:a4:
                    7c:c9:de:a9:63:d8:3a:dd:71:07:66:2a:14:75:32:
                    ad:63:b1:5c:26:61:55:e8:9f:98:2b:5c:68:d2:0e:
                    16:34:e4:12:d0:1d:54:46:60:7c:ed:e4:f1:7e:67:
                    1d:83:dc:01:4b:be:ed:6c:a5:41:22:5a:ae:79:0b:
                    44:40:ae:bc:97:20:88:c0:f7:44:e8:75:cf:08:39:
                    2c:3a:f7:3f:85:ab:10:77:b4:e2:2a:d2:ab:75:37:
                    93:d3:c3:3b:c8:26:1c:1f:41:41:e5:d2:41:03:a1:
                    46:88:c8:78:62:75:f7:f0:d6:82:46:3e:a6:57:a3:
                    b2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:3B:B0:9A:AE:F4:57:2B:CA:36:BA:EB:8F:76:EA:4D:92:82:8E:AE
            X509v3 Authority Key Identifier:
                keyid:88:88:81:8C:4E:CF:1D:5D:EB:4E:A9:36:67:47:0A:7A:11:4D:9A:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iIiBjE7PHV3rTqk2Z0cKehFNmgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/MTuwmq70VyvKNrrrj3bqTZKCjq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c9ebb2-851d-4578-a879-c29bf25d266e/1/iIiBjE7PHV3rTqk2Z0cKehFNmgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.33.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:3e:5f:7a:13:ab:c8:89:ed:4b:17:b1:3c:1c:03:eb:8e:36:
         73:6b:b3:33:25:e5:94:f9:74:31:c2:22:ab:1d:d5:99:d4:e3:
         41:67:03:24:b6:48:2c:10:17:aa:e2:cf:79:7e:f2:d3:5e:df:
         75:e6:d9:5f:15:c5:95:c4:62:bd:44:b0:a1:2e:5d:20:1c:0a:
         68:e2:e2:c5:e6:81:06:03:8c:62:f8:29:74:bc:4b:2a:e4:bf:
         f3:09:50:fc:72:3b:7b:36:df:5e:dc:2e:7a:b5:6c:07:36:7d:
         a9:97:b5:c3:59:90:9c:03:4d:d0:5b:0d:57:fd:9f:e6:e6:e9:
         77:5a:86:b3:7c:90:6b:dc:c7:90:90:a2:ed:0d:35:ef:2e:0a:
         3b:f5:4f:9e:f1:4d:b4:ee:47:71:0e:f9:fb:ec:3c:5d:55:60:
         db:96:01:28:c1:b4:0d:85:60:49:24:1a:1c:b1:0f:5b:8a:21:
         66:ba:ea:f1:54:f5:04:28:da:19:94:9c:1f:78:aa:c6:ee:6f:
         94:6a:76:3b:9f:e2:ab:3a:bf:61:10:d6:25:38:a5:01:3d:a5:
         d7:7d:5b:b7:3e:59:cb:44:44:11:99:35:0f:4f:e5:e0:bf:9a:
         2d:4e:41:27:1c:d2:65:89:72:91:69:53:5d:88:d3:4e:b4:26:
         c4:f3:9d:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTMuV404HoEl9Oo5XF+bVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ODg4MThjNGVjZjFkNWRlYjRlYTkzNjY3NDcwYTdhMTE0
ZDlhMDcwHhcNMjQwMTAyMDgzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTNiYjA5YWFlZjQ1NzJiY2EzNmJhZWI4Zjc2ZWE0ZDkyODI4ZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf1/uuT/nWeY7vtaDmV+MP/hNy41
9zXzvdMmWdVpd1vmSyW1htVpMrMSypm0CcMrzoikUxcUoRHQuvClQfrZgHxPzo1V
D53jcrsERqybOf3iQ67yLZAD1wCFykbr4Jh8nIdNiUZ32lL0fsTw4EAt5o79ihqn
P6+wKWzU5mgP9V0Ue491DaR8yd6pY9g63XEHZioUdTKtY7FcJmFV6J+YK1xo0g4W
NOQS0B1URmB87eTxfmcdg9wBS77tbKVBIlqueQtEQK68lyCIwPdE6HXPCDksOvc/
hasQd7TiKtKrdTeT08M7yCYcH0FB5dJBA6FGiMh4YnX38NaCRj6mV6OyqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDE7sJqu9Fcryja664926k2Sgo6uMB8GA1UdIwQY
MBaAFIiIgYxOzx1d606pNmdHCnoRTZoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUlpQmpFN1BIVjNyVHFrMlowY0tlaEZObWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOWViYjItODUxZC00NTc4LWE4Nzkt
YzI5YmYyNWQyNjZlLzEvTVR1d21xNzBWeXZLTnJycmozYnFUWktDanE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOWViYjItODUxZC00NTc4LWE4NzktYzI5YmYyNWQyNjZl
LzEvaUlpQmpFN1BIVjNyVHFrMlowY0tlaEZObWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCHdMA0G
CSqGSIb3DQEBCwUAA4IBAQBpPl96E6vIie1LF7E8HAPrjjZza7MzJeWU+XQxwiKr
HdWZ1ONBZwMktkgsEBeq4s95fvLTXt915tlfFcWVxGK9RLChLl0gHApo4uLF5oEG
A4xi+Cl0vEsq5L/zCVD8cjt7Nt9e3C56tWwHNn2pl7XDWZCcA03QWw1X/Z/m5ul3
WoazfJBr3MeQkKLtDTXvLgo79U+e8U207kdxDvn77DxdVWDblgEowbQNhWBJJBoc
sQ9biiFmuurxVPUEKNoZlJwfeKrG7m+UanY7n+KrOr9hENYlOKUBPaXXfVu3PlnL
REQRmTUPT+Xgv5otTkEnHNJliXKRaVNdiNNOtCbE852P
-----END CERTIFICATE-----