Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/m-w-pPX-GIsFJGbFqTvk5xT9ShI.roa
File:                     m-w-pPX-GIsFJGbFqTvk5xT9ShI.roa (raw, json)
Hash identifier:          jmwgZACI5VikW6OLBks2wyMBOSwl5hT2QqdEebOMYEU=
Subject key identifier:   9B:EC:3E:A4:F5:FE:18:8B:05:24:66:C5:A9:3B:E4:E7:14:FD:4A:12
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019423D7096F4E5919EF8A280DC70748D966
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/m-w-pPX-GIsFJGbFqTvk5xT9ShI.roa
Signing time:             Wed 01 Jan 2025 21:48:02 +0000
ROA not before:           Wed 01 Jan 2025 21:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60721
IP address blocks:        213.238.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:09:6f:4e:59:19:ef:8a:28:0d:c7:07:48:d9:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 21:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bec3ea4f5fe188b052466c5a93be4e714fd4a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:62:15:aa:eb:d5:d8:04:15:b3:ca:99:37:fc:
                    9f:3d:b7:00:b5:8d:04:b8:48:22:a5:e0:ac:28:ee:
                    df:ce:18:b7:b8:d2:ee:98:d8:14:95:4d:9a:35:f3:
                    e4:4d:04:0d:c5:a9:e3:a2:e5:8f:34:fe:71:fa:0f:
                    c4:6c:d4:e6:56:ec:d5:da:36:0f:17:e9:22:94:93:
                    14:64:37:43:27:08:69:85:fa:ee:ae:bc:c8:6d:01:
                    80:d8:7d:8d:60:4c:be:8c:3f:03:f6:07:b3:d6:fc:
                    c4:2c:9e:29:3e:61:34:91:4d:76:13:b2:c8:f5:dc:
                    4d:73:61:a1:53:63:fb:dd:18:74:e9:e3:52:6a:62:
                    e5:d7:83:bf:5a:69:0f:3e:bd:8d:fb:7f:89:6a:1c:
                    0c:05:16:6e:3f:47:06:c0:10:71:34:8c:bb:8c:29:
                    ae:9f:87:c6:a2:df:91:fe:31:d0:18:65:a8:bc:82:
                    0e:89:20:4f:5b:bf:5b:ff:a5:75:e3:0f:d7:0e:ca:
                    a0:29:80:f1:d2:c9:09:6c:38:0c:90:ca:bb:a8:5b:
                    74:b8:2d:2e:6a:e8:62:78:a8:c3:e3:50:f5:fb:8e:
                    83:28:0e:80:27:8f:0d:a6:f3:37:ea:27:5e:b1:3e:
                    7b:7d:72:19:56:43:61:9a:85:f0:60:4b:dc:d3:cf:
                    2e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:EC:3E:A4:F5:FE:18:8B:05:24:66:C5:A9:3B:E4:E7:14:FD:4A:12
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/m-w-pPX-GIsFJGbFqTvk5xT9ShI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:37:a5:62:ee:46:18:eb:d1:33:b0:77:4f:98:64:d5:85:58:
         ca:76:3e:19:87:29:fe:0a:7b:d4:64:82:e0:45:9e:4e:bc:dc:
         c8:86:a1:60:60:21:20:00:fb:6e:ca:c8:9e:d4:c8:2a:b4:69:
         72:48:8f:d1:09:33:90:51:6d:91:0e:da:05:ee:9b:a3:04:6e:
         ee:70:19:4a:ef:4a:96:65:6c:8e:1a:39:7c:9a:ef:b9:73:f4:
         59:c4:bf:1e:46:30:c6:62:b1:64:e1:4a:ba:57:ae:b5:3b:c1:
         be:bc:28:b2:38:12:81:9a:ea:2d:d2:89:2d:7c:10:fd:95:2d:
         d2:4b:cf:95:8e:4b:cc:c1:59:44:f8:6e:3d:82:1c:48:93:43:
         7f:2c:ff:8c:b9:47:3d:7e:be:f5:e2:b8:5a:f8:53:13:50:b2:
         ba:fc:02:f2:22:c0:20:25:b8:fc:48:66:65:c0:50:0f:6d:8a:
         02:11:94:c1:70:a3:46:6b:0c:e7:09:46:d4:f4:cc:82:6c:f2:
         19:0c:1d:8a:92:d2:17:ff:dd:33:be:46:8e:17:69:e3:9c:df:
         23:50:5d:27:bd:e1:5d:53:ad:17:6c:f2:4d:2e:11:98:9d:71:
         ff:39:5a:54:e6:c9:e9:d2:af:38:44:db:a8:e2:6a:8f:e0:f3:
         be:ff:48:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1wlvTlkZ74ooDccHSNlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmVjM2VhNGY1ZmUxODhiMDUyNDY2YzVhOTNiZTRlNzE0ZmQ0YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWIVquvV2AQVs8qZN/yfPbcAtY0E
uEgipeCsKO7fzhi3uNLumNgUlU2aNfPkTQQNxanjouWPNP5x+g/EbNTmVuzV2jYP
F+kilJMUZDdDJwhphfrurrzIbQGA2H2NYEy+jD8D9gez1vzELJ4pPmE0kU12E7LI
9dxNc2GhU2P73Rh06eNSamLl14O/WmkPPr2N+3+JahwMBRZuP0cGwBBxNIy7jCmu
n4fGot+R/jHQGGWovIIOiSBPW79b/6V14w/XDsqgKYDx0skJbDgMkMq7qFt0uC0u
auhieKjD41D1+46DKA6AJ48NpvM36idesT57fXIZVkNhmoXwYEvc088u3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvsPqT1/hiLBSRmxak75OcU/UoSMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvbS13LXBQWC1HSXNGSkdiRnFUdms1eFQ5U2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6mMA0G
CSqGSIb3DQEBCwUAA4IBAQCvN6Vi7kYY69EzsHdPmGTVhVjKdj4Zhyn+CnvUZILg
RZ5OvNzIhqFgYCEgAPtuysie1MgqtGlySI/RCTOQUW2RDtoF7pujBG7ucBlK70qW
ZWyOGjl8mu+5c/RZxL8eRjDGYrFk4Uq6V661O8G+vCiyOBKBmuot0oktfBD9lS3S
S8+VjkvMwVlE+G49ghxIk0N/LP+MuUc9fr714rha+FMTULK6/ALyIsAgJbj8SGZl
wFAPbYoCEZTBcKNGawznCUbU9MyCbPIZDB2KktIX/90zvkaOF2njnN8jUF0nveFd
U60XbPJNLhGYnXH/OVpU5snp0q84RNuo4mqP4PO+/0h6
-----END CERTIFICATE-----