Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/1-mcK9Gsw5V9poIuyO2hNOILm7cE.roa
File:                     1-mcK9Gsw5V9poIuyO2hNOILm7cE.roa (raw, json)
Hash identifier:          XOBFCFel/Rob2VQ7PXBqbqLsRypyTBakHXAwZghaFS0=
Subject key identifier:   FA:67:0A:F4:6B:30:E5:5F:69:A0:8B:B2:3B:68:4D:38:82:E6:ED:C1
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DACEB4424A5F9DA43E1406FEB235
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/1-mcK9Gsw5V9poIuyO2hNOILm7cE.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56382
IP address blocks:        45.14.69.0/24 maxlen: 24
                          185.255.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:da:ce:b4:42:4a:5f:9d:a4:3e:14:06:fe:b2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa670af46b30e55f69a08bb23b684d3882e6edc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:17:a0:77:63:28:14:6d:46:1e:e9:25:78:32:
                    b4:13:18:13:a0:96:b8:01:e1:2c:bb:35:c8:6d:bc:
                    af:97:b7:54:c5:4f:8f:66:d2:1e:3b:13:37:84:70:
                    ae:7e:7a:19:83:25:ef:8e:87:7a:bb:74:68:d3:03:
                    47:e5:1d:d3:09:17:c6:0a:d1:0f:ed:0c:f1:d9:1b:
                    9f:a1:ca:08:8a:5e:3f:df:4f:82:9e:d1:27:4b:d9:
                    57:19:e2:34:68:2c:3f:72:de:e7:5b:8a:6f:c9:17:
                    dc:d4:ae:64:da:8a:ff:ca:00:bc:9f:ba:bd:fd:25:
                    38:92:05:2b:0e:ec:0f:d5:5f:2c:0c:ba:2a:a1:9b:
                    83:aa:85:a7:6a:9a:d1:1f:12:15:f9:d5:71:83:d2:
                    b4:29:fc:57:34:c9:87:be:6b:cc:fd:85:46:a1:35:
                    f6:14:77:ad:7e:4f:d6:79:59:e6:69:9f:93:85:37:
                    3d:e0:e4:ad:f9:4b:5c:62:38:66:66:c9:15:75:36:
                    03:82:c8:f8:35:2d:97:77:d2:03:6a:ba:0d:76:7c:
                    b7:48:23:21:77:5d:4a:b6:3f:92:da:86:9d:c1:a2:
                    c1:c6:b2:34:f3:fe:9a:95:1e:47:84:44:e4:fc:41:
                    8e:e1:7d:08:15:6d:0f:7d:ec:cb:43:5c:b6:a5:5f:
                    e9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:67:0A:F4:6B:30:E5:5F:69:A0:8B:B2:3B:68:4D:38:82:E6:ED:C1
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/1-mcK9Gsw5V9poIuyO2hNOILm7cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.69.0/24
                  185.255.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:f0:1a:8e:f6:27:66:d0:8b:ad:7c:bd:d3:99:8a:9d:d3:6b:
         11:ce:d4:7a:7e:bd:50:2d:fb:f4:b8:93:ba:88:df:33:38:cf:
         a5:02:0e:bc:19:6c:91:c1:ba:fc:29:86:67:c1:65:52:97:ff:
         f8:42:40:41:b7:49:55:f2:b8:e0:47:61:a7:25:ee:66:a3:56:
         9f:63:4e:84:db:bc:bb:ac:57:42:c6:29:b9:c1:43:66:ec:1b:
         79:47:81:ee:33:e0:d6:1a:5c:7f:60:77:98:f9:3c:3f:fa:25:
         7e:6d:62:8e:88:6b:f3:85:ef:f2:87:08:c8:71:8c:81:fa:2f:
         97:99:3e:20:08:0a:d0:e4:86:b5:2b:c2:e8:33:c5:39:65:0e:
         61:cc:93:c1:d5:31:12:7c:0e:34:05:1c:00:bc:48:71:2a:c4:
         65:68:cf:a0:c6:03:f5:26:dc:86:76:ac:0b:cd:b5:56:34:f4:
         38:22:16:c9:e1:6f:c0:c7:59:3e:cf:1e:c6:e6:6c:94:98:2c:
         4f:78:ed:53:0f:50:e8:47:ee:60:a1:8d:07:d2:62:82:22:7c:
         f9:de:e6:c6:9d:17:6a:4a:3b:db:64:6d:84:26:76:4b:60:ff:
         95:fe:1d:b8:b5:fa:9a:73:7b:26:e0:c4:88:66:4c:e4:85:ac:
         43:35:4e:02
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzIAdrOtEJKX52kPhQG/rI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTY3MGFmNDZiMzBlNTVmNjlhMDhiYjIzYjY4NGQzODgyZTZlZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRegd2MoFG1GHukleDK0ExgToJa4
AeEsuzXIbbyvl7dUxU+PZtIeOxM3hHCufnoZgyXvjod6u3Ro0wNH5R3TCRfGCtEP
7Qzx2RufocoIil4/30+CntEnS9lXGeI0aCw/ct7nW4pvyRfc1K5k2or/ygC8n7q9
/SU4kgUrDuwP1V8sDLoqoZuDqoWnaprRHxIV+dVxg9K0KfxXNMmHvmvM/YVGoTX2
FHetfk/WeVnmaZ+ThTc94OSt+UtcYjhmZskVdTYDgsj4NS2Xd9IDaroNdny3SCMh
d11Ktj+S2oadwaLBxrI08/6alR5HhETk/EGO4X0IFW0PfezLQ1y2pV/pbQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPpnCvRrMOVfaaCLsjtoTTiC5u3BMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvMS1tY0s5R3N3NVY5cG9JdXlPMmhOT0lMbTdjRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODcvOTMxOTI3LTlmMzgtNDFiNi04N2ZhLTI1NGFjZDkyYjRl
MS8xL3BYYnJMTVJpNXVTX0RlYWJuMk5JZGQ2N3F1SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC0ORQME
ALn/NDANBgkqhkiG9w0BAQsFAAOCAQEAZvAajvYnZtCLrXy905mKndNrEc7Uen69
UC379LiTuojfMzjPpQIOvBlskcG6/CmGZ8FlUpf/+EJAQbdJVfK44EdhpyXuZqNW
n2NOhNu8u6xXQsYpucFDZuwbeUeB7jPg1hpcf2B3mPk8P/olfm1ijohr84Xv8ocI
yHGMgfovl5k+IAgK0OSGtSvC6DPFOWUOYcyTwdUxEnwONAUcALxIcSrEZWjPoMYD
9SbchnasC821VjT0OCIWyeFvwMdZPs8exuZslJgsT3jtUw9Q6EfuYKGNB9JigiJ8
+d7mxp0Xako722RthCZ2S2D/lf4duLX6mnN7JuDEiGZM5IWsQzVOAg==
-----END CERTIFICATE-----