Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/m2M_R-5tVIr02kqWPDhKfK6xqfA.roa
File:                     m2M_R-5tVIr02kqWPDhKfK6xqfA.roa (raw, json)
Hash identifier:          eNnyPHgwDth64KRhNPc1Jmhu1WZvC/qGXes+N4OD0uo=
Subject key identifier:   9B:63:3F:47:EE:6D:54:8A:F4:DA:4A:96:3C:38:4A:7C:AE:B1:A9:F0
Certificate issuer:       /CN=daac15b782bc32747b538dec2a222416cd684825
Certificate serial:       018CC86F6C38DDFA5AF0141F7C5438C1CF51
Authority key identifier: DA:AC:15:B7:82:BC:32:74:7B:53:8D:EC:2A:22:24:16:CD:68:48:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2qwVt4K8MnR7U43sKiIkFs1oSCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/m2M_R-5tVIr02kqWPDhKfK6xqfA.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216316
IP address blocks:        193.3.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/2qwVt4K8MnR7U43sKiIkFs1oSCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/2qwVt4K8MnR7U43sKiIkFs1oSCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2qwVt4K8MnR7U43sKiIkFs1oSCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6c:38:dd:fa:5a:f0:14:1f:7c:54:38:c1:cf:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daac15b782bc32747b538dec2a222416cd684825
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b633f47ee6d548af4da4a963c384a7caeb1a9f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:04:e2:c7:df:18:b8:ab:6c:f1:69:55:50:02:
                    35:05:a5:ef:aa:f7:4b:e3:6b:82:79:25:f2:62:95:
                    68:6c:08:c9:77:11:b8:4b:39:b5:e5:8b:0a:c9:7c:
                    62:37:d7:c6:67:2b:d1:65:5b:ac:b3:cc:bc:36:f6:
                    82:1b:98:8e:50:04:f0:0b:71:71:1f:39:63:ca:af:
                    28:1c:1e:c1:f7:1a:3e:32:fa:36:9f:e8:b7:af:0a:
                    24:77:c1:f3:88:22:cc:2c:da:bc:31:12:ce:0c:55:
                    4a:25:17:3f:b8:52:96:6c:1d:20:5c:e2:03:a5:a8:
                    56:7a:3b:95:41:90:7d:f8:1e:f4:87:86:f4:cb:93:
                    df:92:9d:34:9c:44:a2:a5:6c:4e:2c:f6:08:30:2c:
                    2b:3c:fd:78:ad:78:0e:fc:2c:16:8f:b3:6a:83:68:
                    c4:eb:1d:2b:45:e6:76:7e:3a:01:fc:f0:d8:7c:3d:
                    bf:ca:e7:d3:5b:0a:15:48:73:ff:ea:d0:bd:dc:55:
                    68:26:6c:79:c7:dd:17:a8:f6:d0:3a:e3:25:0a:0e:
                    da:b2:e5:ee:cb:5e:4d:43:7f:b3:7c:73:ef:53:93:
                    41:b7:fa:43:07:1f:04:1e:ec:44:3c:95:6d:3b:dd:
                    4c:c3:b3:50:bd:93:64:8f:57:1e:92:fb:ac:76:37:
                    1b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:63:3F:47:EE:6D:54:8A:F4:DA:4A:96:3C:38:4A:7C:AE:B1:A9:F0
            X509v3 Authority Key Identifier:
                keyid:DA:AC:15:B7:82:BC:32:74:7B:53:8D:EC:2A:22:24:16:CD:68:48:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2qwVt4K8MnR7U43sKiIkFs1oSCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/m2M_R-5tVIr02kqWPDhKfK6xqfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/56f2e9-72aa-4a41-8946-182432a96dbd/1/2qwVt4K8MnR7U43sKiIkFs1oSCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:6f:21:88:cb:6f:dc:75:38:02:9d:c8:c2:d2:dc:50:0e:d1:
         bf:db:fe:f7:d8:0a:d6:df:f5:b0:d1:53:86:93:11:7d:76:99:
         a9:f2:a0:10:14:63:f8:cf:2d:9a:fa:e5:c8:d8:bc:08:12:0a:
         ad:a8:80:61:29:82:ab:23:54:b5:0a:c1:43:aa:00:c7:6f:e2:
         3a:15:6c:74:3c:cf:d1:38:e4:30:f5:c0:b3:22:a3:e8:48:e1:
         54:e8:7f:0c:fb:19:27:a8:7a:83:6f:d1:16:21:a8:42:6e:4b:
         99:1e:67:86:f9:46:2a:b2:b9:ec:47:1a:6a:d4:e8:68:f5:c0:
         78:9b:4c:ff:c5:b5:e0:4d:ff:2c:e4:9a:da:9b:c8:ae:45:c1:
         48:3c:31:7c:d8:0c:b7:e7:bb:e0:96:b1:d3:eb:35:19:dc:53:
         62:ae:59:9d:18:d6:59:0e:b3:6c:d2:ea:4f:cc:6b:88:a1:e0:
         60:61:33:4a:af:c9:3a:b3:05:1e:c0:dc:dc:5c:4e:c9:15:d1:
         ed:98:1b:36:21:dd:ff:8d:14:f1:cf:e3:81:db:e6:80:34:a3:
         21:49:d8:47:5d:20:f2:e2:db:5d:17:af:1f:72:65:ab:f3:0f:
         ad:77:f3:57:94:af:58:00:83:4a:1e:d0:61:41:ee:00:7f:bb:
         06:0f:4d:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2w43fpa8BQffFQ4wc9RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWMxNWI3ODJiYzMyNzQ3YjUzOGRlYzJhMjIyNDE2Y2Q2
ODQ4MjUwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjYzM2Y0N2VlNmQ1NDhhZjRkYTRhOTYzYzM4NGE3Y2FlYjFhOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgTix98YuKts8WlVUAI1BaXvqvdL
42uCeSXyYpVobAjJdxG4Szm15YsKyXxiN9fGZyvRZVuss8y8NvaCG5iOUATwC3Fx
Hzljyq8oHB7B9xo+Mvo2n+i3rwokd8HziCLMLNq8MRLODFVKJRc/uFKWbB0gXOID
pahWejuVQZB9+B70h4b0y5Pfkp00nESipWxOLPYIMCwrPP14rXgO/CwWj7Nqg2jE
6x0rReZ2fjoB/PDYfD2/yufTWwoVSHP/6tC93FVoJmx5x90XqPbQOuMlCg7asuXu
y15NQ3+zfHPvU5NBt/pDBx8EHuxEPJVtO91Mw7NQvZNkj1cekvusdjcb4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtjP0fubVSK9NpKljw4SnyusanwMB8GA1UdIwQY
MBaAFNqsFbeCvDJ0e1ON7CoiJBbNaEglMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnF3VnQ0SzhNblI3VTQzc0tpSWtGczFvU0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi81NmYyZTktNzJhYS00YTQxLTg5NDYt
MTgyNDMyYTk2ZGJkLzEvbTJNX1ItNXRWSXIwMmtxV1BEaEtmSzZ4cWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi81NmYyZTktNzJhYS00YTQxLTg5NDYtMTgyNDMyYTk2ZGJk
LzEvMnF3VnQ0SzhNblI3VTQzc0tpSWtGczFvU0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMmMA0G
CSqGSIb3DQEBCwUAA4IBAQAfbyGIy2/cdTgCncjC0txQDtG/2/732ArW3/Ww0VOG
kxF9dpmp8qAQFGP4zy2a+uXI2LwIEgqtqIBhKYKrI1S1CsFDqgDHb+I6FWx0PM/R
OOQw9cCzIqPoSOFU6H8M+xknqHqDb9EWIahCbkuZHmeG+UYqsrnsRxpq1Oho9cB4
m0z/xbXgTf8s5Jram8iuRcFIPDF82Ay357vglrHT6zUZ3FNirlmdGNZZDrNs0upP
zGuIoeBgYTNKr8k6swUewNzcXE7JFdHtmBs2Id3/jRTxz+OB2+aANKMhSdhHXSDy
4ttdF68fcmWr8w+td/NXlK9YAINKHtBhQe4Af7sGD00F
-----END CERTIFICATE-----