Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/MnJS7SM5UxjLIeaH7GGaWbbYD7E.roa
File:                     MnJS7SM5UxjLIeaH7GGaWbbYD7E.roa (raw, json)
Hash identifier:          iG1jQ9wKRqYBodT8kCO86hp4kIeOl4QmYiwtWXrfuXI=
Subject key identifier:   32:72:52:ED:23:39:53:18:CB:21:E6:87:EC:61:9A:59:B6:D8:0F:B1
Certificate issuer:       /CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
Certificate serial:       018CC72710BEB9C8C0EDCBD4576687F32402
Authority key identifier: CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/MnJS7SM5UxjLIeaH7GGaWbbYD7E.roa
Signing time:             Mon 01 Jan 2024 22:31:15 +0000
ROA not before:           Mon 01 Jan 2024 22:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.33.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:10:be:b9:c8:c0:ed:cb:d4:57:66:87:f3:24:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
        Validity
            Not Before: Jan  1 22:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327252ed23395318cb21e687ec619a59b6d80fb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:72:ff:d3:d2:4e:e7:3f:bb:16:b5:b6:da:90:
                    fc:e7:1d:8b:8e:15:dd:e7:d2:d4:9e:6d:7a:38:54:
                    fc:f5:e4:1f:5b:98:04:13:c5:64:ab:d1:b0:3a:00:
                    45:4a:ad:1d:af:ba:a1:92:4b:e1:2c:d5:e5:51:a0:
                    3a:00:3d:91:ba:60:18:db:3d:38:68:ef:7c:10:2b:
                    5c:98:b4:13:40:25:84:70:80:21:6f:b3:59:df:11:
                    1d:42:c3:cd:c4:cd:fb:0c:a4:0a:03:72:14:4a:2e:
                    98:84:77:19:f7:38:59:b6:61:3f:2b:74:ae:1f:af:
                    39:2c:dd:63:91:36:71:bc:00:f2:26:20:ab:48:bd:
                    15:1a:94:43:71:30:12:9c:b5:3a:a6:b5:be:e9:c8:
                    e4:a6:44:a6:98:36:fb:6d:ac:4f:f2:a4:bb:9d:27:
                    cc:f6:ff:a4:5b:65:47:00:35:b4:2e:05:db:d2:8e:
                    54:fa:cf:e7:3e:99:22:e8:26:50:09:54:d8:2b:ad:
                    96:4b:f3:42:7e:42:cb:a7:45:0b:1a:81:d8:31:d8:
                    15:a3:34:5d:44:6f:94:29:59:ff:2f:63:62:7a:96:
                    95:7f:cf:cf:92:62:26:b4:70:08:bc:2b:33:ad:62:
                    60:b4:d8:de:b4:72:2a:80:55:42:72:48:a8:4e:80:
                    ea:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:72:52:ED:23:39:53:18:CB:21:E6:87:EC:61:9A:59:B6:D8:0F:B1
            X509v3 Authority Key Identifier:
                keyid:CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/MnJS7SM5UxjLIeaH7GGaWbbYD7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:9b:41:0e:3a:3b:0f:7a:fb:b7:9d:84:2f:62:49:f6:6c:39:
         f1:1c:60:83:66:33:6e:76:37:81:4d:8c:2b:41:ac:45:10:2f:
         58:cc:55:b6:06:b6:bd:96:75:dc:61:f5:f9:19:f3:3a:8e:28:
         22:0d:af:6f:6e:77:c3:44:8d:5c:42:14:18:f2:f7:09:ad:34:
         54:9b:ef:68:25:47:e0:12:f6:11:d5:6a:36:f8:fd:a1:03:18:
         13:a2:cf:20:bd:02:c4:8a:07:09:37:12:97:9b:ed:1b:9c:e2:
         7f:41:10:e4:d7:56:52:dc:95:75:8d:ee:72:5a:3c:39:30:3b:
         8d:7f:83:8b:10:af:73:d7:86:2e:08:de:88:d3:23:11:75:ce:
         fb:16:69:19:7d:a4:6e:db:97:f4:83:d8:c8:dc:8d:15:6e:76:
         59:df:f1:9e:cf:4c:12:89:32:5c:4b:5f:bb:d5:85:3a:4f:fa:
         c8:a4:13:2e:03:80:ca:3f:7a:cb:77:99:d1:be:27:19:97:10:
         cb:66:c8:51:1e:10:74:ba:bd:51:51:c7:e9:cb:1e:14:59:f3:
         aa:ea:51:cd:fc:4f:2d:e1:9d:70:09:64:ef:ef:d6:58:43:17:
         27:50:9c:c7:a7:c5:b8:52:47:0f:32:61:81:21:ff:05:c9:aa:
         a3:45:c0:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxC+ucjA7cvUV2aH8yQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhM2I4NmU2NTQ3MGY5OTRkZmE2ZDZmZWU4ZTI2NGRiNjJl
MjRhZjkwHhcNMjQwMTAxMjIzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjcyNTJlZDIzMzk1MzE4Y2IyMWU2ODdlYzYxOWE1OWI2ZDgwZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3L/09JO5z+7FrW22pD85x2LjhXd
59LUnm16OFT89eQfW5gEE8Vkq9GwOgBFSq0dr7qhkkvhLNXlUaA6AD2RumAY2z04
aO98ECtcmLQTQCWEcIAhb7NZ3xEdQsPNxM37DKQKA3IUSi6YhHcZ9zhZtmE/K3Su
H685LN1jkTZxvADyJiCrSL0VGpRDcTASnLU6prW+6cjkpkSmmDb7baxP8qS7nSfM
9v+kW2VHADW0LgXb0o5U+s/nPpki6CZQCVTYK62WS/NCfkLLp0ULGoHYMdgVozRd
RG+UKVn/L2NiepaVf8/PkmImtHAIvCszrWJgtNjetHIqgFVCckioToDq0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJyUu0jOVMYyyHmh+xhmlm22A+xMB8GA1UdIwQY
MBaAFMo7huZUcPmU36bW/ujiZNti4kr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgt
OTUzMWQyNGUwNjEwLzEvTW5KUzdTTTVVeGpMSWVhSDdHR2FXYmJZRDdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgtOTUzMWQyNGUwNjEw
LzEveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSE+MA0G
CSqGSIb3DQEBCwUAA4IBAQCMm0EOOjsPevu3nYQvYkn2bDnxHGCDZjNudjeBTYwr
QaxFEC9YzFW2Bra9lnXcYfX5GfM6jigiDa9vbnfDRI1cQhQY8vcJrTRUm+9oJUfg
EvYR1Wo2+P2hAxgTos8gvQLEigcJNxKXm+0bnOJ/QRDk11ZS3JV1je5yWjw5MDuN
f4OLEK9z14YuCN6I0yMRdc77FmkZfaRu25f0g9jI3I0VbnZZ3/Gez0wSiTJcS1+7
1YU6T/rIpBMuA4DKP3rLd5nRvicZlxDLZshRHhB0ur1RUcfpyx4UWfOq6lHN/E8t
4Z1wCWTv79ZYQxcnUJzHp8W4UkcPMmGBIf8FyaqjRcBy
-----END CERTIFICATE-----