Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/MF4nJoU3Ow-5LWWzy5I1n9DPTUs.roa
File:                     MF4nJoU3Ow-5LWWzy5I1n9DPTUs.roa (raw, json)
Hash identifier:          FvOQrIl7iAPea1F0Hc9H5m/uoHSs7mvB47NMIMxD0cQ=
Subject key identifier:   30:5E:27:26:85:37:3B:0F:B9:2D:65:B3:CB:92:35:9F:D0:CF:4D:4B
Certificate issuer:       /CN=5fadd0e945bc61101c69bce64a3d728ba1bb8661
Certificate serial:       0192BEAACB0BE67218C6492E5E84090566D5
Authority key identifier: 5F:AD:D0:E9:45:BC:61:10:1C:69:BC:E6:4A:3D:72:8B:A1:BB:86:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X63Q6UW8YRAcabzmSj1yi6G7hmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/MF4nJoU3Ow-5LWWzy5I1n9DPTUs.roa
Signing time:             Thu 24 Oct 2024 13:15:16 +0000
ROA not before:           Thu 24 Oct 2024 13:15:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15511
IP address blocks:        94.231.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/X63Q6UW8YRAcabzmSj1yi6G7hmE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/X63Q6UW8YRAcabzmSj1yi6G7hmE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X63Q6UW8YRAcabzmSj1yi6G7hmE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:be:aa:cb:0b:e6:72:18:c6:49:2e:5e:84:09:05:66:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fadd0e945bc61101c69bce64a3d728ba1bb8661
        Validity
            Not Before: Oct 24 13:15:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=305e272685373b0fb92d65b3cb92359fd0cf4d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c1:37:39:4a:82:3d:a3:74:fc:fe:c5:fd:63:
                    6f:ae:86:c2:5d:a3:35:f5:9c:c1:28:1f:ea:ae:bb:
                    eb:66:d0:5e:8f:fa:16:2f:de:90:1c:60:5e:48:fc:
                    1c:8f:f3:30:f8:ca:8c:0d:65:3c:ab:1b:9e:26:1d:
                    53:56:af:bf:94:40:d2:d6:25:a0:84:9a:e7:b6:ca:
                    c1:5e:74:57:5d:41:e2:9f:f7:c4:47:ee:44:52:1e:
                    11:21:9c:a9:74:5c:9f:24:55:ac:43:e0:93:06:d4:
                    8f:f2:b7:be:45:6e:db:74:ac:16:9c:75:fc:5e:ee:
                    5b:87:b8:ee:7f:b4:bf:92:7e:db:2f:ca:31:5f:66:
                    c9:be:c9:da:59:11:9e:cb:e4:7c:f5:69:88:1a:55:
                    e2:59:da:91:7f:aa:cb:8c:80:0d:8c:d1:5b:b9:6e:
                    2d:d3:c2:12:80:32:ee:c8:ed:43:bf:66:57:3d:bd:
                    a3:e6:1d:17:1f:1e:b2:77:72:37:3e:5c:0a:6d:bf:
                    d6:a6:f0:89:00:2a:75:f3:5e:c8:47:d8:09:90:b1:
                    eb:49:ca:b8:77:f7:94:52:46:14:3a:e9:47:e7:70:
                    33:e1:7b:4c:41:61:bb:81:d5:c0:4d:81:d9:2e:bb:
                    2f:e4:5b:71:a0:3d:c3:f2:8a:9d:01:9d:e6:bc:a7:
                    0d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:5E:27:26:85:37:3B:0F:B9:2D:65:B3:CB:92:35:9F:D0:CF:4D:4B
            X509v3 Authority Key Identifier:
                keyid:5F:AD:D0:E9:45:BC:61:10:1C:69:BC:E6:4A:3D:72:8B:A1:BB:86:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X63Q6UW8YRAcabzmSj1yi6G7hmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/MF4nJoU3Ow-5LWWzy5I1n9DPTUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/X63Q6UW8YRAcabzmSj1yi6G7hmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:bd:84:83:f3:de:29:ab:10:52:99:8a:f8:3b:e1:75:57:c0:
         d6:dc:29:c2:7d:a6:d9:cc:23:39:0b:cc:fc:84:1c:c9:ae:ec:
         99:92:a2:fb:9d:24:a0:53:61:8d:68:48:70:dc:4d:c8:8b:dc:
         73:7a:c1:a8:8a:db:54:00:99:ba:c2:5a:31:7c:84:ab:c4:b2:
         87:4a:38:2b:95:9a:f6:83:d2:7a:7e:79:0e:8d:41:cc:c0:5c:
         13:92:53:6b:8a:c7:c5:63:2e:69:15:59:44:1d:4c:6f:0b:4e:
         35:8e:69:0a:57:fa:c3:a7:78:fb:fa:1a:21:c9:b6:d0:ec:80:
         d2:54:d4:aa:ff:36:fd:b9:61:39:92:7f:8c:1a:57:81:7d:e8:
         82:a4:18:b3:f3:30:e9:24:1b:a0:d7:e8:ea:46:5d:3a:1e:ba:
         6e:3a:0e:5d:c6:57:46:59:23:3e:b0:c3:ba:03:89:53:fb:d1:
         44:76:dc:50:1a:ab:8d:84:4f:85:a7:59:d6:12:21:88:13:36:
         77:ae:8a:4f:98:9a:72:49:75:52:26:ff:18:41:5d:c0:52:51:
         b5:bd:c9:95:fe:21:95:ed:9d:9c:ce:84:d6:ad:98:89:5b:1e:
         95:79:a7:9c:2c:f6:41:f0:31:e3:08:4b:87:d7:0d:59:cf:9a:
         46:64:6e:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK+qssL5nIYxkkuXoQJBWbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYWRkMGU5NDViYzYxMTAxYzY5YmNlNjRhM2Q3MjhiYTFi
Yjg2NjEwHhcNMjQxMDI0MTMxNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDVlMjcyNjg1MzczYjBmYjkyZDY1YjNjYjkyMzU5ZmQwY2Y0ZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8E3OUqCPaN0/P7F/WNvrobCXaM1
9ZzBKB/qrrvrZtBej/oWL96QHGBeSPwcj/Mw+MqMDWU8qxueJh1TVq+/lEDS1iWg
hJrntsrBXnRXXUHin/fER+5EUh4RIZypdFyfJFWsQ+CTBtSP8re+RW7bdKwWnHX8
Xu5bh7juf7S/kn7bL8oxX2bJvsnaWRGey+R89WmIGlXiWdqRf6rLjIANjNFbuW4t
08ISgDLuyO1Dv2ZXPb2j5h0XHx6yd3I3PlwKbb/WpvCJACp1817IR9gJkLHrScq4
d/eUUkYUOulH53Az4XtMQWG7gdXATYHZLrsv5FtxoD3D8oqdAZ3mvKcNNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBeJyaFNzsPuS1ls8uSNZ/Qz01LMB8GA1UdIwQY
MBaAFF+t0OlFvGEQHGm85ko9couhu4ZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDYzUTZVVzhZUkFjYWJ6bVNqMXlpNkc3aG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iMDA3M2QtMzg4Zi00YWI5LWI5MGUt
NzFjN2U4YWM1OWMwLzEvTUY0bkpvVTNPdy01TFdXenk1STFuOURQVFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iMDA3M2QtMzg4Zi00YWI5LWI5MGUtNzFjN2U4YWM1OWMw
LzEvWDYzUTZVVzhZUkFjYWJ6bVNqMXlpNkc3aG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufBMA0G
CSqGSIb3DQEBCwUAA4IBAQBWvYSD894pqxBSmYr4O+F1V8DW3CnCfabZzCM5C8z8
hBzJruyZkqL7nSSgU2GNaEhw3E3Ii9xzesGoittUAJm6wloxfISrxLKHSjgrlZr2
g9J6fnkOjUHMwFwTklNrisfFYy5pFVlEHUxvC041jmkKV/rDp3j7+hohybbQ7IDS
VNSq/zb9uWE5kn+MGleBfeiCpBiz8zDpJBug1+jqRl06HrpuOg5dxldGWSM+sMO6
A4lT+9FEdtxQGquNhE+Fp1nWEiGIEzZ3ropPmJpySXVSJv8YQV3AUlG1vcmV/iGV
7Z2czoTWrZiJWx6VeaecLPZB8DHjCEuH1w1Zz5pGZG6U
-----END CERTIFICATE-----