Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/M2MUzsuWErKj9RrfITLUyscSHVI.roa
File:                     M2MUzsuWErKj9RrfITLUyscSHVI.roa (raw, json)
Hash identifier:          cEO4RkPPXgbfjhQTeL9hnoEFs/L0sdAEDfL79cUck6I=
Subject key identifier:   33:63:14:CE:CB:96:12:B2:A3:F5:1A:DF:21:32:D4:CA:C7:12:1D:52
Certificate issuer:       /CN=f9856d674f0e9dbf6012d5b5d3d96b43afd76473
Certificate serial:       018E283B2B94D75F049E0586645A32DC46C0
Authority key identifier: F9:85:6D:67:4F:0E:9D:BF:60:12:D5:B5:D3:D9:6B:43:AF:D7:64:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/M2MUzsuWErKj9RrfITLUyscSHVI.roa
Signing time:             Sun 10 Mar 2024 11:59:10 +0000
ROA not before:           Sun 10 Mar 2024 11:59:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9116
IP address blocks:        82.102.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:28:3b:2b:94:d7:5f:04:9e:05:86:64:5a:32:dc:46:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9856d674f0e9dbf6012d5b5d3d96b43afd76473
        Validity
            Not Before: Mar 10 11:59:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=336314cecb9612b2a3f51adf2132d4cac7121d52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fb:af:55:2c:35:13:5d:3c:0c:82:a7:98:e0:
                    4a:27:e1:f0:cf:a3:ff:be:d3:b0:56:0f:14:21:82:
                    ef:54:8e:4b:3f:c2:79:95:cd:63:a9:61:2e:ed:f7:
                    36:2e:1d:22:ac:a0:27:e9:5a:23:51:75:4b:65:79:
                    6c:09:93:4a:ca:cd:f5:96:97:9b:3d:de:9b:1e:27:
                    85:d6:82:c4:3e:a2:61:b2:09:04:be:b7:fc:1a:c0:
                    2a:59:cd:66:be:b7:08:a1:8c:50:32:84:68:a0:08:
                    9b:a1:de:25:65:10:c1:3d:05:4a:27:ae:9c:60:11:
                    f3:94:3f:97:43:0e:60:a8:f6:bd:ce:5d:71:18:ff:
                    93:75:d7:2a:bf:7f:4d:c1:81:2f:80:0e:25:ff:b7:
                    67:a2:cc:e4:0f:36:fe:42:c9:c8:b2:71:20:16:d5:
                    f9:54:e0:e4:98:2d:36:37:64:d3:f8:5b:db:af:64:
                    96:f7:a0:09:fe:a4:c8:5f:0d:40:45:12:77:3d:ea:
                    ca:2b:6a:61:cb:1b:69:c6:5c:3a:6a:45:ba:ed:2b:
                    b8:6a:30:e7:b0:4d:d7:11:e5:d4:47:6a:de:4f:be:
                    11:8b:e7:a6:c3:43:02:0f:28:aa:9b:b1:07:87:1c:
                    63:f8:e0:0f:7e:f6:e7:07:01:10:f8:da:e8:54:dd:
                    7c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:63:14:CE:CB:96:12:B2:A3:F5:1A:DF:21:32:D4:CA:C7:12:1D:52
            X509v3 Authority Key Identifier:
                keyid:F9:85:6D:67:4F:0E:9D:BF:60:12:D5:B5:D3:D9:6B:43:AF:D7:64:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/M2MUzsuWErKj9RrfITLUyscSHVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.102.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:25:62:d4:8a:e2:5e:f9:68:02:61:d4:45:66:d2:b0:3c:05:
         aa:7a:21:d0:22:32:40:73:c2:63:57:c1:2c:0f:be:80:5c:c0:
         a2:95:db:91:bf:de:7c:56:1b:25:dd:cc:27:aa:64:a8:65:ae:
         42:ca:2d:89:cf:b5:20:fd:bc:88:0b:f7:b5:2a:7d:84:a9:8e:
         9d:57:9b:1b:49:77:ed:c7:87:c6:10:a7:bd:b9:f0:96:c3:12:
         5e:87:65:0b:95:b0:70:2d:7b:80:b1:8f:96:b6:07:ef:b3:a6:
         32:c5:50:b4:e0:b4:2e:a5:a2:be:1a:45:6c:86:cd:67:46:2d:
         ee:22:48:47:34:79:cb:28:0f:6d:cc:53:a6:d6:70:54:64:4f:
         39:c0:a7:09:30:e5:3a:80:8d:02:30:fb:9e:55:0e:31:39:ce:
         27:80:3f:e3:a2:ae:63:85:fa:3e:24:62:a8:86:c6:76:75:d5:
         77:e4:17:a7:fc:28:55:58:af:6a:c8:0e:87:18:66:1f:e4:e1:
         bc:0d:11:5d:81:33:32:18:7c:ab:09:4c:46:89:89:24:57:70:
         da:c8:e4:e7:b6:b8:d1:7d:24:33:cd:74:03:4c:2f:63:e8:f0:
         83:d4:71:92:df:a7:57:e2:2a:06:81:3a:20:e1:c5:b6:cf:fb:
         32:96:67:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY4oOyuU118EngWGZFoy3EbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ODU2ZDY3NGYwZTlkYmY2MDEyZDViNWQzZDk2YjQzYWZk
NzY0NzMwHhcNMjQwMzEwMTE1OTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYzMTRjZWNiOTYxMmIyYTNmNTFhZGYyMTMyZDRjYWM3MTIxZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/uvVSw1E108DIKnmOBKJ+Hwz6P/
vtOwVg8UIYLvVI5LP8J5lc1jqWEu7fc2Lh0irKAn6VojUXVLZXlsCZNKys31lpeb
Pd6bHieF1oLEPqJhsgkEvrf8GsAqWc1mvrcIoYxQMoRooAibod4lZRDBPQVKJ66c
YBHzlD+XQw5gqPa9zl1xGP+Tddcqv39NwYEvgA4l/7dnoszkDzb+QsnIsnEgFtX5
VODkmC02N2TT+Fvbr2SW96AJ/qTIXw1ARRJ3PerKK2phyxtpxlw6akW67Su4ajDn
sE3XEeXUR2reT74Ri+emw0MCDyiqm7EHhxxj+OAPfvbnBwEQ+NroVN18AwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDNjFM7LlhKyo/Ua3yEy1MrHEh1SMB8GA1UdIwQY
MBaAFPmFbWdPDp2/YBLVtdPZa0Ov12RzMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ZVnRaMDhPbmI5Z0V0VzEwOWxyUTZfWFpITS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEvOWY5NTkwLTdmMGEtNDFiMy1hYzRm
LWVmZDE0ZGI5NTdmYi8xL00yTVV6c3VXRXJLajlScmZJVExVeXNjU0hWSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGEvOWY5NTkwLTdmMGEtNDFiMy1hYzRmLWVmZDE0ZGI5NTdm
Yi8xLzEtWVZ0WjA4T25iOWdFdFcxMDlsclE2X1haSE0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSZqEw
DQYJKoZIhvcNAQELBQADggEBAFMlYtSK4l75aAJh1EVm0rA8Bap6IdAiMkBzwmNX
wSwPvoBcwKKV25G/3nxWGyXdzCeqZKhlrkLKLYnPtSD9vIgL97UqfYSpjp1XmxtJ
d+3Hh8YQp7258JbDEl6HZQuVsHAte4Cxj5a2B++zpjLFULTgtC6lor4aRWyGzWdG
Le4iSEc0ecsoD23MU6bWcFRkTznApwkw5TqAjQIw+55VDjE5zieAP+OirmOF+j4k
YqiGxnZ11XfkF6f8KFVYr2rIDocYZh/k4bwNEV2BMzIYfKsJTEaJiSRXcNrI5Oe2
uNF9JDPNdANML2Po8IPUcZLfp1fiKgaBOiDhxbbP+zKWZ5A=
-----END CERTIFICATE-----