Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/MPF8vzPq2OaHciqllCgLGOvIhRw.roa
File:                     MPF8vzPq2OaHciqllCgLGOvIhRw.roa (raw, json)
Hash identifier:          f1IiIBdm5zD0IKuvW1gTUVy8UZa7uKgPt+isfl97nJQ=
Subject key identifier:   30:F1:7C:BF:33:EA:D8:E6:87:72:2A:A5:94:28:0B:18:EB:C8:85:1C
Certificate issuer:       /CN=bfbb03016c83cea8aa4fa9c36a3643a565cc93e6
Certificate serial:       018CCA29E5F2787FE38C671AFA80F1D74C96
Authority key identifier: BF:BB:03:01:6C:83:CE:A8:AA:4F:A9:C3:6A:36:43:A5:65:CC:93:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7sDAWyDzqiqT6nDajZDpWXMk-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/MPF8vzPq2OaHciqllCgLGOvIhRw.roa
Signing time:             Tue 02 Jan 2024 12:33:12 +0000
ROA not before:           Tue 02 Jan 2024 12:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20676
IP address blocks:        193.100.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/v7sDAWyDzqiqT6nDajZDpWXMk-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/v7sDAWyDzqiqT6nDajZDpWXMk-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7sDAWyDzqiqT6nDajZDpWXMk-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e5:f2:78:7f:e3:8c:67:1a:fa:80:f1:d7:4c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb03016c83cea8aa4fa9c36a3643a565cc93e6
        Validity
            Not Before: Jan  2 12:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30f17cbf33ead8e687722aa594280b18ebc8851c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ff:80:63:90:8d:f1:57:af:ae:30:2d:85:8c:
                    e6:18:d6:f6:6b:48:5f:e6:11:17:86:2a:3f:ed:cb:
                    68:81:e7:18:5a:06:5a:a1:b9:52:51:ed:7e:c2:c9:
                    0a:ea:ec:e4:30:bf:35:55:58:66:c2:83:a7:18:08:
                    fe:a2:47:57:a9:7f:c9:04:a4:3f:ee:06:7d:fc:cb:
                    5f:a7:db:be:0a:23:cb:ce:dc:25:fe:de:c0:70:64:
                    da:79:ae:b3:be:e5:07:eb:69:fc:0c:ad:a5:8c:09:
                    66:bc:dc:75:57:f6:0c:f7:f0:63:41:04:7e:46:bd:
                    a5:5d:2e:91:7c:4d:79:00:73:7f:25:e6:e1:8d:30:
                    48:70:2a:51:3c:cc:53:e9:9d:b7:fc:87:22:dc:04:
                    83:f9:c5:9e:89:45:a7:ba:43:b7:4a:70:8d:bb:43:
                    f8:1d:5a:17:66:02:a2:8d:36:66:fb:39:68:da:0a:
                    84:0a:20:84:a4:03:6e:c3:11:c3:82:c1:3b:fb:03:
                    c2:ed:ea:e5:d0:fe:71:d6:e5:87:2b:a7:c0:27:26:
                    7b:2f:ae:ae:04:84:92:66:91:9c:cf:e5:f0:1c:3a:
                    7f:98:e1:6d:b8:c9:a5:74:a2:9a:3a:52:41:b1:9f:
                    c7:1c:c5:3c:05:ce:56:9e:46:3a:2f:61:37:f7:75:
                    74:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F1:7C:BF:33:EA:D8:E6:87:72:2A:A5:94:28:0B:18:EB:C8:85:1C
            X509v3 Authority Key Identifier:
                keyid:BF:BB:03:01:6C:83:CE:A8:AA:4F:A9:C3:6A:36:43:A5:65:CC:93:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7sDAWyDzqiqT6nDajZDpWXMk-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/MPF8vzPq2OaHciqllCgLGOvIhRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/3f3e57-0e00-4f2f-976b-414f09b92c15/1/v7sDAWyDzqiqT6nDajZDpWXMk-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:1b:86:6d:58:d5:87:8e:ff:32:e8:c4:c7:f4:3e:a2:29:d8:
         ad:2c:8f:b1:62:56:56:d3:a1:57:48:eb:9b:5f:05:4c:6b:3a:
         cc:41:b3:e9:e8:d9:9b:bf:fe:5e:b5:77:ad:88:4d:75:31:0a:
         85:f6:ad:b6:fd:33:3b:c2:1e:9e:81:bd:95:d9:b5:4d:33:4a:
         82:af:0e:78:c4:80:3d:3f:50:22:e0:3b:0a:4c:ef:ff:df:e9:
         e8:65:c6:a8:90:5b:09:78:98:80:cb:55:da:7b:10:72:b6:d0:
         cb:4a:4f:73:fd:8b:9c:59:02:81:e0:65:ff:f4:8d:49:89:a7:
         6b:28:88:c6:94:c9:fe:ee:87:9e:74:e1:a4:c5:f8:8e:3e:ec:
         22:e6:23:89:21:bc:14:2d:88:06:14:24:05:bb:59:cf:64:bb:
         9b:f6:5c:87:d5:c8:63:6d:1e:8f:af:7a:68:6b:40:14:32:21:
         6f:dc:53:95:c0:df:8c:08:d9:c2:45:3e:b9:58:04:32:fe:35:
         27:a5:2e:aa:9f:3b:b7:64:b7:04:e3:d4:db:6a:50:42:43:52:
         c6:04:db:ff:8e:fd:d4:ac:c5:3b:c4:2e:84:27:ae:7b:8c:75:
         7f:b9:ad:22:5c:d2:86:6e:cf:03:10:9b:24:61:37:6b:87:b3:
         f4:9f:83:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKeXyeH/jjGca+oDx10yWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYmIwMzAxNmM4M2NlYThhYTRmYTljMzZhMzY0M2E1NjVj
YzkzZTYwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGYxN2NiZjMzZWFkOGU2ODc3MjJhYTU5NDI4MGIxOGViYzg4NTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP+AY5CN8VevrjAthYzmGNb2a0hf
5hEXhio/7ctogecYWgZaoblSUe1+wskK6uzkML81VVhmwoOnGAj+okdXqX/JBKQ/
7gZ9/Mtfp9u+CiPLztwl/t7AcGTaea6zvuUH62n8DK2ljAlmvNx1V/YM9/BjQQR+
Rr2lXS6RfE15AHN/JebhjTBIcCpRPMxT6Z23/Ici3ASD+cWeiUWnukO3SnCNu0P4
HVoXZgKijTZm+zlo2gqECiCEpANuwxHDgsE7+wPC7erl0P5x1uWHK6fAJyZ7L66u
BISSZpGcz+XwHDp/mOFtuMmldKKaOlJBsZ/HHMU8Bc5WnkY6L2E393V0rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDxfL8z6tjmh3IqpZQoCxjryIUcMB8GA1UdIwQY
MBaAFL+7AwFsg86oqk+pw2o2Q6VlzJPmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdzREFXeUR6cWlxVDZuRGFqWkRwV1hNay1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zZjNlNTctMGUwMC00ZjJmLTk3NmIt
NDE0ZjA5YjkyYzE1LzEvTVBGOHZ6UHEyT2FIY2lxbGxDZ0xHT3ZJaFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zZjNlNTctMGUwMC00ZjJmLTk3NmItNDE0ZjA5YjkyYzE1
LzEvdjdzREFXeUR6cWlxVDZuRGFqWkRwV1hNay1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWTRMA0G
CSqGSIb3DQEBCwUAA4IBAQATG4ZtWNWHjv8y6MTH9D6iKditLI+xYlZW06FXSOub
XwVMazrMQbPp6Nmbv/5etXetiE11MQqF9q22/TM7wh6egb2V2bVNM0qCrw54xIA9
P1Ai4DsKTO//3+noZcaokFsJeJiAy1XaexByttDLSk9z/YucWQKB4GX/9I1Jiadr
KIjGlMn+7oeedOGkxfiOPuwi5iOJIbwULYgGFCQFu1nPZLub9lyH1chjbR6Pr3po
a0AUMiFv3FOVwN+MCNnCRT65WAQy/jUnpS6qnzu3ZLcE49TbalBCQ1LGBNv/jv3U
rMU7xC6EJ657jHV/ua0iXNKGbs8DEJskYTdrh7P0n4NI
-----END CERTIFICATE-----