Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1MqYgUj-4S79TpFNtNwYUrRnvXA.roa
File:                     1MqYgUj-4S79TpFNtNwYUrRnvXA.roa (raw, json)
Hash identifier:          hMhE/cK1sVsFxvYFcbJuwc3UTnV9ymQa+hyvl1M+Ljg=
Subject key identifier:   D4:CA:98:81:48:FE:E1:2E:FD:4E:91:4D:B4:DC:18:52:B4:67:BD:70
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018ECC4A068D9A3C6D0C7B1FD071504406E6
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1MqYgUj-4S79TpFNtNwYUrRnvXA.roa
Signing time:             Thu 11 Apr 2024 08:33:07 +0000
ROA not before:           Thu 11 Apr 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43606
IP address blocks:        213.232.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:4a:06:8d:9a:3c:6d:0c:7b:1f:d0:71:50:44:06:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 11 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4ca988148fee12efd4e914db4dc1852b467bd70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fc:14:d5:89:ab:98:cc:ab:d1:63:4c:6c:54:
                    47:a9:b6:e0:6a:c5:31:57:59:be:a1:a7:43:54:6c:
                    2b:d8:b3:b1:16:98:a0:18:f1:d8:1e:66:ac:17:92:
                    25:6f:68:dc:ca:86:d1:76:1d:63:bd:41:8c:59:fd:
                    b4:2e:9d:bb:8a:cb:e5:9b:f1:f1:2a:5f:13:0c:aa:
                    07:e7:89:a5:35:9e:1f:f5:42:83:0e:0a:26:4a:25:
                    a9:e1:1a:fa:8c:3c:6c:ba:44:5d:6e:13:7e:bf:27:
                    e6:65:7a:47:fd:6b:a4:22:b3:df:31:d7:8c:7c:45:
                    d5:55:5d:11:76:59:e4:4a:ea:5a:65:ba:20:ec:a6:
                    a5:eb:7f:a4:e1:d3:db:a5:c4:63:26:b8:5f:0b:75:
                    2b:85:6a:8e:c1:dc:f9:0e:ea:79:34:3c:d0:1e:1e:
                    dd:6f:0c:55:19:81:ab:41:16:2f:d9:62:de:8c:ba:
                    2b:78:2d:c8:3c:0f:fe:82:13:55:d7:63:6a:c1:67:
                    8f:bd:5b:18:53:ec:7d:12:b7:21:54:af:18:f0:95:
                    c6:3e:e0:a1:9e:af:3a:7f:27:94:23:65:81:dc:3f:
                    c7:33:55:44:d5:cb:93:eb:b7:d7:cb:37:5d:18:08:
                    af:ce:0c:bd:03:d3:74:1b:13:f3:3d:5f:fa:57:91:
                    c4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:CA:98:81:48:FE:E1:2E:FD:4E:91:4D:B4:DC:18:52:B4:67:BD:70
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1MqYgUj-4S79TpFNtNwYUrRnvXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:07:0a:86:87:e5:76:da:a7:1a:61:7b:24:16:f7:d6:74:ec:
         16:dc:39:ac:0b:b3:67:b1:e8:60:3a:3e:48:c7:84:4c:46:d7:
         8d:23:82:48:e4:06:d7:d7:ee:98:d5:31:4f:cf:b0:f8:57:d9:
         10:a6:59:5c:2d:6a:08:67:01:cf:03:92:63:60:23:21:ec:79:
         c5:39:4f:0b:a9:1e:61:4b:a9:f5:7a:25:c8:bc:3d:ac:96:a9:
         10:7d:9f:b5:89:5c:50:cc:e1:51:b5:77:c5:60:70:c0:df:9a:
         0f:9f:ca:16:03:04:dd:42:cf:7d:e7:c4:d6:ac:88:63:17:93:
         7b:75:58:85:62:66:8e:96:f5:47:21:9c:cd:5f:6c:96:1d:9f:
         ec:2b:08:51:1d:aa:2b:93:dc:aa:d4:14:c7:2f:5d:27:26:f3:
         c5:7e:94:5f:58:ed:4a:1a:96:07:59:7a:e6:d6:a6:fe:b8:29:
         4d:d4:62:97:d3:9b:59:dc:0c:c6:10:d1:c8:3e:d0:48:7f:1b:
         d9:ca:44:4b:cd:c2:ef:bf:4f:9c:c5:a7:51:bd:99:4f:8b:c3:
         10:86:95:ad:1e:db:10:84:ec:e7:5e:a8:2e:c3:94:15:0a:46:
         20:29:58:10:9f:a7:21:67:59:35:e7:47:0e:5e:a5:3e:e4:84:
         36:3c:9e:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7MSgaNmjxtDHsf0HFQRAbmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDExMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGNhOTg4MTQ4ZmVlMTJlZmQ0ZTkxNGRiNGRjMTg1MmI0NjdiZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPwU1YmrmMyr0WNMbFRHqbbgasUx
V1m+oadDVGwr2LOxFpigGPHYHmasF5Ilb2jcyobRdh1jvUGMWf20Lp27isvlm/Hx
Kl8TDKoH54mlNZ4f9UKDDgomSiWp4Rr6jDxsukRdbhN+vyfmZXpH/WukIrPfMdeM
fEXVVV0RdlnkSupaZbog7Kal63+k4dPbpcRjJrhfC3UrhWqOwdz5Dup5NDzQHh7d
bwxVGYGrQRYv2WLejLoreC3IPA/+ghNV12NqwWePvVsYU+x9ErchVK8Y8JXGPuCh
nq86fyeUI2WB3D/HM1VE1cuT67fXyzddGAivzgy9A9N0GxPzPV/6V5HEAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTKmIFI/uEu/U6RTbTcGFK0Z71wMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMU1xWWdVai00Uzc5VHBGTnROd1lVclJudlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ejOMA0G
CSqGSIb3DQEBCwUAA4IBAQASBwqGh+V22qcaYXskFvfWdOwW3DmsC7NnsehgOj5I
x4RMRteNI4JI5AbX1+6Y1TFPz7D4V9kQpllcLWoIZwHPA5JjYCMh7HnFOU8LqR5h
S6n1eiXIvD2slqkQfZ+1iVxQzOFRtXfFYHDA35oPn8oWAwTdQs9958TWrIhjF5N7
dViFYmaOlvVHIZzNX2yWHZ/sKwhRHaork9yq1BTHL10nJvPFfpRfWO1KGpYHWXrm
1qb+uClN1GKX05tZ3AzGENHIPtBIfxvZykRLzcLvv0+cxadRvZlPi8MQhpWtHtsQ
hOznXqguw5QVCkYgKVgQn6chZ1k150cOXqU+5IQ2PJ6O
-----END CERTIFICATE-----