Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/m0mxL_jlvXSiQsscQ_yVMuFDwEE.roa
File:                     m0mxL_jlvXSiQsscQ_yVMuFDwEE.roa (raw, json)
Hash identifier:          wiMYUdHwQFM1leb/GcI3OPBou+8q7tUXsUfpSnvhpYk=
Subject key identifier:   9B:49:B1:2F:F8:E5:BD:74:A2:42:CB:1C:43:FC:95:32:E1:43:C0:41
Certificate issuer:       /CN=53c912a0411bb0174507092d0ca35a91ad79905c
Certificate serial:       018CC493644E40CB13751867CCBF12170A89
Authority key identifier: 53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/m0mxL_jlvXSiQsscQ_yVMuFDwEE.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.59.139.0/24 maxlen: 24
                          194.59.137.0/24 maxlen: 24
                          2a07:cb81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:64:4e:40:cb:13:75:18:67:cc:bf:12:17:0a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c912a0411bb0174507092d0ca35a91ad79905c
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b49b12ff8e5bd74a242cb1c43fc9532e143c041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:57:7f:85:50:45:f4:75:ba:8a:cf:f5:ac:3b:
                    69:e3:46:16:75:21:67:59:99:8d:ca:c2:9c:75:08:
                    6b:7b:af:c8:2e:8e:da:e4:31:78:33:35:f4:8e:39:
                    db:d0:b7:bf:e1:cf:e6:f3:7f:11:ac:6c:dc:18:36:
                    ac:b2:ee:71:59:64:99:94:70:66:1b:f9:7f:66:50:
                    39:05:97:4b:63:4f:69:07:c5:be:43:40:61:6e:b4:
                    43:e6:dc:15:1a:2b:a1:96:36:6a:ff:0b:0f:5c:a8:
                    a3:71:5e:ac:f8:29:1b:86:a3:11:3b:2c:6a:ac:0c:
                    22:32:07:c0:34:a5:b0:cd:85:10:b6:c8:92:cd:72:
                    8b:cd:50:bc:fa:ef:a6:5b:eb:df:cc:98:38:76:15:
                    93:1f:cf:e8:67:73:ef:73:f8:18:ac:55:2e:b2:e4:
                    76:ac:73:d5:c5:c2:92:c2:96:14:fa:b4:13:1a:59:
                    fd:2d:d7:28:f5:58:f1:d7:9f:42:5c:7e:c5:4f:80:
                    a0:09:1b:27:8e:56:a2:d6:d3:10:cb:d2:42:6a:a0:
                    35:df:9e:75:6a:e7:5f:a0:8b:ae:e3:fb:72:8a:11:
                    0a:7a:dc:88:ac:b5:94:f4:62:5a:da:f3:10:9e:84:
                    d9:05:9f:49:e6:19:44:1e:89:ab:43:93:e2:49:66:
                    5f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:49:B1:2F:F8:E5:BD:74:A2:42:CB:1C:43:FC:95:32:E1:43:C0:41
            X509v3 Authority Key Identifier:
                keyid:53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/m0mxL_jlvXSiQsscQ_yVMuFDwEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.137.0/24
                  194.59.139.0/24
                IPv6:
                  2a07:cb81::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:1d:07:73:6c:60:a9:00:e8:d0:fe:b7:20:02:f9:16:14:6c:
         1a:68:b7:0e:f9:6b:52:2f:43:bb:db:68:76:2b:90:b9:6a:89:
         a4:24:5c:18:18:92:74:d3:fb:d6:66:39:f3:f4:04:ad:53:72:
         86:41:d6:fc:5f:80:4e:be:40:7c:f5:a0:4a:75:49:ad:a8:b7:
         95:91:ac:36:a6:24:de:50:71:0e:78:4f:92:b7:82:f2:79:a0:
         82:b1:a4:13:23:72:3c:e1:f2:7a:8a:b8:81:2d:05:20:d1:71:
         30:69:f9:c3:35:b6:30:a7:9a:f9:dd:e4:5e:af:18:eb:e8:a0:
         21:1c:a6:e2:53:66:02:a1:1f:47:fe:1f:61:9d:0e:f9:fd:76:
         6c:ca:39:21:bc:58:13:4f:48:93:a1:77:48:72:cc:7b:77:86:
         53:b9:e9:97:63:68:41:32:4d:d9:3f:9d:d2:00:d5:10:1d:58:
         7e:d2:58:bb:a2:7e:89:23:87:53:8c:e2:91:40:c3:41:52:33:
         5c:5c:1a:f2:07:dc:b3:5c:af:f4:6d:5f:06:8d:62:a4:08:23:
         07:0e:4e:59:a7:4e:83:2f:46:2a:6d:a0:70:7f:73:5b:b4:8c:
         d8:eb:1d:41:74:64:37:63:fe:1b:ce:3b:5d:d8:d2:6d:ed:3f:
         b1:4d:c2:fd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk2ROQMsTdRhnzL8SFwqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzkxMmEwNDExYmIwMTc0NTA3MDkyZDBjYTM1YTkxYWQ3
OTkwNWMwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQ5YjEyZmY4ZTViZDc0YTI0MmNiMWM0M2ZjOTUzMmUxNDNjMDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFd/hVBF9HW6is/1rDtp40YWdSFn
WZmNysKcdQhre6/ILo7a5DF4MzX0jjnb0Le/4c/m838RrGzcGDassu5xWWSZlHBm
G/l/ZlA5BZdLY09pB8W+Q0BhbrRD5twVGiuhljZq/wsPXKijcV6s+CkbhqMROyxq
rAwiMgfANKWwzYUQtsiSzXKLzVC8+u+mW+vfzJg4dhWTH8/oZ3Pvc/gYrFUusuR2
rHPVxcKSwpYU+rQTGln9Ldco9Vjx159CXH7FT4CgCRsnjlai1tMQy9JCaqA13551
audfoIuu4/tyihEKetyIrLWU9GJa2vMQnoTZBZ9J5hlEHomrQ5PiSWZfqwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJtJsS/45b10okLLHEP8lTLhQ8BBMB8GA1UdIwQY
MBaAFFPJEqBBG7AXRQcJLQyjWpGteZBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAt
ZTIxYzQzNmI2MmVmLzEvbTBteExfamx2WFNpUXNzY1FfeVZNdUZEd0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAtZTIxYzQzNmI2MmVm
LzEvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwjuJAwQA
wjuLMA0EAgACMAcDBQAqB8uBMA0GCSqGSIb3DQEBCwUAA4IBAQAVHQdzbGCpAOjQ
/rcgAvkWFGwaaLcO+WtSL0O722h2K5C5aomkJFwYGJJ00/vWZjnz9AStU3KGQdb8
X4BOvkB89aBKdUmtqLeVkaw2piTeUHEOeE+St4LyeaCCsaQTI3I84fJ6iriBLQUg
0XEwafnDNbYwp5r53eRerxjr6KAhHKbiU2YCoR9H/h9hnQ75/XZsyjkhvFgTT0iT
oXdIcsx7d4ZTuemXY2hBMk3ZP53SANUQHVh+0li7on6JI4dTjOKRQMNBUjNcXBry
B9yzXK/0bV8GjWKkCCMHDk5Zp06DL0YqbaBwf3NbtIzY6x1BdGQ3Y/4bzjtd2NJt
7T+xTcL9
-----END CERTIFICATE-----