Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/mcen2pkFM9WR8x1zJ_rQw0x3E30.roa
File:                     mcen2pkFM9WR8x1zJ_rQw0x3E30.roa (raw, json)
Hash identifier:          deQ9ffvYJjyrE2MN9hd25MGieqWhmdMMEJnQML/F7yo=
Subject key identifier:   99:C7:A7:DA:99:05:33:D5:91:F3:1D:73:27:FA:D0:C3:4C:77:13:7D
Certificate issuer:       /CN=3d0483538737453e2f57ffb57499c3922e83636d
Certificate serial:       018CC9BC3F1A4833C7AB36FE20F7524D53FF
Authority key identifier: 3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/mcen2pkFM9WR8x1zJ_rQw0x3E30.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        194.62.29.0/24 maxlen: 24
                          194.62.157.0/24 maxlen: 24
                          194.62.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3f:1a:48:33:c7:ab:36:fe:20:f7:52:4d:53:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d0483538737453e2f57ffb57499c3922e83636d
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99c7a7da990533d591f31d7327fad0c34c77137d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:14:92:95:80:28:50:65:c8:6b:c6:21:4e:cf:
                    6d:50:eb:ca:d2:65:98:e0:a8:e0:64:8e:21:a5:bd:
                    b2:79:b6:50:8b:28:33:b0:93:03:b0:5f:3e:d1:d2:
                    2c:71:d6:b3:9b:e7:5a:2d:82:a9:0b:a5:fc:7b:4b:
                    b6:0f:d0:3d:e5:e3:84:16:b9:a6:87:ce:cd:32:34:
                    bc:db:34:f5:dc:50:c4:79:ad:1c:96:48:11:e6:d0:
                    87:68:11:87:02:20:7c:9c:f1:a3:00:39:fa:ed:69:
                    35:2f:45:6e:01:df:7c:cc:76:29:53:a1:c2:4f:22:
                    94:27:1d:43:3c:40:d8:a9:ba:f0:fe:53:9c:44:e2:
                    f6:88:4d:4c:f8:a7:30:cc:75:c2:6c:c5:d5:48:df:
                    44:83:1c:31:93:18:1e:09:f7:c9:18:0a:68:87:64:
                    8f:6a:c2:3e:e4:84:70:0a:79:73:37:44:87:46:16:
                    f4:f5:f5:67:c5:f4:f9:a3:01:d2:6d:1e:17:d0:76:
                    30:43:45:7e:96:66:7a:e2:b5:69:fa:b9:1b:63:8f:
                    82:71:e9:24:03:d1:cb:18:77:6a:70:d0:e6:c5:45:
                    b8:b7:f1:8e:ab:aa:1a:94:eb:f9:8c:97:36:78:aa:
                    ba:00:97:b7:eb:b9:5e:dc:c2:ee:ba:84:22:95:ad:
                    6f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C7:A7:DA:99:05:33:D5:91:F3:1D:73:27:FA:D0:C3:4C:77:13:7D
            X509v3 Authority Key Identifier:
                keyid:3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/mcen2pkFM9WR8x1zJ_rQw0x3E30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.1.0/24
                  194.62.29.0/24
                  194.62.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:a4:f0:05:6e:8d:36:4b:78:98:e2:58:00:86:51:2a:25:1f:
         74:6d:dc:d3:d0:4b:db:00:34:35:8f:fb:0b:40:a9:aa:7c:45:
         7f:0f:e7:73:76:d6:56:32:bc:fe:24:ea:3f:06:fe:e8:59:7e:
         23:bb:8b:a3:2b:aa:3d:49:00:a0:32:5a:f8:c7:d6:e1:47:61:
         99:53:58:da:15:48:5d:f2:ce:99:bd:f1:e2:b6:34:e3:db:68:
         ef:21:49:e1:a7:d5:85:90:26:33:66:c6:50:d7:9b:5c:75:77:
         ae:93:8e:28:63:bf:cd:03:9a:26:2d:ff:2f:ac:e6:8d:66:14:
         0d:09:15:99:10:6c:6e:c8:6e:01:dd:db:0d:a1:43:8f:f0:d8:
         55:52:14:e6:51:a7:89:cf:5a:fe:bb:6f:a0:58:f6:1d:20:80:
         7a:75:47:5c:c4:1e:05:17:39:7a:a1:8d:86:c9:b2:c3:7d:c3:
         41:39:2e:a9:04:e0:51:7a:92:03:01:e4:2e:b9:d3:67:df:ab:
         d1:9b:52:71:bf:a1:ba:93:37:a1:e5:1f:9c:2b:a5:90:b4:e5:
         24:88:99:3e:b3:19:60:51:1e:d0:60:9d:a3:8b:d9:90:cd:0f:
         2a:5a:9c:36:14:69:21:b6:51:b8:07:8a:b3:42:c6:3c:5c:a0:
         d5:95:2d:8e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvD8aSDPHqzb+IPdSTVP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDQ4MzUzODczNzQ1M2UyZjU3ZmZiNTc0OTljMzkyMmU4
MzYzNmQwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWM3YTdkYTk5MDUzM2Q1OTFmMzFkNzMyN2ZhZDBjMzRjNzcxMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihSSlYAoUGXIa8YhTs9tUOvK0mWY
4KjgZI4hpb2yebZQiygzsJMDsF8+0dIscdazm+daLYKpC6X8e0u2D9A95eOEFrmm
h87NMjS82zT13FDEea0clkgR5tCHaBGHAiB8nPGjADn67Wk1L0VuAd98zHYpU6HC
TyKUJx1DPEDYqbrw/lOcROL2iE1M+KcwzHXCbMXVSN9EgxwxkxgeCffJGApoh2SP
asI+5IRwCnlzN0SHRhb09fVnxfT5owHSbR4X0HYwQ0V+lmZ64rVp+rkbY4+Ccekk
A9HLGHdqcNDmxUW4t/GOq6oalOv5jJc2eKq6AJe367le3MLuuoQila1vwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJnHp9qZBTPVkfMdcyf60MNMdxN9MB8GA1UdIwQY
MBaAFD0Eg1OHN0U+L1f/tXSZw5Iug2NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEt
NjVhNDZjOGU0MWU5LzEvbWNlbjJwa0ZNOVdSOHgxekpfclF3MHgzRTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEtNjVhNDZjOGU0MWU5
LzEvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwj4BAwQA
wj4dAwQAwj6dMA0GCSqGSIb3DQEBCwUAA4IBAQAjpPAFbo02S3iY4lgAhlEqJR90
bdzT0EvbADQ1j/sLQKmqfEV/D+dzdtZWMrz+JOo/Bv7oWX4ju4ujK6o9SQCgMlr4
x9bhR2GZU1jaFUhd8s6ZvfHitjTj22jvIUnhp9WFkCYzZsZQ15tcdXeuk44oY7/N
A5omLf8vrOaNZhQNCRWZEGxuyG4B3dsNoUOP8NhVUhTmUaeJz1r+u2+gWPYdIIB6
dUdcxB4FFzl6oY2GybLDfcNBOS6pBOBRepIDAeQuudNn36vRm1Jxv6G6kzeh5R+c
K6WQtOUkiJk+sxlgUR7QYJ2ji9mQzQ8qWpw2FGkhtlG4B4qzQsY8XKDVlS2O
-----END CERTIFICATE-----