Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/e7a772-8b39-430d-b192-a1b8bc5b2cd7/1/MJ9A4qNgp4ZYH54fedBdsQbBD2k.roa
File:                     MJ9A4qNgp4ZYH54fedBdsQbBD2k.roa (raw, json)
Hash identifier:          m/H2QjadOQHjH1Tv0uJAmL0oxiYDWBTO/mWHV2SW4Yk=
Subject key identifier:   30:9F:40:E2:A3:60:A7:86:58:1F:9E:1F:79:D0:5D:B1:06:C1:0F:69
Certificate issuer:       /CN=de0af7d83c5eeb0d434ad753c6a5f47549698b37
Certificate serial:       018CC5DBE7BA40F9B53A0331ADA3A8E3683D
Authority key identifier: DE:0A:F7:D8:3C:5E:EB:0D:43:4A:D7:53:C6:A5:F4:75:49:69:8B:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3gr32Dxe6w1DStdTxqX0dUlpizc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/e7a772-8b39-430d-b192-a1b8bc5b2cd7/1/MJ9A4qNgp4ZYH54fedBdsQbBD2k.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47543
IP address blocks:        194.26.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/e7a772-8b39-430d-b192-a1b8bc5b2cd7/1/3gr32Dxe6w1DStdTxqX0dUlpizc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/e7a772-8b39-430d-b192-a1b8bc5b2cd7/1/3gr32Dxe6w1DStdTxqX0dUlpizc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3gr32Dxe6w1DStdTxqX0dUlpizc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e7:ba:40:f9:b5:3a:03:31:ad:a3:a8:e3:68:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0af7d83c5eeb0d434ad753c6a5f47549698b37
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=309f40e2a360a786581f9e1f79d05db106c10f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d5:0d:a2:2c:ba:4c:27:53:3a:da:a3:b9:b5:
                    41:bd:77:69:30:94:21:04:41:63:f0:df:2b:35:3c:
                    c9:0f:97:99:69:a4:73:97:1a:28:20:4f:6f:a5:53:
                    db:6d:5a:95:23:1c:19:0b:aa:f3:b6:46:75:7b:19:
                    b2:b6:7d:ad:83:04:92:e2:58:1a:6b:c8:3c:a2:b7:
                    e2:5a:d6:8b:e7:20:0a:1f:14:57:dd:7f:e2:ad:d5:
                    21:25:91:98:7b:4c:2a:e7:f6:85:0e:22:80:10:3f:
                    51:c1:10:93:8f:e2:b7:47:70:ad:04:ae:f0:37:a6:
                    e1:36:88:30:a0:6c:63:e8:0d:72:3f:83:a6:e1:a0:
                    b4:a1:02:7c:f1:0a:1e:9c:e5:29:d5:78:80:07:b6:
                    d6:da:2a:d8:9d:4c:54:3b:98:8d:2f:9f:8d:39:45:
                    4c:47:86:93:1c:f9:b9:d7:9f:7a:10:13:f0:b7:35:
                    65:24:0d:9f:9d:1d:d0:c7:f5:12:d1:42:c9:6a:5d:
                    0c:94:55:c0:1e:ef:d5:02:3b:da:c9:84:1c:ef:03:
                    61:17:7c:f3:7e:7c:48:d5:22:6d:da:56:46:ad:87:
                    6d:f6:cb:29:67:9c:89:dd:34:b8:7c:09:69:1b:ee:
                    fe:19:ac:a7:88:66:65:05:b2:00:25:a0:c5:38:c8:
                    09:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:9F:40:E2:A3:60:A7:86:58:1F:9E:1F:79:D0:5D:B1:06:C1:0F:69
            X509v3 Authority Key Identifier:
                keyid:DE:0A:F7:D8:3C:5E:EB:0D:43:4A:D7:53:C6:A5:F4:75:49:69:8B:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3gr32Dxe6w1DStdTxqX0dUlpizc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/e7a772-8b39-430d-b192-a1b8bc5b2cd7/1/MJ9A4qNgp4ZYH54fedBdsQbBD2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/e7a772-8b39-430d-b192-a1b8bc5b2cd7/1/3gr32Dxe6w1DStdTxqX0dUlpizc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:42:0f:17:12:45:5c:e0:1b:92:92:dc:db:14:8c:b3:f9:36:
         7a:03:95:bd:a3:6e:cd:5c:c7:49:48:f0:52:e0:0f:66:2c:91:
         57:f6:0b:73:96:db:44:42:3b:42:1d:32:f9:e3:33:56:93:75:
         e3:2c:17:dc:bb:72:fe:a7:2d:57:04:08:25:a1:d0:b5:53:b9:
         50:f2:c9:3e:f4:e8:88:90:e7:0a:74:81:3a:6b:36:f1:a2:cd:
         4d:ec:32:a7:bc:14:c9:e1:4e:02:58:21:dd:cb:e8:77:14:18:
         ec:0e:5d:68:47:8d:a2:bf:85:da:ff:db:e6:2c:bf:ce:c2:c5:
         71:63:1d:ec:0b:33:fd:1f:69:8a:ee:cb:b6:2b:65:3f:0b:f5:
         89:d5:53:0e:0c:33:50:22:fc:da:0e:ae:ea:90:6d:07:c8:0c:
         d4:a6:96:03:ed:9d:95:a8:ca:86:fd:d3:ad:0c:27:96:55:c2:
         87:6b:8f:20:c4:7c:d4:f9:45:f5:f1:22:ff:9d:7a:94:82:03:
         d3:1e:26:d0:cb:92:a9:9a:e7:8d:f5:80:33:e0:a0:22:28:3d:
         a8:07:15:a8:19:8a:b6:fc:cc:ae:a7:c9:f5:6e:1d:11:a5:50:
         35:d4:d3:21:2f:c2:34:f8:a4:31:c1:d3:b1:cd:51:06:b6:e4:
         bb:80:d3:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+e6QPm1OgMxraOo42g9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGFmN2Q4M2M1ZWViMGQ0MzRhZDc1M2M2YTVmNDc1NDk2
OThiMzcwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDlmNDBlMmEzNjBhNzg2NTgxZjllMWY3OWQwNWRiMTA2YzEwZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdUNoiy6TCdTOtqjubVBvXdpMJQh
BEFj8N8rNTzJD5eZaaRzlxooIE9vpVPbbVqVIxwZC6rztkZ1exmytn2tgwSS4lga
a8g8orfiWtaL5yAKHxRX3X/irdUhJZGYe0wq5/aFDiKAED9RwRCTj+K3R3CtBK7w
N6bhNogwoGxj6A1yP4Om4aC0oQJ88QoenOUp1XiAB7bW2irYnUxUO5iNL5+NOUVM
R4aTHPm51596EBPwtzVlJA2fnR3Qx/US0ULJal0MlFXAHu/VAjvayYQc7wNhF3zz
fnxI1SJt2lZGrYdt9sspZ5yJ3TS4fAlpG+7+GayniGZlBbIAJaDFOMgJRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCfQOKjYKeGWB+eH3nQXbEGwQ9pMB8GA1UdIwQY
MBaAFN4K99g8XusNQ0rXU8al9HVJaYs3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2dyMzJEeGU2dzFEU3RkVHhxWDBkVWxwaXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lN2E3NzItOGIzOS00MzBkLWIxOTIt
YTFiOGJjNWIyY2Q3LzEvTUo5QTRxTmdwNFpZSDU0ZmVkQmRzUWJCRDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lN2E3NzItOGIzOS00MzBkLWIxOTItYTFiOGJjNWIyY2Q3
LzEvM2dyMzJEeGU2dzFEU3RkVHhxWDBkVWxwaXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhqUMA0G
CSqGSIb3DQEBCwUAA4IBAQAhQg8XEkVc4BuSktzbFIyz+TZ6A5W9o27NXMdJSPBS
4A9mLJFX9gtzlttEQjtCHTL54zNWk3XjLBfcu3L+py1XBAglodC1U7lQ8sk+9OiI
kOcKdIE6azbxos1N7DKnvBTJ4U4CWCHdy+h3FBjsDl1oR42iv4Xa/9vmLL/OwsVx
Yx3sCzP9H2mK7su2K2U/C/WJ1VMODDNQIvzaDq7qkG0HyAzUppYD7Z2VqMqG/dOt
DCeWVcKHa48gxHzU+UX18SL/nXqUggPTHibQy5KpmueN9YAz4KAiKD2oBxWoGYq2
/Myup8n1bh0RpVA11NMhL8I0+KQxwdOxzVEGtuS7gNOa
-----END CERTIFICATE-----