Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/M3rs1cXY3js_cTJQNJtzZBwZD7U.roa
File:                     M3rs1cXY3js_cTJQNJtzZBwZD7U.roa (raw, json)
Hash identifier:          nMVld9Y5W3lgmLvWFcD/X97ZjxQLjw6KqQKATu2yg8Y=
Subject key identifier:   33:7A:EC:D5:C5:D8:DE:3B:3F:71:32:50:34:9B:73:64:1C:19:0F:B5
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CC7275B251E133F3F4622520343EA800E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/M3rs1cXY3js_cTJQNJtzZBwZD7U.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211415
IP address blocks:        212.52.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5b:25:1e:13:3f:3f:46:22:52:03:43:ea:80:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=337aecd5c5d8de3b3f713250349b73641c190fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:97:56:17:bb:7d:f9:66:19:39:61:ec:03:3d:
                    33:a8:94:09:39:f9:53:dc:dd:0a:1b:a2:e4:cf:58:
                    a0:89:b7:61:6c:21:f6:a4:c5:6d:b3:2b:01:62:b7:
                    bf:98:d7:03:32:64:33:90:d0:c0:9a:14:d5:ea:8b:
                    6b:73:bc:47:b1:8a:12:25:b8:85:99:3e:38:24:a1:
                    e0:35:e7:aa:43:ed:82:fe:91:76:f6:96:a3:6b:18:
                    a6:bc:33:44:3d:9f:87:4d:18:06:10:40:91:ca:35:
                    14:0b:5b:97:06:90:9e:37:de:df:d2:14:f1:d5:f7:
                    44:ee:f5:ae:f4:da:95:b8:21:18:a4:fd:d2:dc:2e:
                    34:41:28:8a:43:34:aa:31:08:f0:83:d7:ee:ca:eb:
                    a3:8b:c5:6d:81:37:b9:0b:ab:38:b4:fb:22:d2:ea:
                    df:c4:cd:cc:0f:b7:ad:89:0f:4a:d0:97:06:3e:8b:
                    92:23:e2:6e:56:c2:f7:62:8b:cb:e0:a2:cf:71:18:
                    a6:78:27:f0:60:c3:fc:11:fa:dc:7e:69:9e:3e:71:
                    cf:7e:63:ec:ff:d0:02:06:4e:8b:bd:f9:d3:34:2b:
                    7a:00:9a:ad:43:79:72:10:5e:70:4c:e5:ba:91:96:
                    ca:ad:01:ca:5b:44:ee:09:f5:9e:05:24:3f:c9:d9:
                    ee:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7A:EC:D5:C5:D8:DE:3B:3F:71:32:50:34:9B:73:64:1C:19:0F:B5
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/M3rs1cXY3js_cTJQNJtzZBwZD7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:1a:fd:12:51:e3:a3:0c:83:18:de:42:d9:db:2d:1e:2f:7b:
         b3:a0:85:a0:5d:90:8f:22:26:70:12:70:eb:07:e0:f6:14:b7:
         63:8b:5e:1b:67:ce:41:91:62:03:11:de:8e:da:9c:ef:7b:22:
         56:82:8b:aa:5b:c9:b7:fc:f8:3a:54:d7:19:de:27:18:0d:94:
         52:f9:95:e8:f7:f2:05:8f:89:da:77:7d:3a:7e:27:b7:e6:6d:
         f7:c8:96:31:6b:f4:28:84:2e:58:5e:22:12:ff:39:1a:07:0c:
         f7:e2:d9:88:c2:48:06:65:20:6a:34:10:76:d1:7c:e3:30:4c:
         6d:23:13:3c:8a:c5:49:f6:30:2e:9b:e3:75:dd:39:42:36:b0:
         a6:1f:c2:47:35:49:db:b1:b9:34:fd:cc:38:d4:e0:95:23:ab:
         6d:85:19:cc:00:85:17:87:98:63:e0:54:95:bf:76:8d:d5:1e:
         01:a2:18:5b:37:94:58:96:f6:b8:00:c4:3e:7c:22:c9:a1:d5:
         3a:ed:1a:71:8e:0f:e4:d7:a3:12:c7:55:11:5c:a7:ec:b6:64:
         2d:a6:ea:11:cf:22:d3:ae:c7:75:ec:d0:01:ce:d9:a2:c8:c3:
         ff:bb:bf:9a:5e:e0:84:b7:75:ad:78:2b:0a:72:92:c1:11:b4:
         09:35:8e:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1slHhM/P0YiUgND6oAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdhZWNkNWM1ZDhkZTNiM2Y3MTMyNTAzNDliNzM2NDFjMTkwZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpdWF7t9+WYZOWHsAz0zqJQJOflT
3N0KG6Lkz1igibdhbCH2pMVtsysBYre/mNcDMmQzkNDAmhTV6otrc7xHsYoSJbiF
mT44JKHgNeeqQ+2C/pF29pajaximvDNEPZ+HTRgGEECRyjUUC1uXBpCeN97f0hTx
1fdE7vWu9NqVuCEYpP3S3C40QSiKQzSqMQjwg9fuyuuji8VtgTe5C6s4tPsi0urf
xM3MD7etiQ9K0JcGPouSI+JuVsL3YovL4KLPcRimeCfwYMP8EfrcfmmePnHPfmPs
/9ACBk6LvfnTNCt6AJqtQ3lyEF5wTOW6kZbKrQHKW0TuCfWeBSQ/ydnuMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN67NXF2N47P3EyUDSbc2QcGQ+1MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTTNyczFjWFkzanNfY1RKUU5KdHpaQndaRDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQCMA0G
CSqGSIb3DQEBCwUAA4IBAQDVGv0SUeOjDIMY3kLZ2y0eL3uzoIWgXZCPIiZwEnDr
B+D2FLdji14bZ85BkWIDEd6O2pzveyJWgouqW8m3/Pg6VNcZ3icYDZRS+ZXo9/IF
j4nad306fie35m33yJYxa/QohC5YXiIS/zkaBwz34tmIwkgGZSBqNBB20XzjMExt
IxM8isVJ9jAum+N13TlCNrCmH8JHNUnbsbk0/cw41OCVI6tthRnMAIUXh5hj4FSV
v3aN1R4BohhbN5RYlva4AMQ+fCLJodU67Rpxjg/k16MSx1URXKfstmQtpuoRzyLT
rsd17NABztmiyMP/u7+aXuCEt3WteCsKcpLBEbQJNY7n
-----END CERTIFICATE-----