Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/09c865-ac9c-4913-9cce-e1fd0b1f0efd/1/Mlf_PecUVHK1vvNW7HZijtWK0XQ.roa
File:                     Mlf_PecUVHK1vvNW7HZijtWK0XQ.roa (raw, json)
Hash identifier:          KKuxSXLf7Ozcjmrx74aZhMNS/8zyxS4jSDVE120/Frk=
Subject key identifier:   32:57:FF:3D:E7:14:54:72:B5:BE:F3:56:EC:76:62:8E:D5:8A:D1:74
Certificate issuer:       /CN=4510c69bed03465bff8af9d71a6ae9b183b7c24d
Certificate serial:       018CC8013BF88EE75BD52DF5733B52C4206E
Authority key identifier: 45:10:C6:9B:ED:03:46:5B:FF:8A:F9:D7:1A:6A:E9:B1:83:B7:C2:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RRDGm-0DRlv_ivnXGmrpsYO3wk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/09c865-ac9c-4913-9cce-e1fd0b1f0efd/1/Mlf_PecUVHK1vvNW7HZijtWK0XQ.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        185.217.245.0/24 maxlen: 24
                          185.217.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/09c865-ac9c-4913-9cce-e1fd0b1f0efd/1/RRDGm-0DRlv_ivnXGmrpsYO3wk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/09c865-ac9c-4913-9cce-e1fd0b1f0efd/1/RRDGm-0DRlv_ivnXGmrpsYO3wk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RRDGm-0DRlv_ivnXGmrpsYO3wk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3b:f8:8e:e7:5b:d5:2d:f5:73:3b:52:c4:20:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4510c69bed03465bff8af9d71a6ae9b183b7c24d
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3257ff3de7145472b5bef356ec76628ed58ad174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:88:e9:9e:bd:5b:e5:39:33:4b:0c:1f:c2:2a:
                    74:f1:1e:56:9c:fe:f8:a2:01:6c:8f:98:ee:ac:6d:
                    49:96:83:43:86:e0:98:54:30:bd:de:f7:77:54:6b:
                    c1:00:81:59:f7:e8:67:09:f4:c2:76:03:1f:48:b9:
                    c8:e6:71:4e:9c:e1:97:e6:54:79:bb:01:0f:c3:20:
                    23:c7:8d:05:91:de:6e:32:91:dd:5e:01:99:ea:4d:
                    0b:c1:7a:13:d7:6f:5a:56:58:1c:ef:ce:09:79:8f:
                    32:ed:95:8e:40:22:d2:b1:b2:0a:72:04:eb:b2:3d:
                    d9:65:8e:ad:07:ef:11:e3:ab:7e:96:75:d6:48:3e:
                    f0:d6:61:3f:7f:91:de:ca:93:51:e4:fd:7a:05:c8:
                    56:96:fc:54:46:80:8e:0e:eb:08:ec:10:f3:86:ca:
                    89:d3:c9:28:05:3f:7e:61:a5:45:80:ad:9c:80:76:
                    34:e7:d2:3e:4d:94:0a:38:f2:e8:32:04:61:60:85:
                    8f:26:c9:36:25:70:2f:2a:c6:f1:1e:5d:15:8d:dd:
                    c0:cb:91:19:b4:21:48:5c:02:7f:ef:d5:5a:58:ea:
                    78:4c:47:e7:e2:71:d9:f3:a1:df:8a:4c:59:e1:36:
                    8f:04:6c:d2:3d:95:ad:a8:0b:a1:1f:08:5d:d8:64:
                    9d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:57:FF:3D:E7:14:54:72:B5:BE:F3:56:EC:76:62:8E:D5:8A:D1:74
            X509v3 Authority Key Identifier:
                keyid:45:10:C6:9B:ED:03:46:5B:FF:8A:F9:D7:1A:6A:E9:B1:83:B7:C2:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RRDGm-0DRlv_ivnXGmrpsYO3wk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/09c865-ac9c-4913-9cce-e1fd0b1f0efd/1/Mlf_PecUVHK1vvNW7HZijtWK0XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/09c865-ac9c-4913-9cce-e1fd0b1f0efd/1/RRDGm-0DRlv_ivnXGmrpsYO3wk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:69:80:db:20:51:1b:9b:96:fd:e4:09:a2:a8:a7:61:49:95:
         50:c3:6b:26:08:2a:d1:8c:2b:d9:23:b9:61:8a:0f:5b:c5:10:
         1f:34:ac:78:96:2a:8b:ed:eb:16:69:4a:97:e3:be:79:8d:d0:
         e2:a6:5d:2a:64:5e:e8:23:50:a8:20:90:14:71:40:1e:d5:74:
         e3:7c:9d:4c:0e:fc:70:2c:e6:c3:3c:02:bd:f3:ec:eb:28:87:
         0c:5e:e3:e5:89:82:ac:17:11:0e:6b:cb:a4:13:28:dd:e0:17:
         32:e1:52:26:c1:e2:b9:06:c3:4d:06:3a:47:fe:e3:44:e2:fc:
         99:36:50:62:d8:8d:65:99:88:50:d2:ca:80:38:f8:23:dd:64:
         0d:26:c8:75:c5:53:f8:52:4d:31:a8:fb:54:b7:12:32:c3:96:
         b5:c1:0d:1d:e6:f2:53:73:06:99:d6:a0:03:4d:b1:e5:13:0b:
         78:2a:a0:85:5b:70:0e:3b:6f:41:c8:b2:b6:91:fe:3d:97:2c:
         08:17:b9:f1:79:b5:5e:3a:55:7c:2f:bf:aa:92:a1:56:58:ed:
         10:4f:bd:63:7f:00:24:99:3b:e2:d7:d2:b5:d4:31:f1:5a:f6:
         cc:04:fd:66:a0:32:cc:53:07:78:bc:35:a8:99:48:19:19:7f:
         3d:7b:71:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATv4judb1S31cztSxCBuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MTBjNjliZWQwMzQ2NWJmZjhhZjlkNzFhNmFlOWIxODNi
N2MyNGQwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjU3ZmYzZGU3MTQ1NDcyYjViZWYzNTZlYzc2NjI4ZWQ1OGFkMTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYjpnr1b5TkzSwwfwip08R5WnP74
ogFsj5jurG1JloNDhuCYVDC93vd3VGvBAIFZ9+hnCfTCdgMfSLnI5nFOnOGX5lR5
uwEPwyAjx40Fkd5uMpHdXgGZ6k0LwXoT129aVlgc784JeY8y7ZWOQCLSsbIKcgTr
sj3ZZY6tB+8R46t+lnXWSD7w1mE/f5HeypNR5P16BchWlvxURoCODusI7BDzhsqJ
08koBT9+YaVFgK2cgHY059I+TZQKOPLoMgRhYIWPJsk2JXAvKsbxHl0Vjd3Ay5EZ
tCFIXAJ/79VaWOp4TEfn4nHZ86HfikxZ4TaPBGzSPZWtqAuhHwhd2GSdFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJX/z3nFFRytb7zVux2Yo7VitF0MB8GA1UdIwQY
MBaAFEUQxpvtA0Zb/4r51xpq6bGDt8JNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlJER20tMERSbHZfaXZuWEdtcnBzWU8zd2swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wOWM4NjUtYWM5Yy00OTEzLTljY2Ut
ZTFmZDBiMWYwZWZkLzEvTWxmX1BlY1VWSEsxdnZOVzdIWmlqdFdLMFhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wOWM4NjUtYWM5Yy00OTEzLTljY2UtZTFmZDBiMWYwZWZk
LzEvUlJER20tMERSbHZfaXZuWEdtcnBzWU8zd2swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudn0MA0G
CSqGSIb3DQEBCwUAA4IBAQApaYDbIFEbm5b95AmiqKdhSZVQw2smCCrRjCvZI7lh
ig9bxRAfNKx4liqL7esWaUqX4755jdDipl0qZF7oI1CoIJAUcUAe1XTjfJ1MDvxw
LObDPAK98+zrKIcMXuPliYKsFxEOa8ukEyjd4Bcy4VImweK5BsNNBjpH/uNE4vyZ
NlBi2I1lmYhQ0sqAOPgj3WQNJsh1xVP4Uk0xqPtUtxIyw5a1wQ0d5vJTcwaZ1qAD
TbHlEwt4KqCFW3AOO29ByLK2kf49lywIF7nxebVeOlV8L7+qkqFWWO0QT71jfwAk
mTvi19K11DHxWvbMBP1moDLMUwd4vDWomUgZGX89e3F+
-----END CERTIFICATE-----