Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Ml-s93sUGqqtpvrV21mXs_KcPPg.roa
File:                     Ml-s93sUGqqtpvrV21mXs_KcPPg.roa (raw, json)
Hash identifier:          08/vf4r20ixglaTs9NoUeBNOVscYG14VUlOa2pZY+RM=
Subject key identifier:   32:5F:AC:F7:7B:14:1A:AA:AD:A6:FA:D5:DB:59:97:B3:F2:9C:3C:F8
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56DFFD1F85DFB996BC93FD6E4744D46
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Ml-s93sUGqqtpvrV21mXs_KcPPg.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49392
IP address blocks:        188.95.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ff:d1:f8:5d:fb:99:6b:c9:3f:d6:e4:74:4d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=325facf77b141aaaada6fad5db5997b3f29c3cf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:02:ae:82:26:0c:a4:cd:33:14:bb:80:fd:19:
                    db:7e:12:a6:cb:56:0c:c3:5c:53:f4:06:22:fe:4f:
                    b2:2c:02:1e:86:97:64:3e:55:86:80:3d:f2:43:e8:
                    d3:e9:fb:34:a9:04:1e:c9:b4:63:5a:0b:03:02:95:
                    45:49:f8:51:f1:e6:55:76:af:43:9b:e9:db:97:38:
                    68:17:4e:88:a6:cf:fa:a5:60:b4:22:51:86:2a:f2:
                    1e:ec:eb:d8:82:22:38:9d:59:fa:54:ea:c0:a7:24:
                    1c:7e:c9:fb:66:35:59:c8:45:6c:b3:03:8c:ca:13:
                    23:3a:17:83:03:fa:2b:62:07:af:fa:ea:0e:4c:ff:
                    ec:67:e8:eb:de:47:06:a5:ec:d1:ba:e7:e1:42:be:
                    7d:fd:b3:28:b0:a9:80:aa:e2:3b:c1:0a:c3:0b:52:
                    cd:e3:b7:bb:ab:37:10:61:7c:06:67:8b:c1:f3:e1:
                    84:01:20:0f:24:85:2b:77:28:89:ea:61:39:54:f3:
                    84:6e:a1:ba:46:b2:4f:82:36:6c:c3:7f:dc:39:39:
                    f6:cf:18:24:af:e4:2d:c7:27:51:12:fa:81:56:1c:
                    24:a0:45:75:14:90:3d:fa:8c:e0:5b:a6:86:14:48:
                    70:12:bf:f9:da:93:d3:b4:25:67:10:44:ff:68:54:
                    2c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:5F:AC:F7:7B:14:1A:AA:AD:A6:FA:D5:DB:59:97:B3:F2:9C:3C:F8
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Ml-s93sUGqqtpvrV21mXs_KcPPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b6:d0:e9:c6:43:2f:ee:84:07:db:6d:e0:18:c9:85:a9:80:
         01:a3:5a:f2:07:3a:30:be:01:fa:ed:92:c4:50:72:f6:1d:b9:
         f1:17:26:94:0f:27:31:33:be:34:bb:cb:d6:62:9f:12:9c:df:
         a5:8d:7b:bd:2d:5e:15:38:0d:0a:1b:29:f8:40:51:54:80:59:
         00:f5:38:c9:56:f6:65:18:00:2e:ce:c7:06:59:25:a6:0c:08:
         c3:b2:bb:e8:c7:7b:43:85:4c:30:77:6f:5a:45:e0:ac:61:f9:
         b6:d8:17:ae:7a:79:08:d5:cf:e2:1f:40:a0:53:2e:30:e5:6d:
         94:79:7e:b4:6b:6f:a4:07:5a:e6:6d:85:38:f8:1c:83:e5:de:
         33:5e:e4:2d:98:48:67:7f:8d:ff:5b:0e:38:f2:6e:b7:6c:fc:
         fc:91:aa:8f:59:16:1e:f6:49:80:5a:55:69:1b:3e:c5:6e:13:
         f9:54:0a:1a:df:ea:41:a1:92:51:3c:45:c0:29:73:b5:6b:dc:
         e3:16:31:e3:28:19:5d:24:e9:ff:ab:1c:f3:6b:8f:02:43:ab:
         8a:38:30:78:4a:42:bd:6d:05:0d:21:b0:1f:16:75:b0:5d:d7:
         4d:ee:98:d3:4e:6f:44:af:39:5f:a2:c8:af:ec:c0:04:60:22:
         83:42:07:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf/R+F37mWvJP9bkdE1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjVmYWNmNzdiMTQxYWFhYWRhNmZhZDVkYjU5OTdiM2YyOWMzY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQKugiYMpM0zFLuA/RnbfhKmy1YM
w1xT9AYi/k+yLAIehpdkPlWGgD3yQ+jT6fs0qQQeybRjWgsDApVFSfhR8eZVdq9D
m+nblzhoF06Ips/6pWC0IlGGKvIe7OvYgiI4nVn6VOrApyQcfsn7ZjVZyEVsswOM
yhMjOheDA/orYgev+uoOTP/sZ+jr3kcGpezRuufhQr59/bMosKmAquI7wQrDC1LN
47e7qzcQYXwGZ4vB8+GEASAPJIUrdyiJ6mE5VPOEbqG6RrJPgjZsw3/cOTn2zxgk
r+QtxydREvqBVhwkoEV1FJA9+ozgW6aGFEhwEr/52pPTtCVnEET/aFQsMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJfrPd7FBqqrab61dtZl7PynDz4MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvTWwtczkzc1VHcXF0cHZyVjIxbVhzX0tjUFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9DMA0G
CSqGSIb3DQEBCwUAA4IBAQBHttDpxkMv7oQH223gGMmFqYABo1ryBzowvgH67ZLE
UHL2HbnxFyaUDycxM740u8vWYp8SnN+ljXu9LV4VOA0KGyn4QFFUgFkA9TjJVvZl
GAAuzscGWSWmDAjDsrvox3tDhUwwd29aReCsYfm22BeuenkI1c/iH0CgUy4w5W2U
eX60a2+kB1rmbYU4+ByD5d4zXuQtmEhnf43/Ww448m63bPz8kaqPWRYe9kmAWlVp
Gz7FbhP5VAoa3+pBoZJRPEXAKXO1a9zjFjHjKBldJOn/qxzza48CQ6uKODB4SkK9
bQUNIbAfFnWwXddN7pjTTm9Erzlfosiv7MAEYCKDQgfH
-----END CERTIFICATE-----