Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/M4xswqYInqa18AUnqbhPw4ZZRME.roa
File:                     M4xswqYInqa18AUnqbhPw4ZZRME.roa (raw, json)
Hash identifier:          Q2vciUDyoe4xGdCSiT/GGUW4eBk5XKUKN0AU4QommWA=
Subject key identifier:   33:8C:6C:C2:A6:08:9E:A6:B5:F0:05:27:A9:B8:4F:C3:86:59:44:C1
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01942747F659A6D430B869D05211D0E7ACC0
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/M4xswqYInqa18AUnqbhPw4ZZRME.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215071
IP address blocks:        86.110.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f6:59:a6:d4:30:b8:69:d0:52:11:d0:e7:ac:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=338c6cc2a6089ea6b5f00527a9b84fc3865944c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0a:5f:d6:be:79:8b:27:e5:8f:84:ce:a3:69:
                    11:71:e4:32:f1:8a:63:d9:ab:24:8c:b1:4a:79:03:
                    3e:a4:ff:3a:cf:e1:9c:0d:8e:76:08:4e:e0:35:9d:
                    a8:3d:9e:1e:8f:2c:90:e0:a5:53:17:d0:2a:2f:a2:
                    2e:30:66:a0:ba:bb:04:94:05:54:df:09:17:07:10:
                    2c:71:ac:10:f4:af:8f:bb:7c:b2:c6:4f:5a:cf:a5:
                    45:20:51:14:73:36:78:48:90:62:0a:57:7a:c7:eb:
                    1f:3b:64:85:42:7d:70:4a:9b:18:35:58:ba:95:91:
                    35:b3:1a:ce:43:69:02:00:cf:b4:a0:bd:1e:20:3e:
                    ed:0e:9b:fa:ed:d5:07:ba:7c:3a:7a:7d:da:af:96:
                    b1:10:a8:88:c9:0b:93:c4:58:55:c4:fd:e2:d9:7c:
                    86:11:50:c3:00:b7:48:dd:a9:95:17:a9:e2:b2:08:
                    ae:63:ce:02:1e:bc:15:11:ff:3f:65:9d:97:53:54:
                    dd:e2:16:8e:bc:5c:9a:0d:0a:2e:2b:4a:cd:cc:9d:
                    63:b3:0e:5e:2d:1a:11:a1:c4:a9:8b:a6:b6:f9:08:
                    31:72:8c:26:ac:f1:a6:1a:3d:a0:f3:71:2f:60:38:
                    1c:0e:a0:04:b4:f1:cd:5e:7f:0f:20:b0:e1:74:b1:
                    81:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8C:6C:C2:A6:08:9E:A6:B5:F0:05:27:A9:B8:4F:C3:86:59:44:C1
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/M4xswqYInqa18AUnqbhPw4ZZRME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:5c:b2:9b:58:12:e8:3f:bd:98:37:65:00:f0:33:ba:b6:52:
         e7:e2:ca:38:37:22:a7:e2:88:74:76:88:40:7a:03:ac:1a:51:
         8d:e9:f0:ea:10:7f:98:04:12:a0:5e:f9:7a:ec:d5:02:15:37:
         c6:3e:ce:7d:11:1a:6e:17:b9:dc:eb:a8:f7:82:2a:fb:aa:cd:
         46:7e:41:5e:18:ef:1c:55:ee:19:06:a3:8a:75:fb:10:6d:05:
         74:c1:5f:a1:c3:a6:74:95:a6:6e:0f:85:a3:27:28:32:09:7e:
         94:8b:1a:0c:ea:ea:7d:be:72:91:61:01:ed:8d:41:cc:46:25:
         f0:91:b1:ef:aa:8e:1b:fa:ca:a1:6f:4e:78:06:15:00:db:27:
         ce:ee:fe:78:77:e0:43:f2:ce:c2:53:2c:c3:7c:fa:9c:71:c4:
         8b:9a:95:ba:a0:86:08:69:c1:41:10:c7:70:b6:8e:a2:54:70:
         c0:37:af:23:c1:d3:d8:6b:4e:35:f8:9c:5f:fa:c3:ff:68:71:
         3a:6f:4e:0d:7c:d7:23:41:65:9a:6d:68:dd:9c:8c:02:b0:f7:
         93:c9:2c:a9:61:c3:01:91:66:99:27:ee:33:0a:e8:41:22:76:
         8f:ee:0b:7a:8e:9c:2d:42:29:56:8c:88:29:b4:64:34:3f:a2:
         07:e7:9b:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/ZZptQwuGnQUhHQ56zAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhjNmNjMmE2MDg5ZWE2YjVmMDA1MjdhOWI4NGZjMzg2NTk0NGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngpf1r55iyflj4TOo2kRceQy8Ypj
2askjLFKeQM+pP86z+GcDY52CE7gNZ2oPZ4ejyyQ4KVTF9AqL6IuMGagursElAVU
3wkXBxAscawQ9K+Pu3yyxk9az6VFIFEUczZ4SJBiCld6x+sfO2SFQn1wSpsYNVi6
lZE1sxrOQ2kCAM+0oL0eID7tDpv67dUHunw6en3ar5axEKiIyQuTxFhVxP3i2XyG
EVDDALdI3amVF6nisgiuY84CHrwVEf8/ZZ2XU1Td4haOvFyaDQouK0rNzJ1jsw5e
LRoRocSpi6a2+QgxcowmrPGmGj2g83EvYDgcDqAEtPHNXn8PILDhdLGBKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOMbMKmCJ6mtfAFJ6m4T8OGWUTBMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvTTR4c3dxWUlucWExOEFVbnFiaFB3NFpaUk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm48MA0G
CSqGSIb3DQEBCwUAA4IBAQAVXLKbWBLoP72YN2UA8DO6tlLn4so4NyKn4oh0dohA
egOsGlGN6fDqEH+YBBKgXvl67NUCFTfGPs59ERpuF7nc66j3gir7qs1GfkFeGO8c
Ve4ZBqOKdfsQbQV0wV+hw6Z0laZuD4WjJygyCX6UixoM6up9vnKRYQHtjUHMRiXw
kbHvqo4b+sqhb054BhUA2yfO7v54d+BD8s7CUyzDfPqcccSLmpW6oIYIacFBEMdw
to6iVHDAN68jwdPYa041+Jxf+sP/aHE6b04NfNcjQWWabWjdnIwCsPeTySypYcMB
kWaZJ+4zCuhBInaP7gt6jpwtQilWjIgptGQ0P6IH55t2
-----END CERTIFICATE-----