Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/MUU_37RhpBksAX4xmvu7tUw85cU.roa
File:                     MUU_37RhpBksAX4xmvu7tUw85cU.roa (raw, json)
Hash identifier:          xlDAlreQ0N14pEZIQQjIfev0Ra6Pl0Xu0OkKdni8ELE=
Subject key identifier:   31:45:3F:DF:B4:61:A4:19:2C:01:7E:31:9A:FB:BB:B5:4C:3C:E5:C5
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D4C4B7F31C1F27E300F8C820FD411
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/MUU_37RhpBksAX4xmvu7tUw85cU.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4755
IP address blocks:        212.5.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4c:4b:7f:31:c1:f2:7e:30:0f:8c:82:0f:d4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31453fdfb461a4192c017e319afbbbb54c3ce5c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a1:ed:a4:f0:48:0e:58:b3:75:4b:e4:00:ca:
                    48:0f:b5:9c:f4:21:62:97:32:7c:99:fb:03:14:ea:
                    0c:db:12:93:fc:52:ea:5c:37:1a:c0:c3:95:6e:3f:
                    12:74:e7:d2:db:b6:6a:9d:34:37:3b:59:53:7b:bd:
                    6d:27:14:55:99:79:c6:3a:9a:1a:73:e3:08:5c:74:
                    df:75:b2:eb:43:d5:e6:ba:4c:2f:15:12:11:4d:fa:
                    3c:c2:90:e0:f3:2b:20:ad:fc:df:80:a9:23:b0:96:
                    3c:86:b1:e9:b1:6a:d2:c1:71:a7:bb:3e:9d:f0:9c:
                    0b:50:d1:98:05:ed:45:66:68:e7:45:6d:4c:ef:75:
                    c0:88:a0:f3:f3:4f:88:4c:c7:64:b5:ab:cf:7a:0c:
                    65:6f:e3:b7:3b:05:1c:76:49:e0:92:53:ac:48:e1:
                    73:19:c6:49:eb:5f:32:c7:55:cb:97:46:6e:df:4d:
                    de:82:34:8a:c9:18:29:2e:76:71:9c:54:7d:c3:a6:
                    cd:84:b8:60:e8:d2:42:a9:84:6e:9e:e3:7e:b2:28:
                    90:c3:10:d4:67:b6:ac:32:39:61:a1:d2:f4:97:62:
                    57:1d:ac:df:d8:d0:c8:d1:57:98:22:29:03:eb:47:
                    49:52:ac:c2:28:60:50:10:8b:2f:38:ef:a5:23:a2:
                    48:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:45:3F:DF:B4:61:A4:19:2C:01:7E:31:9A:FB:BB:B5:4C:3C:E5:C5
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/MUU_37RhpBksAX4xmvu7tUw85cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:55:ff:35:61:b0:84:8f:bb:7e:56:e9:9b:4a:1c:72:bc:9b:
         d4:bd:ee:e6:40:25:d6:be:8f:10:3c:75:fc:9d:72:c6:e9:ef:
         f6:49:1f:fb:4d:90:72:96:20:a0:de:ae:78:e2:c6:2e:f0:34:
         db:fd:53:6e:ca:a2:59:2e:3b:a7:1e:ee:2e:f0:f5:9c:78:2c:
         f7:84:38:3d:c2:2b:13:c2:c8:b1:8d:7d:03:85:e0:2a:91:97:
         7d:10:9c:21:5a:58:85:00:14:48:d1:96:96:2e:15:7b:2b:e6:
         aa:a0:6d:e4:49:6c:e9:31:e0:3a:ce:98:f0:00:0a:74:08:ed:
         e9:78:6b:2e:7d:9f:07:5c:2e:06:d4:83:67:b0:f8:27:b2:a2:
         ce:e6:43:dd:f2:d6:c7:55:03:db:37:12:76:8c:35:fc:bd:98:
         64:70:a7:cb:ce:c8:20:f8:6b:e4:69:a0:8b:c9:01:bb:ba:20:
         8c:e0:ef:8f:97:1a:35:ef:06:97:74:8c:3d:56:5f:c6:23:fc:
         a5:3e:61:28:63:8e:bb:68:3e:75:3b:d7:e6:6c:65:3c:15:4e:
         41:76:0c:e8:ac:1f:f9:a8:a3:17:3e:31:37:ef:91:1b:2b:9e:
         5d:62:82:08:c7:fa:25:bc:bf:34:3c:81:ab:59:11:7f:89:06:
         16:f9:44:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUxLfzHB8n4wD4yCD9QRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTQ1M2ZkZmI0NjFhNDE5MmMwMTdlMzE5YWZiYmJiNTRjM2NlNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaHtpPBIDlizdUvkAMpID7Wc9CFi
lzJ8mfsDFOoM2xKT/FLqXDcawMOVbj8SdOfS27ZqnTQ3O1lTe71tJxRVmXnGOpoa
c+MIXHTfdbLrQ9XmukwvFRIRTfo8wpDg8ysgrfzfgKkjsJY8hrHpsWrSwXGnuz6d
8JwLUNGYBe1FZmjnRW1M73XAiKDz80+ITMdktavPegxlb+O3OwUcdkngklOsSOFz
GcZJ618yx1XLl0Zu303egjSKyRgpLnZxnFR9w6bNhLhg6NJCqYRunuN+siiQwxDU
Z7asMjlhodL0l2JXHazf2NDI0VeYIikD60dJUqzCKGBQEIsvOO+lI6JILwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFFP9+0YaQZLAF+MZr7u7VMPOXFMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvTVVVXzM3UmhwQmtzQVg0eG12dTd0VXc4NWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AWcMA0G
CSqGSIb3DQEBCwUAA4IBAQBBVf81YbCEj7t+VumbShxyvJvUve7mQCXWvo8QPHX8
nXLG6e/2SR/7TZByliCg3q544sYu8DTb/VNuyqJZLjunHu4u8PWceCz3hDg9wisT
wsixjX0DheAqkZd9EJwhWliFABRI0ZaWLhV7K+aqoG3kSWzpMeA6zpjwAAp0CO3p
eGsufZ8HXC4G1INnsPgnsqLO5kPd8tbHVQPbNxJ2jDX8vZhkcKfLzsgg+GvkaaCL
yQG7uiCM4O+Plxo17waXdIw9Vl/GI/ylPmEoY467aD51O9fmbGU8FU5BdgzorB/5
qKMXPjE375EbK55dYoIIx/olvL80PIGrWRF/iQYW+UTT
-----END CERTIFICATE-----