Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/mfc-HV2ARVe8Ine9GZq1F1kvX4A.roa
File:                     mfc-HV2ARVe8Ine9GZq1F1kvX4A.roa (raw, json)
Hash identifier:          UpBvetxQG+sXCvCtmvXeU0rjXxUG9tzFKicH1RUzlXo=
Subject key identifier:   99:F7:3E:1D:5D:80:45:57:BC:22:77:BD:19:9A:B5:17:59:2F:5F:80
Certificate issuer:       /CN=bfaea358aeeeb7d0b9e0f93d23f67d29a7ec62c8
Certificate serial:       018CC56EFCB164229A4D310DF00FCAB7DC16
Authority key identifier: BF:AE:A3:58:AE:EE:B7:D0:B9:E0:F9:3D:23:F6:7D:29:A7:EC:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/mfc-HV2ARVe8Ine9GZq1F1kvX4A.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1820
IP address blocks:        146.19.54.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fc:b1:64:22:9a:4d:31:0d:f0:0f:ca:b7:dc:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfaea358aeeeb7d0b9e0f93d23f67d29a7ec62c8
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99f73e1d5d804557bc2277bd199ab517592f5f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6f:68:26:1a:47:bb:80:5c:5f:90:00:ff:15:
                    a4:32:39:93:b5:4a:c9:4d:88:69:6c:27:6f:be:ed:
                    66:34:c8:eb:33:16:8c:59:2d:f0:24:3b:91:a4:b8:
                    fd:77:55:c1:8e:b8:57:08:ae:8d:01:ee:06:6f:d9:
                    e5:11:f1:cd:80:91:bf:9b:ca:72:bd:00:e3:d8:a1:
                    0f:6e:03:27:34:87:a6:2c:6d:d1:7a:89:c8:ad:98:
                    ec:eb:4f:de:5f:be:d9:3e:ab:db:55:f3:d0:ef:1d:
                    fe:78:fa:ed:bd:28:4e:c0:c4:8c:9a:db:f0:e2:d8:
                    74:03:f9:58:bb:bf:ba:0f:f0:28:be:8f:f6:12:2e:
                    62:f4:7a:b8:5c:ba:95:27:0f:da:01:b0:b4:d2:64:
                    4b:b0:53:df:4b:61:77:9a:8f:77:16:f7:c5:28:a1:
                    c1:d7:08:cc:b5:44:6e:08:36:ac:88:f1:73:dc:dc:
                    29:59:30:4f:31:b0:6f:93:29:02:b1:70:63:5e:e0:
                    31:de:96:9b:4a:78:58:5e:9a:15:d2:60:93:cb:cf:
                    0f:06:7f:58:c8:07:4b:96:8d:c1:c7:31:ad:26:c4:
                    c1:9c:65:27:54:5e:4f:e8:0d:6b:b2:ba:f3:35:e1:
                    59:9b:93:d5:f7:d9:99:47:fd:e3:ce:d7:2c:d7:98:
                    4c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F7:3E:1D:5D:80:45:57:BC:22:77:BD:19:9A:B5:17:59:2F:5F:80
            X509v3 Authority Key Identifier:
                keyid:BF:AE:A3:58:AE:EE:B7:D0:B9:E0:F9:3D:23:F6:7D:29:A7:EC:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v66jWK7ut9C54Pk9I_Z9KafsYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/mfc-HV2ARVe8Ine9GZq1F1kvX4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/288416-a46e-49c3-9337-249ce0c312b3/1/v66jWK7ut9C54Pk9I_Z9KafsYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:3c:eb:aa:67:2a:d7:a0:c0:6d:f3:01:27:bd:19:f6:24:39:
         4f:af:ba:be:d0:d4:61:66:97:d3:84:c6:ee:28:3c:cd:12:7c:
         0f:cf:69:6b:be:4a:40:9a:d4:07:00:85:b7:c6:b9:26:44:99:
         28:87:ef:2e:e5:35:4d:cc:0b:62:4d:bb:12:60:73:8e:55:55:
         fc:b0:d8:f7:49:f1:e2:04:13:9d:f3:4c:94:9c:44:f7:64:f6:
         29:d4:73:b6:9a:e0:d0:a9:01:e9:5d:c1:98:56:0a:12:1e:f0:
         7a:fb:2c:a2:58:0b:8d:76:5c:1d:a2:0c:b8:fc:4d:92:a3:6d:
         20:70:30:79:19:1b:23:d3:be:6d:00:c7:e4:c5:41:c2:fb:ca:
         36:03:1b:e5:40:24:44:30:b0:72:e6:d9:2c:d5:cd:48:7c:ad:
         47:eb:fb:1d:be:e7:76:8e:b9:e4:65:2f:6a:20:bc:8f:1b:de:
         9f:e6:11:4f:85:76:e8:77:e1:8c:b6:7b:94:0b:37:3b:e4:e5:
         58:bb:ab:14:39:a4:de:38:54:03:05:9d:68:5f:34:dd:dc:fa:
         7a:32:70:fb:9d:97:08:2c:f6:d5:2b:e2:14:c9:e8:0a:94:9d:
         75:60:7a:d7:7e:8e:0a:4e:be:9d:db:db:dc:b8:a0:c7:bd:0b:
         42:77:3b:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvyxZCKaTTEN8A/Kt9wWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWVhMzU4YWVlZWI3ZDBiOWUwZjkzZDIzZjY3ZDI5YTdl
YzYyYzgwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWY3M2UxZDVkODA0NTU3YmMyMjc3YmQxOTlhYjUxNzU5MmY1ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt29oJhpHu4BcX5AA/xWkMjmTtUrJ
TYhpbCdvvu1mNMjrMxaMWS3wJDuRpLj9d1XBjrhXCK6NAe4Gb9nlEfHNgJG/m8py
vQDj2KEPbgMnNIemLG3ReonIrZjs60/eX77ZPqvbVfPQ7x3+ePrtvShOwMSMmtvw
4th0A/lYu7+6D/Aovo/2Ei5i9Hq4XLqVJw/aAbC00mRLsFPfS2F3mo93FvfFKKHB
1wjMtURuCDasiPFz3NwpWTBPMbBvkykCsXBjXuAx3pabSnhYXpoV0mCTy88PBn9Y
yAdLlo3BxzGtJsTBnGUnVF5P6A1rsrrzNeFZm5PV99mZR/3jztcs15hMuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn3Ph1dgEVXvCJ3vRmatRdZL1+AMB8GA1UdIwQY
MBaAFL+uo1iu7rfQueD5PSP2fSmn7GLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjY2aldLN3V0OUM1NFBrOUlfWjlLYWZzWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8yODg0MTYtYTQ2ZS00OWMzLTkzMzct
MjQ5Y2UwYzMxMmIzLzEvbWZjLUhWMkFSVmU4SW5lOUdacTFGMWt2WDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8yODg0MTYtYTQ2ZS00OWMzLTkzMzctMjQ5Y2UwYzMxMmIz
LzEvdjY2aldLN3V0OUM1NFBrOUlfWjlLYWZzWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM2MA0G
CSqGSIb3DQEBCwUAA4IBAQBQPOuqZyrXoMBt8wEnvRn2JDlPr7q+0NRhZpfThMbu
KDzNEnwPz2lrvkpAmtQHAIW3xrkmRJkoh+8u5TVNzAtiTbsSYHOOVVX8sNj3SfHi
BBOd80yUnET3ZPYp1HO2muDQqQHpXcGYVgoSHvB6+yyiWAuNdlwdogy4/E2So20g
cDB5GRsj075tAMfkxUHC+8o2AxvlQCREMLBy5tks1c1IfK1H6/sdvud2jrnkZS9q
ILyPG96f5hFPhXbod+GMtnuUCzc75OVYu6sUOaTeOFQDBZ1oXzTd3Pp6MnD7nZcI
LPbVK+IUyegKlJ11YHrXfo4KTr6d29vcuKDHvQtCdzuB
-----END CERTIFICATE-----