Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/M3hHUYdfm00J5Ktwfa_KUMhaiMg.roa
File:                     M3hHUYdfm00J5Ktwfa_KUMhaiMg.roa (raw, json)
Hash identifier:          EsVNsCUSWmqHQZPIM7WKfa/bL7Smd7fYzbl+X5ToUyk=
Subject key identifier:   33:78:47:51:87:5F:9B:4D:09:E4:AB:70:7D:AF:CA:50:C8:5A:88:C8
Certificate issuer:       /CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
Certificate serial:       018CC3B6895AD8D399CDFE4DB152D14665E6
Authority key identifier: 92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/M3hHUYdfm00J5Ktwfa_KUMhaiMg.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204287
IP address blocks:        87.239.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:89:5a:d8:d3:99:cd:fe:4d:b1:52:d1:46:65:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922208b47b6a864d9d1ff33e06aa81d13819a74e
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33784751875f9b4d09e4ab707dafca50c85a88c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6d:1b:e3:1d:b7:7c:e1:b8:49:0d:98:e1:2b:
                    c6:c8:c7:54:1a:02:48:c4:da:4d:06:36:a6:47:9c:
                    73:3e:ea:bf:4c:f2:83:ac:34:57:20:5f:6b:dd:87:
                    88:10:6b:63:8d:86:46:db:ff:97:d8:02:46:11:c6:
                    b1:b2:28:da:b9:ad:aa:b0:7d:63:9c:e2:e2:c4:e2:
                    3f:bd:b4:fb:26:35:bb:2b:4d:83:bc:e7:aa:99:a2:
                    a4:e9:d4:ec:a4:b9:f7:fc:f5:be:27:38:15:af:f6:
                    24:74:88:3d:55:e6:d4:ef:7b:39:78:88:ad:52:37:
                    a8:dc:aa:56:eb:28:8e:d1:12:4f:6c:b8:14:27:61:
                    e9:ce:33:4e:ff:72:ea:92:c7:f9:ce:21:14:6e:79:
                    4f:bd:08:68:b8:b2:65:0e:99:1e:31:10:40:7e:32:
                    88:fa:03:47:de:4d:69:55:c9:77:00:2f:32:84:06:
                    01:b3:2a:e5:4d:cc:dc:3a:d9:55:76:bc:65:95:99:
                    99:55:ff:08:8a:71:3c:38:67:88:03:b8:10:bc:08:
                    d6:7e:0a:37:cd:3d:32:6d:a9:03:89:eb:67:ae:98:
                    0b:21:17:0e:4f:9a:f9:3e:0e:53:d2:94:e3:ed:da:
                    6d:82:fb:27:cd:f9:84:fc:48:7d:26:cc:89:0f:80:
                    c3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:78:47:51:87:5F:9B:4D:09:E4:AB:70:7D:AF:CA:50:C8:5A:88:C8
            X509v3 Authority Key Identifier:
                keyid:92:22:08:B4:7B:6A:86:4D:9D:1F:F3:3E:06:AA:81:D1:38:19:A7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiIItHtqhk2dH_M-BqqB0TgZp04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/M3hHUYdfm00J5Ktwfa_KUMhaiMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6990e9-c3c0-478a-9997-95b08e3660cf/1/kiIItHtqhk2dH_M-BqqB0TgZp04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:52:9e:65:f7:18:ae:db:21:99:d3:1c:20:f5:6f:7c:93:66:
         47:fa:cc:22:b2:5b:2b:05:0d:a1:14:67:3e:3e:fb:f0:b7:f4:
         10:e4:53:df:7f:9b:6d:b2:21:33:b4:38:7f:9a:4f:6a:2a:90:
         d7:d3:91:25:f2:73:88:b4:22:4a:7c:d2:6b:97:1c:a8:e2:8f:
         ce:e9:36:35:08:b4:98:cc:55:96:31:cc:1e:5c:7a:69:9f:5d:
         1b:af:5e:f9:b0:b1:0d:95:37:8c:81:8c:73:49:b6:ed:5d:10:
         37:75:59:9b:1f:06:4d:95:1e:09:73:9c:2b:d2:e1:84:63:bf:
         66:b1:56:57:62:06:29:8d:c3:48:af:b8:22:6a:8d:d5:5c:73:
         b0:64:42:a4:cd:30:83:e1:cc:cd:81:ce:50:ec:33:15:90:6f:
         06:65:a4:e4:4b:d1:a5:4f:39:fa:c0:96:af:18:30:36:e4:98:
         45:87:75:36:ef:e2:8c:13:d5:3d:40:9d:f8:3d:cd:d5:80:be:
         01:38:af:4f:0b:bf:78:fd:c4:53:97:f2:3b:e2:63:5b:ab:cf:
         a0:45:9d:d9:08:e2:cc:f1:6c:cd:e9:49:32:b2:64:56:e0:91:
         9d:bb:6f:3a:92:73:73:b1:ed:ce:31:25:6f:dc:2c:a3:1c:f2:
         39:eb:6a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtola2NOZzf5NsVLRRmXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjIwOGI0N2I2YTg2NGQ5ZDFmZjMzZTA2YWE4MWQxMzgx
OWE3NGUwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc4NDc1MTg3NWY5YjRkMDllNGFiNzA3ZGFmY2E1MGM4NWE4OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu20b4x23fOG4SQ2Y4SvGyMdUGgJI
xNpNBjamR5xzPuq/TPKDrDRXIF9r3YeIEGtjjYZG2/+X2AJGEcaxsijaua2qsH1j
nOLixOI/vbT7JjW7K02DvOeqmaKk6dTspLn3/PW+JzgVr/YkdIg9VebU73s5eIit
Ujeo3KpW6yiO0RJPbLgUJ2HpzjNO/3Lqksf5ziEUbnlPvQhouLJlDpkeMRBAfjKI
+gNH3k1pVcl3AC8yhAYBsyrlTczcOtlVdrxllZmZVf8IinE8OGeIA7gQvAjWfgo3
zT0ybakDietnrpgLIRcOT5r5Pg5T0pTj7dptgvsnzfmE/Eh9JsyJD4DDVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN4R1GHX5tNCeSrcH2vylDIWojIMB8GA1UdIwQY
MBaAFJIiCLR7aoZNnR/zPgaqgdE4GadOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTct
OTViMDhlMzY2MGNmLzEvTTNoSFVZZGZtMDBKNUt0d2ZhX0tVTWhhaU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OTkwZTktYzNjMC00NzhhLTk5OTctOTViMDhlMzY2MGNm
LzEva2lJSXRIdHFoazJkSF9NLUJxcUIwVGdacDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+/4MA0G
CSqGSIb3DQEBCwUAA4IBAQBBUp5l9xiu2yGZ0xwg9W98k2ZH+swislsrBQ2hFGc+
Pvvwt/QQ5FPff5ttsiEztDh/mk9qKpDX05El8nOItCJKfNJrlxyo4o/O6TY1CLSY
zFWWMcweXHppn10br175sLENlTeMgYxzSbbtXRA3dVmbHwZNlR4Jc5wr0uGEY79m
sVZXYgYpjcNIr7giao3VXHOwZEKkzTCD4czNgc5Q7DMVkG8GZaTkS9GlTzn6wJav
GDA25JhFh3U27+KME9U9QJ34Pc3VgL4BOK9PC794/cRTl/I74mNbq8+gRZ3ZCOLM
8WzN6UkysmRW4JGdu286knNzse3OMSVv3CyjHPI562rz
-----END CERTIFICATE-----