Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/MlztFA-ruiBUuRt825gVnwNdxgY.roa
File:                     MlztFA-ruiBUuRt825gVnwNdxgY.roa (raw, json)
Hash identifier:          4DAmMnecJd4bk3HgnabqVS6wPKBSV8MljmfYnUJWutA=
Subject key identifier:   32:5C:ED:14:0F:AB:BA:20:54:B9:1B:7C:DB:98:15:9F:03:5D:C6:06
Certificate issuer:       /CN=a61ada61202413cd8fca2f49742527ad021f9676
Certificate serial:       018CC801DF65082BAF69691DA1DD914BCD6C
Authority key identifier: A6:1A:DA:61:20:24:13:CD:8F:CA:2F:49:74:25:27:AD:02:1F:96:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/MlztFA-ruiBUuRt825gVnwNdxgY.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11170
IP address blocks:        185.38.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:df:65:08:2b:af:69:69:1d:a1:dd:91:4b:cd:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a61ada61202413cd8fca2f49742527ad021f9676
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=325ced140fabba2054b91b7cdb98159f035dc606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8a:1e:9f:a4:70:f7:7a:e2:74:3d:7d:4c:70:
                    ec:0e:c3:d7:48:3e:a7:8d:b7:ee:bd:30:e6:ea:d6:
                    b7:89:a4:d0:9f:26:a6:f4:29:e7:c3:30:f0:5d:46:
                    22:c1:7e:ba:a9:2d:46:fd:6c:df:59:78:33:42:53:
                    28:14:86:78:55:ff:87:c6:d5:47:77:01:13:32:62:
                    7e:e8:ee:b4:7f:6c:c1:7a:a1:20:8d:39:bd:bd:ac:
                    18:06:4e:09:c5:6a:b6:ce:da:59:e6:b6:f6:fc:49:
                    10:72:da:4e:84:cb:a3:b7:c6:48:ce:f9:57:cb:52:
                    28:5f:69:3a:ac:01:9d:be:b4:d1:b3:ca:7a:0a:4c:
                    34:1f:37:7e:6c:1c:3d:28:58:4e:25:69:d6:8e:1d:
                    ed:8f:87:2f:a8:ff:02:f9:4a:82:98:f4:b5:e8:b1:
                    e6:0e:9f:2d:06:a4:80:b7:08:8b:bf:55:ba:ef:3a:
                    c9:68:f5:b5:52:0d:f8:89:69:57:cd:89:96:95:d0:
                    08:c3:8f:9e:96:22:29:62:51:1c:8c:dd:49:2e:57:
                    e2:6e:4e:fa:2e:89:35:c9:57:ab:32:e9:77:93:ed:
                    c6:3e:6e:d2:7b:77:12:ec:b0:52:bc:a2:6b:12:cb:
                    d5:ac:11:c3:12:aa:b6:0b:ee:78:98:fc:36:30:8d:
                    1d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5C:ED:14:0F:AB:BA:20:54:B9:1B:7C:DB:98:15:9F:03:5D:C6:06
            X509v3 Authority Key Identifier:
                keyid:A6:1A:DA:61:20:24:13:CD:8F:CA:2F:49:74:25:27:AD:02:1F:96:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/phraYSAkE82Pyi9JdCUnrQIflnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/MlztFA-ruiBUuRt825gVnwNdxgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/bdab9d-458b-4d6a-9d9b-aeec7a859c59/1/phraYSAkE82Pyi9JdCUnrQIflnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:86:f6:72:39:0b:0a:64:db:b0:5b:44:f8:4f:9d:9c:53:e3:
         f9:80:10:22:a8:97:bd:f5:08:f5:a7:de:32:6a:96:fd:72:fd:
         55:f6:68:cb:b4:f5:ed:92:26:75:0b:6a:21:1c:23:d0:51:e0:
         e8:8e:34:02:5f:cc:a8:1e:7e:ef:7d:b2:fc:a6:f2:af:30:7f:
         76:93:81:56:47:92:ad:d4:51:82:95:77:cc:ae:a8:34:83:31:
         56:b4:8e:32:e3:f9:ff:8c:a0:f6:c4:b6:62:55:9a:af:14:6c:
         2a:57:42:5e:53:8b:4e:8e:d0:5d:24:ed:6d:cc:5b:97:2b:e8:
         aa:bf:f5:a0:c6:94:b4:77:18:07:03:0b:5d:01:74:46:30:cb:
         d4:82:f3:be:db:c8:65:57:24:d6:31:ce:75:27:4a:e2:37:8a:
         87:dd:1a:f1:c2:d6:90:35:58:de:3d:1c:68:d6:7a:30:da:22:
         6e:3b:49:1f:6b:7b:fc:c4:f5:75:63:33:ae:7f:50:3b:c7:d0:
         4f:cd:ed:95:aa:c0:ce:71:6e:cc:f8:a2:1f:2c:5b:4a:49:0e:
         46:e9:07:b1:9f:c8:a6:d9:a7:50:4d:79:31:7a:7d:e4:b4:d8:
         a9:ac:f4:23:08:21:07:31:b6:56:2d:69:dc:92:a8:f0:32:27:
         1c:0c:e6:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd9lCCuvaWkdod2RS81sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MWFkYTYxMjAyNDEzY2Q4ZmNhMmY0OTc0MjUyN2FkMDIx
Zjk2NzYwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjVjZWQxNDBmYWJiYTIwNTRiOTFiN2NkYjk4MTU5ZjAzNWRjNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4oen6Rw93ridD19THDsDsPXSD6n
jbfuvTDm6ta3iaTQnyam9CnnwzDwXUYiwX66qS1G/WzfWXgzQlMoFIZ4Vf+HxtVH
dwETMmJ+6O60f2zBeqEgjTm9vawYBk4JxWq2ztpZ5rb2/EkQctpOhMujt8ZIzvlX
y1IoX2k6rAGdvrTRs8p6Ckw0Hzd+bBw9KFhOJWnWjh3tj4cvqP8C+UqCmPS16LHm
Dp8tBqSAtwiLv1W67zrJaPW1Ug34iWlXzYmWldAIw4+eliIpYlEcjN1JLlfibk76
Lok1yVerMul3k+3GPm7Se3cS7LBSvKJrEsvVrBHDEqq2C+54mPw2MI0dbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJc7RQPq7ogVLkbfNuYFZ8DXcYGMB8GA1UdIwQY
MBaAFKYa2mEgJBPNj8ovSXQlJ60CH5Z2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGhyYVlTQWtFODJQeWk5SmRDVW5yUUlmbG5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9iZGFiOWQtNDU4Yi00ZDZhLTlkOWIt
YWVlYzdhODU5YzU5LzEvTWx6dEZBLXJ1aUJVdVJ0ODI1Z1Zud05keGdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9iZGFiOWQtNDU4Yi00ZDZhLTlkOWItYWVlYzdhODU5YzU5
LzEvcGhyYVlTQWtFODJQeWk5SmRDVW5yUUlmbG5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSbyMA0G
CSqGSIb3DQEBCwUAA4IBAQBrhvZyOQsKZNuwW0T4T52cU+P5gBAiqJe99Qj1p94y
apb9cv1V9mjLtPXtkiZ1C2ohHCPQUeDojjQCX8yoHn7vfbL8pvKvMH92k4FWR5Kt
1FGClXfMrqg0gzFWtI4y4/n/jKD2xLZiVZqvFGwqV0JeU4tOjtBdJO1tzFuXK+iq
v/WgxpS0dxgHAwtdAXRGMMvUgvO+28hlVyTWMc51J0riN4qH3RrxwtaQNVjePRxo
1now2iJuO0kfa3v8xPV1YzOuf1A7x9BPze2VqsDOcW7M+KIfLFtKSQ5G6Qexn8im
2adQTXkxen3ktNiprPQjCCEHMbZWLWnckqjwMiccDOZn
-----END CERTIFICATE-----