Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/M4GEJKjgavQtnF96rCATgPuzg3A.roa
File:                     M4GEJKjgavQtnF96rCATgPuzg3A.roa (raw, json)
Hash identifier:          Rj2wmDBxv8t7qCAhCgAxwV/oZ9QuRDWkuSAznm5MC34=
Subject key identifier:   33:81:84:24:A8:E0:6A:F4:2D:9C:5F:7A:AC:20:13:80:FB:B3:83:70
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       018CC49330E06856E7E1BE281581402CAC8A
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/M4GEJKjgavQtnF96rCATgPuzg3A.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41989
IP address blocks:        178.239.112.0/20 maxlen: 20
                          85.239.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:30:e0:68:56:e7:e1:be:28:15:81:40:2c:ac:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33818424a8e06af42d9c5f7aac201380fbb38370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:53:80:5b:b1:ff:18:05:a1:fb:e8:56:8f:63:
                    34:2f:c1:b8:22:2f:95:68:04:f9:28:f1:e1:33:b9:
                    e9:4d:02:9d:b7:80:6b:da:fc:bc:01:1d:8c:03:59:
                    eb:e5:66:cd:22:5e:2b:dc:e6:46:d1:5f:61:48:f8:
                    2e:88:dc:3d:1b:c2:37:36:40:d6:f4:0c:f8:78:a8:
                    4f:17:c3:44:46:5d:b0:7a:af:b9:0b:41:8b:e0:79:
                    5c:ad:8d:d0:e9:61:04:24:bd:ed:bd:93:97:89:34:
                    00:f4:d0:96:d3:53:af:9b:0f:06:6c:c0:d6:8f:19:
                    29:79:57:71:9c:5e:7d:d1:a2:ef:b8:05:d0:c0:cd:
                    af:fb:3a:f8:8e:a2:e7:7e:55:2a:f2:3f:b0:f7:6d:
                    44:c3:f1:d3:6e:d1:2d:09:86:70:84:46:20:05:6a:
                    ec:77:88:5b:a2:3e:80:84:30:83:d3:a8:4f:10:78:
                    21:c7:e1:5e:88:75:f4:4d:90:15:f1:f1:d0:b0:61:
                    3b:68:79:06:2e:73:9b:4b:da:c5:8a:d0:f2:da:9c:
                    8f:5e:e9:b8:d2:20:e8:2d:93:63:fe:d0:af:b8:28:
                    c3:16:ed:ea:2e:3c:5e:81:85:62:2a:70:b9:60:55:
                    b6:6a:91:6b:fb:f5:75:e9:1a:12:a9:89:16:2f:2d:
                    13:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:81:84:24:A8:E0:6A:F4:2D:9C:5F:7A:AC:20:13:80:FB:B3:83:70
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/M4GEJKjgavQtnF96rCATgPuzg3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.152.0/22
                  178.239.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0b:b5:8c:88:65:36:4c:e0:84:db:0c:52:30:c0:b6:29:e7:8a:
         91:2c:76:70:8e:b8:be:fd:68:0f:24:d5:33:72:8f:b8:ae:86:
         99:50:af:45:8d:eb:31:60:cb:7f:70:98:fb:88:05:52:9c:57:
         a8:02:0b:b0:c7:ed:4c:61:01:d1:e4:fe:8b:63:c6:c8:5c:fe:
         0a:6b:27:b8:07:5a:de:4c:95:c0:0d:a9:92:d1:3c:3d:97:28:
         8e:bf:d4:03:53:22:79:d5:24:65:66:d2:50:d6:c5:5c:94:a5:
         23:63:ec:01:70:5b:3b:40:af:46:ca:44:e7:f1:9e:0c:28:31:
         16:ed:4d:3a:a5:22:d8:2f:c0:a6:9e:f6:25:95:e8:d5:16:b5:
         a9:61:93:ce:67:e3:79:a4:1f:b4:31:44:e1:9c:8b:b7:26:21:
         c7:b1:eb:e9:79:3b:09:d7:75:93:42:19:ae:59:b5:89:08:4b:
         46:a1:27:10:a4:a4:6c:5c:28:b4:f2:a0:6c:fb:23:a5:7b:ef:
         bf:e4:51:92:5d:f9:1b:d8:3a:bf:19:ba:c1:14:20:a7:98:aa:
         f6:34:43:16:6f:fe:89:c7:5c:d9:f0:d1:7f:96:5f:60:22:b6:
         a4:1a:ef:f0:a7:e5:d5:73:9f:ae:a5:59:99:b0:18:b5:95:77:
         99:16:d0:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkzDgaFbn4b4oFYFALKyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzgxODQyNGE4ZTA2YWY0MmQ5YzVmN2FhYzIwMTM4MGZiYjM4MzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1OAW7H/GAWh++hWj2M0L8G4Ii+V
aAT5KPHhM7npTQKdt4Br2vy8AR2MA1nr5WbNIl4r3OZG0V9hSPguiNw9G8I3NkDW
9Az4eKhPF8NERl2weq+5C0GL4HlcrY3Q6WEEJL3tvZOXiTQA9NCW01Ovmw8GbMDW
jxkpeVdxnF590aLvuAXQwM2v+zr4jqLnflUq8j+w921Ew/HTbtEtCYZwhEYgBWrs
d4hboj6AhDCD06hPEHghx+FeiHX0TZAV8fHQsGE7aHkGLnObS9rFitDy2pyPXum4
0iDoLZNj/tCvuCjDFu3qLjxegYViKnC5YFW2apFr+/V16RoSqYkWLy0TBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDOBhCSo4Gr0LZxfeqwgE4D7s4NwMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvTTRHRUpLamdhdlF0bkY5NnJDQVRnUHV6ZzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVe+YAwQE
su9wMA0GCSqGSIb3DQEBCwUAA4IBAQALtYyIZTZM4ITbDFIwwLYp54qRLHZwjri+
/WgPJNUzco+4roaZUK9FjesxYMt/cJj7iAVSnFeoAguwx+1MYQHR5P6LY8bIXP4K
aye4B1reTJXADamS0Tw9lyiOv9QDUyJ51SRlZtJQ1sVclKUjY+wBcFs7QK9GykTn
8Z4MKDEW7U06pSLYL8CmnvYllejVFrWpYZPOZ+N5pB+0MUThnIu3JiHHsevpeTsJ
13WTQhmuWbWJCEtGoScQpKRsXCi08qBs+yOle++/5FGSXfkb2Dq/GbrBFCCnmKr2
NEMWb/6Jx1zZ8NF/ll9gIrakGu/wp+XVc5+upVmZsBi1lXeZFtCo
-----END CERTIFICATE-----