Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/5f6ac1-b935-47b1-96c1-0a12969fbcfc/1/MsrMHIUjlN9Pawl8RaDZtTeYDP0.roa
File:                     MsrMHIUjlN9Pawl8RaDZtTeYDP0.roa (raw, json)
Hash identifier:          UFRcCqlW6dAtEPWfNlfY/xm5Y+ehmGScl8yOxZsnSXg=
Subject key identifier:   32:CA:CC:1C:85:23:94:DF:4F:6B:09:7C:45:A0:D9:B5:37:98:0C:FD
Certificate issuer:       /CN=be37cce14cb56b66497810e73baa0edf67007a48
Certificate serial:       018CC7276C6DDEA21D5E02588F86D52C0783
Authority key identifier: BE:37:CC:E1:4C:B5:6B:66:49:78:10:E7:3B:AA:0E:DF:67:00:7A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vjfM4Uy1a2ZJeBDnO6oO32cAekg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/5f6ac1-b935-47b1-96c1-0a12969fbcfc/1/MsrMHIUjlN9Pawl8RaDZtTeYDP0.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43915
IP address blocks:        45.130.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/5f6ac1-b935-47b1-96c1-0a12969fbcfc/1/vjfM4Uy1a2ZJeBDnO6oO32cAekg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/5f6ac1-b935-47b1-96c1-0a12969fbcfc/1/vjfM4Uy1a2ZJeBDnO6oO32cAekg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vjfM4Uy1a2ZJeBDnO6oO32cAekg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6c:6d:de:a2:1d:5e:02:58:8f:86:d5:2c:07:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be37cce14cb56b66497810e73baa0edf67007a48
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32cacc1c852394df4f6b097c45a0d9b537980cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fa:d4:16:ea:53:d6:f7:02:42:47:c5:d4:b1:
                    38:28:98:66:97:57:13:6f:74:e8:19:2b:c2:e8:77:
                    e1:28:de:77:c3:92:4a:1e:b0:79:aa:47:4d:8b:53:
                    c2:82:9b:94:4a:d3:23:37:3d:e0:a0:e2:71:9f:84:
                    fd:e7:61:02:cd:f3:8d:5c:c1:ff:9c:09:40:4b:b0:
                    01:63:7e:74:49:4d:b9:56:a0:2a:03:2d:b8:44:ff:
                    15:ab:60:cc:62:8c:41:7b:81:27:cb:36:a6:93:15:
                    dd:01:b4:16:4c:8f:0a:3d:3a:47:ee:c1:fa:65:d6:
                    51:5a:ee:5a:0c:b4:00:c6:5b:ca:85:6d:4b:23:0e:
                    06:82:b1:69:96:94:9e:87:28:97:fb:16:35:0a:da:
                    f8:d6:4a:61:26:46:a5:7d:a8:d3:d6:b6:31:14:a3:
                    c7:58:8a:6a:a0:ec:17:45:1f:9a:b8:ed:05:4d:59:
                    ec:34:9c:f6:b2:e1:ec:2b:a8:97:50:c1:36:48:1a:
                    ae:99:56:18:92:bb:a2:11:c8:d2:f5:71:55:83:61:
                    a6:7e:90:70:dd:51:09:84:d2:59:f0:fa:a1:1f:e3:
                    d5:b7:b0:41:ed:7f:8e:0f:da:40:6b:dd:bb:b6:ec:
                    55:4e:96:f0:58:18:06:d1:3b:74:94:bc:66:7a:a5:
                    3b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:CA:CC:1C:85:23:94:DF:4F:6B:09:7C:45:A0:D9:B5:37:98:0C:FD
            X509v3 Authority Key Identifier:
                keyid:BE:37:CC:E1:4C:B5:6B:66:49:78:10:E7:3B:AA:0E:DF:67:00:7A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vjfM4Uy1a2ZJeBDnO6oO32cAekg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/5f6ac1-b935-47b1-96c1-0a12969fbcfc/1/MsrMHIUjlN9Pawl8RaDZtTeYDP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/5f6ac1-b935-47b1-96c1-0a12969fbcfc/1/vjfM4Uy1a2ZJeBDnO6oO32cAekg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:88:d4:8f:c7:e4:69:ac:56:7b:b3:1c:cd:bb:33:1e:48:98:
         ef:3a:5f:f2:11:20:71:7d:04:6b:21:9d:b6:7f:f4:64:72:4e:
         cf:11:06:79:07:e9:4c:7c:e0:2a:d9:f8:95:8e:3d:dd:b1:4d:
         2a:2a:e5:ab:9a:98:e6:72:0f:4a:dc:6e:8e:29:c6:51:6b:29:
         db:f6:34:c0:4d:a8:14:f0:28:84:48:be:36:c9:4e:fc:09:55:
         b2:34:f2:ff:ac:54:a8:dd:8d:11:f8:1d:6e:bc:c3:b9:a0:13:
         ee:d4:3b:ff:63:0a:8e:92:4e:81:6a:a7:76:09:78:db:99:38:
         4c:6e:3d:36:0b:d6:12:a2:68:28:a8:59:b6:86:64:80:f8:77:
         12:d0:6a:e2:d2:f8:df:cf:0b:67:f1:7d:e2:3b:00:20:1e:da:
         ae:7a:07:93:79:71:49:1c:a1:b7:81:92:2e:00:9e:1a:bc:fd:
         61:bc:62:30:a5:1d:cd:20:b9:64:be:52:94:10:84:f2:98:d3:
         c8:bf:2b:46:3f:18:00:b5:a2:b8:2b:8f:ff:1d:cb:28:de:6b:
         95:7f:f5:ce:19:16:08:08:70:4d:b0:81:08:f6:70:d5:8c:81:
         1c:47:dd:bb:9b:0a:ba:8d:cd:83:30:80:f2:a1:c0:10:5d:17:
         0f:e3:68:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2xt3qIdXgJYj4bVLAeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMzdjY2UxNGNiNTZiNjY0OTc4MTBlNzNiYWEwZWRmNjcw
MDdhNDgwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmNhY2MxYzg1MjM5NGRmNGY2YjA5N2M0NWEwZDliNTM3OTgwY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/rUFupT1vcCQkfF1LE4KJhml1cT
b3ToGSvC6HfhKN53w5JKHrB5qkdNi1PCgpuUStMjNz3goOJxn4T952ECzfONXMH/
nAlAS7ABY350SU25VqAqAy24RP8Vq2DMYoxBe4EnyzamkxXdAbQWTI8KPTpH7sH6
ZdZRWu5aDLQAxlvKhW1LIw4GgrFplpSehyiX+xY1Ctr41kphJkalfajT1rYxFKPH
WIpqoOwXRR+auO0FTVnsNJz2suHsK6iXUME2SBqumVYYkruiEcjS9XFVg2GmfpBw
3VEJhNJZ8PqhH+PVt7BB7X+OD9pAa927tuxVTpbwWBgG0Tt0lLxmeqU73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLKzByFI5TfT2sJfEWg2bU3mAz9MB8GA1UdIwQY
MBaAFL43zOFMtWtmSXgQ5zuqDt9nAHpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmpmTTRVeTFhMlpKZUJEbk82b08zMmNBZWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi81ZjZhYzEtYjkzNS00N2IxLTk2YzEt
MGExMjk2OWZiY2ZjLzEvTXNyTUhJVWpsTjlQYXdsOFJhRFp0VGVZRFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi81ZjZhYzEtYjkzNS00N2IxLTk2YzEtMGExMjk2OWZiY2Zj
LzEvdmpmTTRVeTFhMlpKZUJEbk82b08zMmNBZWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYI4MA0G
CSqGSIb3DQEBCwUAA4IBAQA8iNSPx+RprFZ7sxzNuzMeSJjvOl/yESBxfQRrIZ22
f/Rkck7PEQZ5B+lMfOAq2fiVjj3dsU0qKuWrmpjmcg9K3G6OKcZRaynb9jTATagU
8CiESL42yU78CVWyNPL/rFSo3Y0R+B1uvMO5oBPu1Dv/YwqOkk6Baqd2CXjbmThM
bj02C9YSomgoqFm2hmSA+HcS0Gri0vjfzwtn8X3iOwAgHtquegeTeXFJHKG3gZIu
AJ4avP1hvGIwpR3NILlkvlKUEITymNPIvytGPxgAtaK4K4//Hcso3muVf/XOGRYI
CHBNsIEI9nDVjIEcR927mwq6jc2DMIDyocAQXRcP42gW
-----END CERTIFICATE-----