Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/MGUxPLxmQbSwHsgzk7XVBIBzEH0.roa
File:                     MGUxPLxmQbSwHsgzk7XVBIBzEH0.roa (raw, json)
Hash identifier:          KQjYGSGr29tW2gEfeRq7keHVn2KdKz1LIbb9rZC/wts=
Subject key identifier:   30:65:31:3C:BC:66:41:B4:B0:1E:C8:33:93:B5:D5:04:80:73:10:7D
Certificate issuer:       /CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
Certificate serial:       018CC7270A6E61879439F6A040526220D011
Authority key identifier: 2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/MGUxPLxmQbSwHsgzk7XVBIBzEH0.roa
Signing time:             Mon 01 Jan 2024 22:31:13 +0000
ROA not before:           Mon 01 Jan 2024 22:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43309
IP address blocks:        2.56.168.0/24 maxlen: 24
                          2a0f:ca00::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0a:6e:61:87:94:39:f6:a0:40:52:62:20:d0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2add438a7ce3cb379f28cfa051cf63d5ad8fe3ca
        Validity
            Not Before: Jan  1 22:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3065313cbc6641b4b01ec83393b5d5048073107d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7a:38:c8:d4:50:b5:fe:0d:d6:51:7f:47:e7:
                    06:5f:50:cf:b0:a4:04:dd:9a:75:c0:51:8c:71:82:
                    46:09:61:b2:23:27:4c:52:79:59:e8:25:59:cc:5f:
                    a0:43:67:7b:25:e1:c5:85:dd:e9:ac:22:7a:38:42:
                    e7:d7:dc:89:07:33:64:7b:1f:39:19:3d:a0:95:17:
                    33:79:26:87:55:ef:20:30:75:2f:ab:4a:94:e4:3f:
                    b3:cb:c9:4b:c7:5c:70:f6:a2:ab:4c:47:9d:5b:1b:
                    f4:65:f5:5b:4a:11:8e:eb:a5:f5:45:96:ae:4e:12:
                    f8:47:23:a9:f8:9d:1f:a9:d7:47:6b:7a:c8:75:1f:
                    dd:42:cc:c3:cd:7b:8b:4b:1a:0c:b5:da:cf:34:e4:
                    06:78:33:e7:eb:2d:c5:3d:c9:c6:df:27:c2:f2:65:
                    13:02:64:25:3d:1b:1e:19:79:cb:a8:cd:f4:16:04:
                    01:31:86:09:ba:80:a6:b9:d0:05:5d:19:b2:b7:07:
                    c3:d4:9d:b6:40:9d:b2:ef:af:50:92:8f:ad:a3:72:
                    c0:6f:26:28:23:49:ba:22:a5:e2:07:f8:63:c4:fb:
                    63:ac:6f:3d:42:e0:04:04:b4:9b:18:6e:45:d6:1f:
                    57:8c:1c:34:c2:b0:89:8c:c5:d9:75:1c:76:35:2b:
                    1c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:65:31:3C:BC:66:41:B4:B0:1E:C8:33:93:B5:D5:04:80:73:10:7D
            X509v3 Authority Key Identifier:
                keyid:2A:DD:43:8A:7C:E3:CB:37:9F:28:CF:A0:51:CF:63:D5:AD:8F:E3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kt1DinzjyzefKM-gUc9j1a2P48o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/MGUxPLxmQbSwHsgzk7XVBIBzEH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/0b61cf-80ba-4e8e-a2e5-20a0d130c456/1/Kt1DinzjyzefKM-gUc9j1a2P48o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.168.0/24
                IPv6:
                  2a0f:ca00::/33

    Signature Algorithm: sha256WithRSAEncryption
         3b:a7:be:e4:3c:aa:f0:3f:a7:55:fb:f9:71:00:bc:a1:db:9f:
         7b:9d:a0:b3:00:0c:dc:e7:39:14:57:db:00:2f:73:d4:96:a0:
         0d:ff:75:ef:5b:66:dd:00:2b:6e:5b:06:9b:a0:8f:cf:09:09:
         9f:0e:c9:2e:4a:da:58:e1:66:f9:ac:e9:ad:31:67:d8:70:04:
         7a:e8:b9:04:31:e6:0d:08:37:87:4e:2e:3b:eb:38:40:2e:9a:
         55:dc:c7:ac:0f:ec:04:f8:80:5c:77:a1:a4:19:87:38:42:e6:
         3f:33:7b:be:35:28:96:fd:a2:8b:eb:0d:31:f1:b9:70:b7:4b:
         fa:e6:43:c8:b7:08:d3:8b:cd:f3:95:34:d9:bf:cc:50:1b:c5:
         df:9b:5a:54:a9:34:67:47:6e:b4:d6:ba:4f:dd:86:86:30:ae:
         0e:30:4e:cf:04:42:4f:53:69:2c:c6:72:41:e9:c4:35:80:00:
         26:f0:8b:66:ee:b5:a2:a7:fe:83:eb:2d:83:30:38:d0:27:ae:
         d6:84:bc:3b:8a:91:66:a5:1e:9d:e1:5c:8d:4c:d9:42:a9:ac:
         ac:70:1c:87:52:f4:e6:0d:99:f8:1d:45:c1:7a:31:f5:9c:a6:
         6f:bf:90:57:99:4d:90:73:34:4e:a8:a6:b4:61:a3:02:fb:cc:
         08:08:e9:16
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJwpuYYeUOfagQFJiINARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZGQ0MzhhN2NlM2NiMzc5ZjI4Y2ZhMDUxY2Y2M2Q1YWQ4
ZmUzY2EwHhcNMjQwMTAxMjIzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDY1MzEzY2JjNjY0MWI0YjAxZWM4MzM5M2I1ZDUwNDgwNzMxMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHo4yNRQtf4N1lF/R+cGX1DPsKQE
3Zp1wFGMcYJGCWGyIydMUnlZ6CVZzF+gQ2d7JeHFhd3prCJ6OELn19yJBzNkex85
GT2glRczeSaHVe8gMHUvq0qU5D+zy8lLx1xw9qKrTEedWxv0ZfVbShGO66X1RZau
ThL4RyOp+J0fqddHa3rIdR/dQszDzXuLSxoMtdrPNOQGeDPn6y3FPcnG3yfC8mUT
AmQlPRseGXnLqM30FgQBMYYJuoCmudAFXRmytwfD1J22QJ2y769Qko+to3LAbyYo
I0m6IqXiB/hjxPtjrG89QuAEBLSbGG5F1h9XjBw0wrCJjMXZdRx2NSscDQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDBlMTy8ZkG0sB7IM5O11QSAcxB9MB8GA1UdIwQY
MBaAFCrdQ4p848s3nyjPoFHPY9Wtj+PKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUt
MjBhMGQxMzBjNDU2LzEvTUdVeFBMeG1RYlN3SHNnems3WFZCSUJ6RUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wYjYxY2YtODBiYS00ZThlLWEyZTUtMjBhMGQxMzBjNDU2
LzEvS3QxRGluemp5emVmS00tZ1VjOWoxYTJQNDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAAjioMA4E
AgACMAgDBgcqD8oAADANBgkqhkiG9w0BAQsFAAOCAQEAO6e+5Dyq8D+nVfv5cQC8
odufe52gswAM3Oc5FFfbAC9z1JagDf9171tm3QArblsGm6CPzwkJnw7JLkraWOFm
+azprTFn2HAEeui5BDHmDQg3h04uO+s4QC6aVdzHrA/sBPiAXHehpBmHOELmPzN7
vjUolv2ii+sNMfG5cLdL+uZDyLcI04vN85U02b/MUBvF35taVKk0Z0dutNa6T92G
hjCuDjBOzwRCT1NpLMZyQenENYAAJvCLZu61oqf+g+stgzA40Ceu1oS8O4qRZqUe
neFcjUzZQqmsrHAch1L05g2Z+B1FwXox9Zymb7+QV5lNkHM0TqimtGGjAvvMCAjp
Fg==
-----END CERTIFICATE-----