Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/MkFgJDfStdKIQ5DNMFjY5e0Z05A.roa
File:                     MkFgJDfStdKIQ5DNMFjY5e0Z05A.roa (raw, json)
Hash identifier:          WMztQKnWXLR9khTXAb0meJ7ILrr6yZn87tncMBmBFy0=
Subject key identifier:   32:41:60:24:37:D2:B5:D2:88:43:90:CD:30:58:D8:E5:ED:19:D3:90
Certificate issuer:       /CN=cc5b21353f92cbdbf3b7d2513b9a465ac53b2d39
Certificate serial:       018DF502A724D4E9AD12A343AA3748CF124F
Authority key identifier: CC:5B:21:35:3F:92:CB:DB:F3:B7:D2:51:3B:9A:46:5A:C5:3B:2D:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zFshNT-Sy9vzt9JRO5pGWsU7LTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/MkFgJDfStdKIQ5DNMFjY5e0Z05A.roa
Signing time:             Thu 29 Feb 2024 13:16:48 +0000
ROA not before:           Thu 29 Feb 2024 13:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56559
IP address blocks:        151.1.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/zFshNT-Sy9vzt9JRO5pGWsU7LTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/zFshNT-Sy9vzt9JRO5pGWsU7LTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zFshNT-Sy9vzt9JRO5pGWsU7LTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:02:a7:24:d4:e9:ad:12:a3:43:aa:37:48:cf:12:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc5b21353f92cbdbf3b7d2513b9a465ac53b2d39
        Validity
            Not Before: Feb 29 13:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3241602437d2b5d2884390cd3058d8e5ed19d390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d1:32:ea:37:0f:61:bd:dd:94:6d:07:c4:42:
                    3c:35:1f:d9:48:02:1e:db:4c:d7:45:4a:3a:29:93:
                    f6:b9:a0:7c:36:dc:83:34:d0:65:79:08:03:54:99:
                    02:74:87:9e:e3:05:c5:a2:41:bf:3f:31:01:76:a0:
                    91:08:5e:80:67:eb:78:f2:83:4a:92:e9:aa:12:d0:
                    d0:80:3f:92:45:d2:61:21:40:aa:f3:3e:05:f8:43:
                    f9:68:4a:04:36:eb:3f:e4:5c:8c:bc:97:e8:b3:fc:
                    68:fe:fc:f9:0f:4c:bb:51:0f:2f:59:0e:6c:bb:34:
                    bc:27:17:56:b7:96:28:e2:f4:37:ee:04:3c:5f:22:
                    a5:b6:a0:15:6f:0b:9d:58:2a:da:2d:a7:b9:30:55:
                    4e:3c:20:fa:f3:7e:2f:f6:1f:18:5a:22:38:c8:10:
                    ad:ac:10:ba:37:f8:fd:1a:29:a5:70:c8:e9:4e:9c:
                    df:eb:98:3e:90:79:19:3a:28:e0:9d:27:c5:02:5a:
                    0d:35:96:08:e2:80:0d:0a:33:c3:7a:18:99:ae:28:
                    11:ab:4f:02:4a:c5:93:8b:05:9d:85:04:fa:98:bb:
                    e8:0a:32:40:21:a8:bc:7c:26:e6:7d:63:80:63:42:
                    a7:da:97:cd:2a:71:31:28:fe:31:75:79:8c:92:42:
                    50:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:41:60:24:37:D2:B5:D2:88:43:90:CD:30:58:D8:E5:ED:19:D3:90
            X509v3 Authority Key Identifier:
                keyid:CC:5B:21:35:3F:92:CB:DB:F3:B7:D2:51:3B:9A:46:5A:C5:3B:2D:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zFshNT-Sy9vzt9JRO5pGWsU7LTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/MkFgJDfStdKIQ5DNMFjY5e0Z05A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/zFshNT-Sy9vzt9JRO5pGWsU7LTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.1.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:4b:e5:a8:c4:a0:bd:f5:8c:a0:47:76:f2:44:45:54:45:9d:
         3e:99:90:59:3c:fd:ad:bb:ff:88:a4:2e:8f:ca:d0:b5:e8:21:
         92:e7:ec:de:11:93:d6:d6:01:92:72:26:1f:7f:c7:59:6c:11:
         19:8e:f2:e3:1c:49:54:1e:06:6c:53:5b:ac:98:a8:b1:7e:1d:
         31:0c:f1:61:66:77:61:94:e4:c4:75:bd:41:e8:51:60:cc:46:
         ce:c9:31:56:6d:cd:6d:57:bb:ba:66:70:a5:fa:18:ef:53:7d:
         46:13:a0:72:68:d9:5f:7b:72:7b:76:9b:7e:b4:29:a8:f1:be:
         cd:e1:a1:6b:dc:88:73:a2:fd:a0:67:18:f9:08:65:47:35:fa:
         4a:7f:fa:b0:02:39:be:f8:4d:11:0f:65:0c:cd:e2:29:6f:cf:
         7f:05:25:53:07:b4:72:7f:9c:bc:32:84:f8:d5:3a:5a:40:a6:
         8f:dc:3d:e5:27:6e:f6:81:31:e2:ae:ea:38:1d:f2:87:f4:dc:
         a8:f7:82:00:de:76:d5:e0:1f:27:8f:fd:6b:06:f9:1d:80:58:
         88:f1:5d:e4:fc:65:44:9a:23:2c:4f:f4:0d:41:99:b1:74:32:
         3b:b8:6d:78:7f:30:7f:d9:8f:f5:c3:84:f2:05:39:d1:b4:67:
         85:83:bf:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY31Aqck1OmtEqNDqjdIzxJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNWIyMTM1M2Y5MmNiZGJmM2I3ZDI1MTNiOWE0NjVhYzUz
YjJkMzkwHhcNMjQwMjI5MTMxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQxNjAyNDM3ZDJiNWQyODg0MzkwY2QzMDU4ZDhlNWVkMTlkMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9Ey6jcPYb3dlG0HxEI8NR/ZSAIe
20zXRUo6KZP2uaB8NtyDNNBleQgDVJkCdIee4wXFokG/PzEBdqCRCF6AZ+t48oNK
kumqEtDQgD+SRdJhIUCq8z4F+EP5aEoENus/5FyMvJfos/xo/vz5D0y7UQ8vWQ5s
uzS8JxdWt5Yo4vQ37gQ8XyKltqAVbwudWCraLae5MFVOPCD6834v9h8YWiI4yBCt
rBC6N/j9GimlcMjpTpzf65g+kHkZOijgnSfFAloNNZYI4oANCjPDehiZrigRq08C
SsWTiwWdhQT6mLvoCjJAIai8fCbmfWOAY0Kn2pfNKnExKP4xdXmMkkJQXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJBYCQ30rXSiEOQzTBY2OXtGdOQMB8GA1UdIwQY
MBaAFMxbITU/ksvb87fSUTuaRlrFOy05MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekZzaE5ULVN5OXZ6dDlKUk81cEdXc1U3TFRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80ZmIwNTctNWRhZS00ODUxLWFkNDct
NWFkNWYzM2NjOTljLzEvTWtGZ0pEZlN0ZEtJUTVETk1Galk1ZTBaMDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80ZmIwNTctNWRhZS00ODUxLWFkNDctNWFkNWYzM2NjOTlj
LzEvekZzaE5ULVN5OXZ6dDlKUk81cEdXc1U3TFRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlwH8MA0G
CSqGSIb3DQEBCwUAA4IBAQB/S+WoxKC99YygR3byREVURZ0+mZBZPP2tu/+IpC6P
ytC16CGS5+zeEZPW1gGSciYff8dZbBEZjvLjHElUHgZsU1usmKixfh0xDPFhZndh
lOTEdb1B6FFgzEbOyTFWbc1tV7u6ZnCl+hjvU31GE6ByaNlfe3J7dpt+tCmo8b7N
4aFr3Ihzov2gZxj5CGVHNfpKf/qwAjm++E0RD2UMzeIpb89/BSVTB7Ryf5y8MoT4
1TpaQKaP3D3lJ272gTHiruo4HfKH9Nyo94IA3nbV4B8nj/1rBvkdgFiI8V3k/GVE
miMsT/QNQZmxdDI7uG14fzB/2Y/1w4TyBTnRtGeFg79U
-----END CERTIFICATE-----