Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/913089-8986-42a6-881e-2e0eb4f46fa4/1/MfPQ-BjwLMfWFITDXA0Px_bCGz4.roa
File:                     MfPQ-BjwLMfWFITDXA0Px_bCGz4.roa (raw, json)
Hash identifier:          Yv5uQzFQd7ZuIeljFghDlTOYLi/Q4Mx16y2099C3OgE=
Subject key identifier:   31:F3:D0:F8:18:F0:2C:C7:D6:14:84:C3:5C:0D:0F:C7:F6:C2:1B:3E
Certificate issuer:       /CN=08d2bc3e397289ce9c3aa02e156e20c03d4d7342
Certificate serial:       01904A90FDA1F72578374C1591970FA7420D
Authority key identifier: 08:D2:BC:3E:39:72:89:CE:9C:3A:A0:2E:15:6E:20:C0:3D:4D:73:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNK8Pjlyic6cOqAuFW4gwD1Nc0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/913089-8986-42a6-881e-2e0eb4f46fa4/1/MfPQ-BjwLMfWFITDXA0Px_bCGz4.roa
Signing time:             Mon 24 Jun 2024 14:05:34 +0000
ROA not before:           Mon 24 Jun 2024 14:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.69.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/913089-8986-42a6-881e-2e0eb4f46fa4/1/CNK8Pjlyic6cOqAuFW4gwD1Nc0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/913089-8986-42a6-881e-2e0eb4f46fa4/1/CNK8Pjlyic6cOqAuFW4gwD1Nc0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNK8Pjlyic6cOqAuFW4gwD1Nc0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:90:fd:a1:f7:25:78:37:4c:15:91:97:0f:a7:42:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d2bc3e397289ce9c3aa02e156e20c03d4d7342
        Validity
            Not Before: Jun 24 14:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31f3d0f818f02cc7d61484c35c0d0fc7f6c21b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5d:11:ec:2b:bf:28:90:71:d8:a9:95:4b:1a:
                    f7:07:1d:4b:3b:a0:22:04:1e:19:ad:3e:19:fb:bf:
                    6b:cf:b0:b3:b4:87:4b:1b:98:04:be:bf:fc:11:5a:
                    a8:b1:22:d3:41:18:62:df:c7:b7:5b:b6:03:45:62:
                    fd:67:a2:65:77:27:ff:01:f7:57:d1:37:58:9c:a1:
                    6a:56:94:dc:62:79:20:18:e0:38:b4:2c:0d:05:d0:
                    78:22:65:9c:c0:ac:58:07:13:27:fc:50:f9:bb:f2:
                    dd:c1:f5:2e:a0:1a:f8:4f:fb:c2:3e:28:1b:9a:c2:
                    17:59:5d:0c:a5:80:53:da:7c:6b:19:f6:c3:12:be:
                    a8:4d:ce:31:31:c1:08:bd:22:dc:5d:62:4f:e2:4d:
                    13:da:64:94:b7:80:9a:bd:47:ba:28:b8:63:ec:ca:
                    67:ee:ad:6f:84:6f:87:ce:53:dc:53:23:51:04:9e:
                    17:11:a3:e5:fb:a8:7a:4c:55:cd:fc:0a:bb:f4:05:
                    67:a2:28:6d:6c:e4:b1:fd:93:4a:33:88:d9:42:05:
                    97:bd:ea:73:5c:6d:fa:31:ba:65:34:32:12:2f:12:
                    c6:63:0c:5b:eb:21:0f:82:c3:9e:46:c2:39:9f:10:
                    68:93:88:aa:08:d6:c8:77:d3:b5:55:be:2d:a9:03:
                    39:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F3:D0:F8:18:F0:2C:C7:D6:14:84:C3:5C:0D:0F:C7:F6:C2:1B:3E
            X509v3 Authority Key Identifier:
                keyid:08:D2:BC:3E:39:72:89:CE:9C:3A:A0:2E:15:6E:20:C0:3D:4D:73:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNK8Pjlyic6cOqAuFW4gwD1Nc0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/913089-8986-42a6-881e-2e0eb4f46fa4/1/MfPQ-BjwLMfWFITDXA0Px_bCGz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/913089-8986-42a6-881e-2e0eb4f46fa4/1/CNK8Pjlyic6cOqAuFW4gwD1Nc0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:38:f1:ba:4b:2b:ae:90:0c:da:83:53:8e:cf:cd:1c:47:ce:
         f0:dd:55:3c:67:53:a3:73:33:82:4c:dd:57:50:0d:5f:94:64:
         7d:b9:3a:ae:40:a8:ac:60:e4:fe:20:b0:0a:f5:8f:8d:db:d5:
         33:a6:8b:da:5e:4c:11:64:15:ab:c6:7c:f5:cf:19:86:56:08:
         cc:74:fb:16:32:3a:87:bd:b9:5f:13:d4:13:4d:3c:54:04:0f:
         30:be:c0:a7:42:79:fb:c1:0c:c5:06:1d:1a:c7:ab:57:39:4d:
         40:aa:f3:18:fa:44:3c:90:a1:f5:de:f9:51:3b:fe:22:08:db:
         5c:e5:6c:78:1c:7b:17:14:43:f7:a3:c0:cc:21:3a:70:e5:d0:
         3e:14:45:e6:be:bb:89:f0:1a:81:73:69:8c:dc:8c:9b:17:21:
         06:93:d1:81:49:63:e6:b4:19:7c:16:44:f4:9e:ad:ec:62:8d:
         c3:7c:a9:a2:fd:1c:5e:8f:e8:3c:fb:9c:8c:d0:e0:51:21:cb:
         7a:10:85:2a:57:81:75:8f:a4:51:f7:17:09:96:24:7a:48:0a:
         84:72:f0:b7:c8:da:51:f0:f9:17:30:c6:d9:34:0a:f7:c7:e3:
         e5:e1:89:c8:4d:f0:8a:87:69:bf:ff:5c:f4:97:0c:ba:dc:db:
         3a:43:ee:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBKkP2h9yV4N0wVkZcPp0INMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDJiYzNlMzk3Mjg5Y2U5YzNhYTAyZTE1NmUyMGMwM2Q0
ZDczNDIwHhcNMjQwNjI0MTQwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWYzZDBmODE4ZjAyY2M3ZDYxNDg0YzM1YzBkMGZjN2Y2YzIxYjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxF0R7Cu/KJBx2KmVSxr3Bx1LO6Ai
BB4ZrT4Z+79rz7CztIdLG5gEvr/8EVqosSLTQRhi38e3W7YDRWL9Z6Jldyf/AfdX
0TdYnKFqVpTcYnkgGOA4tCwNBdB4ImWcwKxYBxMn/FD5u/LdwfUuoBr4T/vCPigb
msIXWV0MpYBT2nxrGfbDEr6oTc4xMcEIvSLcXWJP4k0T2mSUt4CavUe6KLhj7Mpn
7q1vhG+HzlPcUyNRBJ4XEaPl+6h6TFXN/Aq79AVnoihtbOSx/ZNKM4jZQgWXvepz
XG36MbplNDISLxLGYwxb6yEPgsOeRsI5nxBok4iqCNbId9O1Vb4tqQM5eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHz0PgY8CzH1hSEw1wND8f2whs+MB8GA1UdIwQY
MBaAFAjSvD45conOnDqgLhVuIMA9TXNCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05LOFBqbHlpYzZjT3FBdUZXNGd3RDFOYzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS85MTMwODktODk4Ni00MmE2LTg4MWUt
MmUwZWI0ZjQ2ZmE0LzEvTWZQUS1CandMTWZXRklURFhBMFB4X2JDR3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS85MTMwODktODk4Ni00MmE2LTg4MWUtMmUwZWI0ZjQ2ZmE0
LzEvQ05LOFBqbHlpYzZjT3FBdUZXNGd3RDFOYzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0WjMA0G
CSqGSIb3DQEBCwUAA4IBAQAVOPG6SyuukAzag1OOz80cR87w3VU8Z1OjczOCTN1X
UA1flGR9uTquQKisYOT+ILAK9Y+N29UzpovaXkwRZBWrxnz1zxmGVgjMdPsWMjqH
vblfE9QTTTxUBA8wvsCnQnn7wQzFBh0ax6tXOU1AqvMY+kQ8kKH13vlRO/4iCNtc
5Wx4HHsXFEP3o8DMITpw5dA+FEXmvruJ8BqBc2mM3IybFyEGk9GBSWPmtBl8FkT0
nq3sYo3DfKmi/Rxej+g8+5yM0OBRIct6EIUqV4F1j6RR9xcJliR6SAqEcvC3yNpR
8PkXMMbZNAr3x+Pl4YnITfCKh2m//1z0lwy63Ns6Q+7R
-----END CERTIFICATE-----