Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/af4c09-c8c2-4893-a10b-0cd8a69729b7/1/Mov5ZhITeVJkM0uEuITMrZRt2fY.roa
File:                     Mov5ZhITeVJkM0uEuITMrZRt2fY.roa (raw, json)
Hash identifier:          6iLhDqIlz76inAT132PG3l6yMVKtAG4s6LOnxT9V9X0=
Subject key identifier:   32:8B:F9:66:12:13:79:52:64:33:4B:84:B8:84:CC:AD:94:6D:D9:F6
Certificate issuer:       /CN=29493731efccc74ad5c273874b9360f7aa689465
Certificate serial:       0190FD7B7403CC7CD090840540B319167A40
Authority key identifier: 29:49:37:31:EF:CC:C7:4A:D5:C2:73:87:4B:93:60:F7:AA:68:94:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUk3Me_Mx0rVwnOHS5Ng96polGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/af4c09-c8c2-4893-a10b-0cd8a69729b7/1/Mov5ZhITeVJkM0uEuITMrZRt2fY.roa
Signing time:             Mon 29 Jul 2024 07:54:04 +0000
ROA not before:           Mon 29 Jul 2024 07:54:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208376
IP address blocks:        45.141.228.0/22 maxlen: 24
                          2a0e:d0c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/af4c09-c8c2-4893-a10b-0cd8a69729b7/1/KUk3Me_Mx0rVwnOHS5Ng96polGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/af4c09-c8c2-4893-a10b-0cd8a69729b7/1/KUk3Me_Mx0rVwnOHS5Ng96polGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUk3Me_Mx0rVwnOHS5Ng96polGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fd:7b:74:03:cc:7c:d0:90:84:05:40:b3:19:16:7a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29493731efccc74ad5c273874b9360f7aa689465
        Validity
            Not Before: Jul 29 07:54:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=328bf9661213795264334b84b884ccad946dd9f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0c:16:ac:e5:a5:ec:c0:8f:8f:02:a4:a5:fb:
                    b4:9d:93:e4:74:62:8a:95:cd:b7:9d:6f:fc:15:de:
                    67:ba:b9:c4:27:9d:8f:bb:be:9f:c9:93:32:07:4f:
                    2e:45:64:1f:16:65:69:b2:e6:2d:89:68:69:38:a8:
                    85:03:9c:51:49:18:7b:05:b6:e9:6f:bd:0c:9c:3c:
                    57:52:be:2d:38:b2:56:bd:26:ac:de:5d:b5:7c:c4:
                    fc:ce:ee:fb:2a:78:0c:dd:79:35:8a:da:19:9b:21:
                    96:ee:a6:4d:07:fb:e7:46:2a:a6:97:fa:f7:c9:94:
                    2f:ce:17:f8:f8:3d:bb:ef:65:85:4b:37:05:72:fa:
                    73:7a:7b:ba:38:53:dd:c7:c0:d9:3c:d0:44:30:ad:
                    0c:98:8f:14:66:8e:ed:35:a3:93:02:36:2b:31:36:
                    19:1d:ac:d6:04:8a:6d:57:36:03:7c:68:e5:af:77:
                    2b:f4:f8:62:b9:9c:51:d5:37:49:89:b2:00:81:55:
                    bd:a6:e9:a2:cf:18:74:ef:22:eb:b3:8a:9c:19:95:
                    6a:ba:7e:55:9b:34:39:e1:97:8c:14:ea:d9:4f:5b:
                    d1:29:9f:42:54:a7:fa:61:51:5d:68:54:57:da:a6:
                    cb:9a:33:91:2a:22:2b:f0:b1:e1:ee:6e:5f:0e:f2:
                    61:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8B:F9:66:12:13:79:52:64:33:4B:84:B8:84:CC:AD:94:6D:D9:F6
            X509v3 Authority Key Identifier:
                keyid:29:49:37:31:EF:CC:C7:4A:D5:C2:73:87:4B:93:60:F7:AA:68:94:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUk3Me_Mx0rVwnOHS5Ng96polGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/af4c09-c8c2-4893-a10b-0cd8a69729b7/1/Mov5ZhITeVJkM0uEuITMrZRt2fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/af4c09-c8c2-4893-a10b-0cd8a69729b7/1/KUk3Me_Mx0rVwnOHS5Ng96polGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.228.0/22
                IPv6:
                  2a0e:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:96:f8:75:51:ac:e8:cf:16:88:d0:c4:6e:ad:a1:1f:2c:e2:
         e7:5f:57:3a:f8:ec:b5:4c:20:99:41:26:ea:e2:89:41:db:78:
         98:e1:09:44:f3:39:8f:57:0e:1a:8a:69:27:65:c8:03:92:30:
         e7:de:1c:57:2d:30:d3:4b:4c:3c:76:80:b3:89:14:07:f2:4d:
         9f:f1:91:92:db:b2:d8:8e:22:9b:ed:83:53:92:53:aa:c2:83:
         11:af:e4:53:c5:37:c4:0c:3f:c2:0a:b3:f7:32:93:e2:62:cc:
         18:af:a1:35:8c:64:e7:ad:80:bb:cf:3f:db:92:34:29:49:2e:
         5a:b9:b6:65:e0:1a:2a:03:4a:6e:4a:02:4d:19:1e:53:75:8f:
         26:df:56:4a:96:a6:88:25:dd:93:b1:ff:2f:17:04:78:39:d2:
         44:0d:ec:be:f4:bc:93:1a:69:e1:e5:e3:64:b8:db:38:61:32:
         8c:d4:9d:d3:67:40:43:1a:b3:f1:33:bc:e2:6a:b4:9c:e3:b3:
         40:ea:3f:4e:67:73:1a:fd:ee:3f:08:bc:c1:51:ba:44:73:81:
         26:d7:22:54:a2:83:87:e0:c5:0f:a7:4a:d1:47:78:10:0a:63:
         3a:f6:54:79:1a:92:92:7b:1f:c4:26:18:ca:95:22:be:dd:e7:
         f5:d6:96:49
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZD9e3QDzHzQkIQFQLMZFnpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDkzNzMxZWZjY2M3NGFkNWMyNzM4NzRiOTM2MGY3YWE2
ODk0NjUwHhcNMjQwNzI5MDc1NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjhiZjk2NjEyMTM3OTUyNjQzMzRiODRiODg0Y2NhZDk0NmRkOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAwWrOWl7MCPjwKkpfu0nZPkdGKK
lc23nW/8Fd5nurnEJ52Pu76fyZMyB08uRWQfFmVpsuYtiWhpOKiFA5xRSRh7Bbbp
b70MnDxXUr4tOLJWvSas3l21fMT8zu77KngM3Xk1itoZmyGW7qZNB/vnRiqml/r3
yZQvzhf4+D2772WFSzcFcvpzenu6OFPdx8DZPNBEMK0MmI8UZo7tNaOTAjYrMTYZ
HazWBIptVzYDfGjlr3cr9PhiuZxR1TdJibIAgVW9pumizxh07yLrs4qcGZVqun5V
mzQ54ZeMFOrZT1vRKZ9CVKf6YVFdaFRX2qbLmjORKiIr8LHh7m5fDvJh+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDKL+WYSE3lSZDNLhLiEzK2Ubdn2MB8GA1UdIwQY
MBaAFClJNzHvzMdK1cJzh0uTYPeqaJRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VrM01lX014MHJWd25PSFM1Tmc5NnBvbEdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9hZjRjMDktYzhjMi00ODkzLWExMGIt
MGNkOGE2OTcyOWI3LzEvTW92NVpoSVRlVkprTTB1RXVJVE1yWlJ0MmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9hZjRjMDktYzhjMi00ODkzLWExMGItMGNkOGE2OTcyOWI3
LzEvS1VrM01lX014MHJWd25PSFM1Tmc5NnBvbEdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY3kMA0E
AgACMAcDBQMqDtDAMA0GCSqGSIb3DQEBCwUAA4IBAQC+lvh1UazozxaI0MRuraEf
LOLnX1c6+Oy1TCCZQSbq4olB23iY4QlE8zmPVw4aimknZcgDkjDn3hxXLTDTS0w8
doCziRQH8k2f8ZGS27LYjiKb7YNTklOqwoMRr+RTxTfEDD/CCrP3MpPiYswYr6E1
jGTnrYC7zz/bkjQpSS5aubZl4BoqA0puSgJNGR5TdY8m31ZKlqaIJd2Tsf8vFwR4
OdJEDey+9LyTGmnh5eNkuNs4YTKM1J3TZ0BDGrPxM7ziarSc47NA6j9OZ3Ma/e4/
CLzBUbpEc4Em1yJUooOH4MUPp0rRR3gQCmM69lR5GpKSex/EJhjKlSK+3ef11pZJ
-----END CERTIFICATE-----