Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/MBIa8SXcUGoK_adsKxakbZSbwU8.roa
File:                     MBIa8SXcUGoK_adsKxakbZSbwU8.roa (raw, json)
Hash identifier:          MV57JXUyz9XdjlzzVzebJNoDOCD92usDJ0FKzqJKjYg=
Subject key identifier:   30:12:1A:F1:25:DC:50:6A:0A:FD:A7:6C:2B:16:A4:6D:94:9B:C1:4F
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEF51803C8FF297B98622A56E2E60
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/MBIa8SXcUGoK_adsKxakbZSbwU8.roa
Signing time:             Mon 01 Jan 2024 14:30:30 +0000
ROA not before:           Mon 01 Jan 2024 14:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205331
IP address blocks:        91.191.216.0/23 maxlen: 24
                          5.104.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 22:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ef:51:80:3c:8f:f2:97:b9:86:22:a5:6e:2e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30121af125dc506a0afda76c2b16a46d949bc14f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c5:7d:91:30:e0:74:7c:c8:fd:cc:83:18:6d:
                    9e:17:54:9b:a1:8a:49:4f:97:29:9a:ac:2f:e4:eb:
                    62:d1:06:2f:63:c1:d8:ff:17:b2:9e:6e:14:72:b7:
                    dd:0d:5d:a8:fa:2f:95:8d:2f:2a:16:cc:6e:f0:a3:
                    08:60:cb:57:a3:50:01:c4:f4:bb:ec:82:b3:7c:f5:
                    88:3f:39:78:7d:ef:73:cd:4e:46:b1:95:44:b2:e0:
                    bf:77:6e:ee:32:1d:71:d2:94:20:e4:21:4d:f1:fc:
                    32:b8:8f:28:24:bb:3d:eb:89:05:31:6f:52:a8:87:
                    b2:98:ff:5a:d1:44:b8:bc:59:aa:9d:ce:09:33:2f:
                    f4:8e:c8:a2:1b:07:0c:44:92:8d:b1:f2:19:53:81:
                    6c:70:e7:ff:d5:49:bb:27:60:fc:8a:61:cf:51:96:
                    a3:85:bf:79:4e:b6:c6:4a:3e:49:5c:cd:c6:e5:cf:
                    7b:a0:84:1d:20:48:e4:74:d7:e4:b2:63:cf:5f:71:
                    d8:12:04:30:92:f4:a7:46:95:87:64:a3:ce:69:70:
                    54:a5:c7:f5:b7:90:f8:5e:ec:bf:b7:45:16:e3:d5:
                    00:93:84:e2:bb:e7:e4:9e:79:b4:12:20:42:fa:e3:
                    f5:c2:bb:da:69:a5:20:6e:b9:d1:d5:08:e9:09:af:
                    54:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:12:1A:F1:25:DC:50:6A:0A:FD:A7:6C:2B:16:A4:6D:94:9B:C1:4F
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/MBIa8SXcUGoK_adsKxakbZSbwU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.183.0/24
                  91.191.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:ca:b7:2d:8a:cc:10:62:59:9b:b1:d9:99:36:cb:44:85:37:
         6b:5d:9b:f4:78:2c:f7:7e:57:40:2c:41:bb:bb:dd:41:cc:01:
         e9:1d:0f:fc:52:91:3e:5b:8e:21:a9:14:09:c7:99:4d:d5:8a:
         7a:d4:3c:e3:f5:82:7e:21:7c:24:2c:75:cd:bc:10:72:3b:ab:
         75:bc:9e:9f:b6:60:83:67:38:77:10:09:49:4d:73:f7:c6:0f:
         75:79:3a:d3:e0:25:4c:5f:3a:8a:f0:f7:db:0f:d6:9b:0f:39:
         06:1c:b5:5d:01:10:57:43:09:f6:43:47:9b:2a:84:ee:b8:3b:
         7a:df:9b:ce:21:14:8e:ed:2a:d7:45:af:01:7c:34:a0:a6:f5:
         4b:0e:61:79:2b:7b:34:c1:12:35:a6:5a:51:03:4c:98:89:4b:
         ac:3e:01:1b:da:31:e2:ba:73:61:14:7e:00:5a:30:8b:6b:b4:
         6b:69:40:e9:73:a7:05:26:b3:97:c0:bf:62:f8:8d:6e:70:58:
         11:06:d7:f5:6f:ad:57:be:55:1f:27:43:e6:a6:d7:7a:b6:a7:
         ff:de:7f:42:81:20:d7:c7:99:e1:20:75:63:77:29:2d:19:3f:
         06:fb:e4:d5:7a:8d:bf:fe:94:40:3d:d3:cd:fe:bc:5e:b0:99:
         25:ee:ed:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbu9RgDyP8pe5hiKlbi5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDEyMWFmMTI1ZGM1MDZhMGFmZGE3NmMyYjE2YTQ2ZDk0OWJjMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcV9kTDgdHzI/cyDGG2eF1SboYpJ
T5cpmqwv5Oti0QYvY8HY/xeynm4UcrfdDV2o+i+VjS8qFsxu8KMIYMtXo1ABxPS7
7IKzfPWIPzl4fe9zzU5GsZVEsuC/d27uMh1x0pQg5CFN8fwyuI8oJLs964kFMW9S
qIeymP9a0US4vFmqnc4JMy/0jsiiGwcMRJKNsfIZU4FscOf/1Um7J2D8imHPUZaj
hb95TrbGSj5JXM3G5c97oIQdIEjkdNfksmPPX3HYEgQwkvSnRpWHZKPOaXBUpcf1
t5D4Xuy/t0UW49UAk4Tiu+fknnm0EiBC+uP1wrvaaaUgbrnR1QjpCa9UeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDASGvEl3FBqCv2nbCsWpG2Um8FPMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvTUJJYThTWGNVR29LX2Fkc0t4YWtiWlNid1U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABWi3AwQB
W7/YMA0GCSqGSIb3DQEBCwUAA4IBAQBEyrctiswQYlmbsdmZNstEhTdrXZv0eCz3
fldALEG7u91BzAHpHQ/8UpE+W44hqRQJx5lN1Yp61Dzj9YJ+IXwkLHXNvBByO6t1
vJ6ftmCDZzh3EAlJTXP3xg91eTrT4CVMXzqK8PfbD9abDzkGHLVdARBXQwn2Q0eb
KoTuuDt635vOIRSO7SrXRa8BfDSgpvVLDmF5K3s0wRI1plpRA0yYiUusPgEb2jHi
unNhFH4AWjCLa7RraUDpc6cFJrOXwL9i+I1ucFgRBtf1b61XvlUfJ0Pmptd6tqf/
3n9CgSDXx5nhIHVjdyktGT8G++TVeo2//pRAPdPN/rxesJkl7u1y
-----END CERTIFICATE-----