Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/9a9506-20d4-4ab7-b563-e2d3d94cc238/1/M82VRRJuohB5A2-qNOGM-v-WW8c.roa
File:                     M82VRRJuohB5A2-qNOGM-v-WW8c.roa (raw, json)
Hash identifier:          9jdBw1vfS09bWXOdoB+OHyXnvOGdajc9jf7ctXOHvk0=
Subject key identifier:   33:CD:95:45:12:6E:A2:10:79:03:6F:AA:34:E1:8C:FA:FF:96:5B:C7
Certificate issuer:       /CN=3238786e9f70e6db74230d72675a483bd24ef256
Certificate serial:       018CC56E7C812F6C0AAE67699B65D3A47C04
Authority key identifier: 32:38:78:6E:9F:70:E6:DB:74:23:0D:72:67:5A:48:3B:D2:4E:F2:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mjh4bp9w5tt0Iw1yZ1pIO9JO8lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/9a9506-20d4-4ab7-b563-e2d3d94cc238/1/M82VRRJuohB5A2-qNOGM-v-WW8c.roa
Signing time:             Mon 01 Jan 2024 14:30:01 +0000
ROA not before:           Mon 01 Jan 2024 14:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204562
IP address blocks:        185.245.240.0/22 maxlen: 24
                          2a0d:6e80::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/9a9506-20d4-4ab7-b563-e2d3d94cc238/1/Mjh4bp9w5tt0Iw1yZ1pIO9JO8lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/9a9506-20d4-4ab7-b563-e2d3d94cc238/1/Mjh4bp9w5tt0Iw1yZ1pIO9JO8lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mjh4bp9w5tt0Iw1yZ1pIO9JO8lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7c:81:2f:6c:0a:ae:67:69:9b:65:d3:a4:7c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3238786e9f70e6db74230d72675a483bd24ef256
        Validity
            Not Before: Jan  1 14:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33cd9545126ea21079036faa34e18cfaff965bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3f:5a:2c:d6:40:3b:f6:ca:7c:0c:fc:96:07:
                    80:43:b2:8d:f8:39:c6:62:b3:b2:32:b3:54:8b:ff:
                    68:1a:1e:57:9b:dd:63:f0:52:7c:dc:19:3f:5a:b1:
                    28:6c:72:c5:d5:35:be:1b:4e:29:4b:d9:21:97:45:
                    ff:f5:45:d1:4a:4c:6d:65:66:b2:7d:df:42:dd:38:
                    47:cb:07:ee:85:10:59:c9:53:07:a7:9e:38:fd:fe:
                    8f:b3:31:55:95:d1:bf:da:e3:a6:f4:43:bb:6c:6f:
                    e7:60:59:ad:f8:d2:51:74:2d:ec:cc:c1:cf:0b:42:
                    a0:52:d8:2c:2c:64:72:b5:85:0a:ba:1c:c4:46:aa:
                    98:f1:58:48:99:13:73:39:ee:ef:9f:97:5e:b7:ce:
                    42:47:37:90:f9:eb:49:5b:cd:c5:6a:a1:d3:1c:88:
                    ed:15:38:92:84:41:ef:0a:43:28:58:e8:10:83:c6:
                    12:19:b8:5e:e2:88:08:ed:6c:2d:9f:03:b5:a9:4a:
                    dc:93:d5:a1:c3:70:20:f1:f9:de:49:54:6e:b2:bf:
                    e1:9a:54:c7:74:42:c4:45:d7:64:51:f0:60:a3:2c:
                    0e:de:34:60:51:54:17:b8:2c:ad:06:0d:06:d4:73:
                    d9:2e:b6:7e:9d:33:b6:47:97:c9:8b:39:36:9d:bd:
                    d8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:CD:95:45:12:6E:A2:10:79:03:6F:AA:34:E1:8C:FA:FF:96:5B:C7
            X509v3 Authority Key Identifier:
                keyid:32:38:78:6E:9F:70:E6:DB:74:23:0D:72:67:5A:48:3B:D2:4E:F2:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mjh4bp9w5tt0Iw1yZ1pIO9JO8lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9a9506-20d4-4ab7-b563-e2d3d94cc238/1/M82VRRJuohB5A2-qNOGM-v-WW8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/9a9506-20d4-4ab7-b563-e2d3d94cc238/1/Mjh4bp9w5tt0Iw1yZ1pIO9JO8lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.240.0/22
                IPv6:
                  2a0d:6e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:ed:08:6d:13:f7:fd:fd:38:bd:63:40:52:ea:cd:62:a0:00:
         2e:4e:67:29:9f:dc:2d:1d:07:79:ec:8c:0c:5e:4f:a8:dc:d8:
         73:90:e9:70:d3:91:0b:6f:41:94:f1:6f:a0:9c:97:a0:28:f3:
         d6:de:aa:1f:00:ea:ef:81:7d:8a:96:1c:5d:ca:d4:b3:dc:14:
         1d:49:d2:02:5f:75:5c:15:36:01:b4:c3:44:23:d1:89:39:b7:
         f8:f4:6f:60:7c:7c:48:f0:3f:24:71:ad:a6:d3:7c:f9:b2:87:
         88:f5:a8:74:e0:bb:07:ab:2e:3f:87:92:71:d6:53:6b:80:c8:
         1c:e8:4a:7a:76:92:6f:01:06:8f:de:a0:de:53:d2:e7:91:f3:
         ed:43:5b:6f:46:95:fb:73:57:44:34:5f:8e:d2:1e:7f:33:16:
         f2:94:12:ab:3f:7e:13:d5:aa:e7:e5:82:56:9a:e1:d4:3e:9b:
         e6:ba:8c:19:b0:f3:a0:5f:41:54:90:32:b2:8f:f1:58:a7:9e:
         41:79:41:12:52:39:d8:39:f8:1f:f2:c2:b3:84:14:d2:ab:15:
         0f:fe:e3:72:e2:5f:a3:1b:48:c5:11:d1:25:8b:6d:2a:8a:c6:
         18:7b:b5:0c:2d:23:e0:2c:0a:4f:fb:a4:74:f4:d8:34:4b:a9:
         a0:6d:ca:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbnyBL2wKrmdpm2XTpHwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMzg3ODZlOWY3MGU2ZGI3NDIzMGQ3MjY3NWE0ODNiZDI0
ZWYyNTYwHhcNMjQwMTAxMTQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2NkOTU0NTEyNmVhMjEwNzkwMzZmYWEzNGUxOGNmYWZmOTY1YmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiD9aLNZAO/bKfAz8lgeAQ7KN+DnG
YrOyMrNUi/9oGh5Xm91j8FJ83Bk/WrEobHLF1TW+G04pS9khl0X/9UXRSkxtZWay
fd9C3ThHywfuhRBZyVMHp544/f6PszFVldG/2uOm9EO7bG/nYFmt+NJRdC3szMHP
C0KgUtgsLGRytYUKuhzERqqY8VhImRNzOe7vn5det85CRzeQ+etJW83FaqHTHIjt
FTiShEHvCkMoWOgQg8YSGbhe4ogI7WwtnwO1qUrck9Whw3Ag8fneSVRusr/hmlTH
dELERddkUfBgoywO3jRgUVQXuCytBg0G1HPZLrZ+nTO2R5fJizk2nb3YQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDPNlUUSbqIQeQNvqjThjPr/llvHMB8GA1UdIwQY
MBaAFDI4eG6fcObbdCMNcmdaSDvSTvJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWpoNGJwOXc1dHQwSXcxeVoxcElPOUpPOGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85YTk1MDYtMjBkNC00YWI3LWI1NjMt
ZTJkM2Q5NGNjMjM4LzEvTTgyVlJSSnVvaEI1QTItcU5PR00tdi1XVzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85YTk1MDYtMjBkNC00YWI3LWI1NjMtZTJkM2Q5NGNjMjM4
LzEvTWpoNGJwOXc1dHQwSXcxeVoxcElPOUpPOGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufXwMA0E
AgACMAcDBQMqDW6AMA0GCSqGSIb3DQEBCwUAA4IBAQAQ7QhtE/f9/Ti9Y0BS6s1i
oAAuTmcpn9wtHQd57IwMXk+o3NhzkOlw05ELb0GU8W+gnJegKPPW3qofAOrvgX2K
lhxdytSz3BQdSdICX3VcFTYBtMNEI9GJObf49G9gfHxI8D8kca2m03z5soeI9ah0
4LsHqy4/h5Jx1lNrgMgc6Ep6dpJvAQaP3qDeU9LnkfPtQ1tvRpX7c1dENF+O0h5/
MxbylBKrP34T1arn5YJWmuHUPpvmuowZsPOgX0FUkDKyj/FYp55BeUESUjnYOfgf
8sKzhBTSqxUP/uNy4l+jG0jFEdEli20qisYYe7UMLSPgLApP+6R09Ng0S6mgbcoy
-----END CERTIFICATE-----