Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/MjkG6JrzAKDevuz_dXz7HlUJ0dc.roa
File:                     MjkG6JrzAKDevuz_dXz7HlUJ0dc.roa (raw, json)
Hash identifier:          Qs4Ppr5igGX4gwBSrF37YitCoch1ov7z9TNyfBUAsrA=
Subject key identifier:   32:39:06:E8:9A:F3:00:A0:DE:BE:EC:FF:75:7C:FB:1E:55:09:D1:D7
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       018CC6B811D16AA4D875E6EEB4CDF30AD8C4
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/MjkG6JrzAKDevuz_dXz7HlUJ0dc.roa
Signing time:             Mon 01 Jan 2024 20:30:01 +0000
ROA not before:           Mon 01 Jan 2024 20:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44511
IP address blocks:        2a02:20c8:1241::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:11:d1:6a:a4:d8:75:e6:ee:b4:cd:f3:0a:d8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 20:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=323906e89af300a0debeecff757cfb1e5509d1d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fe:97:f8:59:6c:6b:d4:fd:10:e2:dc:02:1a:
                    14:62:d6:b1:ec:32:32:87:e8:ef:ac:ac:f0:f1:59:
                    1c:cb:bb:6c:9a:22:c9:45:77:63:b6:82:e1:b8:a2:
                    93:00:a5:57:43:6e:78:5c:6c:de:3e:26:34:a2:9a:
                    66:1b:0d:5f:a7:a4:0c:7f:0b:fd:b5:5b:14:64:77:
                    40:71:54:03:70:8b:8d:29:c2:54:40:26:f2:64:32:
                    90:aa:7d:23:91:82:37:08:9e:ba:00:10:a4:db:31:
                    e8:e1:4d:2b:85:42:6f:50:3d:5a:2d:b3:ea:47:9f:
                    3a:e2:3d:d2:85:cb:a7:ac:ab:08:44:58:a2:e5:73:
                    3e:9b:d2:31:94:34:26:4b:a0:7e:10:96:95:ae:5d:
                    02:2c:bb:97:b9:17:2f:40:91:6f:98:3a:57:ed:e4:
                    92:ac:be:a7:3e:9e:9c:25:a0:8f:81:4e:98:df:96:
                    88:34:78:49:94:38:1c:da:f5:4c:03:a0:23:f0:84:
                    39:aa:01:43:a1:b1:4d:9a:ac:38:43:ad:ca:ae:23:
                    87:b1:a3:9f:f1:a5:24:7b:62:71:45:1f:8b:c6:0b:
                    fd:15:f8:b4:a5:04:ea:b6:cc:c0:a1:6d:a9:80:3d:
                    0d:81:8f:5d:6f:ab:ca:92:0a:84:98:ba:f9:49:bf:
                    97:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:39:06:E8:9A:F3:00:A0:DE:BE:EC:FF:75:7C:FB:1E:55:09:D1:D7
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/MjkG6JrzAKDevuz_dXz7HlUJ0dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:20c8:1241::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:f0:20:f4:e4:d2:cf:f0:0e:3a:96:c8:16:2a:6d:59:b5:12:
         f6:c0:62:63:19:8e:14:b4:f3:e4:41:46:b9:66:7e:03:27:58:
         e4:6e:2e:b1:1a:a4:bc:e4:2a:68:02:75:bd:09:00:ba:1d:ea:
         76:5d:84:d4:53:f3:ef:35:b8:c5:c8:5f:c5:95:6e:0c:e3:2e:
         45:fe:f8:ad:1b:96:07:27:38:e6:99:35:36:72:16:a0:f6:81:
         3b:77:8b:e2:e7:90:1d:58:13:70:56:10:00:03:af:5f:0a:f3:
         f3:49:b7:b0:13:6e:4c:00:8d:60:32:dc:16:89:c1:a3:40:8a:
         56:0e:44:ca:a9:67:80:be:22:cc:4b:71:b4:79:a3:0d:99:0d:
         34:bd:65:6e:ae:b5:ef:9b:8b:cc:4a:a0:08:47:d5:06:25:74:
         5e:b0:5f:45:85:1b:44:7c:a9:44:1d:bf:ce:e1:ed:f9:e4:7a:
         9f:9a:0b:81:d3:a4:c5:03:d3:d0:53:87:ae:ad:11:14:95:d8:
         17:aa:36:2b:1b:8e:f7:32:69:b5:74:73:61:e3:95:09:32:2d:
         3b:c8:d7:39:f2:97:eb:7f:74:34:71:ca:14:80:c0:49:12:3c:
         3d:02:96:44:cb:4d:64:6a:7b:36:f6:23:e5:7c:88:21:fb:40:
         98:bb:1d:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuBHRaqTYdebutM3zCtjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjM5MDZlODlhZjMwMGEwZGViZWVjZmY3NTdjZmIxZTU1MDlkMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/6X+Flsa9T9EOLcAhoUYtax7DIy
h+jvrKzw8Vkcy7tsmiLJRXdjtoLhuKKTAKVXQ254XGzePiY0oppmGw1fp6QMfwv9
tVsUZHdAcVQDcIuNKcJUQCbyZDKQqn0jkYI3CJ66ABCk2zHo4U0rhUJvUD1aLbPq
R5864j3ShcunrKsIRFii5XM+m9IxlDQmS6B+EJaVrl0CLLuXuRcvQJFvmDpX7eSS
rL6nPp6cJaCPgU6Y35aINHhJlDgc2vVMA6Aj8IQ5qgFDobFNmqw4Q63KriOHsaOf
8aUke2JxRR+Lxgv9Ffi0pQTqtszAoW2pgD0NgY9db6vKkgqEmLr5Sb+XIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDI5Buia8wCg3r7s/3V8+x5VCdHXMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvTWprRzZKcnpBS0RldnV6X2RYejdIbFVKMGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIgyBJB
MA0GCSqGSIb3DQEBCwUAA4IBAQBM8CD05NLP8A46lsgWKm1ZtRL2wGJjGY4UtPPk
QUa5Zn4DJ1jkbi6xGqS85CpoAnW9CQC6Hep2XYTUU/PvNbjFyF/FlW4M4y5F/vit
G5YHJzjmmTU2chag9oE7d4vi55AdWBNwVhAAA69fCvPzSbewE25MAI1gMtwWicGj
QIpWDkTKqWeAviLMS3G0eaMNmQ00vWVurrXvm4vMSqAIR9UGJXResF9FhRtEfKlE
Hb/O4e355HqfmguB06TFA9PQU4eurREUldgXqjYrG473Mmm1dHNh45UJMi07yNc5
8pfrf3Q0ccoUgMBJEjw9ApZEy01kans29iPlfIgh+0CYux2l
-----END CERTIFICATE-----