Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/MKYUTwexbxp7Q3QwH3nFWg5Gt9c.roa
File:                     MKYUTwexbxp7Q3QwH3nFWg5Gt9c.roa (raw, json)
Hash identifier:          t5gUVQnT4ZiwtXHUxVlZeQ0YqvstAR/st4LuKOpMI38=
Subject key identifier:   30:A6:14:4F:07:B1:6F:1A:7B:43:74:30:1F:79:C5:5A:0E:46:B7:D7
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC9D4CD14ECE633011D5A3B4F3B01B
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/MKYUTwexbxp7Q3QwH3nFWg5Gt9c.roa
Signing time:             Mon 01 Jan 2024 16:30:18 +0000
ROA not before:           Mon 01 Jan 2024 16:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203363
IP address blocks:        109.205.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9d:4c:d1:4e:ce:63:30:11:d5:a3:b4:f3:b0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30a6144f07b16f1a7b4374301f79c55a0e46b7d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ed:d4:e6:2c:76:7a:98:b0:0b:a6:c9:a2:77:
                    a3:5c:14:ee:50:e7:16:5f:e8:5b:b8:68:2e:55:a0:
                    e1:3a:88:41:fd:e4:dc:55:16:f1:17:83:94:9c:97:
                    f3:0d:2b:d7:f6:4b:38:06:19:68:72:1d:60:27:0d:
                    f9:a8:0c:df:f8:98:6d:a3:b5:8f:f3:35:1d:4f:dd:
                    e2:1a:99:00:24:8c:9c:65:d0:12:f1:c6:ad:de:a8:
                    b4:8d:11:7f:55:e4:ad:0d:07:5c:c2:75:04:24:81:
                    a8:7e:82:c6:60:fd:4e:9e:ed:e8:6c:38:5e:2c:27:
                    c0:4c:26:da:82:64:5f:68:b6:9b:b3:22:57:ad:1c:
                    3a:17:46:da:10:8a:8d:77:9c:99:22:b4:0f:41:01:
                    0f:30:56:f6:47:e8:38:18:03:b4:32:1e:82:7e:79:
                    c8:ed:cb:40:18:76:1e:72:6e:7e:32:bf:76:8e:28:
                    d6:e3:0d:0c:39:fd:34:f7:be:30:4a:ce:27:0d:43:
                    30:cf:92:14:6b:45:67:d8:cf:81:60:f0:52:36:c2:
                    93:bb:85:e2:be:80:04:d8:4c:ef:47:1c:62:3f:9a:
                    bd:0e:c5:56:d2:57:dc:f7:28:3e:2e:d7:c8:a6:ec:
                    bb:38:98:27:09:0f:6e:a7:a7:6c:1d:d7:35:dc:84:
                    9c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A6:14:4F:07:B1:6F:1A:7B:43:74:30:1F:79:C5:5A:0E:46:B7:D7
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/MKYUTwexbxp7Q3QwH3nFWg5Gt9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:b1:45:18:12:41:10:cb:6b:b5:3b:83:37:56:37:de:69:e7:
         b5:bf:4e:0e:ca:0d:16:c1:04:72:d6:4f:f8:95:d8:2a:54:ca:
         5c:29:59:64:6a:e1:61:eb:f7:80:07:aa:0c:ff:d1:84:6b:2c:
         99:34:3d:07:68:0c:34:b3:7b:03:e7:41:e4:b6:35:3d:47:4e:
         c5:cc:17:39:82:3b:bd:f9:e2:20:36:b4:f9:d9:37:52:4c:30:
         65:ad:9a:2a:89:80:c7:b7:67:64:30:be:cc:09:7b:64:cf:c1:
         eb:bc:9f:e1:16:60:c0:60:6c:ab:d2:63:b6:33:bb:ba:a9:77:
         69:2f:aa:f0:a4:38:a9:8d:c1:34:15:af:6e:ab:5c:ae:0d:cf:
         21:49:c8:d1:a2:5d:93:b4:bc:93:8a:2f:50:7b:79:c6:1a:bb:
         17:6f:cd:49:a2:37:d3:a5:7c:9b:5b:f6:b0:f7:dc:14:46:fd:
         a8:75:02:3f:b6:2a:03:39:68:8a:99:35:44:40:d5:0d:85:c8:
         67:2d:1d:ca:4c:41:6b:47:7e:0d:dc:4a:ac:69:da:ee:3e:a0:
         dd:96:f1:ae:63:b4:ce:90:2d:42:0a:29:91:25:a9:68:0e:b8:
         a9:f1:0a:ee:19:ca:fe:ad:fd:ee:40:7b:1d:48:f6:2e:e4:8e:
         c6:7c:e1:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3J1M0U7OYzAR1aO087AbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGE2MTQ0ZjA3YjE2ZjFhN2I0Mzc0MzAxZjc5YzU1YTBlNDZiN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu3U5ix2epiwC6bJonejXBTuUOcW
X+hbuGguVaDhOohB/eTcVRbxF4OUnJfzDSvX9ks4Bhloch1gJw35qAzf+Jhto7WP
8zUdT93iGpkAJIycZdAS8cat3qi0jRF/VeStDQdcwnUEJIGofoLGYP1Onu3obDhe
LCfATCbagmRfaLabsyJXrRw6F0baEIqNd5yZIrQPQQEPMFb2R+g4GAO0Mh6CfnnI
7ctAGHYecm5+Mr92jijW4w0MOf00974wSs4nDUMwz5IUa0Vn2M+BYPBSNsKTu4Xi
voAE2EzvRxxiP5q9DsVW0lfc9yg+LtfIpuy7OJgnCQ9up6dsHdc13IScywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCmFE8HsW8ae0N0MB95xVoORrfXMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvTUtZVVR3ZXhieHA3UTNRd0gzbkZXZzVHdDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc3WMA0G
CSqGSIb3DQEBCwUAA4IBAQC5sUUYEkEQy2u1O4M3Vjfeaee1v04Oyg0WwQRy1k/4
ldgqVMpcKVlkauFh6/eAB6oM/9GEayyZND0HaAw0s3sD50HktjU9R07FzBc5gju9
+eIgNrT52TdSTDBlrZoqiYDHt2dkML7MCXtkz8HrvJ/hFmDAYGyr0mO2M7u6qXdp
L6rwpDipjcE0Fa9uq1yuDc8hScjRol2TtLyTii9Qe3nGGrsXb81JojfTpXybW/aw
99wURv2odQI/tioDOWiKmTVEQNUNhchnLR3KTEFrR34N3EqsadruPqDdlvGuY7TO
kC1CCimRJaloDrip8QruGcr+rf3uQHsdSPYu5I7GfOEp
-----END CERTIFICATE-----