Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MJUsyGzYtXO5CWHE028fNYhDcaw.roa
File:                     MJUsyGzYtXO5CWHE028fNYhDcaw.roa (raw, json)
Hash identifier:          fqDNvikJ+d8n4+HlAlDTIsqHUZYDJRKmLhIrVul1ABI=
Subject key identifier:   30:95:2C:C8:6C:D8:B5:73:B9:09:61:C4:D3:6F:1F:35:88:43:71:AC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01918E19D46FD7F6F65808A03955429D14A6
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MJUsyGzYtXO5CWHE028fNYhDcaw.roa
Signing time:             Mon 26 Aug 2024 09:52:23 +0000
ROA not before:           Mon 26 Aug 2024 09:52:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.131.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:19:d4:6f:d7:f6:f6:58:08:a0:39:55:42:9d:14:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Aug 26 09:52:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30952cc86cd8b573b90961c4d36f1f35884371ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f2:81:7c:ed:6d:7b:6f:32:f2:64:10:05:b4:
                    2e:f1:a3:ef:29:96:bf:66:42:7b:93:a5:38:db:1b:
                    14:f2:1b:19:e9:7a:70:b1:93:cb:1a:11:7c:7b:54:
                    38:f7:07:42:ca:a2:19:0b:18:97:09:56:30:fb:b0:
                    f3:15:c9:43:f5:d1:90:10:de:38:b4:f3:f3:df:56:
                    70:6f:50:cd:6f:43:1c:98:4e:e0:c5:4a:9a:f9:47:
                    59:00:fe:a8:5f:a7:13:4a:18:89:60:0b:4d:2a:86:
                    37:3a:a4:5e:b5:78:79:2b:1f:20:50:2c:09:2c:1b:
                    fd:f4:7f:9a:62:73:39:43:13:ff:5f:03:ea:68:1e:
                    fa:77:cc:9c:b2:8d:37:84:cd:c5:2e:a5:72:34:82:
                    f1:7f:46:3b:38:53:f4:ac:19:bf:dd:e9:4e:ac:d2:
                    92:b1:b4:0e:0c:12:d4:80:11:35:7c:7e:26:28:df:
                    f8:76:eb:40:0c:ee:1e:85:a4:3d:23:3f:3d:85:06:
                    fe:84:f8:0f:c6:6c:d8:7f:dc:eb:5b:26:ee:60:bd:
                    4c:ac:a1:b8:60:37:81:7f:a8:ce:a5:5a:b4:4f:64:
                    07:e7:4a:29:98:e4:e1:60:d8:4c:a4:4f:f5:b9:2d:
                    54:a0:93:b6:31:1b:d4:b4:34:a3:b9:fc:6d:f6:44:
                    b2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:95:2C:C8:6C:D8:B5:73:B9:09:61:C4:D3:6F:1F:35:88:43:71:AC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/MJUsyGzYtXO5CWHE028fNYhDcaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:1f:63:1d:70:0f:70:0e:58:12:b6:01:92:a5:63:1e:96:5f:
         a7:3c:a4:25:33:bc:69:09:17:ac:86:af:f1:de:b7:af:0e:70:
         6a:83:55:fa:8e:a5:e1:2b:55:0a:e4:41:93:74:a2:d1:3e:80:
         bd:26:14:a1:68:a2:f6:e8:66:1b:40:57:26:d9:fa:e3:aa:7b:
         6b:a1:0f:02:bb:00:79:81:e8:39:b3:7c:3f:34:da:84:89:2e:
         c7:31:28:66:93:17:e1:68:da:77:b6:84:8a:2a:d3:2b:74:44:
         29:55:9e:64:af:41:33:29:5e:52:86:12:16:53:ed:d4:70:d3:
         36:90:e7:d8:37:2c:3b:41:b4:b0:da:57:b3:4d:20:4a:1d:fe:
         37:6a:50:af:a3:ef:f0:3d:df:73:0b:b0:ae:7b:c4:f0:2c:a3:
         ea:c3:80:40:73:a3:a6:12:e8:b3:f3:e1:4c:7e:b4:78:e6:2c:
         61:f1:71:6c:3c:b1:ca:53:e5:d1:a6:e0:8d:e8:f7:80:77:f0:
         bb:cf:66:f6:2d:85:67:f1:90:f2:0c:c2:63:a5:59:61:07:de:
         1b:07:ec:54:e0:af:92:ac:f2:a9:2f:96:7f:d1:d1:04:32:80:
         62:9e:4b:7a:7e:62:fe:a6:c4:70:23:5d:54:4a:2c:16:65:06:
         62:e2:57:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGOGdRv1/b2WAigOVVCnRSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwODI2MDk1MjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk1MmNjODZjZDhiNTczYjkwOTYxYzRkMzZmMWYzNTg4NDM3MWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvKBfO1te28y8mQQBbQu8aPvKZa/
ZkJ7k6U42xsU8hsZ6XpwsZPLGhF8e1Q49wdCyqIZCxiXCVYw+7DzFclD9dGQEN44
tPPz31Zwb1DNb0McmE7gxUqa+UdZAP6oX6cTShiJYAtNKoY3OqRetXh5Kx8gUCwJ
LBv99H+aYnM5QxP/XwPqaB76d8ycso03hM3FLqVyNILxf0Y7OFP0rBm/3elOrNKS
sbQODBLUgBE1fH4mKN/4dutADO4ehaQ9Iz89hQb+hPgPxmzYf9zrWybuYL1MrKG4
YDeBf6jOpVq0T2QH50opmOThYNhMpE/1uS1UoJO2MRvUtDSjufxt9kSygwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCVLMhs2LVzuQlhxNNvHzWIQ3GsMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTUpVc3lHell0WE81Q1dIRTAyOGZOWWhEY2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYOGMA0G
CSqGSIb3DQEBCwUAA4IBAQBFH2MdcA9wDlgStgGSpWMell+nPKQlM7xpCReshq/x
3revDnBqg1X6jqXhK1UK5EGTdKLRPoC9JhShaKL26GYbQFcm2frjqntroQ8CuwB5
geg5s3w/NNqEiS7HMShmkxfhaNp3toSKKtMrdEQpVZ5kr0EzKV5ShhIWU+3UcNM2
kOfYNyw7QbSw2lezTSBKHf43alCvo+/wPd9zC7Cue8TwLKPqw4BAc6OmEuiz8+FM
frR45ixh8XFsPLHKU+XRpuCN6PeAd/C7z2b2LYVn8ZDyDMJjpVlhB94bB+xU4K+S
rPKpL5Z/0dEEMoBinkt6fmL+psRwI11USiwWZQZi4lf2
-----END CERTIFICATE-----