Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/MohBGNucJoYbhlwsXxDBE5v3v_g.roa
File:                     MohBGNucJoYbhlwsXxDBE5v3v_g.roa (raw, json)
Hash identifier:          t+Z74MAyiDCOluBt8shtqxPj3GdkcfSHdvD6mAQxVr0=
Subject key identifier:   32:88:41:18:DB:9C:26:86:1B:86:5C:2C:5F:10:C1:13:9B:F7:BF:F8
Certificate issuer:       /CN=8146de8cec01d052536c0f08dfe7a8b53f9aaec2
Certificate serial:       018CC793467AEC4FDA0D4AF07319CE7A84A3
Authority key identifier: 81:46:DE:8C:EC:01:D0:52:53:6C:0F:08:DF:E7:A8:B5:3F:9A:AE:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/MohBGNucJoYbhlwsXxDBE5v3v_g.roa
Signing time:             Tue 02 Jan 2024 00:29:26 +0000
ROA not before:           Tue 02 Jan 2024 00:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39257
IP address blocks:        89.58.128.0/21 maxlen: 21
                          2a0c:be01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:46:7a:ec:4f:da:0d:4a:f0:73:19:ce:7a:84:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8146de8cec01d052536c0f08dfe7a8b53f9aaec2
        Validity
            Not Before: Jan  2 00:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32884118db9c26861b865c2c5f10c1139bf7bff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:af:db:80:2a:d1:67:2b:59:99:68:f8:88:79:
                    0b:f4:d9:a8:6a:f3:e3:f3:bb:43:6e:68:de:5e:70:
                    93:f3:9b:1b:a8:37:51:06:71:01:0f:bb:5e:39:2d:
                    83:8f:60:9d:c8:65:aa:60:79:d6:c9:92:13:62:c5:
                    f0:61:68:e0:1b:9e:02:0d:79:07:e3:94:40:bf:33:
                    a1:2e:f8:d3:68:b1:05:b7:97:f4:40:6e:d3:70:09:
                    78:4f:ba:97:03:58:06:13:10:79:fc:7d:b6:b1:59:
                    d7:e0:fc:e4:93:46:d3:9c:18:20:8b:80:bf:e8:5b:
                    f4:03:2d:16:73:88:11:27:72:d6:9d:9d:73:fd:10:
                    fd:4e:44:2b:a2:38:27:cf:a4:e9:53:a6:45:f8:22:
                    b1:08:c2:28:7e:a2:6a:7a:3b:a6:13:59:a6:a9:58:
                    4e:5b:62:5a:fe:3f:ee:68:62:16:c1:88:2b:a1:fb:
                    22:87:41:b4:d9:77:12:d5:a8:08:89:3f:7b:08:f7:
                    67:d8:a4:da:c0:fb:b5:b9:d6:e8:06:51:c9:25:0f:
                    26:5d:e0:7d:f5:d5:c3:32:e9:94:72:4b:0a:8d:c4:
                    70:8f:b9:da:f4:cc:ea:7d:2c:1e:73:27:41:a6:a6:
                    c6:05:0d:ea:a8:7f:9b:bb:54:2f:73:ba:14:97:01:
                    1f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:88:41:18:DB:9C:26:86:1B:86:5C:2C:5F:10:C1:13:9B:F7:BF:F8
            X509v3 Authority Key Identifier:
                keyid:81:46:DE:8C:EC:01:D0:52:53:6C:0F:08:DF:E7:A8:B5:3F:9A:AE:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gUbejOwB0FJTbA8I3-eotT-arsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/MohBGNucJoYbhlwsXxDBE5v3v_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df8d9a-8ddb-44b3-9ac0-cd572fd044ee/1/gUbejOwB0FJTbA8I3-eotT-arsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.128.0/21
                IPv6:
                  2a0c:be01::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:ba:a3:b2:09:25:2d:b2:9b:24:ad:e4:9c:01:1f:88:bc:ae:
         9b:78:3f:96:09:b3:66:10:f0:89:49:ac:da:68:01:fc:51:71:
         2c:64:c0:c4:11:ce:81:4a:e4:25:09:ec:7e:c0:79:6e:2b:e8:
         c6:c9:fb:67:c6:a9:e0:6a:87:a4:0d:db:3b:8c:e4:c3:4a:c5:
         ca:72:bc:10:9d:88:9c:7e:7f:9b:23:f0:10:47:29:b8:8d:02:
         2a:fd:18:f8:de:90:f2:69:5c:87:20:ea:86:59:cc:fe:5e:79:
         98:54:a4:3a:ba:1a:12:3c:6b:2b:f8:7c:9a:06:c6:3d:ec:d6:
         96:85:23:fe:a2:03:a0:7f:69:e5:d5:ed:e7:62:ea:b5:57:c8:
         a5:17:38:e3:ea:ae:72:e5:0b:42:7d:7a:2d:ea:f7:5e:0a:fd:
         46:23:7e:2e:bd:2f:d9:ca:a7:ea:d6:3b:95:2a:29:46:af:d7:
         14:5c:1e:dc:ae:6f:47:f5:41:7a:0b:8c:56:5b:25:c5:ab:66:
         92:17:1c:b6:c7:dd:49:fb:0f:39:fa:a1:76:de:c0:a8:ae:16:
         fb:ba:d6:0b:f9:a6:53:cc:90:71:f6:f0:6c:b2:94:5e:fb:6c:
         84:77:83:3c:50:e9:f1:ae:c1:29:c4:e5:7f:1d:76:21:ad:1c:
         0f:ae:1f:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk0Z67E/aDUrwcxnOeoSjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNDZkZThjZWMwMWQwNTI1MzZjMGYwOGRmZTdhOGI1M2Y5
YWFlYzIwHhcNMjQwMTAyMDAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjg4NDExOGRiOWMyNjg2MWI4NjVjMmM1ZjEwYzExMzliZjdiZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAka/bgCrRZytZmWj4iHkL9NmoavPj
87tDbmjeXnCT85sbqDdRBnEBD7teOS2Dj2CdyGWqYHnWyZITYsXwYWjgG54CDXkH
45RAvzOhLvjTaLEFt5f0QG7TcAl4T7qXA1gGExB5/H22sVnX4Pzkk0bTnBggi4C/
6Fv0Ay0Wc4gRJ3LWnZ1z/RD9TkQrojgnz6TpU6ZF+CKxCMIofqJqejumE1mmqVhO
W2Ja/j/uaGIWwYgrofsih0G02XcS1agIiT97CPdn2KTawPu1udboBlHJJQ8mXeB9
9dXDMumUcksKjcRwj7na9MzqfSwecydBpqbGBQ3qqH+bu1Qvc7oUlwEfIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDKIQRjbnCaGG4ZcLF8QwROb97/4MB8GA1UdIwQY
MBaAFIFG3ozsAdBSU2wPCN/nqLU/mq7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1ViZWpPd0IwRkpUYkE4STMtZW90VC1hcnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjhkOWEtOGRkYi00NGIzLTlhYzAt
Y2Q1NzJmZDA0NGVlLzEvTW9oQkdOdWNKb1liaGx3c1h4REJFNXYzdl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjhkOWEtOGRkYi00NGIzLTlhYzAtY2Q1NzJmZDA0NGVl
LzEvZ1ViZWpPd0IwRkpUYkE4STMtZW90VC1hcnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWTqAMA0E
AgACMAcDBQAqDL4BMA0GCSqGSIb3DQEBCwUAA4IBAQAXuqOyCSUtspskreScAR+I
vK6beD+WCbNmEPCJSazaaAH8UXEsZMDEEc6BSuQlCex+wHluK+jGyftnxqngaoek
Dds7jOTDSsXKcrwQnYicfn+bI/AQRym4jQIq/Rj43pDyaVyHIOqGWcz+XnmYVKQ6
uhoSPGsr+HyaBsY97NaWhSP+ogOgf2nl1e3nYuq1V8ilFzjj6q5y5QtCfXot6vde
Cv1GI34uvS/Zyqfq1juVKilGr9cUXB7crm9H9UF6C4xWWyXFq2aSFxy2x91J+w85
+qF23sCorhb7utYL+aZTzJBx9vBsspRe+2yEd4M8UOnxrsEpxOV/HXYhrRwPrh/h
-----END CERTIFICATE-----