Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/MHwVK56c0CU6HbQZz96CaNPChQ0.roa
File:                     MHwVK56c0CU6HbQZz96CaNPChQ0.roa (raw, json)
Hash identifier:          /RWJfaAYqa3k3xtZBm0aYD2Q+T0lq6V0SMY2xxBCEnQ=
Subject key identifier:   30:7C:15:2B:9E:9C:D0:25:3A:1D:B4:19:CF:DE:82:68:D3:C2:85:0D
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018CC3B67439A5034EACE0CCBFA853F03807
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/MHwVK56c0CU6HbQZz96CaNPChQ0.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        2a0d:ecc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:74:39:a5:03:4e:ac:e0:cc:bf:a8:53:f0:38:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=307c152b9e9cd0253a1db419cfde8268d3c2850d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3f:c9:23:9c:65:4a:48:b9:79:ca:26:ad:5c:
                    22:47:8a:14:fe:92:2e:bc:a5:c0:4e:8c:e6:7b:f3:
                    eb:09:ec:c4:51:b7:6a:1b:0b:a5:d4:0f:e5:ef:6b:
                    14:46:5d:73:c2:7b:22:6f:f7:98:f3:32:70:5c:44:
                    aa:4f:83:9f:db:6a:9c:70:02:42:b3:a9:24:67:f6:
                    bb:b9:57:23:1c:73:0a:e0:ed:e8:76:ec:ff:5b:3a:
                    b5:d2:a5:82:f7:86:6c:04:d9:cf:d1:ac:e2:93:2a:
                    a8:27:7b:51:6a:a2:70:8b:66:13:b0:92:78:b6:31:
                    d1:9e:f5:0f:ca:ed:74:72:4c:49:16:5c:9e:93:84:
                    43:cc:72:03:bb:f1:c5:b4:05:34:d6:f1:73:1e:07:
                    42:4e:c0:86:c8:0d:7c:ce:17:10:60:e0:6c:bd:6d:
                    bf:23:4d:dd:3e:63:59:6a:21:1e:e0:e6:bd:a1:f5:
                    64:7e:04:e0:a4:02:30:e1:53:cb:a3:ed:56:eb:1a:
                    7a:65:90:29:84:4a:d1:51:e9:af:8c:d9:66:79:5c:
                    f0:ef:4b:34:28:7e:c4:31:ca:d1:48:80:d3:b5:5a:
                    4e:48:57:19:cf:97:b9:51:c9:06:26:9c:51:45:dd:
                    cb:eb:a6:29:20:49:4f:3e:4b:d3:04:1c:81:c9:e6:
                    de:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:7C:15:2B:9E:9C:D0:25:3A:1D:B4:19:CF:DE:82:68:D3:C2:85:0D
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/MHwVK56c0CU6HbQZz96CaNPChQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:ecc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:fc:01:00:68:e3:63:51:23:a9:41:df:d9:27:69:4c:fe:4e:
         57:f3:13:d2:99:65:4e:a1:62:ac:32:e3:c7:58:e8:a4:2e:34:
         50:ff:2d:ba:cf:4b:3e:d3:82:9a:52:fa:0d:eb:2a:30:1e:ba:
         05:4a:36:46:0d:2d:92:bf:9d:2a:d2:7c:74:c0:2d:0e:02:41:
         d4:91:8d:5f:c2:cb:bd:77:41:70:83:b2:e6:78:7a:f0:33:f3:
         1f:f5:e2:f7:84:72:bf:d2:12:1b:f1:ec:0b:ba:e9:2e:c9:80:
         b8:7f:b4:37:b6:76:28:b3:23:64:0a:ff:01:64:4e:f6:bf:9d:
         c1:f0:e2:38:24:20:9c:92:df:e3:ff:ff:cb:3f:42:3d:41:80:
         b8:75:f5:76:a1:45:af:80:1c:23:e0:09:a5:95:8a:70:8b:de:
         b3:d2:17:15:d8:52:1b:81:5a:60:08:ba:8a:9a:47:b7:27:d5:
         b6:10:11:dc:54:1b:f5:56:1f:bc:6d:e3:44:6c:d4:83:cf:cd:
         24:ab:d3:ec:65:24:e2:34:62:f5:37:11:fd:ea:37:4a:e2:b6:
         cb:c7:73:3f:62:a6:d0:87:bd:38:3f:ca:f1:39:26:4c:45:41:
         88:41:de:33:5f:78:cb:8b:6f:fc:b6:0b:e8:ff:16:13:ae:61:
         6c:43:0c:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtnQ5pQNOrODMv6hT8DgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDdjMTUyYjllOWNkMDI1M2ExZGI0MTljZmRlODI2OGQzYzI4NTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz/JI5xlSki5ecomrVwiR4oU/pIu
vKXATozme/PrCezEUbdqGwul1A/l72sURl1zwnsib/eY8zJwXESqT4Of22qccAJC
s6kkZ/a7uVcjHHMK4O3oduz/Wzq10qWC94ZsBNnP0azikyqoJ3tRaqJwi2YTsJJ4
tjHRnvUPyu10ckxJFlyek4RDzHIDu/HFtAU01vFzHgdCTsCGyA18zhcQYOBsvW2/
I03dPmNZaiEe4Oa9ofVkfgTgpAIw4VPLo+1W6xp6ZZAphErRUemvjNlmeVzw70s0
KH7EMcrRSIDTtVpOSFcZz5e5UckGJpxRRd3L66YpIElPPkvTBByByebebQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDB8FSuenNAlOh20Gc/egmjTwoUNMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvTUh3Vks1NmMwQ1U2SGJRWno5NkNhTlBDaFEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg3swDAN
BgkqhkiG9w0BAQsFAAOCAQEAQ/wBAGjjY1EjqUHf2SdpTP5OV/MT0pllTqFirDLj
x1jopC40UP8tus9LPtOCmlL6DesqMB66BUo2Rg0tkr+dKtJ8dMAtDgJB1JGNX8LL
vXdBcIOy5nh68DPzH/Xi94Ryv9ISG/HsC7rpLsmAuH+0N7Z2KLMjZAr/AWRO9r+d
wfDiOCQgnJLf4///yz9CPUGAuHX1dqFFr4AcI+AJpZWKcIves9IXFdhSG4FaYAi6
ippHtyfVthAR3FQb9VYfvG3jRGzUg8/NJKvT7GUk4jRi9TcR/eo3SuK2y8dzP2Km
0Ie9OD/K8TkmTEVBiEHeM194y4tv/LYL6P8WE65hbEMMpg==
-----END CERTIFICATE-----