Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/9e36b2-3f2d-444f-9d3a-40bcb74e4c28/1/MLKJ5PvFrQ7spqXkbGjSgcpWFJ8.roa
File:                     MLKJ5PvFrQ7spqXkbGjSgcpWFJ8.roa (raw, json)
Hash identifier:          HGPsbuWm9TFeTwyytHi59XAW9Q1uut+5QXJDCkaqm6o=
Subject key identifier:   30:B2:89:E4:FB:C5:AD:0E:EC:A6:A5:E4:6C:68:D2:81:CA:56:14:9F
Certificate issuer:       /CN=623d8f99dfa3092d1f6757efacb49f9e00e6d4b9
Certificate serial:       018D6386831EFA90E62503BF5B85FB5846B4
Authority key identifier: 62:3D:8F:99:DF:A3:09:2D:1F:67:57:EF:AC:B4:9F:9E:00:E6:D4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yj2Pmd-jCS0fZ1fvrLSfngDm1Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/9e36b2-3f2d-444f-9d3a-40bcb74e4c28/1/MLKJ5PvFrQ7spqXkbGjSgcpWFJ8.roa
Signing time:             Thu 01 Feb 2024 07:16:16 +0000
ROA not before:           Thu 01 Feb 2024 07:16:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39568
IP address blocks:        185.157.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/9e36b2-3f2d-444f-9d3a-40bcb74e4c28/1/Yj2Pmd-jCS0fZ1fvrLSfngDm1Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/9e36b2-3f2d-444f-9d3a-40bcb74e4c28/1/Yj2Pmd-jCS0fZ1fvrLSfngDm1Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yj2Pmd-jCS0fZ1fvrLSfngDm1Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:63:86:83:1e:fa:90:e6:25:03:bf:5b:85:fb:58:46:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=623d8f99dfa3092d1f6757efacb49f9e00e6d4b9
        Validity
            Not Before: Feb  1 07:16:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30b289e4fbc5ad0eeca6a5e46c68d281ca56149f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d2:4b:dd:f5:ff:f2:1f:ce:7b:0a:65:cc:19:
                    48:72:28:54:71:77:d5:1b:13:40:54:25:2d:b9:0d:
                    33:fb:a0:59:6b:d0:48:27:a3:69:9b:0d:ba:a2:a8:
                    b2:d9:03:65:1b:7c:41:da:b8:a2:65:c4:48:b2:a9:
                    7a:41:a8:64:b6:98:77:dc:0e:15:10:14:9a:cb:38:
                    10:65:58:d1:b0:7f:23:7f:7c:30:b8:04:e6:da:57:
                    e2:ac:ff:59:4d:77:6c:6e:29:c8:be:0f:49:11:89:
                    78:fa:d7:46:96:5e:10:17:3b:75:e0:dc:4d:9d:99:
                    ed:43:79:25:bc:47:74:f8:04:dd:27:0a:8a:9a:5b:
                    b8:05:51:ad:eb:16:a8:54:be:2e:ae:ee:f6:cb:56:
                    7f:a2:c8:b4:44:a3:62:8c:8b:d0:cd:9a:62:8c:da:
                    50:e9:51:d2:a2:b2:a4:ec:b4:95:db:47:ab:95:56:
                    ad:99:97:54:c3:79:b1:22:95:d7:14:19:90:b0:75:
                    a4:4c:d8:2c:e0:a3:4e:f3:6c:77:fa:6e:35:d5:58:
                    f5:cc:ff:eb:12:d9:23:ab:fc:bf:e7:8a:30:3c:c8:
                    9c:c4:2b:e8:e8:70:f9:c8:98:2d:18:08:5f:ef:89:
                    75:2f:3f:2a:e7:37:c3:58:11:19:ff:24:b6:94:52:
                    b0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B2:89:E4:FB:C5:AD:0E:EC:A6:A5:E4:6C:68:D2:81:CA:56:14:9F
            X509v3 Authority Key Identifier:
                keyid:62:3D:8F:99:DF:A3:09:2D:1F:67:57:EF:AC:B4:9F:9E:00:E6:D4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yj2Pmd-jCS0fZ1fvrLSfngDm1Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/9e36b2-3f2d-444f-9d3a-40bcb74e4c28/1/MLKJ5PvFrQ7spqXkbGjSgcpWFJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/9e36b2-3f2d-444f-9d3a-40bcb74e4c28/1/Yj2Pmd-jCS0fZ1fvrLSfngDm1Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:8e:5a:dc:d5:4c:e7:bd:69:e5:90:78:89:33:e0:4d:35:04:
         74:ac:93:b0:ef:f0:dd:c7:24:cf:ae:05:30:b6:c3:7f:ea:b8:
         b6:b2:c3:2d:fe:f4:2f:62:32:f6:10:bb:d9:f6:4c:b9:22:f9:
         f4:ac:2a:04:88:86:32:52:17:0b:ec:25:06:2a:b6:36:c7:0e:
         14:93:5e:c0:ac:94:3b:34:d8:09:bd:e1:54:6f:79:13:0c:38:
         8b:06:1f:22:49:17:a4:4f:d7:7c:45:66:32:f3:38:15:a7:7f:
         4a:37:45:7b:a9:3e:53:15:96:2a:a4:1b:21:70:38:12:21:3b:
         f5:f6:7b:09:5c:f7:7d:b5:9b:46:af:fb:73:cc:ba:b5:d4:c6:
         c8:6f:99:b3:ef:3b:47:51:43:22:51:4c:9f:9a:c4:6d:6a:10:
         63:2f:89:e3:38:94:6a:63:10:8e:7d:b6:c5:28:5b:d8:69:77:
         9f:61:de:8f:c0:9a:5e:2d:75:f6:0b:b0:c0:52:54:51:fe:f9:
         5d:6d:00:4f:55:47:16:5a:54:77:f1:76:e5:c1:83:38:50:30:
         9f:b7:7a:67:d7:1f:bd:11:7a:6b:7b:18:4f:ac:2e:e8:d7:be:
         90:8c:d3:82:b0:73:e5:44:5f:29:d8:12:03:b6:f4:52:4b:b2:
         ef:b9:76:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1jhoMe+pDmJQO/W4X7WEa0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyM2Q4Zjk5ZGZhMzA5MmQxZjY3NTdlZmFjYjQ5ZjllMDBl
NmQ0YjkwHhcNMjQwMjAxMDcxNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGIyODllNGZiYzVhZDBlZWNhNmE1ZTQ2YzY4ZDI4MWNhNTYxNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dJL3fX/8h/OewplzBlIcihUcXfV
GxNAVCUtuQ0z+6BZa9BIJ6Npmw26oqiy2QNlG3xB2riiZcRIsql6Qahktph33A4V
EBSayzgQZVjRsH8jf3wwuATm2lfirP9ZTXdsbinIvg9JEYl4+tdGll4QFzt14NxN
nZntQ3klvEd0+ATdJwqKmlu4BVGt6xaoVL4uru72y1Z/osi0RKNijIvQzZpijNpQ
6VHSorKk7LSV20erlVatmZdUw3mxIpXXFBmQsHWkTNgs4KNO82x3+m411Vj1zP/r
Etkjq/y/54owPMicxCvo6HD5yJgtGAhf74l1Lz8q5zfDWBEZ/yS2lFKwiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCyieT7xa0O7Kal5Gxo0oHKVhSfMB8GA1UdIwQY
MBaAFGI9j5nfowktH2dX76y0n54A5tS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWoyUG1kLWpDUzBmWjFmdnJMU2ZuZ0RtMUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC85ZTM2YjItM2YyZC00NDRmLTlkM2Et
NDBiY2I3NGU0YzI4LzEvTUxLSjVQdkZyUTdzcHFYa2JHalNnY3BXRko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC85ZTM2YjItM2YyZC00NDRmLTlkM2EtNDBiY2I3NGU0YzI4
LzEvWWoyUG1kLWpDUzBmWjFmdnJMU2ZuZ0RtMUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ2LMA0G
CSqGSIb3DQEBCwUAA4IBAQBmjlrc1UznvWnlkHiJM+BNNQR0rJOw7/DdxyTPrgUw
tsN/6ri2ssMt/vQvYjL2ELvZ9ky5Ivn0rCoEiIYyUhcL7CUGKrY2xw4Uk17ArJQ7
NNgJveFUb3kTDDiLBh8iSRekT9d8RWYy8zgVp39KN0V7qT5TFZYqpBshcDgSITv1
9nsJXPd9tZtGr/tzzLq11MbIb5mz7ztHUUMiUUyfmsRtahBjL4njOJRqYxCOfbbF
KFvYaXefYd6PwJpeLXX2C7DAUlRR/vldbQBPVUcWWlR38XblwYM4UDCft3pn1x+9
EXprexhPrC7o176QjNOCsHPlRF8p2BIDtvRSS7LvuXa8
-----END CERTIFICATE-----