Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/MId6U43dMLnhEZ1Hli1aiYSWt40.roa
File:                     MId6U43dMLnhEZ1Hli1aiYSWt40.roa (raw, json)
Hash identifier:          JcCh46Y4qnFx4Nr1NB0kNispKMSLHsDbhzSopgdm5R0=
Subject key identifier:   30:87:7A:53:8D:DD:30:B9:E1:11:9D:47:96:2D:5A:89:84:96:B7:8D
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018CC7937D497273313D4E399A74517606E9
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/MId6U43dMLnhEZ1Hli1aiYSWt40.roa
Signing time:             Tue 02 Jan 2024 00:29:41 +0000
ROA not before:           Tue 02 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        146.247.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:7d:49:72:73:31:3d:4e:39:9a:74:51:76:06:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Jan  2 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30877a538ddd30b9e1119d47962d5a898496b78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c1:1d:ec:b3:07:04:8a:2c:0a:54:e4:20:21:
                    ee:70:f6:65:ed:b1:ce:d5:50:ed:ca:8f:05:57:13:
                    d5:90:56:28:29:90:32:f9:f8:f2:66:61:fa:24:41:
                    69:6d:ab:62:0a:24:6d:81:9f:98:04:7a:cb:d9:e9:
                    c9:46:9c:48:12:51:6b:6c:7f:2e:c0:ff:62:6f:dc:
                    8c:e1:04:1c:bd:3e:0d:ed:9a:c4:95:95:64:48:92:
                    93:10:f0:e4:b0:48:22:9c:3c:72:90:e5:74:45:4f:
                    12:81:57:4a:d3:41:b0:7a:61:1d:d0:51:4c:fe:70:
                    8d:73:d6:bc:61:62:2b:fd:b9:2b:fe:55:65:61:c5:
                    43:a1:c4:48:68:ca:e0:bb:d3:bf:5f:bc:2e:72:07:
                    15:38:73:c3:b4:8e:81:59:1f:d3:37:7b:f4:ff:a2:
                    b7:b4:76:a9:cb:bf:6e:1c:1d:eb:97:aa:14:f5:4d:
                    36:7d:87:c3:ed:2e:f6:e5:7d:f9:19:cc:82:d6:26:
                    04:bb:42:14:53:80:92:6b:55:01:dc:b0:11:15:d3:
                    f7:32:b6:98:40:f6:0a:a7:fb:88:8c:4f:e7:70:bc:
                    f3:62:bb:d1:08:1e:7f:33:e6:10:c8:69:fe:41:f1:
                    68:92:20:9c:83:63:07:dd:a3:2c:39:c2:a2:03:03:
                    00:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:87:7A:53:8D:DD:30:B9:E1:11:9D:47:96:2D:5A:89:84:96:B7:8D
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/MId6U43dMLnhEZ1Hli1aiYSWt40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:e0:db:cb:1f:b0:69:0d:fd:31:9a:ba:5f:e2:1e:04:17:31:
         15:dd:9b:8a:b6:f1:ba:65:41:ee:8f:9d:32:89:a2:f7:25:de:
         75:f4:c2:70:7f:24:44:0e:6a:60:73:9e:8a:50:fe:ef:33:50:
         40:43:e9:ee:86:3b:f6:53:c7:d2:95:c8:eb:82:66:ff:5f:23:
         94:17:98:dd:e7:58:c9:30:48:4e:91:96:07:9b:a7:ee:d5:ca:
         69:bb:fe:5b:21:5d:05:98:e9:a1:f8:af:f0:44:bc:ce:79:b0:
         ea:d3:c8:e5:1a:a5:a5:30:b9:e2:47:6a:b3:64:4e:27:dc:a0:
         17:c3:12:ab:53:2a:85:54:f6:49:12:30:a8:d0:2b:ba:22:b4:
         ec:43:bb:ce:27:94:b5:20:ca:6b:b0:8b:92:2a:e6:ee:b3:91:
         af:44:c3:f0:04:b8:f9:dc:d6:dd:9d:10:bf:fc:2c:59:ec:79:
         07:f8:63:30:33:d9:54:5a:70:94:8a:2f:09:09:87:fc:32:64:
         05:d1:4d:1c:e5:9c:9a:5d:79:9c:94:03:aa:94:1b:79:ee:c1:
         4c:08:79:a3:95:01:29:c7:94:8f:44:df:34:3d:f2:36:d2:a4:
         7c:f4:b9:23:69:b0:41:ea:88:7e:11:8a:7e:37:d7:75:58:d3:
         0e:7a:f8:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk31JcnMxPU45mnRRdgbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwMTAyMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDg3N2E1MzhkZGQzMGI5ZTExMTlkNDc5NjJkNWE4OTg0OTZiNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcEd7LMHBIosClTkICHucPZl7bHO
1VDtyo8FVxPVkFYoKZAy+fjyZmH6JEFpbatiCiRtgZ+YBHrL2enJRpxIElFrbH8u
wP9ib9yM4QQcvT4N7ZrElZVkSJKTEPDksEginDxykOV0RU8SgVdK00GwemEd0FFM
/nCNc9a8YWIr/bkr/lVlYcVDocRIaMrgu9O/X7wucgcVOHPDtI6BWR/TN3v0/6K3
tHapy79uHB3rl6oU9U02fYfD7S725X35GcyC1iYEu0IUU4CSa1UB3LARFdP3MraY
QPYKp/uIjE/ncLzzYrvRCB5/M+YQyGn+QfFokiCcg2MH3aMsOcKiAwMAdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCHelON3TC54RGdR5YtWomElreNMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvTUlkNlU0M2RNTG5oRVoxSGxpMWFpWVNXdDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdlMA0G
CSqGSIb3DQEBCwUAA4IBAQBo4NvLH7BpDf0xmrpf4h4EFzEV3ZuKtvG6ZUHuj50y
iaL3Jd519MJwfyREDmpgc56KUP7vM1BAQ+nuhjv2U8fSlcjrgmb/XyOUF5jd51jJ
MEhOkZYHm6fu1cppu/5bIV0FmOmh+K/wRLzOebDq08jlGqWlMLniR2qzZE4n3KAX
wxKrUyqFVPZJEjCo0Cu6IrTsQ7vOJ5S1IMprsIuSKubus5GvRMPwBLj53NbdnRC/
/CxZ7HkH+GMwM9lUWnCUii8JCYf8MmQF0U0c5ZyaXXmclAOqlBt57sFMCHmjlQEp
x5SPRN80PfI20qR89LkjabBB6oh+EYp+N9d1WNMOeviE
-----END CERTIFICATE-----