Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/M_Brg01aoE5EO477tTeBXmJw7BI.roa
File:                     M_Brg01aoE5EO477tTeBXmJw7BI.roa (raw, json)
Hash identifier:          3/LJHG0hqyF8/N0OCq1mkg1ls9fbAVr8VD52ARHaK7o=
Subject key identifier:   33:F0:6B:83:4D:5A:A0:4E:44:3B:8E:FB:B5:37:81:5E:62:70:EC:12
Certificate issuer:       /CN=db239685409f64ba1c3a54a8ef141c924e71d892
Certificate serial:       018CC795450E590BB0D55DAAB40462EE251F
Authority key identifier: DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/M_Brg01aoE5EO477tTeBXmJw7BI.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34948
IP address blocks:        78.109.80.0/20 maxlen: 20
                          193.189.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 10:04:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:45:0e:59:0b:b0:d5:5d:aa:b4:04:62:ee:25:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db239685409f64ba1c3a54a8ef141c924e71d892
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33f06b834d5aa04e443b8efbb537815e6270ec12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:86:02:89:d5:62:1a:66:2d:93:4b:34:db:b7:
                    58:c7:81:f0:19:dd:07:d0:0e:ef:3b:f1:72:f7:c6:
                    41:a5:06:bb:51:50:e4:20:f3:f8:cd:91:bb:e0:88:
                    4f:76:3b:bf:90:80:98:db:47:ac:8f:73:74:04:81:
                    69:c4:41:6f:68:27:d7:2d:ae:f7:4f:65:b3:ee:ab:
                    2d:11:5e:17:49:c3:e0:50:12:26:8b:d0:4d:75:a8:
                    ea:b9:06:c8:5f:69:54:0f:ee:1a:58:5f:61:66:3d:
                    23:ce:f2:8e:9c:a3:f9:ac:38:15:3c:fd:b2:5e:01:
                    1b:98:b0:c3:20:73:82:71:98:05:55:9c:03:1c:a8:
                    64:5a:74:57:86:f8:7d:84:05:e7:03:25:72:5a:ae:
                    1c:7d:6d:12:9e:8c:e1:48:2c:0a:95:05:86:fb:a8:
                    d5:84:95:60:59:96:78:27:fe:9d:94:3f:a4:90:58:
                    9c:d8:3e:3d:16:82:a2:02:bd:11:b1:8d:0e:76:ac:
                    02:5f:81:64:52:cb:aa:9a:62:ab:a6:cb:f1:ba:8a:
                    f9:d8:be:6d:18:c5:73:ba:ef:01:39:b4:56:95:67:
                    e4:f4:63:48:78:e4:c3:b1:b5:aa:2e:1f:c2:b7:04:
                    e8:39:5c:5e:79:50:46:a5:c4:78:96:01:d4:a1:10:
                    f7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F0:6B:83:4D:5A:A0:4E:44:3B:8E:FB:B5:37:81:5E:62:70:EC:12
            X509v3 Authority Key Identifier:
                keyid:DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/M_Brg01aoE5EO477tTeBXmJw7BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.109.80.0/20
                  193.189.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:89:c4:6b:f6:76:73:da:1b:3c:56:90:31:ee:6f:e4:e2:a5:
         de:e3:0b:8f:26:da:5f:ab:ec:d7:26:3e:7e:9e:e6:4f:00:5a:
         ed:50:1f:55:5e:22:78:29:25:bc:41:13:3a:25:78:9e:c6:50:
         c8:d4:56:a4:ba:b2:5f:65:7b:43:d1:c0:4a:e7:ff:62:2a:52:
         b4:6e:a8:88:ba:55:fa:0f:0f:37:d3:d7:62:d4:0c:2f:bc:96:
         fb:63:6d:18:76:7e:3f:f0:dd:e1:b9:2e:cb:0f:30:5c:78:5d:
         84:4b:16:d1:73:75:1d:3a:54:e0:33:a6:76:d4:ce:c8:0d:d6:
         5b:fe:0c:b6:3b:9f:f7:08:cc:71:d7:ae:27:2c:ce:ea:63:94:
         35:d7:bd:44:23:19:cc:5a:90:6a:c5:65:25:e5:6d:83:d5:a5:
         3f:fd:25:c7:9b:17:d6:bf:75:d6:18:6d:e2:13:2f:08:e5:63:
         ca:84:10:ea:52:f1:f9:ab:e1:6c:46:b8:3c:d5:e5:14:1a:90:
         55:58:02:a6:c7:f5:df:2a:24:ed:a0:44:b4:59:90:66:c2:b4:
         7e:a5:55:ed:47:96:0b:f6:4e:e8:0b:a5:b5:28:db:74:48:9d:
         12:5d:2e:f2:a6:72:27:ea:4d:3f:55:05:80:b7:6c:de:d0:4c:
         96:43:b5:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlUUOWQuw1V2qtARi7iUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjM5Njg1NDA5ZjY0YmExYzNhNTRhOGVmMTQxYzkyNGU3
MWQ4OTIwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2YwNmI4MzRkNWFhMDRlNDQzYjhlZmJiNTM3ODE1ZTYyNzBlYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4YCidViGmYtk0s027dYx4HwGd0H
0A7vO/Fy98ZBpQa7UVDkIPP4zZG74IhPdju/kICY20esj3N0BIFpxEFvaCfXLa73
T2Wz7qstEV4XScPgUBImi9BNdajquQbIX2lUD+4aWF9hZj0jzvKOnKP5rDgVPP2y
XgEbmLDDIHOCcZgFVZwDHKhkWnRXhvh9hAXnAyVyWq4cfW0SnozhSCwKlQWG+6jV
hJVgWZZ4J/6dlD+kkFic2D49FoKiAr0RsY0OdqwCX4FkUsuqmmKrpsvxuor52L5t
GMVzuu8BObRWlWfk9GNIeOTDsbWqLh/CtwToOVxeeVBGpcR4lgHUoRD3DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDPwa4NNWqBORDuO+7U3gV5icOwSMB8GA1UdIwQY
MBaAFNsjloVAn2S6HDpUqO8UHJJOcdiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmIt
MmVmNDQ3ZTFiMDhjLzEvTV9CcmcwMWFvRTVFTzQ3N3RUZUJYbUp3N0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmItMmVmNDQ3ZTFiMDhj
LzEvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETm1QAwQA
wb2PMA0GCSqGSIb3DQEBCwUAA4IBAQCticRr9nZz2hs8VpAx7m/k4qXe4wuPJtpf
q+zXJj5+nuZPAFrtUB9VXiJ4KSW8QRM6JXiexlDI1FakurJfZXtD0cBK5/9iKlK0
bqiIulX6Dw8309di1AwvvJb7Y20Ydn4/8N3huS7LDzBceF2ESxbRc3UdOlTgM6Z2
1M7IDdZb/gy2O5/3CMxx164nLM7qY5Q1171EIxnMWpBqxWUl5W2D1aU//SXHmxfW
v3XWGG3iEy8I5WPKhBDqUvH5q+FsRrg81eUUGpBVWAKmx/XfKiTtoES0WZBmwrR+
pVXtR5YL9k7oC6W1KNt0SJ0SXS7ypnIn6k0/VQWAt2ze0EyWQ7U8
-----END CERTIFICATE-----