Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa
File:                     Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa (raw, json)
Hash identifier:          UMdHSdtudYBclN7puqWRGD2kkJNfiHTRa0kTB4vhCyU=
Subject key identifier:   33:3C:B5:C3:99:F6:86:A4:C4:42:64:6D:18:98:83:E9:C9:6D:44:66
Certificate issuer:       /CN=ccb75341500807a9750a8cf55bf4e45ff03f312a
Certificate serial:       018CC86F85ECD05E88D23B22D40BE522EF67
Authority key identifier: CC:B7:53:41:50:08:07:A9:75:0A:8C:F5:5B:F4:E4:5F:F0:3F:31:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zLdTQVAIB6l1Coz1W_TkX_A_MSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa
Signing time:             Tue 02 Jan 2024 04:30:01 +0000
ROA not before:           Tue 02 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        157.84.32.0/23 maxlen: 23
                          157.84.40.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/zLdTQVAIB6l1Coz1W_TkX_A_MSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/zLdTQVAIB6l1Coz1W_TkX_A_MSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zLdTQVAIB6l1Coz1W_TkX_A_MSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:85:ec:d0:5e:88:d2:3b:22:d4:0b:e5:22:ef:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccb75341500807a9750a8cf55bf4e45ff03f312a
        Validity
            Not Before: Jan  2 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=333cb5c399f686a4c442646d189883e9c96d4466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2f:6f:21:e9:98:76:f4:f8:58:23:fa:ce:41:
                    a5:7f:b9:24:05:af:3e:29:e9:a0:0a:0c:77:e1:0b:
                    d1:fc:b6:cf:c5:56:c0:8a:6d:d1:85:94:bd:cc:b5:
                    3a:36:c5:09:2b:78:b7:ec:39:45:32:71:0c:ca:04:
                    3d:a9:c4:e7:9f:b9:20:a6:16:02:0c:5a:51:29:3a:
                    be:08:ce:66:7d:5c:61:77:a9:44:2f:f5:d7:9f:6c:
                    bd:57:95:33:4f:64:c4:df:6e:ec:4e:d1:39:19:64:
                    ff:f1:77:ef:4a:ef:a6:79:9e:8d:5b:b7:06:fb:fb:
                    7e:f5:8a:a4:cd:d0:e7:20:b9:72:91:aa:57:39:23:
                    89:bf:4f:1f:5f:5c:a7:36:28:54:40:c3:6b:e0:a2:
                    11:a0:c9:94:14:7c:d1:1d:d6:ff:22:65:3b:38:eb:
                    53:6e:fb:7b:63:25:9a:08:5a:33:f3:13:5c:f3:c1:
                    e6:79:60:07:cd:04:c1:02:b2:58:48:90:23:13:3e:
                    6a:25:c4:99:fa:14:52:ef:39:60:ac:a2:65:e9:55:
                    3f:99:99:a6:31:0c:e1:18:09:52:e9:1e:8d:28:c4:
                    11:f6:b4:2d:0a:27:33:d0:93:07:23:f9:58:05:8c:
                    93:d0:a5:5b:63:15:b1:3b:f2:e2:75:cd:9e:08:c1:
                    83:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:3C:B5:C3:99:F6:86:A4:C4:42:64:6D:18:98:83:E9:C9:6D:44:66
            X509v3 Authority Key Identifier:
                keyid:CC:B7:53:41:50:08:07:A9:75:0A:8C:F5:5B:F4:E4:5F:F0:3F:31:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zLdTQVAIB6l1Coz1W_TkX_A_MSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/Mzy1w5n2hqTEQmRtGJiD6cltRGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/effb2f-9fbf-488b-9315-a99a21015937/1/zLdTQVAIB6l1Coz1W_TkX_A_MSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.84.32.0/23
                  157.84.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:fc:b7:ea:ab:2a:1f:30:16:09:19:69:85:92:0a:43:87:d6:
         71:6d:4f:e4:66:81:13:8c:50:21:7e:bc:ea:47:9d:27:e2:77:
         d8:ea:41:50:78:92:9c:f1:b7:86:fe:c4:6b:ee:d0:26:37:2a:
         67:c8:af:29:a7:ed:30:66:70:a3:b3:e2:cf:59:ce:23:b2:98:
         4b:8f:54:1d:65:f9:ab:9a:c6:49:7f:06:ad:1b:68:a1:07:16:
         3b:3c:6a:28:5b:e4:df:23:71:ce:40:b4:0d:ec:09:8c:cb:bd:
         5b:46:d2:6b:b1:10:41:fc:99:ef:7b:fb:d4:d6:3f:35:4e:04:
         3d:8c:a6:83:67:2a:0f:4d:18:b8:5a:5e:34:40:c5:09:92:69:
         3a:03:c9:1e:f4:56:9e:cb:f5:ea:0b:95:a1:72:f5:3d:92:71:
         49:8f:01:06:dc:81:00:c3:f6:4a:0b:3e:0d:e2:ea:2f:d2:e3:
         cd:df:85:e3:67:34:bd:40:9e:4d:4d:b3:29:2e:78:a0:23:6f:
         1e:b5:80:12:0b:5a:84:7d:03:47:69:8a:3e:9f:79:a8:c9:62:
         4c:d8:91:e9:b7:33:0a:5e:60:72:1b:07:48:05:99:8a:2c:e2:
         4e:3b:27:05:cf:c7:3b:97:e3:e5:03:41:7f:67:11:ae:cd:b2:
         9a:8f:4f:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb4Xs0F6I0jsi1AvlIu9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYjc1MzQxNTAwODA3YTk3NTBhOGNmNTViZjRlNDVmZjAz
ZjMxMmEwHhcNMjQwMTAyMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNjYjVjMzk5ZjY4NmE0YzQ0MjY0NmQxODk4ODNlOWM5NmQ0NDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxC9vIemYdvT4WCP6zkGlf7kkBa8+
KemgCgx34QvR/LbPxVbAim3RhZS9zLU6NsUJK3i37DlFMnEMygQ9qcTnn7kgphYC
DFpRKTq+CM5mfVxhd6lEL/XXn2y9V5UzT2TE327sTtE5GWT/8XfvSu+meZ6NW7cG
+/t+9YqkzdDnILlykapXOSOJv08fX1ynNihUQMNr4KIRoMmUFHzRHdb/ImU7OOtT
bvt7YyWaCFoz8xNc88HmeWAHzQTBArJYSJAjEz5qJcSZ+hRS7zlgrKJl6VU/mZmm
MQzhGAlS6R6NKMQR9rQtCicz0JMHI/lYBYyT0KVbYxWxO/Lidc2eCMGDQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDM8tcOZ9oakxEJkbRiYg+nJbURmMB8GA1UdIwQY
MBaAFMy3U0FQCAepdQqM9Vv05F/wPzEqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekxkVFFWQUlCNmwxQ296MVdfVGtYX0FfTVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lZmZiMmYtOWZiZi00ODhiLTkzMTUt
YTk5YTIxMDE1OTM3LzEvTXp5MXc1bjJocVRFUW1SdEdKaUQ2Y2x0UkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lZmZiMmYtOWZiZi00ODhiLTkzMTUtYTk5YTIxMDE1OTM3
LzEvekxkVFFWQUlCNmwxQ296MVdfVGtYX0FfTVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnVQgAwQB
nVQoMA0GCSqGSIb3DQEBCwUAA4IBAQA9/LfqqyofMBYJGWmFkgpDh9ZxbU/kZoET
jFAhfrzqR50n4nfY6kFQeJKc8beG/sRr7tAmNypnyK8pp+0wZnCjs+LPWc4jsphL
j1QdZfmrmsZJfwatG2ihBxY7PGooW+TfI3HOQLQN7AmMy71bRtJrsRBB/Jnve/vU
1j81TgQ9jKaDZyoPTRi4Wl40QMUJkmk6A8ke9Faey/XqC5WhcvU9knFJjwEG3IEA
w/ZKCz4N4uov0uPN34XjZzS9QJ5NTbMpLnigI28etYASC1qEfQNHaYo+n3moyWJM
2JHptzMKXmByGwdIBZmKLOJOOycFz8c7l+PlA0F/ZxGuzbKaj084
-----END CERTIFICATE-----