Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/MdJL5fDxVswlTt6-22Gv0Xa0PCQ.roa
File:                     MdJL5fDxVswlTt6-22Gv0Xa0PCQ.roa (raw, json)
Hash identifier:          Q09uRS+Xxnx7xbNQCQdySWA0mcN91LrG6nGhxBJkkYI=
Subject key identifier:   31:D2:4B:E5:F0:F1:56:CC:25:4E:DE:BE:DB:61:AF:D1:76:B4:3C:24
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC9A21B60779AD27F06CB2BD02467F
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/MdJL5fDxVswlTt6-22Gv0Xa0PCQ.roa
Signing time:             Mon 01 Jan 2024 16:30:18 +0000
ROA not before:           Mon 01 Jan 2024 16:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        88.151.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9a:21:b6:07:79:ad:27:f0:6c:b2:bd:02:46:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31d24be5f0f156cc254edebedb61afd176b43c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f3:ff:cc:fc:8a:a7:46:ca:08:f8:a9:58:d7:
                    b4:42:02:39:b0:42:0a:5c:a5:c9:ae:39:02:72:4b:
                    8a:bd:2b:d9:a4:24:d6:c6:14:ba:a7:ee:16:7d:8f:
                    b1:27:c6:b7:57:6a:c2:44:0d:cb:fa:7d:d7:35:48:
                    f9:42:ac:18:21:72:aa:04:81:21:0b:d3:bb:1e:85:
                    ee:82:1c:43:3a:b8:ae:5a:53:0f:a2:e8:30:58:17:
                    d1:ad:39:95:93:7c:83:ca:99:37:c0:a4:76:58:b9:
                    e8:45:a0:90:1d:4f:d0:ce:2f:f9:be:e4:f4:2a:8c:
                    50:ff:55:2f:30:2f:7a:89:c7:76:be:1d:97:0c:60:
                    2d:c2:c0:36:14:c9:ee:bc:9c:50:82:da:67:cc:52:
                    c8:74:66:9d:06:3e:5f:a3:cd:cf:4b:52:59:c1:38:
                    0c:64:c9:90:ad:3f:e1:4a:ad:9e:73:c9:23:60:73:
                    d8:47:7b:a2:6f:a6:1a:30:c3:b5:d9:7c:c3:ad:d5:
                    48:24:0d:b6:17:76:01:3c:ab:9a:1d:cd:01:96:e1:
                    ab:29:b0:10:8a:45:36:fd:71:76:f0:4c:e4:fe:2b:
                    8a:e6:a0:44:7d:89:6e:72:8c:c4:cd:60:80:5d:33:
                    1d:6f:02:c5:d9:2d:82:34:77:4d:9d:b7:02:55:06:
                    30:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D2:4B:E5:F0:F1:56:CC:25:4E:DE:BE:DB:61:AF:D1:76:B4:3C:24
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/MdJL5fDxVswlTt6-22Gv0Xa0PCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:62:15:ab:bb:d1:e7:73:1f:52:0f:e2:8a:06:50:64:0c:76:
         be:bb:69:a2:bc:1d:e4:bb:1e:2e:4c:2b:cb:51:bc:32:49:5b:
         81:85:e5:b8:f3:2a:86:39:bc:9f:02:12:4c:9d:36:f0:1b:34:
         3f:15:b1:70:de:83:7b:34:6c:e8:bf:6c:3e:71:6c:11:f1:c7:
         bd:24:2c:e8:19:8f:5a:af:b7:6d:51:6f:6e:63:c3:6d:31:a0:
         d7:01:7f:11:5f:b1:1d:aa:23:c0:cb:03:24:47:19:81:24:66:
         6c:4d:f2:ac:e5:5f:7d:a3:93:af:d6:dd:93:b7:ae:20:57:7f:
         a9:50:76:99:2a:9b:29:43:8a:5f:4b:41:1a:36:aa:dd:a5:de:
         4d:b7:4c:8f:9a:dd:b3:10:38:0e:b2:5b:fb:fb:f2:63:c7:30:
         51:01:44:1e:9b:07:cc:e5:72:04:8a:53:bc:80:0d:62:90:32:
         a3:71:3f:85:e0:a4:98:1c:35:a8:76:ed:c4:ea:66:1c:ad:f5:
         09:5d:f1:7e:d0:17:cf:91:a2:6e:e6:94:01:d2:d5:68:27:56:
         3d:73:3f:18:fa:7a:36:9d:93:73:6d:bd:f4:97:3d:4e:33:b7:
         2e:e7:cc:26:13:3d:23:2e:b3:f7:54:8d:cc:24:0c:88:3a:60:
         62:70:21:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Johtgd5rSfwbLK9AkZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQyNGJlNWYwZjE1NmNjMjU0ZWRlYmVkYjYxYWZkMTc2YjQzYzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvP/zPyKp0bKCPipWNe0QgI5sEIK
XKXJrjkCckuKvSvZpCTWxhS6p+4WfY+xJ8a3V2rCRA3L+n3XNUj5QqwYIXKqBIEh
C9O7HoXughxDOriuWlMPougwWBfRrTmVk3yDypk3wKR2WLnoRaCQHU/Qzi/5vuT0
KoxQ/1UvMC96icd2vh2XDGAtwsA2FMnuvJxQgtpnzFLIdGadBj5fo83PS1JZwTgM
ZMmQrT/hSq2ec8kjYHPYR3uib6YaMMO12XzDrdVIJA22F3YBPKuaHc0BluGrKbAQ
ikU2/XF28Ezk/iuK5qBEfYlucozEzWCAXTMdbwLF2S2CNHdNnbcCVQYw0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHSS+Xw8VbMJU7evtthr9F2tDwkMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvTWRKTDVmRHhWc3dsVHQ2LTIyR3YwWGEwUENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfCMA0G
CSqGSIb3DQEBCwUAA4IBAQDeYhWru9Hncx9SD+KKBlBkDHa+u2mivB3kux4uTCvL
UbwySVuBheW48yqGObyfAhJMnTbwGzQ/FbFw3oN7NGzov2w+cWwR8ce9JCzoGY9a
r7dtUW9uY8NtMaDXAX8RX7EdqiPAywMkRxmBJGZsTfKs5V99o5Ov1t2Tt64gV3+p
UHaZKpspQ4pfS0EaNqrdpd5Nt0yPmt2zEDgOslv7+/JjxzBRAUQemwfM5XIEilO8
gA1ikDKjcT+F4KSYHDWodu3E6mYcrfUJXfF+0BfPkaJu5pQB0tVoJ1Y9cz8Y+no2
nZNzbb30lz1OM7cu58wmEz0jLrP3VI3MJAyIOmBicCGM
-----END CERTIFICATE-----