Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/McFpL3IbEKD9V-T_qTJ4J5m9vjI.roa
File:                     McFpL3IbEKD9V-T_qTJ4J5m9vjI.roa (raw, json)
Hash identifier:          BQ2UrXsl23EJls2ba5DouBa0dnPUf2+4nTwNIq+Tz4o=
Subject key identifier:   31:C1:69:2F:72:1B:10:A0:FD:57:E4:FF:A9:32:78:27:99:BD:BE:32
Certificate issuer:       /CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
Certificate serial:       018CC348BF7315334E9A73AD9A6F167B95B0
Authority key identifier: 4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/McFpL3IbEKD9V-T_qTJ4J5m9vjI.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61227
IP address blocks:        176.110.116.0/23 maxlen: 23
                          2001:67c:1070::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:bf:73:15:33:4e:9a:73:ad:9a:6f:16:7b:95:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31c1692f721b10a0fd57e4ffa932782799bdbe32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:37:7d:97:80:60:b8:ca:66:eb:95:0c:f4:b3:
                    d0:7c:47:8f:be:5f:85:78:ee:9e:f7:ac:14:0d:b7:
                    97:4e:0a:f6:0f:1f:c3:2a:9f:e9:ee:40:84:e3:8b:
                    a9:ef:17:2e:f6:9a:15:d8:60:a2:05:f1:0e:ad:44:
                    8c:c2:2f:09:70:bc:74:ad:ba:bf:d0:bd:bd:8d:e7:
                    c6:3c:04:8e:30:b1:6a:88:2f:c7:68:b7:1c:13:42:
                    a2:63:f9:16:65:6a:21:6c:b0:92:c1:e7:7b:14:4b:
                    37:4b:c2:3c:7b:3e:7b:7e:67:c0:a4:18:e1:58:73:
                    a0:1b:c5:87:94:17:47:0f:73:b0:17:7b:88:ee:ca:
                    95:ee:66:96:7d:4d:8d:3b:70:ae:8a:7d:68:94:73:
                    e3:3c:b6:67:38:d5:c6:f5:00:a8:af:95:27:c7:5f:
                    d4:3b:39:31:5b:b0:9d:0b:3a:c0:b6:2d:10:13:50:
                    43:76:85:82:d8:94:39:f0:9a:8a:bf:40:f5:1d:d7:
                    c2:03:23:d3:d6:91:37:dd:b0:97:0a:4a:e8:66:2a:
                    72:6b:5c:fd:e4:0f:0c:8f:f3:f0:04:41:98:57:77:
                    24:d4:f9:b7:ed:d7:80:cc:50:05:8b:a9:64:d0:0b:
                    57:e7:80:c2:81:ca:ea:09:73:ee:8f:a1:cf:d1:0d:
                    0b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C1:69:2F:72:1B:10:A0:FD:57:E4:FF:A9:32:78:27:99:BD:BE:32
            X509v3 Authority Key Identifier:
                keyid:4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/McFpL3IbEKD9V-T_qTJ4J5m9vjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.116.0/23
                IPv6:
                  2001:67c:1070::/47

    Signature Algorithm: sha256WithRSAEncryption
         40:8d:0e:4b:20:30:f1:b0:62:3b:63:66:c4:f6:19:a6:e7:1e:
         b7:ea:0c:df:15:0b:09:12:a8:c9:98:57:53:f6:51:70:27:f3:
         10:b0:b4:fe:55:26:56:43:99:3d:99:9b:3e:b5:dc:31:c1:8b:
         9e:c7:6e:46:b7:2c:2e:83:ad:5c:dd:01:12:8a:89:6e:0f:96:
         ba:a4:72:22:1d:4c:fc:e8:79:ac:ed:0d:b8:cd:e3:bc:9a:c8:
         dc:7c:09:be:98:08:1e:1d:9b:73:06:61:b9:fc:e6:03:49:45:
         1b:bf:03:d9:93:77:d6:ad:76:7d:91:59:50:68:b3:32:18:d5:
         a6:e5:35:43:07:92:d5:50:ff:ad:3f:f2:1e:63:9b:04:91:dd:
         bc:87:18:82:b4:dd:27:16:3f:71:2b:a9:c3:f0:7b:61:86:d9:
         fb:b4:fb:4f:e9:02:3d:b3:f3:1a:02:7c:bd:bf:fa:2c:e1:76:
         af:fb:c4:3f:6d:0b:e1:46:64:14:78:3c:c4:c0:35:87:c8:25:
         62:74:22:91:51:94:00:63:9a:1a:aa:80:04:cf:06:24:24:c0:
         3f:f4:1b:71:a6:84:3c:76:8a:e7:76:8f:d6:e0:7c:09:c7:c2:
         47:1d:83:c2:33:93:eb:2c:7f:c3:cd:3c:bf:e3:c0:e5:07:10:
         b9:6a:a4:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSL9zFTNOmnOtmm8We5WwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGFkZTU0YzI3ZTZmY2RkYWNlMjYyYzRmZGY3OTBmMzIw
ZmVkOWMwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWMxNjkyZjcyMWIxMGEwZmQ1N2U0ZmZhOTMyNzgyNzk5YmRiZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjd9l4BguMpm65UM9LPQfEePvl+F
eO6e96wUDbeXTgr2Dx/DKp/p7kCE44up7xcu9poV2GCiBfEOrUSMwi8JcLx0rbq/
0L29jefGPASOMLFqiC/HaLccE0KiY/kWZWohbLCSwed7FEs3S8I8ez57fmfApBjh
WHOgG8WHlBdHD3OwF3uI7sqV7maWfU2NO3Cuin1olHPjPLZnONXG9QCor5Unx1/U
OzkxW7CdCzrAti0QE1BDdoWC2JQ58JqKv0D1HdfCAyPT1pE33bCXCkroZipya1z9
5A8Mj/PwBEGYV3ck1Pm37deAzFAFi6lk0AtX54DCgcrqCXPuj6HP0Q0LVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDHBaS9yGxCg/Vfk/6kyeCeZvb4yMB8GA1UdIwQY
MBaAFE0K3lTCfm/N2s4mLE/feQ8yD+2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2It
ODkyOTZjY2IzNWY1LzEvTWNGcEwzSWJFS0Q5Vi1UX3FUSjRKNW05dmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2ItODkyOTZjY2IzNWY1
LzEvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBsG50MA8E
AgACMAkDBwEgAQZ8EHAwDQYJKoZIhvcNAQELBQADggEBAECNDksgMPGwYjtjZsT2
GabnHrfqDN8VCwkSqMmYV1P2UXAn8xCwtP5VJlZDmT2Zmz613DHBi57Hbka3LC6D
rVzdARKKiW4PlrqkciIdTPzoeaztDbjN47yayNx8Cb6YCB4dm3MGYbn85gNJRRu/
A9mTd9atdn2RWVBoszIY1ablNUMHktVQ/60/8h5jmwSR3byHGIK03ScWP3ErqcPw
e2GG2fu0+0/pAj2z8xoCfL2/+izhdq/7xD9tC+FGZBR4PMTANYfIJWJ0IpFRlABj
mhqqgATPBiQkwD/0G3GmhDx2iud2j9bgfAnHwkcdg8Izk+ssf8PNPL/jwOUHELlq
pLc=
-----END CERTIFICATE-----