Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/MSEcsGzaZK_12z5ajir8Uu3WYPQ.roa
File:                     MSEcsGzaZK_12z5ajir8Uu3WYPQ.roa (raw, json)
Hash identifier:          tLop/zcVMfvjGQ3VtxNcctuOocwCdLvpdXhyNBte3Rc=
Subject key identifier:   31:21:1C:B0:6C:DA:64:AF:F5:DB:3E:5A:8E:2A:FC:52:ED:D6:60:F4
Certificate issuer:       /CN=4b20d5c78c107bcf9c715453d21444f696e44b11
Certificate serial:       018CC42451D1C13BF8DDF65E61EAF2B73710
Authority key identifier: 4B:20:D5:C7:8C:10:7B:CF:9C:71:54:53:D2:14:44:F6:96:E4:4B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/MSEcsGzaZK_12z5ajir8Uu3WYPQ.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59767
IP address blocks:        185.19.64.0/22 maxlen: 22
                          2a04:1040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:51:d1:c1:3b:f8:dd:f6:5e:61:ea:f2:b7:37:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b20d5c78c107bcf9c715453d21444f696e44b11
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31211cb06cda64aff5db3e5a8e2afc52edd660f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:02:e3:0a:e2:3c:e3:79:28:3e:7a:95:b2:f6:
                    ed:7c:f3:73:e4:fb:2a:05:0f:8a:7c:2b:6a:bd:87:
                    da:23:2d:c1:7e:5f:60:f2:7b:21:76:a4:65:3b:df:
                    55:c4:38:26:97:3d:b4:2e:7d:2d:cc:55:70:ee:4f:
                    f0:e5:34:4b:97:56:a7:ed:50:36:39:c8:45:5f:29:
                    44:81:d9:79:46:eb:8f:13:a8:16:3c:d5:c8:cb:b9:
                    69:00:cd:f3:08:8b:6c:08:84:f3:86:55:16:43:d0:
                    d2:1f:61:9a:3b:a3:77:f5:ab:5e:85:bc:df:1b:db:
                    f7:2c:8f:94:cb:45:28:30:38:e2:49:6a:60:84:ca:
                    ae:bd:0e:3a:e0:c2:da:a3:d5:79:96:29:80:3f:e0:
                    62:93:f5:a7:3d:d8:64:19:76:5f:0f:87:d9:b3:9d:
                    f6:d6:5d:b8:1d:e5:10:92:b8:34:60:bf:da:28:59:
                    ee:16:d1:93:3b:a9:ef:23:8a:c0:31:f0:14:5a:5d:
                    32:f7:95:28:13:a5:c9:02:5e:59:71:e7:1a:97:58:
                    be:48:f1:ad:da:ff:5c:e1:83:4c:88:cb:03:e4:9d:
                    3b:1f:34:73:33:57:d7:c5:b8:9a:6a:66:85:e7:19:
                    c1:58:63:f3:93:9b:3f:51:f5:6c:e3:84:48:1d:e4:
                    e8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:21:1C:B0:6C:DA:64:AF:F5:DB:3E:5A:8E:2A:FC:52:ED:D6:60:F4
            X509v3 Authority Key Identifier:
                keyid:4B:20:D5:C7:8C:10:7B:CF:9C:71:54:53:D2:14:44:F6:96:E4:4B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyDVx4wQe8-ccVRT0hRE9pbkSxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/MSEcsGzaZK_12z5ajir8Uu3WYPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1e48b6-7fb0-4a12-b3e7-4b9a6058b423/1/SyDVx4wQe8-ccVRT0hRE9pbkSxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.64.0/22
                IPv6:
                  2a04:1040::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:61:8b:d9:41:e0:5a:a1:65:5c:92:73:68:ae:2e:5b:ec:22:
         eb:35:09:2b:71:7e:d7:ab:28:0e:21:c9:01:78:3d:8b:b7:45:
         77:35:22:bf:41:05:34:d1:5a:79:98:6b:ae:28:6f:f0:51:6d:
         d8:be:05:ae:ab:8f:ee:6e:3a:26:94:42:50:bb:b5:79:4e:98:
         d3:64:29:83:dd:9a:96:77:85:6f:41:e3:d8:9b:92:30:fd:35:
         90:6d:73:59:70:a7:ee:83:b2:05:ba:29:47:0b:3b:ce:86:46:
         bc:29:12:1e:dd:46:7b:c3:83:3e:d1:b7:4c:a5:8b:e4:b2:44:
         7f:e1:4f:c5:d1:ba:b1:b2:26:21:a1:6a:19:8f:d0:c1:bb:f4:
         ec:ed:2a:11:a5:6a:f2:40:88:7d:e0:5b:49:f9:50:e5:c5:9d:
         44:2e:86:5c:3c:2b:71:39:8b:64:95:01:9b:69:eb:f3:11:af:
         ca:c7:2b:15:f4:85:8d:e9:7e:16:91:26:ce:3b:bf:af:99:c0:
         45:0e:3d:64:15:6c:ca:92:4f:ff:f8:b9:3d:33:5e:52:6e:19:
         e6:34:71:13:bf:c6:c7:82:2e:3a:74:f9:29:24:3f:ec:b2:61:
         80:63:42:0f:f6:80:08:44:8b:60:e2:2f:25:aa:59:ad:d4:56:
         bf:99:ef:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJFHRwTv43fZeYerytzcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMjBkNWM3OGMxMDdiY2Y5YzcxNTQ1M2QyMTQ0NGY2OTZl
NDRiMTEwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTIxMWNiMDZjZGE2NGFmZjVkYjNlNWE4ZTJhZmM1MmVkZDY2MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQLjCuI843koPnqVsvbtfPNz5Psq
BQ+KfCtqvYfaIy3Bfl9g8nshdqRlO99VxDgmlz20Ln0tzFVw7k/w5TRLl1an7VA2
OchFXylEgdl5RuuPE6gWPNXIy7lpAM3zCItsCITzhlUWQ9DSH2GaO6N39atehbzf
G9v3LI+Uy0UoMDjiSWpghMquvQ464MLao9V5limAP+Bik/WnPdhkGXZfD4fZs532
1l24HeUQkrg0YL/aKFnuFtGTO6nvI4rAMfAUWl0y95UoE6XJAl5Zcecal1i+SPGt
2v9c4YNMiMsD5J07HzRzM1fXxbiaamaF5xnBWGPzk5s/UfVs44RIHeTo6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDEhHLBs2mSv9ds+Wo4q/FLt1mD0MB8GA1UdIwQY
MBaAFEsg1ceMEHvPnHFUU9IURPaW5EsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3lEVng0d1FlOC1jY1ZSVDBoUkU5cGJrU3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xZTQ4YjYtN2ZiMC00YTEyLWIzZTct
NGI5YTYwNThiNDIzLzEvTVNFY3NHemFaS18xMno1YWppcjhVdTNXWVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xZTQ4YjYtN2ZiMC00YTEyLWIzZTctNGI5YTYwNThiNDIz
LzEvU3lEVng0d1FlOC1jY1ZSVDBoUkU5cGJrU3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRNAMA0E
AgACMAcDBQMqBBBAMA0GCSqGSIb3DQEBCwUAA4IBAQB0YYvZQeBaoWVcknNori5b
7CLrNQkrcX7XqygOIckBeD2Lt0V3NSK/QQU00Vp5mGuuKG/wUW3YvgWuq4/ubjom
lEJQu7V5TpjTZCmD3ZqWd4VvQePYm5Iw/TWQbXNZcKfug7IFuilHCzvOhka8KRIe
3UZ7w4M+0bdMpYvkskR/4U/F0bqxsiYhoWoZj9DBu/Ts7SoRpWryQIh94FtJ+VDl
xZ1ELoZcPCtxOYtklQGbaevzEa/KxysV9IWN6X4WkSbOO7+vmcBFDj1kFWzKkk//
+Lk9M15SbhnmNHETv8bHgi46dPkpJD/ssmGAY0IP9oAIRItg4i8lqlmt1Fa/me9E
-----END CERTIFICATE-----