Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/znDzxIS-UnjsrQw7lwzavoL_MGM.roa
File:                     znDzxIS-UnjsrQw7lwzavoL_MGM.roa (raw, json)
Hash identifier:          4wkqHzn8RwZ/AdG2QFs0viKkLmb6+NvIr4absu4BpTY=
Subject key identifier:   CE:70:F3:C4:84:BE:52:78:EC:AD:0C:3B:97:0C:DA:BE:82:FF:30:63
Certificate issuer:       /CN=c9b59f41779e6f2435f59f1a171c080a5a7a44d2
Certificate serial:       018CC2DB4C15227A2680A840ED68CCFED11E
Authority key identifier: C9:B5:9F:41:77:9E:6F:24:35:F5:9F:1A:17:1C:08:0A:5A:7A:44:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/znDzxIS-UnjsrQw7lwzavoL_MGM.roa
Signing time:             Mon 01 Jan 2024 02:30:00 +0000
ROA not before:           Mon 01 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210190
IP address blocks:        194.36.44.0/24 maxlen: 24
                          2a0d:8240::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4c:15:22:7a:26:80:a8:40:ed:68:cc:fe:d1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b59f41779e6f2435f59f1a171c080a5a7a44d2
        Validity
            Not Before: Jan  1 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce70f3c484be5278ecad0c3b970cdabe82ff3063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:94:b1:d8:74:46:09:25:67:52:ce:1e:0b:7d:
                    21:ed:72:b2:f5:86:d0:d5:89:1f:d7:ee:d6:a0:4a:
                    87:a4:1a:43:48:85:e5:de:2b:46:3d:15:23:db:56:
                    6d:98:7c:fb:25:ff:fe:5f:27:a9:e4:72:53:b7:fc:
                    55:44:22:37:fa:2f:e8:bc:de:f4:9d:7d:d7:f2:88:
                    91:ea:fb:23:93:f7:b7:a5:c4:25:9c:58:8f:e8:31:
                    1e:e5:3e:be:a9:6d:3b:e4:f0:98:50:3e:ad:ce:87:
                    28:2f:7c:76:69:f9:84:45:39:73:62:8d:41:ad:4a:
                    7d:e4:1e:77:07:dc:3c:d2:31:ef:2c:b1:6e:a4:23:
                    a9:62:34:86:d9:a1:19:b4:8b:69:30:58:c4:bf:95:
                    af:dd:a9:9c:33:5e:3e:9e:69:fc:6f:a7:7e:15:50:
                    fb:41:d0:e5:19:ae:0b:22:d4:12:04:c6:3c:1a:ad:
                    fb:bb:91:59:ee:f8:6c:ff:25:87:ce:fb:b9:73:d2:
                    6e:1f:4a:40:17:29:36:d8:c5:bf:ba:0a:50:63:bf:
                    eb:c9:89:84:12:de:30:bc:a7:1b:7b:13:38:97:af:
                    83:08:8c:6a:9f:92:ab:97:e9:59:c8:1f:30:23:b9:
                    a4:70:89:71:fe:86:5f:97:62:3e:5f:3d:31:0c:58:
                    fa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:70:F3:C4:84:BE:52:78:EC:AD:0C:3B:97:0C:DA:BE:82:FF:30:63
            X509v3 Authority Key Identifier:
                keyid:C9:B5:9F:41:77:9E:6F:24:35:F5:9F:1A:17:1C:08:0A:5A:7A:44:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/znDzxIS-UnjsrQw7lwzavoL_MGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.44.0/24
                IPv6:
                  2a0d:8240::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:4f:82:83:a0:5a:c3:60:86:65:88:35:53:b5:ff:2c:0e:93:
         c8:bc:2e:10:a4:be:2e:c0:72:7f:71:e2:52:18:ec:c4:02:96:
         6b:c4:dd:03:48:8a:04:13:8b:af:51:5e:22:11:81:86:1b:b1:
         65:ad:df:ad:14:f4:b2:42:95:cd:17:6a:15:8f:f3:cc:b8:28:
         fa:a1:1d:ab:72:47:14:3c:0b:35:7e:c6:d4:19:e5:99:54:73:
         7f:df:5e:bd:dd:1c:86:8d:b8:c2:ab:e8:57:98:0e:a2:50:c6:
         10:21:c0:c5:d3:78:3e:9f:79:82:c5:d0:43:6b:23:bf:0c:2b:
         89:37:9a:9e:57:a2:62:cf:33:89:59:ae:c1:51:7c:c9:08:23:
         e1:b7:95:0a:bb:e4:fd:ef:ed:78:ea:e2:fd:12:d1:b6:bb:53:
         9f:43:08:45:9e:ba:19:f4:bd:86:62:8b:8d:31:bf:dc:47:5d:
         10:27:31:8a:be:95:89:c2:b6:31:4d:80:a3:75:da:46:7d:97:
         f6:dc:f4:32:b7:5f:9a:ec:6a:9a:c2:98:2f:c9:75:cb:61:43:
         1a:5f:76:5e:cd:69:b3:3b:52:fe:32:6d:e9:4e:5d:5a:f6:60:
         e0:58:12:f6:a3:bd:7b:c8:68:7f:9a:97:10:11:3b:c1:0f:33:
         04:8b:72:79
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC20wVInomgKhA7WjM/tEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjU5ZjQxNzc5ZTZmMjQzNWY1OWYxYTE3MWMwODBhNWE3
YTQ0ZDIwHhcNMjQwMTAxMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTcwZjNjNDg0YmU1Mjc4ZWNhZDBjM2I5NzBjZGFiZTgyZmYzMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpSx2HRGCSVnUs4eC30h7XKy9YbQ
1Ykf1+7WoEqHpBpDSIXl3itGPRUj21ZtmHz7Jf/+Xyep5HJTt/xVRCI3+i/ovN70
nX3X8oiR6vsjk/e3pcQlnFiP6DEe5T6+qW075PCYUD6tzocoL3x2afmERTlzYo1B
rUp95B53B9w80jHvLLFupCOpYjSG2aEZtItpMFjEv5Wv3amcM14+nmn8b6d+FVD7
QdDlGa4LItQSBMY8Gq37u5FZ7vhs/yWHzvu5c9JuH0pAFyk22MW/ugpQY7/ryYmE
Et4wvKcbexM4l6+DCIxqn5Krl+lZyB8wI7mkcIlx/oZfl2I+Xz0xDFj6nwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM5w88SEvlJ47K0MO5cM2r6C/zBjMB8GA1UdIwQY
MBaAFMm1n0F3nm8kNfWfGhccCApaekTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJXZlFYZWVieVExOVo4YUZ4d0lDbHA2Uk5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wMjdjOGItNDAwOS00ZGE2LWFlOTct
NzIzNjdjYmIxOWVmLzEvem5EenhJUy1VbmpzclF3N2x3emF2b0xfTUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wMjdjOGItNDAwOS00ZGE2LWFlOTctNzIzNjdjYmIxOWVm
LzEveWJXZlFYZWVieVExOVo4YUZ4d0lDbHA2Uk5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwiQsMA0E
AgACMAcDBQMqDYJAMA0GCSqGSIb3DQEBCwUAA4IBAQCQT4KDoFrDYIZliDVTtf8s
DpPIvC4QpL4uwHJ/ceJSGOzEApZrxN0DSIoEE4uvUV4iEYGGG7Flrd+tFPSyQpXN
F2oVj/PMuCj6oR2rckcUPAs1fsbUGeWZVHN/31693RyGjbjCq+hXmA6iUMYQIcDF
03g+n3mCxdBDayO/DCuJN5qeV6JizzOJWa7BUXzJCCPht5UKu+T97+146uL9EtG2
u1OfQwhFnroZ9L2GYouNMb/cR10QJzGKvpWJwrYxTYCjddpGfZf23PQyt1+a7Gqa
wpgvyXXLYUMaX3ZezWmzO1L+Mm3pTl1a9mDgWBL2o717yGh/mpcQETvBDzMEi3J5
-----END CERTIFICATE-----