Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/MU9Z1MlPh62Wc5j5AHZbsMuGQ_o.roa
File:                     MU9Z1MlPh62Wc5j5AHZbsMuGQ_o.roa (raw, json)
Hash identifier:          9xFleIrtHWqwYZfH++i8OGf49CebJqQ9d1S3aAO7/kw=
Subject key identifier:   31:4F:59:D4:C9:4F:87:AD:96:73:98:F9:00:76:5B:B0:CB:86:43:FA
Certificate issuer:       /CN=d897faea94815e0520b46f185c3ebec29b376ef0
Certificate serial:       018CC6B8BE0E6C787CC660C3820DE998987F
Authority key identifier: D8:97:FA:EA:94:81:5E:05:20:B4:6F:18:5C:3E:BE:C2:9B:37:6E:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Jf66pSBXgUgtG8YXD6-wps3bvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/MU9Z1MlPh62Wc5j5AHZbsMuGQ_o.roa
Signing time:             Mon 01 Jan 2024 20:30:45 +0000
ROA not before:           Mon 01 Jan 2024 20:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        95.130.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/2Jf66pSBXgUgtG8YXD6-wps3bvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/2Jf66pSBXgUgtG8YXD6-wps3bvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Jf66pSBXgUgtG8YXD6-wps3bvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:be:0e:6c:78:7c:c6:60:c3:82:0d:e9:98:98:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d897faea94815e0520b46f185c3ebec29b376ef0
        Validity
            Not Before: Jan  1 20:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=314f59d4c94f87ad967398f900765bb0cb8643fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:31:e1:77:76:2a:34:87:1d:a6:35:1d:90:1a:
                    63:4f:bf:19:ae:61:58:4e:63:42:0c:5e:1c:8f:2d:
                    56:38:1c:27:0b:b0:b5:96:39:4f:9d:6f:23:00:89:
                    8a:a0:03:39:b2:d9:aa:a6:29:d8:02:37:d7:74:98:
                    a8:e5:b6:cb:0a:dd:17:0d:8e:8d:e1:e2:c8:cb:65:
                    c3:a9:40:83:84:95:41:01:8b:55:69:24:4b:f0:ab:
                    64:53:ec:cb:cd:53:a0:c2:71:1c:62:66:02:40:ae:
                    27:f9:94:c8:c9:cd:5b:1e:b1:0a:8c:93:ff:1c:bc:
                    97:bf:ca:c0:65:1f:5c:e4:92:ab:03:f9:b6:16:76:
                    69:35:f4:b1:a1:84:db:43:61:56:69:d2:b3:9d:c5:
                    62:c4:c1:99:70:e7:9d:43:85:e4:5b:52:a7:1d:f7:
                    83:15:c8:5f:95:be:ca:8d:c7:1d:9c:65:f9:d4:5d:
                    39:67:c4:9a:35:e5:7c:a0:65:43:c4:2f:a7:58:56:
                    b1:e1:5b:09:f4:28:20:91:2f:a3:06:ff:1c:56:c7:
                    a7:ff:30:a7:03:c6:b4:35:ad:65:79:28:a3:5c:b7:
                    a6:d0:98:cc:43:f9:1c:90:27:ad:45:5f:8a:3f:85:
                    ba:55:5d:19:cf:01:c5:b6:1d:84:0b:16:0a:35:61:
                    d3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4F:59:D4:C9:4F:87:AD:96:73:98:F9:00:76:5B:B0:CB:86:43:FA
            X509v3 Authority Key Identifier:
                keyid:D8:97:FA:EA:94:81:5E:05:20:B4:6F:18:5C:3E:BE:C2:9B:37:6E:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Jf66pSBXgUgtG8YXD6-wps3bvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/MU9Z1MlPh62Wc5j5AHZbsMuGQ_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/76a216-cae7-4886-8e77-c813ce0f5e47/1/2Jf66pSBXgUgtG8YXD6-wps3bvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:41:11:68:1d:10:28:b0:8e:68:e5:0a:90:2f:82:4c:ee:5e:
         a1:6a:00:b2:f8:ca:7e:03:89:84:9f:93:5d:1e:61:31:2b:cb:
         f9:33:46:10:65:1e:9e:ae:00:38:de:e2:23:f7:a8:7e:5c:bd:
         d7:a3:84:c8:03:ce:92:02:ed:ff:7e:02:b4:4b:15:0a:f0:e3:
         ad:68:fc:f0:ae:71:ac:de:7f:ff:6f:22:cd:a5:b6:fc:5f:2a:
         f1:a6:7e:b7:8c:c7:fc:c5:6f:91:2f:08:a4:9b:3b:32:79:4e:
         65:0e:2a:c8:9d:57:4f:5e:9f:22:1a:8f:75:da:4c:2a:b9:35:
         6e:28:11:a2:5b:e9:0d:af:31:09:b0:48:d3:9e:3e:03:a0:28:
         f3:22:25:95:7c:a4:7d:50:3c:cf:6b:ea:80:10:21:e7:82:2c:
         b3:f0:8c:85:77:6d:bc:56:a1:39:8b:eb:86:10:79:38:99:c6:
         48:00:7a:fa:76:c6:e6:8b:98:ff:bd:07:6b:a0:65:f4:cd:eb:
         7c:ef:8d:50:9e:b1:d4:a4:e4:bc:52:9c:9c:77:65:ec:21:f7:
         16:4e:c9:33:a1:cf:64:13:29:8c:b6:b8:56:d1:ab:72:06:4d:
         b1:ba:ab:71:4a:55:be:29:6f:52:b0:6f:84:5b:c7:15:6e:33:
         71:21:bf:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuL4ObHh8xmDDgg3pmJh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTdmYWVhOTQ4MTVlMDUyMGI0NmYxODVjM2ViZWMyOWIz
NzZlZjAwHhcNMjQwMTAxMjAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRmNTlkNGM5NGY4N2FkOTY3Mzk4ZjkwMDc2NWJiMGNiODY0M2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTHhd3YqNIcdpjUdkBpjT78ZrmFY
TmNCDF4cjy1WOBwnC7C1ljlPnW8jAImKoAM5stmqpinYAjfXdJio5bbLCt0XDY6N
4eLIy2XDqUCDhJVBAYtVaSRL8KtkU+zLzVOgwnEcYmYCQK4n+ZTIyc1bHrEKjJP/
HLyXv8rAZR9c5JKrA/m2FnZpNfSxoYTbQ2FWadKzncVixMGZcOedQ4XkW1KnHfeD
Fchflb7KjccdnGX51F05Z8SaNeV8oGVDxC+nWFax4VsJ9CggkS+jBv8cVsen/zCn
A8a0Na1leSijXLem0JjMQ/kckCetRV+KP4W6VV0ZzwHFth2ECxYKNWHTCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFPWdTJT4etlnOY+QB2W7DLhkP6MB8GA1UdIwQY
MBaAFNiX+uqUgV4FILRvGFw+vsKbN27wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpmNjZwU0JYZ1VndEc4WVhENi13cHMzYnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83NmEyMTYtY2FlNy00ODg2LThlNzct
YzgxM2NlMGY1ZTQ3LzEvTVU5WjFNbFBoNjJXYzVqNUFIWmJzTXVHUV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83NmEyMTYtY2FlNy00ODg2LThlNzctYzgxM2NlMGY1ZTQ3
LzEvMkpmNjZwU0JYZ1VndEc4WVhENi13cHMzYnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX4K4MA0G
CSqGSIb3DQEBCwUAA4IBAQBLQRFoHRAosI5o5QqQL4JM7l6hagCy+Mp+A4mEn5Nd
HmExK8v5M0YQZR6ergA43uIj96h+XL3Xo4TIA86SAu3/fgK0SxUK8OOtaPzwrnGs
3n//byLNpbb8Xyrxpn63jMf8xW+RLwikmzsyeU5lDirInVdPXp8iGo912kwquTVu
KBGiW+kNrzEJsEjTnj4DoCjzIiWVfKR9UDzPa+qAECHngiyz8IyFd228VqE5i+uG
EHk4mcZIAHr6dsbmi5j/vQdroGX0zet8741QnrHUpOS8Upycd2XsIfcWTskzoc9k
EymMtrhW0atyBk2xuqtxSlW+KW9SsG+EW8cVbjNxIb/v
-----END CERTIFICATE-----