Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/_mPm3Fc6l3cylU9qT3ux9fBuAiE.roa
File:                     _mPm3Fc6l3cylU9qT3ux9fBuAiE.roa (raw, json)
Hash identifier:          XP4ay70i7Dbkkl4a/st6NaIzjgUzFuT98lLKAOq5Qmg=
Subject key identifier:   FE:63:E6:DC:57:3A:97:77:32:95:4F:6A:4F:7B:B1:F5:F0:6E:02:21
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       0191C17DF3C9DA21DBE87FDAF8C42B233961
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/_mPm3Fc6l3cylU9qT3ux9fBuAiE.roa
Signing time:             Thu 05 Sep 2024 09:22:22 +0000
ROA not before:           Thu 05 Sep 2024 09:22:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216064
IP address blocks:        213.238.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c1:7d:f3:c9:da:21:db:e8:7f:da:f8:c4:2b:23:39:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Sep  5 09:22:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe63e6dc573a977732954f6a4f7bb1f5f06e0221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:aa:cb:a1:3b:cb:96:4a:03:5b:17:7a:d0:8f:
                    7c:a1:e4:ef:ca:a1:61:0c:74:a5:f0:00:a7:9d:da:
                    4d:8b:3d:66:56:b7:15:8d:4a:10:34:9b:44:35:aa:
                    5f:c7:98:7c:72:d7:d4:eb:22:62:9f:51:f1:2b:a2:
                    f2:59:01:f3:73:da:37:7f:3c:f3:9d:44:e9:e7:ca:
                    ef:b3:ef:fa:d6:9e:a0:1e:d6:94:d4:b3:72:59:9a:
                    88:81:fa:d5:19:5e:35:b8:db:25:20:5e:c4:52:60:
                    95:9b:40:d0:de:04:d9:0e:91:d7:0a:a8:3a:f9:95:
                    42:fd:dc:b0:32:34:ca:28:8e:fc:97:29:20:10:e5:
                    7d:2c:c7:56:68:67:4c:e7:10:ab:5a:63:00:a9:cc:
                    11:85:b4:72:a3:d5:50:e3:44:ee:07:8c:34:1c:6f:
                    dd:a0:f4:27:6d:08:04:ae:60:63:aa:88:8d:2f:70:
                    66:40:06:ce:e8:f4:66:4e:d6:c7:b7:9b:6a:80:2c:
                    10:0b:2b:d1:34:2f:d8:2f:a0:42:d8:86:d0:ce:67:
                    f2:25:d2:a0:0d:bf:1e:ea:8e:88:87:7e:ec:f0:88:
                    78:6e:cb:d9:1b:58:e5:ae:03:4a:72:1e:d3:5e:48:
                    fa:91:d0:0c:10:77:3d:ba:e4:b8:33:f7:b3:34:d7:
                    6a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:63:E6:DC:57:3A:97:77:32:95:4F:6A:4F:7B:B1:F5:F0:6E:02:21
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/_mPm3Fc6l3cylU9qT3ux9fBuAiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:bf:07:dc:f1:3f:0c:f4:76:87:fb:0c:7f:f2:fd:08:2b:87:
         d5:0f:d6:1c:91:26:c5:be:cd:ac:7e:d5:e1:82:39:4f:c9:7d:
         56:90:4e:74:02:d3:0c:28:7c:69:45:f3:9d:bd:1b:1f:b5:54:
         4a:a8:1f:d2:7b:1a:af:43:40:b5:31:a3:fb:1e:6e:c1:d8:6f:
         1b:a1:59:1c:35:3a:ae:92:de:f8:87:34:ce:69:4d:3e:93:28:
         f5:5b:4e:88:b2:e5:03:fe:c4:37:6f:a3:33:6a:d6:3a:7b:cf:
         e8:67:54:23:ac:f1:18:71:48:75:83:36:ad:1f:09:99:de:dc:
         96:10:2a:44:c0:e1:18:f1:aa:b1:08:79:57:89:ab:e5:40:b2:
         65:4a:d4:d2:d3:1c:aa:ef:5b:be:bd:57:5e:d2:e6:c1:61:7f:
         ed:31:c9:8c:b0:27:7e:b8:55:99:bb:9a:b9:a8:bd:06:4c:9f:
         1a:a9:16:f3:fb:85:fd:d2:78:c0:61:79:16:76:da:ef:4c:aa:
         bd:88:1e:f3:24:aa:0e:bd:26:c6:ce:79:39:d8:58:df:7b:7b:
         1f:f6:e1:e5:c9:47:48:27:13:5c:22:eb:df:63:fc:23:0e:97:
         8b:e7:75:df:79:7f:a8:d1:d0:96:a2:b1:2e:ab:30:87:d4:81:
         f7:00:31:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHBffPJ2iHb6H/a+MQrIzlhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwOTA1MDkyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTYzZTZkYzU3M2E5Nzc3MzI5NTRmNmE0ZjdiYjFmNWYwNmUwMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKrLoTvLlkoDWxd60I98oeTvyqFh
DHSl8ACnndpNiz1mVrcVjUoQNJtENapfx5h8ctfU6yJin1HxK6LyWQHzc9o3fzzz
nUTp58rvs+/61p6gHtaU1LNyWZqIgfrVGV41uNslIF7EUmCVm0DQ3gTZDpHXCqg6
+ZVC/dywMjTKKI78lykgEOV9LMdWaGdM5xCrWmMAqcwRhbRyo9VQ40TuB4w0HG/d
oPQnbQgErmBjqoiNL3BmQAbO6PRmTtbHt5tqgCwQCyvRNC/YL6BC2IbQzmfyJdKg
Db8e6o6Ih37s8Ih4bsvZG1jlrgNKch7TXkj6kdAMEHc9uuS4M/ezNNdqvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5j5txXOpd3MpVPak97sfXwbgIhMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvX21QbTNGYzZsM2N5bFU5cVQzdXg5ZkJ1QWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6vMA0G
CSqGSIb3DQEBCwUAA4IBAQBZvwfc8T8M9HaH+wx/8v0IK4fVD9YckSbFvs2sftXh
gjlPyX1WkE50AtMMKHxpRfOdvRsftVRKqB/SexqvQ0C1MaP7Hm7B2G8boVkcNTqu
kt74hzTOaU0+kyj1W06IsuUD/sQ3b6MzatY6e8/oZ1QjrPEYcUh1gzatHwmZ3tyW
ECpEwOEY8aqxCHlXiavlQLJlStTS0xyq71u+vVde0ubBYX/tMcmMsCd+uFWZu5q5
qL0GTJ8aqRbz+4X90njAYXkWdtrvTKq9iB7zJKoOvSbGznk52Fjfe3sf9uHlyUdI
JxNcIuvfY/wjDpeL53XfeX+o0dCWorEuqzCH1IH3ADFj
-----END CERTIFICATE-----