Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/MOo_Xp_bK2aAdK5Wek5UjElrTFY.roa
File:                     MOo_Xp_bK2aAdK5Wek5UjElrTFY.roa (raw, json)
Hash identifier:          MXVe85r5JFdnbCFKavZD1XEy/Qlf9T5E2nxBfYuGKlI=
Subject key identifier:   30:EA:3F:5E:9F:DB:2B:66:80:74:AE:56:7A:4E:54:8C:49:6B:4C:56
Certificate issuer:       /CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
Certificate serial:       018CC9BCD612C78980D33BDD12BC68E481EF
Authority key identifier: D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/MOo_Xp_bK2aAdK5Wek5UjElrTFY.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.88.246.0/24 maxlen: 24
                          195.88.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d6:12:c7:89:80:d3:3b:dd:12:bc:68:e4:81:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30ea3f5e9fdb2b668074ae567a4e548c496b4c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e5:d4:48:5d:2b:70:c9:62:91:0c:85:7c:86:
                    2f:da:c9:04:36:a2:5e:01:f2:b5:ff:f9:f8:3b:27:
                    19:15:d6:7c:50:5d:93:6f:97:21:57:ec:dd:ec:d4:
                    39:d7:ff:88:c3:a7:da:2e:b4:69:c6:2e:e5:74:0c:
                    2c:30:18:02:e4:2a:db:b4:fe:20:ee:59:d4:5d:90:
                    65:4a:76:8a:ad:99:5a:86:27:fa:b9:ea:ed:29:e5:
                    6d:90:17:60:99:3d:1b:da:3b:0f:11:84:8c:dc:51:
                    01:6c:46:57:be:b0:08:9f:7e:91:bc:c8:5c:6f:19:
                    a7:d9:2d:8e:05:7d:22:c6:44:56:c2:7a:20:e6:30:
                    95:68:94:eb:34:63:8e:e3:1d:f4:61:8d:20:ae:b0:
                    64:c0:f9:d2:84:56:7b:fd:30:60:25:d5:37:ff:4c:
                    25:3f:be:11:8f:ae:85:75:e0:40:08:ea:07:67:ea:
                    1a:62:cb:d3:6b:b0:07:e1:17:2c:99:91:49:79:20:
                    a6:91:83:2b:9b:fc:11:7a:b2:18:a1:05:69:c6:3f:
                    c5:89:f4:8e:f0:54:2c:13:6e:09:fb:c9:21:a6:30:
                    ea:12:7d:6d:34:cb:09:99:70:69:c1:94:2a:0d:22:
                    f8:1b:1b:49:2d:01:05:3a:a0:7d:3c:0e:76:b6:b6:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:EA:3F:5E:9F:DB:2B:66:80:74:AE:56:7A:4E:54:8C:49:6B:4C:56
            X509v3 Authority Key Identifier:
                keyid:D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/MOo_Xp_bK2aAdK5Wek5UjElrTFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:b1:7a:4c:a9:57:0c:2e:d7:0f:93:c8:e9:b1:95:a9:7a:b0:
         91:ea:15:19:85:5d:57:25:e3:a0:bf:ca:66:8e:00:b0:dd:95:
         3e:0f:33:83:9d:68:20:03:81:c9:76:44:9c:db:a2:44:1e:98:
         3d:ec:1c:48:41:7e:29:a5:84:0a:9f:8d:9f:90:e2:36:8c:f8:
         ce:19:8f:ac:e2:4f:5b:57:4c:30:f7:74:4e:60:30:9c:53:45:
         c6:ea:67:28:e7:f9:1b:9b:f2:ca:e9:cb:49:8d:e2:42:a5:51:
         34:5c:9d:06:c1:51:a8:5b:35:e7:6e:f6:59:91:ff:41:88:e1:
         01:02:c3:c0:9c:ae:a7:d7:c4:c7:0f:55:54:3e:be:23:54:a8:
         0f:d3:00:48:9d:21:c1:8a:5f:31:02:eb:19:99:0e:eb:11:7f:
         65:40:a6:54:6e:25:81:fe:d7:7b:fb:13:0f:70:fb:b3:4e:96:
         0f:1f:49:e6:bc:33:3c:f7:ac:be:34:5d:12:98:af:62:16:ad:
         83:63:35:63:8f:9f:7b:5e:44:ab:22:35:dc:a6:27:c6:57:21:
         f6:b2:c8:d3:c6:cb:0d:5f:03:5b:e1:d6:13:cb:f4:d9:17:3c:
         44:12:97:53:8b:92:4c:95:f9:23:b7:bf:4b:f5:93:bc:1a:1f:
         99:44:d8:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNYSx4mA0zvdErxo5IHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzhkNzcyNmE1ZjFmMzNkYTE1ZDg3ZTVjOGIwZTQ4ZjUw
MjgxYmYwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGVhM2Y1ZTlmZGIyYjY2ODA3NGFlNTY3YTRlNTQ4YzQ5NmI0YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuXUSF0rcMlikQyFfIYv2skENqJe
AfK1//n4OycZFdZ8UF2Tb5chV+zd7NQ51/+Iw6faLrRpxi7ldAwsMBgC5CrbtP4g
7lnUXZBlSnaKrZlahif6uertKeVtkBdgmT0b2jsPEYSM3FEBbEZXvrAIn36RvMhc
bxmn2S2OBX0ixkRWwnog5jCVaJTrNGOO4x30YY0grrBkwPnShFZ7/TBgJdU3/0wl
P74Rj66FdeBACOoHZ+oaYsvTa7AH4RcsmZFJeSCmkYMrm/wRerIYoQVpxj/FifSO
8FQsE24J+8khpjDqEn1tNMsJmXBpwZQqDSL4GxtJLQEFOqB9PA52trbP0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDqP16f2ytmgHSuVnpOVIxJa0xWMB8GA1UdIwQY
MBaAFNU413JqXx8z2hXYflyLDkj1AoG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUt
MmQ5ZGY0ZWY1ZjUwLzEvTU9vX1hwX2JLMmFBZEs1V2VrNVVqRWxyVEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUtMmQ5ZGY0ZWY1ZjUw
LzEvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1j2MA0G
CSqGSIb3DQEBCwUAA4IBAQCEsXpMqVcMLtcPk8jpsZWperCR6hUZhV1XJeOgv8pm
jgCw3ZU+DzODnWggA4HJdkSc26JEHpg97BxIQX4ppYQKn42fkOI2jPjOGY+s4k9b
V0ww93ROYDCcU0XG6mco5/kbm/LK6ctJjeJCpVE0XJ0GwVGoWzXnbvZZkf9BiOEB
AsPAnK6n18THD1VUPr4jVKgP0wBInSHBil8xAusZmQ7rEX9lQKZUbiWB/td7+xMP
cPuzTpYPH0nmvDM896y+NF0SmK9iFq2DYzVjj597XkSrIjXcpifGVyH2ssjTxssN
XwNb4dYTy/TZFzxEEpdTi5JMlfkjt79L9ZO8Gh+ZRNgI
-----END CERTIFICATE-----