Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/MC0w0XnrkmPxcssbSp9NplDDG98.roa
File:                     MC0w0XnrkmPxcssbSp9NplDDG98.roa (raw, json)
Hash identifier:          6GG0nGuHjB+jY5TyvBwJNeLinlZzOImndW5d8FVxJLk=
Subject key identifier:   30:2D:30:D1:79:EB:92:63:F1:72:CB:1B:4A:9F:4D:A6:50:C3:1B:DF
Certificate issuer:       /CN=8445acd31bccbd345f964ad907ca7783d504026d
Certificate serial:       019256A63FE7154B733EC28231A4D1801E1C
Authority key identifier: 84:45:AC:D3:1B:CC:BD:34:5F:96:4A:D9:07:CA:77:83:D5:04:02:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEWs0xvMvTRflkrZB8p3g9UEAm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/MC0w0XnrkmPxcssbSp9NplDDG98.roa
Signing time:             Fri 04 Oct 2024 08:29:48 +0000
ROA not before:           Fri 04 Oct 2024 08:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        143.223.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/hEWs0xvMvTRflkrZB8p3g9UEAm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/hEWs0xvMvTRflkrZB8p3g9UEAm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEWs0xvMvTRflkrZB8p3g9UEAm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:a6:3f:e7:15:4b:73:3e:c2:82:31:a4:d1:80:1e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8445acd31bccbd345f964ad907ca7783d504026d
        Validity
            Not Before: Oct  4 08:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=302d30d179eb9263f172cb1b4a9f4da650c31bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:58:55:b2:4d:10:7c:94:e3:6c:4c:91:92:ff:
                    54:99:f8:a4:2d:41:37:a3:d7:f8:0e:54:b3:ec:90:
                    67:19:86:4e:a3:a6:c1:85:0f:90:07:c4:19:a5:7f:
                    dc:33:ff:b0:1e:c5:cb:7a:97:33:fc:c5:01:f3:a8:
                    36:bb:76:c1:0f:f4:14:77:02:b4:c1:0f:f3:c8:f8:
                    ab:d7:59:4d:39:09:a0:70:34:b6:5c:9f:a1:d0:74:
                    11:a9:73:99:fa:dd:3d:af:fe:c5:a1:df:14:48:9c:
                    b9:09:f2:37:7e:c2:fc:d6:64:41:61:74:34:c9:7c:
                    f9:2c:77:36:d6:de:b1:9b:40:9a:60:59:41:25:e6:
                    e6:23:63:87:13:aa:5e:0e:24:12:18:10:e7:e0:06:
                    0e:0d:9c:02:46:76:12:5e:1d:6c:ea:44:fe:0a:4f:
                    8d:68:20:d7:ec:29:b1:56:11:42:df:36:be:cf:c2:
                    ab:1d:39:e7:7b:f6:ff:62:9c:00:6e:01:8a:2a:91:
                    ab:ab:3c:05:b4:f1:4b:52:5c:1b:81:f3:15:80:05:
                    fd:f3:0a:42:82:48:79:33:6c:14:5d:d3:45:65:55:
                    70:2a:60:91:91:75:d1:13:2c:2d:56:40:c3:af:35:
                    e1:3a:8c:ab:df:be:2c:f4:c1:60:ae:f9:1c:89:54:
                    0e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:2D:30:D1:79:EB:92:63:F1:72:CB:1B:4A:9F:4D:A6:50:C3:1B:DF
            X509v3 Authority Key Identifier:
                keyid:84:45:AC:D3:1B:CC:BD:34:5F:96:4A:D9:07:CA:77:83:D5:04:02:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEWs0xvMvTRflkrZB8p3g9UEAm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/MC0w0XnrkmPxcssbSp9NplDDG98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fcb7af-56d0-4c55-a778-073e3b7ad850/1/hEWs0xvMvTRflkrZB8p3g9UEAm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.223.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:00:a7:3e:99:a0:03:d1:e5:56:09:84:c4:7e:19:78:b1:a6:
         18:b9:1d:de:98:a9:37:63:ab:82:a6:ed:c3:aa:b5:a9:37:aa:
         16:07:5e:92:b2:b1:32:41:d0:ee:ff:4c:22:60:61:19:01:e0:
         fd:cc:c2:e5:d9:55:34:95:95:75:85:d6:4c:57:b3:aa:cc:21:
         aa:8d:54:a0:a2:61:75:99:5f:16:46:55:b6:17:2b:0c:08:d4:
         d3:70:37:ee:8d:39:c1:75:9e:c8:f9:16:45:e0:3b:c4:c8:7b:
         d3:ee:d3:98:0c:74:3d:e8:29:c5:aa:74:b8:36:21:a3:4c:30:
         d1:f1:40:08:d6:d8:d9:96:fc:ea:47:42:6d:53:5c:26:81:e1:
         cd:1a:73:5c:f5:00:8f:9c:01:62:40:2a:76:11:68:73:5b:4d:
         08:7a:db:06:ca:8c:01:75:95:8e:f0:46:e8:e8:8f:00:74:e9:
         35:2b:70:d0:f1:46:72:5d:11:70:e0:8d:43:f5:9a:25:29:3f:
         24:d8:29:f7:cf:2a:2e:8d:7f:fb:c2:4d:4a:f0:85:ec:ca:a2:
         45:ca:33:68:77:9e:69:a4:d5:64:89:a1:ee:ab:7c:99:09:8e:
         03:fd:66:13:e8:d2:d2:22:0d:3f:5d:bd:ce:91:4e:a6:d8:a7:
         d5:bb:93:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJWpj/nFUtzPsKCMaTRgB4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDVhY2QzMWJjY2JkMzQ1Zjk2NGFkOTA3Y2E3NzgzZDUw
NDAyNmQwHhcNMjQxMDA0MDgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDJkMzBkMTc5ZWI5MjYzZjE3MmNiMWI0YTlmNGRhNjUwYzMxYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVhVsk0QfJTjbEyRkv9UmfikLUE3
o9f4DlSz7JBnGYZOo6bBhQ+QB8QZpX/cM/+wHsXLepcz/MUB86g2u3bBD/QUdwK0
wQ/zyPir11lNOQmgcDS2XJ+h0HQRqXOZ+t09r/7Fod8USJy5CfI3fsL81mRBYXQ0
yXz5LHc21t6xm0CaYFlBJebmI2OHE6peDiQSGBDn4AYODZwCRnYSXh1s6kT+Ck+N
aCDX7CmxVhFC3za+z8KrHTnne/b/YpwAbgGKKpGrqzwFtPFLUlwbgfMVgAX98wpC
gkh5M2wUXdNFZVVwKmCRkXXREywtVkDDrzXhOoyr374s9MFgrvkciVQOLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAtMNF565Jj8XLLG0qfTaZQwxvfMB8GA1UdIwQY
MBaAFIRFrNMbzL00X5ZK2QfKd4PVBAJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVXczB4dk12VFJmbGtyWkI4cDNnOVVFQW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mY2I3YWYtNTZkMC00YzU1LWE3Nzgt
MDczZTNiN2FkODUwLzEvTUMwdzBYbnJrbVB4Y3NzYlNwOU5wbERERzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mY2I3YWYtNTZkMC00YzU1LWE3NzgtMDczZTNiN2FkODUw
LzEvaEVXczB4dk12VFJmbGtyWkI4cDNnOVVFQW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAj9+xMA0G
CSqGSIb3DQEBCwUAA4IBAQAnAKc+maAD0eVWCYTEfhl4saYYuR3emKk3Y6uCpu3D
qrWpN6oWB16SsrEyQdDu/0wiYGEZAeD9zMLl2VU0lZV1hdZMV7OqzCGqjVSgomF1
mV8WRlW2FysMCNTTcDfujTnBdZ7I+RZF4DvEyHvT7tOYDHQ96CnFqnS4NiGjTDDR
8UAI1tjZlvzqR0JtU1wmgeHNGnNc9QCPnAFiQCp2EWhzW00IetsGyowBdZWO8Ebo
6I8AdOk1K3DQ8UZyXRFw4I1D9ZolKT8k2Cn3zyoujX/7wk1K8IXsyqJFyjNod55p
pNVkiaHuq3yZCY4D/WYT6NLSIg0/Xb3OkU6m2KfVu5PY
-----END CERTIFICATE-----