Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/MFV_92O5sKNCkIagwebYvNHlg5k.roa
File:                     MFV_92O5sKNCkIagwebYvNHlg5k.roa (raw, json)
Hash identifier:          BXhvb/ot2amPdZSowCT/pc0JnDLmI2qybEOEJFsxE5o=
Subject key identifier:   30:55:7F:F7:63:B9:B0:A3:42:90:86:A0:C1:E6:D8:BC:D1:E5:83:99
Certificate issuer:       /CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
Certificate serial:       018CC8011396FF4533479649A2EE47A75E89
Authority key identifier: B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/MFV_92O5sKNCkIagwebYvNHlg5k.roa
Signing time:             Tue 02 Jan 2024 02:29:22 +0000
ROA not before:           Tue 02 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47443
IP address blocks:        87.232.134.0/24 maxlen: 24
                          37.26.72.0/23 maxlen: 24
                          2a01:14f::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:13:96:ff:45:33:47:96:49:a2:ee:47:a7:5e:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
        Validity
            Not Before: Jan  2 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30557ff763b9b0a3429086a0c1e6d8bcd1e58399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a9:b6:e4:71:e2:7d:a3:e1:5e:f4:0f:91:c7:
                    30:fd:be:5e:a8:b2:79:41:fe:95:8f:12:2c:4c:14:
                    b2:e7:a4:67:9d:35:33:1b:6d:95:ea:95:e3:19:64:
                    85:c2:ea:66:d9:75:79:88:08:89:7e:4e:0f:c8:4a:
                    b9:97:46:c7:23:42:7a:38:a3:02:9c:99:52:b0:ae:
                    1a:5c:17:f9:ed:4f:44:f8:06:f7:b5:3e:f2:a8:13:
                    01:9f:a3:05:94:fa:0b:41:13:cc:a8:b6:a5:10:38:
                    5f:0b:16:2f:f5:b3:22:e7:72:44:49:27:5b:83:7f:
                    5f:be:d5:30:92:24:d7:fa:48:f1:50:ca:00:dd:59:
                    71:45:10:b9:3d:0c:05:dc:d3:eb:de:15:02:26:84:
                    b0:fe:37:33:f2:c3:84:d8:af:5a:29:e9:8d:6c:e1:
                    7e:2d:80:a0:d3:a4:59:ea:c2:44:bd:a8:8d:2d:d8:
                    d7:bc:3f:0b:3e:cb:0d:43:0e:63:9f:6e:94:72:f4:
                    41:7c:d0:46:c1:6a:6d:19:ed:a5:37:36:e3:2f:75:
                    a2:3c:11:17:b7:f6:5c:f1:59:74:40:69:94:74:3f:
                    da:0b:0c:3c:0f:67:03:1a:03:ba:ad:ff:3b:68:3e:
                    27:38:ac:cb:16:7a:c7:56:64:91:83:11:64:1a:e5:
                    c4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:55:7F:F7:63:B9:B0:A3:42:90:86:A0:C1:E6:D8:BC:D1:E5:83:99
            X509v3 Authority Key Identifier:
                keyid:B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/MFV_92O5sKNCkIagwebYvNHlg5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.72.0/23
                  87.232.134.0/24
                IPv6:
                  2a01:14f::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:af:37:84:58:8f:22:de:b0:6a:3d:90:6d:d9:a0:2c:26:25:
         7a:02:1c:ca:03:23:5d:c5:12:be:27:20:9b:d1:36:a2:fc:89:
         a9:b1:1f:98:c9:7f:d5:cb:65:28:69:c8:8f:a5:c5:b8:d7:55:
         57:39:28:ee:1b:7c:b5:42:b3:c1:9a:43:c6:c2:c4:03:84:60:
         95:d4:f3:5c:e8:76:58:07:fe:94:5d:7a:da:07:1a:30:fd:93:
         fd:4b:21:b5:43:8c:ef:3d:8b:91:10:41:04:cd:e0:16:6b:08:
         ce:e2:be:63:64:72:72:63:75:12:1b:70:79:c3:32:ca:8d:d0:
         0a:a6:59:32:1b:4f:ed:a1:99:fa:44:11:d0:9d:df:ef:29:98:
         35:d1:59:1e:09:eb:f2:65:3e:2f:7d:33:57:78:3b:6c:e5:d3:
         2c:31:79:fc:27:15:0b:87:1e:23:b1:1c:bf:50:8e:61:1b:27:
         c8:9b:d9:2e:75:ea:52:45:89:00:30:ba:9a:ca:e7:9f:14:cc:
         59:05:b4:e9:f4:96:2f:e2:b6:82:e9:0e:aa:41:c7:9e:a9:1b:
         fa:13:38:ac:04:c4:d0:98:5c:e4:d3:75:bd:83:07:e4:8d:02:
         ca:14:18:69:e2:79:78:a8:4d:b5:64:5e:c9:3f:79:14:62:99:
         e1:ea:67:e5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAROW/0UzR5ZJou5Hp16JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOGJiNjJhNDdiMWEyYWVkYjcwZjMyZjU4Yzk3OWJhMGM3
NzdmMDYwHhcNMjQwMTAyMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU1N2ZmNzYzYjliMGEzNDI5MDg2YTBjMWU2ZDhiY2QxZTU4Mzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqm25HHifaPhXvQPkccw/b5eqLJ5
Qf6VjxIsTBSy56RnnTUzG22V6pXjGWSFwupm2XV5iAiJfk4PyEq5l0bHI0J6OKMC
nJlSsK4aXBf57U9E+Ab3tT7yqBMBn6MFlPoLQRPMqLalEDhfCxYv9bMi53JESSdb
g39fvtUwkiTX+kjxUMoA3VlxRRC5PQwF3NPr3hUCJoSw/jcz8sOE2K9aKemNbOF+
LYCg06RZ6sJEvaiNLdjXvD8LPssNQw5jn26UcvRBfNBGwWptGe2lNzbjL3WiPBEX
t/Zc8Vl0QGmUdD/aCww8D2cDGgO6rf87aD4nOKzLFnrHVmSRgxFkGuXEjQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDBVf/djubCjQpCGoMHm2LzR5YOZMB8GA1UdIwQY
MBaAFLOLtipHsaKu23DzL1jJeboMd38GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgt
MDYwNWMwODlmYzM4LzEvTUZWXzkyTzVzS05Da0lhZ3dlYll2TkhsZzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgtMDYwNWMwODlmYzM4
LzEvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBJRpIAwQA
V+iGMA0EAgACMAcDBQAqAQFPMA0GCSqGSIb3DQEBCwUAA4IBAQBzrzeEWI8i3rBq
PZBt2aAsJiV6AhzKAyNdxRK+JyCb0Tai/ImpsR+YyX/Vy2UoaciPpcW411VXOSju
G3y1QrPBmkPGwsQDhGCV1PNc6HZYB/6UXXraBxow/ZP9SyG1Q4zvPYuREEEEzeAW
awjO4r5jZHJyY3USG3B5wzLKjdAKplkyG0/toZn6RBHQnd/vKZg10VkeCevyZT4v
fTNXeDts5dMsMXn8JxULhx4jsRy/UI5hGyfIm9kudepSRYkAMLqayuefFMxZBbTp
9JYv4raC6Q6qQceeqRv6EzisBMTQmFzk03W9gwfkjQLKFBhp4nl4qE21ZF7JP3kU
Ypnh6mfl
-----END CERTIFICATE-----