Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/y3rv6QUNVEV10K6DM4va4EA_Mtg.roa
File:                     y3rv6QUNVEV10K6DM4va4EA_Mtg.roa (raw, json)
Hash identifier:          ktC7/gqbZlMANPKtob5+fomeJryx+8q0K+pQTL0OxNo=
Subject key identifier:   CB:7A:EF:E9:05:0D:54:45:75:D0:AE:83:33:8B:DA:E0:40:3F:32:D8
Certificate issuer:       /CN=88f0c1d10e4e5a71e3cd5c5d6beebf778a06e304
Certificate serial:       018CC492F22DF70A0B14D7015F8525D1025A
Authority key identifier: 88:F0:C1:D1:0E:4E:5A:71:E3:CD:5C:5D:6B:EE:BF:77:8A:06:E3:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/y3rv6QUNVEV10K6DM4va4EA_Mtg.roa
Signing time:             Mon 01 Jan 2024 10:30:13 +0000
ROA not before:           Mon 01 Jan 2024 10:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199837
IP address blocks:        77.83.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f2:2d:f7:0a:0b:14:d7:01:5f:85:25:d1:02:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88f0c1d10e4e5a71e3cd5c5d6beebf778a06e304
        Validity
            Not Before: Jan  1 10:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb7aefe9050d544575d0ae83338bdae0403f32d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6a:a5:88:15:a0:4a:70:86:09:7a:6a:61:75:
                    a8:f7:fc:41:b7:45:5d:f4:25:bb:e8:cf:29:f8:62:
                    0a:de:3a:3e:1b:11:d2:70:ad:8d:c2:0b:bd:f0:4b:
                    d9:07:f5:5c:7b:87:b7:6d:2a:30:2c:82:8a:79:db:
                    16:28:3f:a9:54:c0:34:c8:6e:04:2e:cf:10:64:fe:
                    70:63:23:db:d1:c6:df:fe:9f:53:e1:fc:48:6d:22:
                    a9:03:73:d9:5c:c2:f7:37:62:1a:2f:e6:69:00:cc:
                    cc:b8:0f:3e:5d:b8:e8:3b:3f:67:02:94:fa:40:57:
                    50:63:1d:8b:e4:bc:b9:b2:38:92:88:e1:51:cd:a8:
                    5b:d5:04:63:d9:1f:b0:ea:7c:90:0a:0e:91:03:1b:
                    54:00:d7:03:08:d1:9b:2a:e7:a9:ca:37:e4:95:05:
                    5f:78:aa:c3:38:c2:51:34:07:2d:95:01:13:2c:16:
                    72:ad:c3:8f:2d:8a:8b:c9:5c:47:dc:1c:39:89:d8:
                    9d:d6:1b:04:31:02:a6:b4:0a:a4:78:01:31:cd:72:
                    64:0b:65:2f:0b:62:0b:11:32:fc:46:c4:28:61:90:
                    40:30:de:3f:fa:0d:9d:e2:09:12:48:42:5c:68:0f:
                    32:e2:ae:66:3c:70:39:17:bf:c4:f7:ee:d7:d6:48:
                    f7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:7A:EF:E9:05:0D:54:45:75:D0:AE:83:33:8B:DA:E0:40:3F:32:D8
            X509v3 Authority Key Identifier:
                keyid:88:F0:C1:D1:0E:4E:5A:71:E3:CD:5C:5D:6B:EE:BF:77:8A:06:E3:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/y3rv6QUNVEV10K6DM4va4EA_Mtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/42664a-0f47-49a6-b737-b28df8559529/1/iPDB0Q5OWnHjzVxda-6_d4oG4wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:c2:19:2b:26:fd:49:30:1b:c5:9e:87:64:8b:26:d2:f8:ba:
         09:72:d3:cd:d9:c4:6a:4d:be:8b:b1:fe:c2:f0:08:0e:d0:33:
         eb:0f:36:9b:17:88:32:4f:05:10:45:a3:06:6b:12:43:36:60:
         21:0b:53:19:bb:74:72:7b:a7:33:85:20:bb:0f:09:49:e9:94:
         7d:62:73:79:b1:48:e7:ac:55:02:37:64:8d:47:64:5a:f1:99:
         cd:e9:52:d8:c3:9c:cc:cf:5f:25:f9:36:cf:e0:aa:4c:bb:44:
         c9:4e:20:4a:aa:5d:76:74:a3:02:19:c5:1f:15:72:35:c7:bd:
         32:57:bb:8e:e2:7f:19:50:43:c3:b7:22:61:a4:6a:7f:e1:ec:
         15:2a:18:f5:ce:2d:3e:55:84:8d:30:41:11:b4:8d:0b:e7:06:
         f7:a1:bd:ae:51:22:ae:b2:b9:c8:b8:16:e3:96:08:b2:3e:46:
         a1:be:37:5d:7c:78:66:4a:17:11:ff:5e:e3:32:09:c0:8e:dc:
         df:4b:40:10:58:66:87:92:d3:7f:7f:30:20:34:98:41:e8:cd:
         e0:88:24:26:e8:69:3f:3b:45:11:6a:ea:35:37:35:d3:6f:d7:
         29:ce:83:e2:95:76:6f:cd:1d:a6:b6:1c:6c:60:74:4d:6d:1c:
         a8:4a:b1:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvIt9woLFNcBX4Ul0QJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZjBjMWQxMGU0ZTVhNzFlM2NkNWM1ZDZiZWViZjc3OGEw
NmUzMDQwHhcNMjQwMTAxMTAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjdhZWZlOTA1MGQ1NDQ1NzVkMGFlODMzMzhiZGFlMDQwM2YzMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumqliBWgSnCGCXpqYXWo9/xBt0Vd
9CW76M8p+GIK3jo+GxHScK2Nwgu98EvZB/Vce4e3bSowLIKKedsWKD+pVMA0yG4E
Ls8QZP5wYyPb0cbf/p9T4fxIbSKpA3PZXML3N2IaL+ZpAMzMuA8+XbjoOz9nApT6
QFdQYx2L5Ly5sjiSiOFRzahb1QRj2R+w6nyQCg6RAxtUANcDCNGbKuepyjfklQVf
eKrDOMJRNActlQETLBZyrcOPLYqLyVxH3Bw5idid1hsEMQKmtAqkeAExzXJkC2Uv
C2ILETL8RsQoYZBAMN4/+g2d4gkSSEJcaA8y4q5mPHA5F7/E9+7X1kj3TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMt67+kFDVRFddCugzOL2uBAPzLYMB8GA1UdIwQY
MBaAFIjwwdEOTlpx481cXWvuv3eKBuMEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVBEQjBRNU9XbkhqelZ4ZGEtNl9kNG9HNHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC80MjY2NGEtMGY0Ny00OWE2LWI3Mzct
YjI4ZGY4NTU5NTI5LzEveTNydjZRVU5WRVYxMEs2RE00dmE0RUFfTXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC80MjY2NGEtMGY0Ny00OWE2LWI3MzctYjI4ZGY4NTU5NTI5
LzEvaVBEQjBRNU9XbkhqelZ4ZGEtNl9kNG9HNHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVPYMA0G
CSqGSIb3DQEBCwUAA4IBAQCQwhkrJv1JMBvFnodkiybS+LoJctPN2cRqTb6Lsf7C
8AgO0DPrDzabF4gyTwUQRaMGaxJDNmAhC1MZu3Rye6czhSC7DwlJ6ZR9YnN5sUjn
rFUCN2SNR2Ra8ZnN6VLYw5zMz18l+TbP4KpMu0TJTiBKql12dKMCGcUfFXI1x70y
V7uO4n8ZUEPDtyJhpGp/4ewVKhj1zi0+VYSNMEERtI0L5wb3ob2uUSKusrnIuBbj
lgiyPkahvjddfHhmShcR/17jMgnAjtzfS0AQWGaHktN/fzAgNJhB6M3giCQm6Gk/
O0URauo1NzXTb9cpzoPilXZvzR2mthxsYHRNbRyoSrGR
-----END CERTIFICATE-----