Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/MVI-szjf8jEosg5jzW7ps6FeDpY.roa
File:                     MVI-szjf8jEosg5jzW7ps6FeDpY.roa (raw, json)
Hash identifier:          1xlp6/7HRUqVMVkFv+bCDJBMpblNy6SZ7fofQwXvQYE=
Subject key identifier:   31:52:3E:B3:38:DF:F2:31:28:B2:0E:63:CD:6E:E9:B3:A1:5E:0E:96
Certificate issuer:       /CN=5806c809b7605f6d5ce127bd2d8b7674350b8b11
Certificate serial:       018E816024A6B96DF1A3BB4476CC8BD06D5A
Authority key identifier: 58:06:C8:09:B7:60:5F:6D:5C:E1:27:BD:2D:8B:76:74:35:0B:8B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbICbdgX21c4Se9LYt2dDULixE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/MVI-szjf8jEosg5jzW7ps6FeDpY.roa
Signing time:             Wed 27 Mar 2024 19:25:45 +0000
ROA not before:           Wed 27 Mar 2024 19:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47869
IP address blocks:        185.165.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/WAbICbdgX21c4Se9LYt2dDULixE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/WAbICbdgX21c4Se9LYt2dDULixE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbICbdgX21c4Se9LYt2dDULixE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:81:60:24:a6:b9:6d:f1:a3:bb:44:76:cc:8b:d0:6d:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806c809b7605f6d5ce127bd2d8b7674350b8b11
        Validity
            Not Before: Mar 27 19:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31523eb338dff23128b20e63cd6ee9b3a15e0e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:25:bd:b9:ec:d4:55:dd:65:c4:d0:ac:cc:6f:
                    85:a3:b8:37:92:96:d5:bf:82:1e:47:2d:f2:7a:6f:
                    82:be:3d:89:26:87:e7:43:64:94:cb:0d:6d:4d:23:
                    8b:f3:94:a3:c6:12:ca:06:3a:eb:c8:87:b4:87:6b:
                    2e:88:bd:b8:3a:4e:9b:eb:5d:67:0a:0c:ed:2f:36:
                    8f:fa:f4:31:db:b2:ec:0d:92:e2:7c:d0:7c:f8:67:
                    40:a4:0d:36:bd:40:9d:0a:bb:48:bc:7d:ac:f9:ea:
                    dc:5a:7b:43:e9:03:5f:48:0a:7d:17:99:17:84:4f:
                    e2:49:3e:bd:09:7a:9d:b2:ad:f5:5e:88:3e:ea:f5:
                    b6:38:ba:21:37:9a:64:a1:25:9c:28:51:fc:2f:95:
                    65:7d:f9:86:4a:fd:c9:25:d1:6f:f4:7a:d5:d5:5f:
                    e0:f0:3d:da:f7:28:aa:38:15:6b:ed:38:6b:6b:82:
                    1b:77:48:0a:5d:c1:da:db:4a:dd:00:f6:01:8b:10:
                    4a:30:9d:8e:a8:8c:26:1f:51:0e:78:0d:0f:5c:5c:
                    78:48:47:d3:24:7b:65:b0:c7:60:be:e7:c7:75:a4:
                    9d:2d:fe:1c:e0:75:62:4d:96:5d:95:45:d3:9b:bb:
                    1f:a9:ad:2d:d6:d5:c6:92:68:ee:34:10:57:5d:c5:
                    ea:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:52:3E:B3:38:DF:F2:31:28:B2:0E:63:CD:6E:E9:B3:A1:5E:0E:96
            X509v3 Authority Key Identifier:
                keyid:58:06:C8:09:B7:60:5F:6D:5C:E1:27:BD:2D:8B:76:74:35:0B:8B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbICbdgX21c4Se9LYt2dDULixE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/MVI-szjf8jEosg5jzW7ps6FeDpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/168f4a-12b4-4737-8e27-c30664aeec14/1/WAbICbdgX21c4Se9LYt2dDULixE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:af:3e:0c:d6:71:8a:4d:40:72:d6:07:f2:75:e2:62:a8:5b:
         16:31:ca:4d:37:97:dd:3e:cf:3d:a3:a5:c0:a0:dc:dd:97:23:
         63:94:07:6a:f3:1b:fc:a2:33:ed:a2:42:78:30:29:ef:0b:da:
         1a:72:07:f2:db:59:b5:aa:c3:c8:54:ef:5d:2d:56:6d:b0:18:
         fc:00:6a:35:b6:3c:93:c8:0b:7e:53:5d:00:5e:ec:63:79:a4:
         1a:fa:5f:e2:51:fc:55:7a:04:33:9a:a1:66:64:e0:63:df:ad:
         65:ac:f8:9d:af:6e:e2:0a:e5:eb:da:b4:9e:50:e6:2d:7d:d0:
         12:fd:c2:e8:a2:08:1d:2d:a1:51:8b:ca:bc:2f:08:24:2a:f6:
         54:86:20:c5:26:e5:90:a6:5c:10:43:81:4e:ed:8c:49:3a:c4:
         69:60:5f:4d:29:18:45:dd:6a:24:69:2f:4a:10:de:2d:2a:b1:
         94:c7:ef:9e:ce:35:ad:c0:3d:73:30:41:ac:37:95:02:5b:01:
         90:fe:ac:af:55:81:90:38:10:07:71:bb:9d:bf:15:a4:82:17:
         37:1b:5c:cc:be:21:40:34:0c:ec:eb:08:d5:de:60:86:cb:41:
         89:12:b1:a8:01:a2:68:b0:36:4f:c1:aa:81:80:d9:4f:5e:92:
         41:0a:bc:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6BYCSmuW3xo7tEdsyL0G1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZjODA5Yjc2MDVmNmQ1Y2UxMjdiZDJkOGI3Njc0MzUw
YjhiMTEwHhcNMjQwMzI3MTkyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTUyM2ViMzM4ZGZmMjMxMjhiMjBlNjNjZDZlZTliM2ExNWUwZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yW9uezUVd1lxNCszG+Fo7g3kpbV
v4IeRy3yem+Cvj2JJofnQ2SUyw1tTSOL85SjxhLKBjrryIe0h2suiL24Ok6b611n
CgztLzaP+vQx27LsDZLifNB8+GdApA02vUCdCrtIvH2s+ercWntD6QNfSAp9F5kX
hE/iST69CXqdsq31Xog+6vW2OLohN5pkoSWcKFH8L5VlffmGSv3JJdFv9HrV1V/g
8D3a9yiqOBVr7Thra4Ibd0gKXcHa20rdAPYBixBKMJ2OqIwmH1EOeA0PXFx4SEfT
JHtlsMdgvufHdaSdLf4c4HViTZZdlUXTm7sfqa0t1tXGkmjuNBBXXcXq8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFSPrM43/IxKLIOY81u6bOhXg6WMB8GA1UdIwQY
MBaAFFgGyAm3YF9tXOEnvS2LdnQ1C4sRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiSUNiZGdYMjFjNFNlOUxZdDJkRFVMaXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xNjhmNGEtMTJiNC00NzM3LThlMjct
YzMwNjY0YWVlYzE0LzEvTVZJLXN6amY4akVvc2c1anpXN3BzNkZlRHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xNjhmNGEtMTJiNC00NzM3LThlMjctYzMwNjY0YWVlYzE0
LzEvV0FiSUNiZGdYMjFjNFNlOUxZdDJkRFVMaXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaXtMA0G
CSqGSIb3DQEBCwUAA4IBAQAnrz4M1nGKTUBy1gfydeJiqFsWMcpNN5fdPs89o6XA
oNzdlyNjlAdq8xv8ojPtokJ4MCnvC9oacgfy21m1qsPIVO9dLVZtsBj8AGo1tjyT
yAt+U10AXuxjeaQa+l/iUfxVegQzmqFmZOBj361lrPidr27iCuXr2rSeUOYtfdAS
/cLooggdLaFRi8q8LwgkKvZUhiDFJuWQplwQQ4FO7YxJOsRpYF9NKRhF3WokaS9K
EN4tKrGUx++ezjWtwD1zMEGsN5UCWwGQ/qyvVYGQOBAHcbudvxWkghc3G1zMviFA
NAzs6wjV3mCGy0GJErGoAaJosDZPwaqBgNlPXpJBCrwW
-----END CERTIFICATE-----