Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/MBpphB2xYxcgQsmw9fNhE41ypGk.roa
File:                     MBpphB2xYxcgQsmw9fNhE41ypGk.roa (raw, json)
Hash identifier:          zP2S6aPon3XgvaEBxXXNojD/HkiPfTPWAwGs50rtlIo=
Subject key identifier:   30:1A:69:84:1D:B1:63:17:20:42:C9:B0:F5:F3:61:13:8D:72:A4:69
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       01926AD0E80D505C9381314B35920617288C
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/MBpphB2xYxcgQsmw9fNhE41ypGk.roa
Signing time:             Tue 08 Oct 2024 06:28:48 +0000
ROA not before:           Tue 08 Oct 2024 06:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     150654
IP address blocks:        110.172.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6a:d0:e8:0d:50:5c:93:81:31:4b:35:92:06:17:28:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Oct  8 06:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=301a69841db163172042c9b0f5f361138d72a469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0c:04:fe:11:40:b1:57:7f:1f:86:62:44:e6:
                    06:2a:be:7e:27:c5:51:82:84:8a:c8:50:e8:ef:90:
                    eb:72:fc:74:a5:00:77:8e:94:fd:c9:4d:e5:b0:e9:
                    41:1f:a9:c6:d7:d7:c7:09:9d:13:31:8a:95:05:e7:
                    94:69:ea:5d:bc:03:0d:f7:83:bd:56:46:40:ae:7c:
                    cb:55:ae:8d:96:11:82:a5:06:5e:68:52:9a:5d:a0:
                    31:7f:99:4d:a0:c3:86:dd:16:98:d8:f5:1e:01:fd:
                    e9:2e:35:de:dd:0a:32:01:a4:13:03:2a:e6:46:d0:
                    37:ad:af:2e:7e:b2:c2:60:bb:3c:2c:3f:89:a2:60:
                    5b:a9:60:38:98:cb:bf:31:49:85:1b:67:cd:d9:66:
                    51:10:14:e0:5e:7b:23:4d:26:3c:0f:49:8e:40:45:
                    13:95:cd:0b:9a:39:61:bd:ad:00:06:4e:fa:5c:ff:
                    21:79:70:1f:df:27:d9:9c:1f:d9:cd:52:42:b3:09:
                    89:1d:a8:f1:aa:ae:d3:10:51:2f:44:31:71:d9:97:
                    81:2f:80:ef:c7:63:77:ce:46:1c:00:55:4b:7a:b6:
                    35:9a:e7:4f:31:fd:b8:44:3e:31:13:40:0b:7e:4d:
                    6a:ca:ab:94:5d:e8:a5:02:36:31:ba:61:95:3d:17:
                    7a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1A:69:84:1D:B1:63:17:20:42:C9:B0:F5:F3:61:13:8D:72:A4:69
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/MBpphB2xYxcgQsmw9fNhE41ypGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.172.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:70:cd:b3:c7:3a:78:d5:10:bf:75:22:e6:5d:51:56:65:86:
         9d:ba:df:02:14:73:62:56:85:42:85:36:94:bc:db:7a:f6:fb:
         dc:5b:ec:33:d2:3b:0f:fc:72:24:21:96:9c:66:05:dc:44:c8:
         f1:07:af:5f:b3:cd:a3:74:02:30:35:5b:1e:a9:5c:72:a3:a6:
         77:e8:74:6f:ad:20:6e:d6:10:9e:3c:89:d8:f4:ac:29:8c:e7:
         e1:6f:58:dd:b4:3b:13:18:42:cc:b6:c3:cf:53:8e:b2:2e:43:
         6e:88:c3:cd:40:4a:fb:78:52:ee:0f:7c:ea:7a:b5:8c:ab:46:
         25:76:f8:e2:bd:c5:ce:25:06:00:ed:bb:d4:42:e2:f3:58:1f:
         68:bc:6a:0b:5e:e7:5b:4d:7a:bf:9b:36:4e:97:4a:b4:72:e2:
         3d:7a:72:84:5b:22:2a:a5:3b:e5:9e:f6:2b:34:0c:a0:17:df:
         d6:da:2a:1e:c8:cd:72:9c:09:c1:fd:ed:e7:22:c8:8d:2b:c4:
         cc:cc:43:92:9b:1a:b0:6c:87:7b:56:b2:d7:b9:de:28:c5:48:
         08:4f:cd:40:84:24:de:64:23:d2:ca:3b:cb:91:72:69:2c:2e:
         85:73:f8:5c:21:d0:1d:35:30:31:48:ff:0b:0c:b2:59:d2:0b:
         d1:e2:76:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJq0OgNUFyTgTFLNZIGFyiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMDA4MDYyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFhNjk4NDFkYjE2MzE3MjA0MmM5YjBmNWYzNjExMzhkNzJhNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wwE/hFAsVd/H4ZiROYGKr5+J8VR
goSKyFDo75Drcvx0pQB3jpT9yU3lsOlBH6nG19fHCZ0TMYqVBeeUaepdvAMN94O9
VkZArnzLVa6NlhGCpQZeaFKaXaAxf5lNoMOG3RaY2PUeAf3pLjXe3QoyAaQTAyrm
RtA3ra8ufrLCYLs8LD+JomBbqWA4mMu/MUmFG2fN2WZREBTgXnsjTSY8D0mOQEUT
lc0Lmjlhva0ABk76XP8heXAf3yfZnB/ZzVJCswmJHajxqq7TEFEvRDFx2ZeBL4Dv
x2N3zkYcAFVLerY1mudPMf24RD4xE0ALfk1qyquUXeilAjYxumGVPRd6lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAaaYQdsWMXIELJsPXzYRONcqRpMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvTUJwcGhCMnhZeGNnUXNtdzlmTmhFNDF5cEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbqy+MA0G
CSqGSIb3DQEBCwUAA4IBAQA7cM2zxzp41RC/dSLmXVFWZYadut8CFHNiVoVChTaU
vNt69vvcW+wz0jsP/HIkIZacZgXcRMjxB69fs82jdAIwNVseqVxyo6Z36HRvrSBu
1hCePInY9KwpjOfhb1jdtDsTGELMtsPPU46yLkNuiMPNQEr7eFLuD3zqerWMq0Yl
dvjivcXOJQYA7bvUQuLzWB9ovGoLXudbTXq/mzZOl0q0cuI9enKEWyIqpTvlnvYr
NAygF9/W2ioeyM1ynAnB/e3nIsiNK8TMzEOSmxqwbId7VrLXud4oxUgIT81AhCTe
ZCPSyjvLkXJpLC6Fc/hcIdAdNTAxSP8LDLJZ0gvR4naF
-----END CERTIFICATE-----