Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/MDgRwsqSH1qDSEZYKWoZ-c6oV4c.roa
File:                     MDgRwsqSH1qDSEZYKWoZ-c6oV4c.roa (raw, json)
Hash identifier:          dq2oJsxxjpC6qJ3CunLDgBKo0Q+6JfPWaH3jDHSL2JU=
Subject key identifier:   30:38:11:C2:CA:92:1F:5A:83:48:46:58:29:6A:19:F9:CE:A8:57:87
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348AD753A5254939EEDB7E01E0B76C8
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/MDgRwsqSH1qDSEZYKWoZ-c6oV4c.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200253
IP address blocks:        94.240.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ad:75:3a:52:54:93:9e:ed:b7:e0:1e:0b:76:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=303811c2ca921f5a83484658296a19f9cea85787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e6:29:a5:6c:85:f9:33:01:fd:c7:e1:fb:f1:
                    aa:36:f6:21:4b:c6:9d:e6:06:b1:aa:da:c2:17:f5:
                    46:81:c1:7b:a7:97:17:86:1c:a8:02:92:d7:83:8e:
                    10:0d:8b:8c:42:e3:7a:dc:6c:9a:7d:6a:d8:2e:ad:
                    ef:a6:3e:d3:07:c8:c2:fd:c3:95:a7:95:2f:f5:17:
                    ec:bf:9a:c7:b1:c3:23:9c:df:49:85:d0:b9:66:bf:
                    1c:ef:ab:ae:4b:d9:4a:09:ef:d1:94:57:9d:33:13:
                    a0:00:fe:41:fa:69:d8:d6:e0:28:45:7c:32:a8:43:
                    02:4f:f6:a9:07:dc:50:fe:73:30:d0:af:a4:3a:62:
                    76:c6:80:02:3e:3c:aa:62:58:88:ee:d3:6a:f5:90:
                    82:7a:98:11:07:53:fa:fb:51:44:3e:9d:6d:d4:af:
                    f3:11:10:85:20:e3:c7:9a:aa:00:4b:0c:e1:5e:51:
                    55:dc:d0:fb:34:5f:78:96:82:bc:bf:16:fe:e5:10:
                    c9:08:77:b0:ca:0e:1f:8e:54:61:43:39:74:af:9d:
                    01:4e:a4:bc:a1:48:53:d7:a6:e3:ba:3d:cb:16:30:
                    11:d9:c5:89:c0:2a:be:c7:1d:25:98:26:e5:1e:80:
                    20:8c:f3:52:df:2f:49:47:4d:89:3c:3b:f4:2b:78:
                    ee:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:38:11:C2:CA:92:1F:5A:83:48:46:58:29:6A:19:F9:CE:A8:57:87
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/MDgRwsqSH1qDSEZYKWoZ-c6oV4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:35:01:e3:7a:ad:23:b8:cb:b8:0f:39:31:c1:e6:ed:ca:97:
         b4:9c:63:d4:82:2f:cb:27:6c:86:a9:ef:17:41:8f:8b:69:cf:
         12:98:5b:e2:7f:83:f4:55:34:05:fc:be:1f:6a:a1:3b:ee:61:
         25:2a:f1:39:12:ff:87:64:1c:43:a1:a3:a4:4e:da:db:03:56:
         d2:70:e9:1c:e3:33:45:01:91:65:2b:e2:c3:a6:8d:e6:59:7f:
         f3:c4:d3:ed:49:0f:fe:eb:29:1e:b5:46:8e:90:72:e3:9c:6f:
         b4:67:ed:e2:da:ab:91:6a:49:de:10:cd:e3:a1:a5:da:b0:59:
         60:9b:13:eb:29:1b:a5:bd:f7:c8:90:71:0e:a5:75:0f:5c:6d:
         5f:15:f0:76:ae:e1:d0:68:2b:fd:c1:07:be:35:c1:32:56:18:
         b4:a6:0d:ba:a0:75:f3:21:4e:c0:e1:a7:67:a6:3d:37:92:95:
         1d:92:cf:5e:cd:96:32:0e:b9:4e:5d:af:71:aa:48:a3:4b:b9:
         ae:33:90:eb:6d:67:7f:ba:7c:00:95:17:c7:4a:be:c1:c3:93:
         7e:a3:54:99:c6:75:4c:a6:47:ce:c9:ea:51:dd:8d:30:cd:b1:
         d0:00:62:52:50:c7:0a:6e:49:bb:ae:49:4d:b4:c3:25:99:1d:
         6b:0e:c6:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSK11OlJUk57tt+AeC3bIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDM4MTFjMmNhOTIxZjVhODM0ODQ2NTgyOTZhMTlmOWNlYTg1Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+YppWyF+TMB/cfh+/GqNvYhS8ad
5gaxqtrCF/VGgcF7p5cXhhyoApLXg44QDYuMQuN63GyafWrYLq3vpj7TB8jC/cOV
p5Uv9Rfsv5rHscMjnN9JhdC5Zr8c76uuS9lKCe/RlFedMxOgAP5B+mnY1uAoRXwy
qEMCT/apB9xQ/nMw0K+kOmJ2xoACPjyqYliI7tNq9ZCCepgRB1P6+1FEPp1t1K/z
ERCFIOPHmqoASwzhXlFV3ND7NF94loK8vxb+5RDJCHewyg4fjlRhQzl0r50BTqS8
oUhT16bjuj3LFjAR2cWJwCq+xx0lmCblHoAgjPNS3y9JR02JPDv0K3juoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDA4EcLKkh9ag0hGWClqGfnOqFeHMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvTURnUndzcVNIMXFEU0VaWUtXb1otYzZvVjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAaMA0G
CSqGSIb3DQEBCwUAA4IBAQBDNQHjeq0juMu4Dzkxwebtype0nGPUgi/LJ2yGqe8X
QY+Lac8SmFvif4P0VTQF/L4faqE77mElKvE5Ev+HZBxDoaOkTtrbA1bScOkc4zNF
AZFlK+LDpo3mWX/zxNPtSQ/+6yketUaOkHLjnG+0Z+3i2quRakneEM3joaXasFlg
mxPrKRulvffIkHEOpXUPXG1fFfB2ruHQaCv9wQe+NcEyVhi0pg26oHXzIU7A4adn
pj03kpUdks9ezZYyDrlOXa9xqkijS7muM5DrbWd/unwAlRfHSr7Bw5N+o1SZxnVM
pkfOyepR3Y0wzbHQAGJSUMcKbkm7rklNtMMlmR1rDsbb
-----END CERTIFICATE-----