Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/MCBKRsMIeqcv1WLNJrTFuR6A8K4.roa
File:                     MCBKRsMIeqcv1WLNJrTFuR6A8K4.roa (raw, json)
Hash identifier:          I4whOU+JxO/bm4Ii0Ggb5iPi2NBGG9ds38dYbhR+tQo=
Subject key identifier:   30:20:4A:46:C3:08:7A:A7:2F:D5:62:CD:26:B4:C5:B9:1E:80:F0:AE
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192724E601A5680042F49727B5B29E5C0E6
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/MCBKRsMIeqcv1WLNJrTFuR6A8K4.roa
Signing time:             Wed 09 Oct 2024 17:23:11 +0000
ROA not before:           Wed 09 Oct 2024 17:23:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        194.36.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:72:4e:60:1a:56:80:04:2f:49:72:7b:5b:29:e5:c0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct  9 17:23:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30204a46c3087aa72fd562cd26b4c5b91e80f0ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:49:35:47:cc:d0:43:83:4f:ce:10:d7:00:7a:
                    d4:69:1f:19:96:48:c3:b2:36:1e:0e:4f:d2:12:96:
                    43:6e:f1:d6:7a:8e:4e:e1:8a:66:c6:8f:93:95:3c:
                    c5:3c:99:a6:08:49:38:19:60:35:de:0e:c7:94:7f:
                    62:5b:fa:5b:e4:04:24:60:63:1d:65:fa:1a:25:b2:
                    fe:9b:9c:db:ec:96:05:4c:81:21:9b:91:c5:24:59:
                    38:59:92:2c:90:7c:41:b9:46:06:a4:2f:19:d5:78:
                    dd:07:0e:53:86:12:e5:63:36:e3:6c:3a:64:e3:95:
                    7e:4e:b7:d7:f7:53:cb:5a:a8:80:0e:5a:e5:e0:3c:
                    8d:d3:3c:6c:68:81:41:36:21:33:cc:35:e5:7a:8b:
                    94:e0:66:4d:2c:f4:30:8c:50:28:fc:01:4e:ec:69:
                    4f:d3:44:ed:c0:14:19:83:b1:91:8f:a8:a4:38:bc:
                    81:af:ca:70:ec:1c:66:9e:ba:92:eb:7e:ba:61:59:
                    c5:9a:0b:96:2f:f0:a2:87:ee:88:48:90:6a:49:68:
                    58:bc:e4:f6:f2:f2:dc:c3:98:01:b9:ee:95:cd:d0:
                    23:5e:b5:63:63:9d:be:a0:d6:d3:b0:a8:43:d4:b4:
                    ef:ca:91:27:ef:ec:ef:8e:79:78:16:c0:77:56:a8:
                    f4:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:20:4A:46:C3:08:7A:A7:2F:D5:62:CD:26:B4:C5:B9:1E:80:F0:AE
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/MCBKRsMIeqcv1WLNJrTFuR6A8K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:b4:85:d4:a2:fd:a8:49:84:0d:69:0b:d5:4c:b1:91:f5:36:
         f2:fe:13:45:f9:d0:03:ac:62:cf:bc:c4:6b:50:a3:a0:f2:20:
         a9:ae:b9:f5:75:09:43:80:bb:50:84:a4:22:4d:9e:60:52:62:
         af:4a:f1:66:68:e2:06:47:ff:72:57:50:78:7f:04:3e:96:b0:
         94:4e:3b:e9:36:9b:5d:1e:aa:44:1d:ce:b5:c9:83:d2:f8:04:
         48:5b:e0:53:b2:88:b9:a8:7b:b7:4a:c5:70:01:e5:63:7a:77:
         4c:c8:51:cb:7f:ae:3d:ed:15:e2:35:95:c4:9d:b3:f4:df:3d:
         e8:02:b4:8b:98:a0:86:83:0b:a9:c4:1d:f9:65:16:2c:04:33:
         80:a8:16:37:24:c2:0e:65:e4:5a:6b:69:82:9d:3d:d1:8a:cf:
         8b:e7:ae:57:ba:dc:e3:86:e0:33:1f:1d:39:a0:56:6e:45:22:
         ad:78:f9:8b:ef:39:ec:53:b6:be:07:80:0b:ee:0d:5c:da:e0:
         9c:31:b5:a4:58:bc:4e:27:2e:9c:54:eb:96:c2:b2:75:01:dc:
         04:68:d2:92:d5:57:2f:39:37:48:0c:c9:b6:e4:c7:03:d3:21:
         f9:13:0b:55:25:0b:9b:88:72:95:44:e3:54:75:79:4c:93:18:
         08:bb:7e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJyTmAaVoAEL0lye1sp5cDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDA5MTcyMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDIwNGE0NmMzMDg3YWE3MmZkNTYyY2QyNmI0YzViOTFlODBmMGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUk1R8zQQ4NPzhDXAHrUaR8ZlkjD
sjYeDk/SEpZDbvHWeo5O4Ypmxo+TlTzFPJmmCEk4GWA13g7HlH9iW/pb5AQkYGMd
ZfoaJbL+m5zb7JYFTIEhm5HFJFk4WZIskHxBuUYGpC8Z1XjdBw5ThhLlYzbjbDpk
45V+TrfX91PLWqiADlrl4DyN0zxsaIFBNiEzzDXleouU4GZNLPQwjFAo/AFO7GlP
00TtwBQZg7GRj6ikOLyBr8pw7BxmnrqS6366YVnFmguWL/Cih+6ISJBqSWhYvOT2
8vLcw5gBue6VzdAjXrVjY52+oNbTsKhD1LTvypEn7+zvjnl4FsB3Vqj0xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAgSkbDCHqnL9VizSa0xbkegPCuMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvTUNCS1JzTUllcWN2MVdMTkpyVEZ1UjZBOEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiQiMA0G
CSqGSIb3DQEBCwUAA4IBAQDHtIXUov2oSYQNaQvVTLGR9Tby/hNF+dADrGLPvMRr
UKOg8iCprrn1dQlDgLtQhKQiTZ5gUmKvSvFmaOIGR/9yV1B4fwQ+lrCUTjvpNptd
HqpEHc61yYPS+ARIW+BTsoi5qHu3SsVwAeVjendMyFHLf6497RXiNZXEnbP03z3o
ArSLmKCGgwupxB35ZRYsBDOAqBY3JMIOZeRaa2mCnT3Ris+L565XutzjhuAzHx05
oFZuRSKtePmL7znsU7a+B4AL7g1c2uCcMbWkWLxOJy6cVOuWwrJ1AdwEaNKS1Vcv
OTdIDMm25McD0yH5EwtVJQubiHKVRONUdXlMkxgIu34D
-----END CERTIFICATE-----