Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/af282b-f597-407a-bef5-132f99cfaa53/1/MdcLcF598us8et6609oKHBzow9Y.roa
File:                     MdcLcF598us8et6609oKHBzow9Y.roa (raw, json)
Hash identifier:          lG7/IJa6qfh9JZ5f09IrmDhulgP6dGUr1CbSjJLuNMQ=
Subject key identifier:   31:D7:0B:70:5E:7D:F2:EB:3C:7A:DE:BA:D3:DA:0A:1C:1C:E8:C3:D6
Certificate issuer:       /CN=0ffcfc345a0646a7cf225905477e2183574886e0
Certificate serial:       018CC4244C9D889C98BE66B4A12431003BE9
Authority key identifier: 0F:FC:FC:34:5A:06:46:A7:CF:22:59:05:47:7E:21:83:57:48:86:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_z8NFoGRqfPIlkFR34hg1dIhuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/af282b-f597-407a-bef5-132f99cfaa53/1/MdcLcF598us8et6609oKHBzow9Y.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44820
IP address blocks:        91.216.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/af282b-f597-407a-bef5-132f99cfaa53/1/D_z8NFoGRqfPIlkFR34hg1dIhuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/af282b-f597-407a-bef5-132f99cfaa53/1/D_z8NFoGRqfPIlkFR34hg1dIhuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_z8NFoGRqfPIlkFR34hg1dIhuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 01:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4c:9d:88:9c:98:be:66:b4:a1:24:31:00:3b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ffcfc345a0646a7cf225905477e2183574886e0
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31d70b705e7df2eb3c7adebad3da0a1c1ce8c3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1d:30:95:87:68:de:97:7e:5e:db:1c:b2:2f:
                    3f:51:04:61:97:ae:85:b4:33:21:65:f5:9d:c6:49:
                    22:a1:f7:8e:2d:5a:a7:d6:c5:18:cc:8e:48:1b:98:
                    4c:9c:85:96:fe:47:b0:a3:59:d5:59:b9:36:79:ee:
                    24:09:4f:03:bc:8b:9c:6c:2a:c7:f8:fe:a1:b9:30:
                    49:b1:9d:ff:46:47:e9:28:12:06:de:53:1e:9b:3e:
                    82:98:8e:55:de:81:25:d2:08:df:99:c2:80:a6:c8:
                    e9:f4:03:ee:09:59:05:f5:d5:a8:6d:a3:d7:b2:91:
                    63:29:ca:e2:07:82:d3:82:dd:cb:ed:78:29:07:d8:
                    92:71:37:75:3b:fa:b5:18:d0:cc:4e:12:31:38:f4:
                    a9:45:b0:1b:fb:d8:9d:ed:88:7f:73:a5:d3:ed:65:
                    83:1a:a6:0a:4c:49:e5:81:0e:6c:ea:1c:d8:2f:a5:
                    bd:5f:31:92:f4:40:4c:37:fc:b3:ff:95:af:44:a2:
                    5e:8e:b5:30:0b:97:d6:74:93:8d:13:2c:4a:1c:7c:
                    a2:6a:b4:47:86:4b:71:09:b2:5f:34:98:7c:fb:ef:
                    b3:90:30:6f:06:e7:84:70:19:e4:be:d3:00:2b:77:
                    bf:b7:3f:cd:bf:fe:6a:20:6a:a9:a6:dd:fe:ea:83:
                    bc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D7:0B:70:5E:7D:F2:EB:3C:7A:DE:BA:D3:DA:0A:1C:1C:E8:C3:D6
            X509v3 Authority Key Identifier:
                keyid:0F:FC:FC:34:5A:06:46:A7:CF:22:59:05:47:7E:21:83:57:48:86:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_z8NFoGRqfPIlkFR34hg1dIhuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/af282b-f597-407a-bef5-132f99cfaa53/1/MdcLcF598us8et6609oKHBzow9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/af282b-f597-407a-bef5-132f99cfaa53/1/D_z8NFoGRqfPIlkFR34hg1dIhuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:89:dc:31:99:13:c3:af:8b:2e:c5:7d:3b:72:ff:8b:d7:13:
         75:9c:9c:81:38:ee:34:13:99:f9:2a:b5:99:51:7d:6f:fd:f9:
         6e:8e:46:6f:a5:3d:38:83:f4:72:28:7e:7b:24:77:66:85:19:
         4c:3b:b0:fd:54:00:a5:ac:1d:28:4c:e6:18:28:6b:8c:2f:b3:
         d4:d3:b8:cd:c0:47:93:9e:4e:13:0e:11:c2:94:d0:65:c9:e8:
         20:71:33:66:f0:f9:8c:24:4d:c5:7f:1d:42:7f:e0:7c:f6:95:
         ba:30:9e:11:e5:cf:ae:b5:72:10:77:ee:5e:b7:ab:cd:95:10:
         19:cc:b5:b1:1c:40:06:bb:ea:df:0a:f6:67:24:7c:38:65:df:
         bd:43:78:68:57:ad:91:f4:26:2e:17:47:ed:29:65:0f:a7:e0:
         f0:43:a8:e7:a5:31:25:35:cf:e8:fb:38:ef:82:b1:30:cd:3d:
         4b:69:52:38:a3:22:3d:05:a5:77:51:df:2f:f9:72:dd:51:26:
         e6:50:7e:4e:68:2d:6c:bf:11:9f:12:c6:d8:20:56:b7:d9:1b:
         54:9d:2f:12:f3:42:cf:7b:84:df:ce:16:ee:c5:67:79:82:5d:
         4a:08:1e:64:b9:8d:b0:3f:a5:4e:ed:3f:4c:b8:18:f6:d3:21:
         f6:4d:ce:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEydiJyYvma0oSQxADvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZmNmYzM0NWEwNjQ2YTdjZjIyNTkwNTQ3N2UyMTgzNTc0
ODg2ZTAwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQ3MGI3MDVlN2RmMmViM2M3YWRlYmFkM2RhMGExYzFjZThjM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqh0wlYdo3pd+Xtscsi8/UQRhl66F
tDMhZfWdxkkiofeOLVqn1sUYzI5IG5hMnIWW/kewo1nVWbk2ee4kCU8DvIucbCrH
+P6huTBJsZ3/RkfpKBIG3lMemz6CmI5V3oEl0gjfmcKApsjp9APuCVkF9dWobaPX
spFjKcriB4LTgt3L7XgpB9iScTd1O/q1GNDMThIxOPSpRbAb+9id7Yh/c6XT7WWD
GqYKTEnlgQ5s6hzYL6W9XzGS9EBMN/yz/5WvRKJejrUwC5fWdJONEyxKHHyiarRH
hktxCbJfNJh8+++zkDBvBueEcBnkvtMAK3e/tz/Nv/5qIGqppt3+6oO8FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHXC3BeffLrPHreutPaChwc6MPWMB8GA1UdIwQY
MBaAFA/8/DRaBkanzyJZBUd+IYNXSIbgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF96OE5Gb0dScWZQSWxrRlIzNGhnMWRJaHVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9hZjI4MmItZjU5Ny00MDdhLWJlZjUt
MTMyZjk5Y2ZhYTUzLzEvTWRjTGNGNTk4dXM4ZXQ2NjA5b0tIQnpvdzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9hZjI4MmItZjU5Ny00MDdhLWJlZjUtMTMyZjk5Y2ZhYTUz
LzEvRF96OE5Gb0dScWZQSWxrRlIzNGhnMWRJaHVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hqMA0G
CSqGSIb3DQEBCwUAA4IBAQAuidwxmRPDr4suxX07cv+L1xN1nJyBOO40E5n5KrWZ
UX1v/flujkZvpT04g/RyKH57JHdmhRlMO7D9VAClrB0oTOYYKGuML7PU07jNwEeT
nk4TDhHClNBlyeggcTNm8PmMJE3Ffx1Cf+B89pW6MJ4R5c+utXIQd+5et6vNlRAZ
zLWxHEAGu+rfCvZnJHw4Zd+9Q3hoV62R9CYuF0ftKWUPp+DwQ6jnpTElNc/o+zjv
grEwzT1LaVI4oyI9BaV3Ud8v+XLdUSbmUH5OaC1svxGfEsbYIFa32RtUnS8S80LP
e4TfzhbuxWd5gl1KCB5kuY2wP6VO7T9MuBj20yH2Tc7P
-----END CERTIFICATE-----