Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/M_mmETJCmuaMDgnTYLsw8HBHk7k.roa
File:                     M_mmETJCmuaMDgnTYLsw8HBHk7k.roa (raw, json)
Hash identifier:          QrUtIENrtmAHno0H7xjuKAxCvhE6/euDpbArFMR3K/Y=
Subject key identifier:   33:F9:A6:11:32:42:9A:E6:8C:0E:09:D3:60:BB:30:F0:70:47:93:B9
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018F8B6B6F08ABAE89E613DC8582E1F05C20
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/M_mmETJCmuaMDgnTYLsw8HBHk7k.roa
Signing time:             Sat 18 May 2024 11:17:04 +0000
ROA not before:           Sat 18 May 2024 11:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.65.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8b:6b:6f:08:ab:ae:89:e6:13:dc:85:82:e1:f0:5c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: May 18 11:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33f9a61132429ae68c0e09d360bb30f0704793b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:98:bc:00:39:f2:76:43:74:7a:57:6c:21:43:
                    a7:41:63:20:5a:c9:0c:75:4a:c7:32:4a:92:d2:0d:
                    22:f6:6b:89:02:ce:e4:f0:54:23:f0:eb:3b:83:ff:
                    ea:1c:21:a9:18:d2:d4:dc:a7:53:b0:7c:f1:93:66:
                    20:49:6c:32:f1:9d:3a:84:51:3f:2d:e2:f0:74:9f:
                    22:1f:1b:a2:56:73:a9:71:e1:9e:09:74:36:f5:ab:
                    a8:51:35:05:31:cc:35:7d:b5:70:7a:ea:89:27:44:
                    89:d2:de:a6:1b:c3:b2:dd:c1:49:34:0b:51:4d:74:
                    86:63:9a:31:6e:0f:44:c4:6a:62:cc:2a:ba:52:f3:
                    e1:78:ee:e1:5c:99:ba:7a:a7:47:27:c6:37:d2:7e:
                    0b:36:f6:0e:e5:36:3d:09:09:88:6f:f2:aa:a4:d7:
                    67:2b:26:a3:b3:75:ff:a4:30:fc:5a:ed:dc:01:32:
                    07:8e:72:75:aa:cd:76:a1:91:aa:82:9d:4e:e8:6d:
                    a1:21:2b:89:02:b6:dc:6b:f5:9f:7d:05:77:b8:0b:
                    e3:ec:03:29:d5:cc:b1:d0:82:11:97:24:86:d4:35:
                    71:73:6b:8d:77:c8:0e:be:9e:86:66:45:36:25:7a:
                    98:82:d2:fb:a1:59:06:f5:62:ab:d7:44:3d:fd:1a:
                    a4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F9:A6:11:32:42:9A:E6:8C:0E:09:D3:60:BB:30:F0:70:47:93:B9
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/M_mmETJCmuaMDgnTYLsw8HBHk7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:75:04:41:1b:13:3f:d0:7f:02:8e:6b:68:c9:94:f8:5e:44:
         d6:3e:70:70:ee:eb:dc:fb:52:4c:79:7e:3d:de:39:d6:af:44:
         62:a4:2b:73:a7:2f:bf:e3:2c:90:dc:ce:50:14:32:92:28:92:
         d8:a5:42:19:08:4c:34:96:95:2a:57:9d:5d:1b:d6:b7:be:6b:
         56:3f:5d:a1:be:35:d2:16:85:39:31:a1:b2:dc:63:7d:44:35:
         04:75:d1:24:df:8c:54:d1:02:5a:14:b5:ef:9d:38:4e:35:b8:
         06:e7:c2:6e:c9:48:4c:67:33:82:8e:41:c3:5f:26:e6:24:fb:
         4b:8c:0f:5f:c6:aa:c9:76:01:43:3b:b1:e3:5d:21:a3:34:1f:
         d7:bb:4d:d7:38:47:90:66:82:96:02:c7:14:56:5e:ba:18:23:
         de:2c:65:fb:6f:05:31:07:02:ba:64:84:38:cf:1d:27:2e:2a:
         8f:b1:74:15:bb:38:6b:7f:c3:e8:67:71:9b:ef:ff:7f:13:47:
         8d:54:aa:f2:2e:23:db:f2:e2:33:cd:fd:d6:75:94:c8:de:d0:
         1d:ee:70:be:c2:a2:a9:a5:e8:e7:a9:9b:d0:91:69:08:f3:6f:
         29:15:6e:d8:31:c1:75:49:e2:47:3f:5e:9e:1e:c8:28:ec:1c:
         53:a3:95:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+La28Iq66J5hPchYLh8FwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNTE4MTExNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Y5YTYxMTMyNDI5YWU2OGMwZTA5ZDM2MGJiMzBmMDcwNDc5M2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpi8ADnydkN0eldsIUOnQWMgWskM
dUrHMkqS0g0i9muJAs7k8FQj8Os7g//qHCGpGNLU3KdTsHzxk2YgSWwy8Z06hFE/
LeLwdJ8iHxuiVnOpceGeCXQ29auoUTUFMcw1fbVweuqJJ0SJ0t6mG8Oy3cFJNAtR
TXSGY5oxbg9ExGpizCq6UvPheO7hXJm6eqdHJ8Y30n4LNvYO5TY9CQmIb/KqpNdn
Kyajs3X/pDD8Wu3cATIHjnJ1qs12oZGqgp1O6G2hISuJArbca/WffQV3uAvj7AMp
1cyx0IIRlySG1DVxc2uNd8gOvp6GZkU2JXqYgtL7oVkG9WKr10Q9/RqkkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDP5phEyQprmjA4J02C7MPBwR5O5MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTV9tbUVUSkNtdWFNRGduVFlMc3c4SEJIazdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUE+MA0G
CSqGSIb3DQEBCwUAA4IBAQC1dQRBGxM/0H8CjmtoyZT4XkTWPnBw7uvc+1JMeX49
3jnWr0RipCtzpy+/4yyQ3M5QFDKSKJLYpUIZCEw0lpUqV51dG9a3vmtWP12hvjXS
FoU5MaGy3GN9RDUEddEk34xU0QJaFLXvnThONbgG58JuyUhMZzOCjkHDXybmJPtL
jA9fxqrJdgFDO7HjXSGjNB/Xu03XOEeQZoKWAscUVl66GCPeLGX7bwUxBwK6ZIQ4
zx0nLiqPsXQVuzhrf8PoZ3Gb7/9/E0eNVKryLiPb8uIzzf3WdZTI3tAd7nC+wqKp
pejnqZvQkWkI828pFW7YMcF1SeJHP16eHsgo7BxTo5XK
-----END CERTIFICATE-----