Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/c740f5-4f2b-4119-bd32-e159cd6f3654/1/MbPoWeCCc3HCf_EpVMIFHvrmndQ.roa
File:                     MbPoWeCCc3HCf_EpVMIFHvrmndQ.roa (raw, json)
Hash identifier:          R14zWSPC7oBhs616wa+LbHX3YHCB48/ewmOKg0sPtqY=
Subject key identifier:   31:B3:E8:59:E0:82:73:71:C2:7F:F1:29:54:C2:05:1E:FA:E6:9D:D4
Certificate issuer:       /CN=3a1669d1def69aad958d4e56e1bff9c64d350c5f
Certificate serial:       018CC8DF9A4781F1C0DE15D49293476595AB
Authority key identifier: 3A:16:69:D1:DE:F6:9A:AD:95:8D:4E:56:E1:BF:F9:C6:4D:35:0C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhZp0d72mq2VjU5W4b_5xk01DF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/c740f5-4f2b-4119-bd32-e159cd6f3654/1/MbPoWeCCc3HCf_EpVMIFHvrmndQ.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49808
IP address blocks:        92.119.92.0/22 maxlen: 24
                          185.11.84.0/22 maxlen: 24
                          45.150.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/c740f5-4f2b-4119-bd32-e159cd6f3654/1/OhZp0d72mq2VjU5W4b_5xk01DF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/c740f5-4f2b-4119-bd32-e159cd6f3654/1/OhZp0d72mq2VjU5W4b_5xk01DF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhZp0d72mq2VjU5W4b_5xk01DF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9a:47:81:f1:c0:de:15:d4:92:93:47:65:95:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1669d1def69aad958d4e56e1bff9c64d350c5f
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31b3e859e0827371c27ff12954c2051efae69dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:db:f3:e1:44:27:16:ba:f8:24:03:df:65:88:
                    be:ba:f8:bc:e8:0d:06:34:00:6d:d2:00:04:3b:21:
                    33:29:ac:fe:2b:da:08:ff:86:71:89:54:04:bd:00:
                    dd:b1:8d:a3:4e:77:99:be:01:86:62:bf:a4:b3:f3:
                    84:04:59:ed:09:9f:b8:12:91:64:21:64:ec:b2:12:
                    c6:af:dd:c8:74:80:47:f8:99:c4:53:a8:e6:7b:f3:
                    14:67:da:7b:f7:5a:07:9e:dd:fe:3c:96:04:5e:89:
                    13:41:91:2b:fd:63:a6:7d:22:81:50:76:e1:69:d6:
                    12:6c:c5:a5:77:37:42:ed:d2:5d:7e:67:5a:e2:a2:
                    d7:4e:fb:73:45:d1:ba:16:7e:01:f0:0f:cc:b4:fa:
                    65:3c:68:ba:34:2f:a8:6a:d9:41:83:da:9b:bc:68:
                    1f:1d:a7:68:c4:50:58:d4:ba:89:06:88:d0:c7:08:
                    ab:86:57:18:7a:7d:b8:10:65:eb:6d:0d:8e:c0:cc:
                    52:6b:17:fa:63:01:fa:d3:51:f4:d1:d3:dd:0d:e2:
                    2d:1b:5b:f3:09:78:07:98:4c:d3:d1:0b:2b:62:fc:
                    e7:71:70:cd:4b:87:30:fa:7d:d1:73:73:1d:f2:87:
                    33:c7:5b:6a:7b:28:4f:be:ff:e9:bb:da:3c:74:de:
                    0a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B3:E8:59:E0:82:73:71:C2:7F:F1:29:54:C2:05:1E:FA:E6:9D:D4
            X509v3 Authority Key Identifier:
                keyid:3A:16:69:D1:DE:F6:9A:AD:95:8D:4E:56:E1:BF:F9:C6:4D:35:0C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhZp0d72mq2VjU5W4b_5xk01DF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/c740f5-4f2b-4119-bd32-e159cd6f3654/1/MbPoWeCCc3HCf_EpVMIFHvrmndQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/c740f5-4f2b-4119-bd32-e159cd6f3654/1/OhZp0d72mq2VjU5W4b_5xk01DF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.96.0/22
                  92.119.92.0/22
                  185.11.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:01:70:4e:c1:fc:80:6c:b9:cf:98:2e:a9:d6:a6:c2:f5:2d:
         3d:bb:dc:63:a0:19:fe:de:64:61:2e:73:e8:eb:a6:2b:b3:a4:
         6a:3f:c4:30:85:ab:36:11:9d:b4:21:0f:fe:e9:b0:bb:90:83:
         54:36:0c:20:23:63:53:02:57:cc:93:b6:61:b1:27:6e:7a:ec:
         67:d4:d2:4c:49:ab:f0:aa:96:27:c6:55:01:63:96:7e:3b:59:
         49:7d:ad:90:d7:f1:57:c6:2a:73:86:17:d0:77:4d:02:57:72:
         15:86:54:39:a0:e7:62:d3:89:ae:82:2b:e3:a9:55:fc:2f:33:
         52:77:f0:81:e7:0a:d2:af:a0:f2:02:50:06:6e:38:82:29:87:
         a3:4a:23:53:4a:9e:8e:6e:b5:bb:77:29:ef:bb:c6:79:14:b7:
         56:68:d5:f8:d0:63:c6:e1:ea:0d:1b:1d:bd:18:a5:e7:c5:dc:
         88:38:db:fb:6c:2b:e3:fb:4d:5a:b2:fe:a4:30:fb:23:58:d0:
         69:bc:dd:d7:a5:44:a4:a5:f5:50:d8:2b:66:61:62:7d:60:eb:
         3a:23:a5:a9:74:33:e8:c8:00:55:06:c3:cf:c6:c8:68:88:bc:
         e2:fa:2a:97:1a:5f:3e:3d:17:d0:8e:ff:75:60:79:a6:2f:d4:
         0f:08:fa:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI35pHgfHA3hXUkpNHZZWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMTY2OWQxZGVmNjlhYWQ5NThkNGU1NmUxYmZmOWM2NGQz
NTBjNWYwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWIzZTg1OWUwODI3MzcxYzI3ZmYxMjk1NGMyMDUxZWZhZTY5ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdvz4UQnFrr4JAPfZYi+uvi86A0G
NABt0gAEOyEzKaz+K9oI/4ZxiVQEvQDdsY2jTneZvgGGYr+ks/OEBFntCZ+4EpFk
IWTsshLGr93IdIBH+JnEU6jme/MUZ9p791oHnt3+PJYEXokTQZEr/WOmfSKBUHbh
adYSbMWldzdC7dJdfmda4qLXTvtzRdG6Fn4B8A/MtPplPGi6NC+oatlBg9qbvGgf
HadoxFBY1LqJBojQxwirhlcYen24EGXrbQ2OwMxSaxf6YwH601H00dPdDeItG1vz
CXgHmEzT0QsrYvzncXDNS4cw+n3Rc3Md8oczx1tqeyhPvv/pu9o8dN4KgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDGz6FnggnNxwn/xKVTCBR765p3UMB8GA1UdIwQY
MBaAFDoWadHe9pqtlY1OVuG/+cZNNQxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hacDBkNzJtcTJWalU1VzRiXzV4azAxREY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9jNzQwZjUtNGYyYi00MTE5LWJkMzIt
ZTE1OWNkNmYzNjU0LzEvTWJQb1dlQ0NjM0hDZl9FcFZNSUZIdnJtbmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9jNzQwZjUtNGYyYi00MTE5LWJkMzItZTE1OWNkNmYzNjU0
LzEvT2hacDBkNzJtcTJWalU1VzRiXzV4azAxREY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZZgAwQC
XHdcAwQCuQtUMA0GCSqGSIb3DQEBCwUAA4IBAQBTAXBOwfyAbLnPmC6p1qbC9S09
u9xjoBn+3mRhLnPo66Yrs6RqP8Qwhas2EZ20IQ/+6bC7kINUNgwgI2NTAlfMk7Zh
sSdueuxn1NJMSavwqpYnxlUBY5Z+O1lJfa2Q1/FXxipzhhfQd00CV3IVhlQ5oOdi
04mugivjqVX8LzNSd/CB5wrSr6DyAlAGbjiCKYejSiNTSp6ObrW7dynvu8Z5FLdW
aNX40GPG4eoNGx29GKXnxdyIONv7bCvj+01asv6kMPsjWNBpvN3XpUSkpfVQ2Ctm
YWJ9YOs6I6WpdDPoyABVBsPPxshoiLzi+iqXGl8+PRfQjv91YHmmL9QPCPpE
-----END CERTIFICATE-----