Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/76606e-7243-4b0b-82a3-3d06d242f992/1/MHu15CBAmlq2UbdphixxQpK20ZY.roa
File:                     MHu15CBAmlq2UbdphixxQpK20ZY.roa (raw, json)
Hash identifier:          HvrpWyRkKzvjVxox4K3C9x7nhLcvPVG4LO5DPjsTfsg=
Subject key identifier:   30:7B:B5:E4:20:40:9A:5A:B6:51:B7:69:86:2C:71:42:92:B6:D1:96
Certificate issuer:       /CN=833a0b5594339aefe8b558e3729290b42bb1a974
Certificate serial:       018CC64ABF7D888F541697181719E44B07E8
Authority key identifier: 83:3A:0B:55:94:33:9A:EF:E8:B5:58:E3:72:92:90:B4:2B:B1:A9:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzoLVZQzmu_otVjjcpKQtCuxqXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/76606e-7243-4b0b-82a3-3d06d242f992/1/MHu15CBAmlq2UbdphixxQpK20ZY.roa
Signing time:             Mon 01 Jan 2024 18:30:36 +0000
ROA not before:           Mon 01 Jan 2024 18:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61094
IP address blocks:        178.23.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/76606e-7243-4b0b-82a3-3d06d242f992/1/gzoLVZQzmu_otVjjcpKQtCuxqXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/76606e-7243-4b0b-82a3-3d06d242f992/1/gzoLVZQzmu_otVjjcpKQtCuxqXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzoLVZQzmu_otVjjcpKQtCuxqXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:bf:7d:88:8f:54:16:97:18:17:19:e4:4b:07:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833a0b5594339aefe8b558e3729290b42bb1a974
        Validity
            Not Before: Jan  1 18:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=307bb5e420409a5ab651b769862c714292b6d196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:80:79:ef:20:fc:70:67:99:6b:67:93:02:4f:
                    45:ba:04:87:61:bd:0e:2e:db:40:ab:1d:15:c9:24:
                    97:90:30:89:39:e1:21:56:77:83:8f:f0:59:c1:02:
                    27:5b:d8:54:43:b3:25:55:05:05:b8:b5:21:49:46:
                    b7:75:0d:96:94:17:28:08:fc:68:ea:c5:6c:cb:64:
                    55:05:98:5b:77:67:d6:fd:ef:62:66:3a:83:25:05:
                    c3:a0:b9:8d:b5:9d:2d:41:38:a1:41:90:2d:2e:93:
                    34:9e:dd:5b:22:b2:5b:8e:18:00:5a:17:5f:19:3c:
                    cb:c7:7f:c8:fd:98:05:44:07:4e:52:ff:69:97:0f:
                    7e:2c:63:dc:56:7d:7d:06:4c:3a:af:85:1f:4b:ac:
                    33:6c:d3:cf:b6:a3:68:19:12:1e:29:78:1f:26:23:
                    7e:16:57:7e:e3:a9:5e:2c:19:61:5f:af:63:fb:9a:
                    7b:48:3a:3f:ac:7e:68:f7:12:1e:0a:6f:ad:a2:ed:
                    a3:ed:42:f8:0b:e5:5a:6b:10:36:fe:20:a2:cf:e9:
                    50:6e:bc:a1:c1:c3:64:b8:c6:3f:89:f3:8f:b8:1c:
                    b4:16:e7:6a:4f:e4:89:3c:1f:be:dd:3e:c4:a7:b1:
                    81:03:ff:da:8d:07:b2:6e:e1:99:5d:9b:e8:63:41:
                    1c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:7B:B5:E4:20:40:9A:5A:B6:51:B7:69:86:2C:71:42:92:B6:D1:96
            X509v3 Authority Key Identifier:
                keyid:83:3A:0B:55:94:33:9A:EF:E8:B5:58:E3:72:92:90:B4:2B:B1:A9:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzoLVZQzmu_otVjjcpKQtCuxqXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/76606e-7243-4b0b-82a3-3d06d242f992/1/MHu15CBAmlq2UbdphixxQpK20ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/76606e-7243-4b0b-82a3-3d06d242f992/1/gzoLVZQzmu_otVjjcpKQtCuxqXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.23.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:62:82:96:7e:89:29:e2:7c:04:72:60:fb:01:6f:c2:88:0f:
         5b:56:93:f6:c5:cb:e2:6d:a1:04:2d:c4:7c:fb:3f:db:37:bf:
         b7:51:0d:38:c1:82:f0:af:30:63:23:e6:98:f7:82:8a:78:01:
         5c:64:2f:52:9c:5f:17:f3:fc:08:f2:97:af:d6:4e:db:9e:e8:
         c6:f4:c8:ad:16:11:86:ec:e1:b4:f8:c5:da:9f:46:1d:d7:01:
         ae:79:05:f8:ec:de:fa:f6:c6:f8:5f:77:96:d1:80:dc:bc:7a:
         f8:57:a6:a8:82:58:5a:54:ec:ef:66:da:af:a8:53:a6:b4:1c:
         78:1f:db:4b:1c:f9:a6:32:e7:bc:8a:95:55:5b:cb:51:3d:8d:
         e6:dd:37:8e:19:87:9e:ea:d6:85:92:01:61:d4:2c:cc:cb:69:
         f3:82:ab:91:ab:5c:6e:18:81:26:38:c7:49:bd:d5:55:f0:85:
         e4:66:a5:dc:6b:39:4b:0a:90:e4:de:bf:5a:d2:15:85:71:da:
         30:d6:e2:1b:84:6c:37:cb:10:d7:fc:c9:3d:fb:39:24:bf:f6:
         90:93:78:85:ea:63:fa:cb:a2:4f:4c:1d:cb:fa:3d:90:bb:02:
         a2:63:14:7c:03:6d:cb:87:de:f3:e3:f5:27:77:08:db:91:ad:
         c5:13:85:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSr99iI9UFpcYFxnkSwfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2EwYjU1OTQzMzlhZWZlOGI1NThlMzcyOTI5MGI0MmJi
MWE5NzQwHhcNMjQwMTAxMTgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDdiYjVlNDIwNDA5YTVhYjY1MWI3Njk4NjJjNzE0MjkyYjZkMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIB57yD8cGeZa2eTAk9FugSHYb0O
LttAqx0VySSXkDCJOeEhVneDj/BZwQInW9hUQ7MlVQUFuLUhSUa3dQ2WlBcoCPxo
6sVsy2RVBZhbd2fW/e9iZjqDJQXDoLmNtZ0tQTihQZAtLpM0nt1bIrJbjhgAWhdf
GTzLx3/I/ZgFRAdOUv9plw9+LGPcVn19Bkw6r4UfS6wzbNPPtqNoGRIeKXgfJiN+
Fld+46leLBlhX69j+5p7SDo/rH5o9xIeCm+tou2j7UL4C+VaaxA2/iCiz+lQbryh
wcNkuMY/ifOPuBy0FudqT+SJPB++3T7Ep7GBA//ajQeybuGZXZvoY0EcMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDB7teQgQJpatlG3aYYscUKSttGWMB8GA1UdIwQY
MBaAFIM6C1WUM5rv6LVY43KSkLQrsal0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pvTFZaUXptdV9vdFZqamNwS1F0Q3V4cVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83NjYwNmUtNzI0My00YjBiLTgyYTMt
M2QwNmQyNDJmOTkyLzEvTUh1MTVDQkFtbHEyVWJkcGhpeHhRcEsyMFpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83NjYwNmUtNzI0My00YjBiLTgyYTMtM2QwNmQyNDJmOTky
LzEvZ3pvTFZaUXptdV9vdFZqamNwS1F0Q3V4cVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBiYoKWfokp4nwEcmD7AW/CiA9bVpP2xcvibaEELcR8
+z/bN7+3UQ04wYLwrzBjI+aY94KKeAFcZC9SnF8X8/wI8pev1k7bnujG9MitFhGG
7OG0+MXan0Yd1wGueQX47N769sb4X3eW0YDcvHr4V6aoglhaVOzvZtqvqFOmtBx4
H9tLHPmmMue8ipVVW8tRPY3m3TeOGYee6taFkgFh1CzMy2nzgquRq1xuGIEmOMdJ
vdVV8IXkZqXcazlLCpDk3r9a0hWFcdow1uIbhGw3yxDX/Mk9+zkkv/aQk3iF6mP6
y6JPTB3L+j2QuwKiYxR8A23Lh97z4/Undwjbka3FE4VE
-----END CERTIFICATE-----