Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/MHGfCWJvTXEDw6KBFiCLSOGFZoU.roa
File:                     MHGfCWJvTXEDw6KBFiCLSOGFZoU.roa (raw, json)
Hash identifier:          OzGW/GOoat0DZc8u3nrhJaOnm1I18W+qB7qWNQrD25g=
Subject key identifier:   30:71:9F:09:62:6F:4D:71:03:C3:A2:81:16:20:8B:48:E1:85:66:85
Certificate issuer:       /CN=39cef2e2df5b4ada21e4736b00b7eb89e4d3eb39
Certificate serial:       018CC86F22A51A4F44F369E1444D0A377DF9
Authority key identifier: 39:CE:F2:E2:DF:5B:4A:DA:21:E4:73:6B:00:B7:EB:89:E4:D3:EB:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oc7y4t9bStoh5HNrALfrieTT6zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/MHGfCWJvTXEDw6KBFiCLSOGFZoU.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        91.226.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/Oc7y4t9bStoh5HNrALfrieTT6zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/Oc7y4t9bStoh5HNrALfrieTT6zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oc7y4t9bStoh5HNrALfrieTT6zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:22:a5:1a:4f:44:f3:69:e1:44:4d:0a:37:7d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39cef2e2df5b4ada21e4736b00b7eb89e4d3eb39
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30719f09626f4d7103c3a28116208b48e1856685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f0:f8:c9:cb:2b:7e:a3:47:a9:89:5c:7c:ca:
                    3d:e4:96:9a:78:83:90:cc:fd:e6:3f:f0:e0:c9:36:
                    4d:47:69:a9:9b:7f:08:4b:dc:81:1a:19:3d:5f:05:
                    15:be:39:aa:fd:d9:58:48:0d:09:cf:a0:5b:38:66:
                    4f:58:f3:30:cd:77:5a:a5:6c:b4:1b:5e:9f:97:e4:
                    a2:24:c5:04:9f:b5:ad:fb:3e:de:b6:7a:2a:34:50:
                    71:45:02:1a:bf:a2:f4:13:8e:9b:23:44:ce:3c:6d:
                    01:46:40:d8:c1:33:52:fc:c1:42:0a:da:7f:65:9f:
                    3e:08:1f:76:ae:69:05:18:7d:f8:ab:ff:2f:f2:ad:
                    3c:65:b6:18:c9:7c:b3:2a:2e:c4:0f:9b:f0:c8:b0:
                    8a:f9:79:94:68:05:fe:10:b2:10:f5:5d:c5:24:08:
                    83:03:a0:ea:7b:75:d4:77:f1:85:75:31:1b:14:61:
                    3e:3a:9a:94:85:ec:e2:95:e8:e2:11:a9:95:bc:b6:
                    f6:17:bd:86:fd:34:4e:2d:68:03:82:d6:d6:e9:c6:
                    f2:d5:8e:6e:e0:ba:70:5a:1b:bc:c3:36:b4:cc:f6:
                    5a:77:32:6e:ec:0f:e9:01:4b:17:a3:7f:92:63:eb:
                    f7:bd:df:95:f2:fa:98:94:a9:c7:2c:6a:b6:b0:82:
                    bd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:71:9F:09:62:6F:4D:71:03:C3:A2:81:16:20:8B:48:E1:85:66:85
            X509v3 Authority Key Identifier:
                keyid:39:CE:F2:E2:DF:5B:4A:DA:21:E4:73:6B:00:B7:EB:89:E4:D3:EB:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oc7y4t9bStoh5HNrALfrieTT6zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/MHGfCWJvTXEDw6KBFiCLSOGFZoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4b1b49-bb7a-4a6e-ba9c-f224de60b49b/1/Oc7y4t9bStoh5HNrALfrieTT6zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:b6:a7:6f:fa:65:ba:18:a6:a8:2a:17:94:f4:12:c3:8e:55:
         0e:78:ab:50:47:f2:99:14:ba:46:f6:c6:6d:a2:3a:58:de:97:
         bd:a0:97:3f:2a:8e:d9:e1:09:6f:99:33:e1:08:d2:f6:e8:ae:
         28:37:2f:d1:81:df:f8:e5:c2:86:b1:8a:f0:eb:aa:c0:7b:f8:
         52:95:eb:a9:18:97:b3:32:1e:19:0d:2d:2a:6d:ba:b0:7b:68:
         0c:f4:e2:9e:b8:e3:84:c1:fb:69:8d:d5:4a:39:4d:3c:65:94:
         d8:22:6f:a8:f1:05:93:6b:7c:2a:82:5e:0e:40:e6:e8:b8:70:
         b1:57:b1:af:c9:42:2d:b6:6d:5d:9f:a3:5e:c5:c0:93:d9:59:
         58:0c:a3:53:43:7e:cb:48:48:d4:7b:dc:72:3a:ce:77:9d:e8:
         7a:fe:d2:01:83:7c:b6:04:d4:0b:02:c0:3a:7a:e6:60:a8:2b:
         88:2f:00:71:d0:77:32:86:76:98:34:c6:c4:c1:79:23:0f:f4:
         23:a1:2c:81:69:6e:49:ab:88:2e:08:30:51:66:f4:5a:ff:10:
         17:ac:21:e9:fa:30:5b:90:3b:85:23:3e:61:a6:7c:e0:28:2e:
         88:d7:7d:5e:c1:92:e9:90:5f:f6:34:9a:ee:c4:b5:a5:bb:d9:
         de:43:4d:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyKlGk9E82nhRE0KN335MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2VmMmUyZGY1YjRhZGEyMWU0NzM2YjAwYjdlYjg5ZTRk
M2ViMzkwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDcxOWYwOTYyNmY0ZDcxMDNjM2EyODExNjIwOGI0OGUxODU2Njg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvD4ycsrfqNHqYlcfMo95JaaeIOQ
zP3mP/DgyTZNR2mpm38IS9yBGhk9XwUVvjmq/dlYSA0Jz6BbOGZPWPMwzXdapWy0
G16fl+SiJMUEn7Wt+z7etnoqNFBxRQIav6L0E46bI0TOPG0BRkDYwTNS/MFCCtp/
ZZ8+CB92rmkFGH34q/8v8q08ZbYYyXyzKi7ED5vwyLCK+XmUaAX+ELIQ9V3FJAiD
A6Dqe3XUd/GFdTEbFGE+OpqUhezilejiEamVvLb2F72G/TROLWgDgtbW6cby1Y5u
4LpwWhu8wza0zPZadzJu7A/pAUsXo3+SY+v3vd+V8vqYlKnHLGq2sIK9HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBxnwlib01xA8OigRYgi0jhhWaFMB8GA1UdIwQY
MBaAFDnO8uLfW0raIeRzawC364nk0+s5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2M3eTR0OWJTdG9oNUhOckFMZnJpZVRUNnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS80YjFiNDktYmI3YS00YTZlLWJhOWMt
ZjIyNGRlNjBiNDliLzEvTUhHZkNXSnZUWEVEdzZLQkZpQ0xTT0dGWm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS80YjFiNDktYmI3YS00YTZlLWJhOWMtZjIyNGRlNjBiNDli
LzEvT2M3eTR0OWJTdG9oNUhOckFMZnJpZVRUNnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+K2MA0G
CSqGSIb3DQEBCwUAA4IBAQAAtqdv+mW6GKaoKheU9BLDjlUOeKtQR/KZFLpG9sZt
ojpY3pe9oJc/Ko7Z4QlvmTPhCNL26K4oNy/Rgd/45cKGsYrw66rAe/hSleupGJez
Mh4ZDS0qbbqwe2gM9OKeuOOEwftpjdVKOU08ZZTYIm+o8QWTa3wqgl4OQObouHCx
V7GvyUIttm1dn6NexcCT2VlYDKNTQ37LSEjUe9xyOs53neh6/tIBg3y2BNQLAsA6
euZgqCuILwBx0HcyhnaYNMbEwXkjD/QjoSyBaW5Jq4guCDBRZvRa/xAXrCHp+jBb
kDuFIz5hpnzgKC6I131ewZLpkF/2NJruxLWlu9neQ03P
-----END CERTIFICATE-----