Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/M1-jHgu3qTMJjE5G2zHx8cPyavA.roa
File:                     M1-jHgu3qTMJjE5G2zHx8cPyavA.roa (raw, json)
Hash identifier:          N0myyP3VDlOhgiRJjMCQxyl8mIf/gcv1zFYvFxLJ3PA=
Subject key identifier:   33:5F:A3:1E:0B:B7:A9:33:09:8C:4E:46:DB:31:F1:F1:C3:F2:6A:F0
Certificate issuer:       /CN=b307c87e7b6e294f2700790eef19e82939d85cd6
Certificate serial:       018CC42530A11B4CE57BB9E957976DF4F8EE
Authority key identifier: B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/M1-jHgu3qTMJjE5G2zHx8cPyavA.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211181
IP address blocks:        79.132.194.0/24 maxlen: 24
                          2a10:fa41::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:30:a1:1b:4c:e5:7b:b9:e9:57:97:6d:f4:f8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b307c87e7b6e294f2700790eef19e82939d85cd6
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=335fa31e0bb7a933098c4e46db31f1f1c3f26af0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9a:7a:48:69:60:6b:2f:30:56:f0:e1:72:80:
                    7f:b1:81:22:f0:4a:a6:3d:3f:69:c7:51:37:cf:20:
                    b6:dc:ed:29:90:41:f6:bf:ea:0e:0e:0e:be:1e:e1:
                    35:25:5f:74:a4:04:98:6a:60:1f:cd:71:45:87:be:
                    80:76:2c:b9:a5:24:31:92:b1:e2:60:31:fe:65:08:
                    64:1c:8c:c9:41:b2:a5:70:87:47:4b:c9:be:47:b8:
                    96:f9:83:5e:c3:7e:ca:8d:f4:59:d6:13:aa:8a:69:
                    94:7d:72:e3:df:e0:ed:91:43:9d:d4:68:5c:5b:64:
                    0b:30:6f:9f:63:29:ec:72:42:69:c9:38:ff:11:0e:
                    d9:22:d3:3a:71:31:cf:45:41:b3:e1:26:11:0d:f0:
                    f5:32:65:62:92:30:e6:d8:bd:1d:d7:b7:f2:63:a1:
                    8d:57:39:4f:50:48:7d:60:dd:12:d8:e6:83:4f:25:
                    5e:f6:fb:3d:4f:1c:42:9d:b0:4c:6b:24:b9:5e:60:
                    5c:b1:3a:4a:ea:ed:9d:e1:eb:fd:ab:9a:42:60:ad:
                    0d:fd:08:f2:92:d0:d4:dd:28:e5:1b:73:69:e1:6c:
                    e7:88:6a:cb:b3:3d:a2:c6:5e:f0:a6:9b:a3:95:54:
                    73:d6:eb:0a:fc:49:83:1c:d0:db:54:ac:2f:b3:28:
                    69:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5F:A3:1E:0B:B7:A9:33:09:8C:4E:46:DB:31:F1:F1:C3:F2:6A:F0
            X509v3 Authority Key Identifier:
                keyid:B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/M1-jHgu3qTMJjE5G2zHx8cPyavA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.194.0/24
                IPv6:
                  2a10:fa41::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:74:4c:89:f7:46:53:fc:b2:8b:13:fa:dc:d7:c7:22:23:67:
         93:9b:5c:08:72:42:c4:05:fb:f6:67:7d:24:ac:1e:7c:1b:1a:
         ee:d3:57:a5:d4:1e:6a:5c:f3:d8:0a:7c:9a:c7:69:36:57:45:
         8c:3b:16:a8:a2:37:9e:16:ae:20:91:e3:4f:ca:0e:d8:35:28:
         d6:4f:ff:df:13:c7:9f:3b:0d:4e:ea:5b:9a:1a:2f:83:9b:81:
         b6:f8:0e:35:4e:c7:a6:87:cf:81:0a:c8:ad:65:8e:33:15:0c:
         86:95:9a:05:18:50:34:f5:c7:70:a1:8f:93:fa:21:14:85:84:
         0e:82:1d:83:a9:54:60:b4:ac:f2:52:30:1b:dd:7e:55:f6:bb:
         35:13:0b:b7:b2:d2:ba:1d:a5:0f:e2:79:b4:a6:a5:54:90:e4:
         04:f7:e6:70:9d:4d:94:fe:c2:85:03:d2:b0:bc:8a:05:ad:85:
         a6:0d:a9:ee:36:2d:33:63:e0:ea:ee:fe:46:4d:dc:b4:bf:21:
         88:c1:9f:de:e0:ce:b5:c8:67:b2:13:54:46:f0:1f:64:ff:63:
         b5:ad:d5:93:d3:58:55:d9:e9:4b:8c:36:96:7a:94:8c:21:b2:
         c7:0d:d2:d1:1c:49:e5:70:0d:a4:bf:95:bc:1f:8b:ce:8c:18:
         bd:11:0f:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJTChG0zle7npV5dt9PjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMDdjODdlN2I2ZTI5NGYyNzAwNzkwZWVmMTllODI5Mzlk
ODVjZDYwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzVmYTMxZTBiYjdhOTMzMDk4YzRlNDZkYjMxZjFmMWMzZjI2YWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJp6SGlgay8wVvDhcoB/sYEi8Eqm
PT9px1E3zyC23O0pkEH2v+oODg6+HuE1JV90pASYamAfzXFFh76Adiy5pSQxkrHi
YDH+ZQhkHIzJQbKlcIdHS8m+R7iW+YNew37KjfRZ1hOqimmUfXLj3+DtkUOd1Ghc
W2QLMG+fYynsckJpyTj/EQ7ZItM6cTHPRUGz4SYRDfD1MmVikjDm2L0d17fyY6GN
VzlPUEh9YN0S2OaDTyVe9vs9TxxCnbBMayS5XmBcsTpK6u2d4ev9q5pCYK0N/Qjy
ktDU3SjlG3Np4WzniGrLsz2ixl7wppujlVRz1usK/EmDHNDbVKwvsyhpXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDNfox4Lt6kzCYxORtsx8fHD8mrwMB8GA1UdIwQY
MBaAFLMHyH57bilPJwB5Du8Z6Ck52FzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODct
NjQ5NDVhNGY4ZTEyLzEvTTEtakhndTNxVE1KakU1RzJ6SHg4Y1B5YXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODctNjQ5NDVhNGY4ZTEy
LzEvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAT4TCMA0E
AgACMAcDBQAqEPpBMA0GCSqGSIb3DQEBCwUAA4IBAQCddEyJ90ZT/LKLE/rc18ci
I2eTm1wIckLEBfv2Z30krB58Gxru01el1B5qXPPYCnyax2k2V0WMOxaoojeeFq4g
keNPyg7YNSjWT//fE8efOw1O6luaGi+Dm4G2+A41Tsemh8+BCsitZY4zFQyGlZoF
GFA09cdwoY+T+iEUhYQOgh2DqVRgtKzyUjAb3X5V9rs1Ewu3stK6HaUP4nm0pqVU
kOQE9+ZwnU2U/sKFA9KwvIoFrYWmDanuNi0zY+Dq7v5GTdy0vyGIwZ/e4M61yGey
E1RG8B9k/2O1rdWT01hV2elLjDaWepSMIbLHDdLRHEnlcA2kv5W8H4vOjBi9EQ9O
-----END CERTIFICATE-----