Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/mcVjwojiGELLiOr0TGtYm_FuT8E.roa
File:                     mcVjwojiGELLiOr0TGtYm_FuT8E.roa (raw, json)
Hash identifier:          UWb9CJW5Gv1GnVcisuGI7Usu0Y3Qx+GX74kvDdGYBM8=
Subject key identifier:   99:C5:63:C2:88:E2:18:42:CB:88:EA:F4:4C:6B:58:9B:F1:6E:4F:C1
Certificate issuer:       /CN=a633725cd5dd91cf190ab3a99526e898357856ef
Certificate serial:       018CC424FB2D00A8ADD8E02BCB89E0ADA85F
Authority key identifier: A6:33:72:5C:D5:DD:91:CF:19:0A:B3:A9:95:26:E8:98:35:78:56:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/mcVjwojiGELLiOr0TGtYm_FuT8E.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209781
IP address blocks:        128.246.0.0/16 maxlen: 24
                          141.6.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fb:2d:00:a8:ad:d8:e0:2b:cb:89:e0:ad:a8:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a633725cd5dd91cf190ab3a99526e898357856ef
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99c563c288e21842cb88eaf44c6b589bf16e4fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:18:f1:67:ea:8b:c0:55:12:43:68:10:c9:53:
                    b9:92:0a:3c:f2:61:10:4e:37:7d:52:14:5f:33:11:
                    29:e4:ae:80:72:ac:50:ac:e3:78:d7:85:a4:09:41:
                    52:59:0d:85:eb:a0:d3:ac:ae:40:29:a2:18:2c:ef:
                    2b:9a:57:8c:d8:bd:bd:06:fd:c6:46:69:0f:65:3a:
                    c5:f8:c5:89:d3:cd:d3:8e:87:9f:75:07:42:93:be:
                    6b:95:da:f9:77:7b:5a:c6:37:95:5c:d4:1f:33:4f:
                    88:5a:05:6a:ec:d0:c6:35:8f:e6:4f:81:18:b2:a1:
                    6b:f0:7f:cd:e5:72:72:ac:96:f8:62:66:ac:f0:e0:
                    75:7d:a4:32:9b:ac:aa:04:fc:bb:43:51:2f:23:86:
                    07:00:3e:2d:47:13:d5:ac:2c:2a:ef:fa:e6:7a:b1:
                    9d:37:ad:bc:fe:6a:af:a4:b2:17:43:0c:1a:df:ff:
                    64:65:60:21:bd:db:e3:b1:74:3d:39:bc:06:fc:30:
                    95:ed:f9:e9:35:1c:f9:ed:d4:a0:d6:d0:fb:58:45:
                    d6:7e:c9:29:31:97:c2:d2:a3:22:ef:e8:e6:ae:a4:
                    0e:58:7c:f5:bd:80:57:9a:25:a2:d0:d7:c9:87:33:
                    39:b9:d5:52:16:a9:4b:ae:b2:67:80:c9:9f:37:c0:
                    d8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C5:63:C2:88:E2:18:42:CB:88:EA:F4:4C:6B:58:9B:F1:6E:4F:C1
            X509v3 Authority Key Identifier:
                keyid:A6:33:72:5C:D5:DD:91:CF:19:0A:B3:A9:95:26:E8:98:35:78:56:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/mcVjwojiGELLiOr0TGtYm_FuT8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.246.0.0/16
                  141.6.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:fc:bd:02:24:76:31:47:2f:68:f1:e8:75:1d:5b:b2:7a:20:
         e9:82:8a:2a:07:c7:7c:53:94:ea:23:5e:8f:75:2a:92:d5:ea:
         71:a6:0c:8d:55:7f:77:b6:ec:6c:56:d9:9f:7a:46:ab:df:f3:
         28:a3:d0:71:26:04:66:fa:98:96:5b:27:8f:24:f6:eb:5d:2f:
         e8:63:dc:e4:1d:0c:2c:bc:c5:a9:db:94:43:59:6a:cb:b6:50:
         4f:4f:4e:f6:37:8e:34:96:01:90:d7:fe:e3:f9:98:e0:cb:2a:
         00:71:db:40:0c:ae:93:1b:c2:e0:26:c4:0f:90:cb:f5:21:0d:
         fb:fc:2b:26:07:42:60:18:68:a4:77:4e:43:09:cf:81:d5:35:
         cd:97:d8:bb:14:11:7d:a1:e2:48:45:f0:c5:36:fe:20:78:3d:
         79:36:7a:ac:ae:69:c5:87:5e:01:81:b8:9d:94:74:e8:e4:cc:
         b6:d4:18:7f:5d:dd:16:8a:11:8f:b1:17:e8:b5:f9:e1:1b:15:
         cc:63:96:c5:12:df:a5:3c:1f:d6:d5:00:eb:e3:2c:cc:73:74:
         bc:5f:0e:23:e4:d9:21:9d:66:af:77:a5:7e:0a:e3:b2:1b:e7:
         60:ea:65:8d:16:9c:73:26:76:7d:4f:92:9b:c0:b3:38:3f:59:
         09:c4:a9:6d
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzEJPstAKit2OAry4ngrahfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MzM3MjVjZDVkZDkxY2YxOTBhYjNhOTk1MjZlODk4MzU3
ODU2ZWYwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWM1NjNjMjg4ZTIxODQyY2I4OGVhZjQ0YzZiNTg5YmYxNmU0ZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxjxZ+qLwFUSQ2gQyVO5kgo88mEQ
Tjd9UhRfMxEp5K6AcqxQrON414WkCUFSWQ2F66DTrK5AKaIYLO8rmleM2L29Bv3G
RmkPZTrF+MWJ083TjoefdQdCk75rldr5d3taxjeVXNQfM0+IWgVq7NDGNY/mT4EY
sqFr8H/N5XJyrJb4Ymas8OB1faQym6yqBPy7Q1EvI4YHAD4tRxPVrCwq7/rmerGd
N628/mqvpLIXQwwa3/9kZWAhvdvjsXQ9ObwG/DCV7fnpNRz57dSg1tD7WEXWfskp
MZfC0qMi7+jmrqQOWHz1vYBXmiWi0NfJhzM5udVSFqlLrrJngMmfN8DY4wIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFJnFY8KI4hhCy4jq9ExrWJvxbk/BMB8GA1UdIwQY
MBaAFKYzclzV3ZHPGQqzqZUm6Jg1eFbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpOeVhOWGRrYzhaQ3JPcGxTYm9tRFY0VnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81Yjg1NmEtYTkwZC00NzkxLTljMTAt
YzBiODEzYjRlYzdlLzEvbWNWandvamlHRUxMaU9yMFRHdFltX0Z1VDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81Yjg1NmEtYTkwZC00NzkxLTljMTAtYzBiODEzYjRlYzdl
LzEvcGpOeVhOWGRrYzhaQ3JPcGxTYm9tRFY0VnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAgPYDAwCN
BjANBgkqhkiG9w0BAQsFAAOCAQEAPfy9AiR2MUcvaPHodR1bsnog6YKKKgfHfFOU
6iNej3UqktXqcaYMjVV/d7bsbFbZn3pGq9/zKKPQcSYEZvqYllsnjyT2610v6GPc
5B0MLLzFqduUQ1lqy7ZQT09O9jeONJYBkNf+4/mY4MsqAHHbQAyukxvC4CbED5DL
9SEN+/wrJgdCYBhopHdOQwnPgdU1zZfYuxQRfaHiSEXwxTb+IHg9eTZ6rK5pxYde
AYG4nZR06OTMttQYf13dFooRj7EX6LX54RsVzGOWxRLfpTwf1tUA6+MszHN0vF8O
I+TZIZ1mr3elfgrjshvnYOpljRaccyZ2fU+Sm8CzOD9ZCcSpbQ==
-----END CERTIFICATE-----