Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/mwm5rC4rfoUfkUGj1keywZQhhGw.roa
File:                     mwm5rC4rfoUfkUGj1keywZQhhGw.roa (raw, json)
Hash identifier:          dDwtNYt9WubuetSqef0LQakniH0rgBVhQK32OI1f1fU=
Subject key identifier:   9B:09:B9:AC:2E:2B:7E:85:1F:91:41:A3:D6:47:B2:C1:94:21:84:6C
Certificate issuer:       /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial:       0194258EB13829616C7651DDD2C5D9B2BDC8
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/mwm5rC4rfoUfkUGj1keywZQhhGw.roa
Signing time:             Thu 02 Jan 2025 05:48:15 +0000
ROA not before:           Thu 02 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        158.46.196.0/22 maxlen: 22
                          178.171.0.0/20 maxlen: 20
                          178.171.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:b1:38:29:61:6c:76:51:dd:d2:c5:d9:b2:bd:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
        Validity
            Not Before: Jan  2 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b09b9ac2e2b7e851f9141a3d647b2c19421846c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2d:03:26:9a:84:8f:68:72:c7:19:a5:44:f8:
                    a7:49:63:d1:6d:fc:65:65:16:08:f3:68:a6:18:4e:
                    59:5c:93:e5:4d:f4:d9:b4:21:4e:37:4f:19:4f:a9:
                    cf:fb:ef:8c:10:9f:a4:43:ad:7b:c0:6a:12:9a:26:
                    76:c6:69:ac:5e:07:9a:82:39:f4:da:ee:89:8c:fc:
                    ae:3f:9d:a2:b7:e8:c5:f6:3f:05:2c:54:46:1d:f5:
                    51:5e:36:f9:b1:16:15:58:23:dd:c7:cc:9a:b5:6e:
                    a0:3b:02:1f:3e:65:f2:ca:f7:5e:fe:ce:97:f4:ff:
                    8d:21:1b:11:11:c7:54:f4:b2:3a:9d:63:85:2d:ac:
                    71:1c:21:2c:b3:64:a1:45:07:73:fc:b0:2d:ac:7b:
                    05:6f:26:2e:8d:3d:da:b5:61:b8:9e:41:f7:bb:ea:
                    e4:5f:f6:7a:66:1f:1e:79:06:d8:d8:07:67:e2:10:
                    3c:15:73:8c:e2:11:c9:5f:eb:72:64:b9:a6:bb:71:
                    fa:84:3c:81:fd:da:68:b4:03:6b:69:50:44:aa:ae:
                    34:88:bb:21:45:3e:a9:27:ae:a8:e4:f7:5c:8d:1e:
                    8d:df:3e:6d:df:8c:e7:b4:ba:1b:46:d9:f5:a3:0c:
                    ae:a2:0d:11:ee:4c:ab:26:c1:22:ae:e2:2c:73:fd:
                    b8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:09:B9:AC:2E:2B:7E:85:1F:91:41:A3:D6:47:B2:C1:94:21:84:6C
            X509v3 Authority Key Identifier:
                keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/mwm5rC4rfoUfkUGj1keywZQhhGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.46.196.0/22
                  178.171.0.0/20
                  178.171.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d7:e9:2e:2f:34:50:30:2f:4c:a1:87:d5:06:17:cc:dc:61:
         dd:2e:46:61:18:42:98:71:f5:1f:39:ad:10:e3:ff:5a:e7:30:
         67:70:80:93:6c:6f:d7:9f:42:bd:9d:33:b0:e1:8f:ca:44:af:
         c0:84:c9:5d:d8:b4:be:28:bd:55:02:01:1f:e1:6b:af:3c:ba:
         af:f2:71:b9:ce:57:76:14:be:73:e4:67:61:7d:42:89:89:65:
         43:7f:19:f8:f1:a1:b4:fb:53:50:dd:ed:b0:e7:ae:b2:81:eb:
         9b:f0:da:57:e1:f8:51:a0:c7:61:e1:1f:ec:d1:17:ec:2f:fe:
         e4:c4:58:db:b0:f2:eb:7d:02:9e:d2:d0:5a:d7:52:40:bb:f5:
         b7:aa:e3:68:9c:bb:a3:b8:56:ce:25:9e:a2:d2:31:84:e8:73:
         5e:f8:3a:9b:67:ce:7e:39:5a:98:bd:07:13:be:b0:c8:12:75:
         ab:7e:a7:77:49:9e:a7:e6:c4:81:33:41:b0:c0:43:1a:78:c2:
         8a:08:27:6c:6e:d6:64:2b:69:8f:ce:69:08:7b:6a:54:62:e8:
         f9:a0:83:d5:16:19:a3:e6:4d:f4:6c:af:4c:e7:8f:1b:50:2d:
         e8:05:a1:59:bb:8c:f0:67:90:dd:7d:e8:df:64:90:d9:b6:60:
         4e:d1:39:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQljrE4KWFsdlHd0sXZsr3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMTFjYjAxNWRmOWJhYWI2MTIyOGRiYmNlMTdkZDRlMDBl
NjNjMTMwHhcNMjUwMTAyMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjA5YjlhYzJlMmI3ZTg1MWY5MTQxYTNkNjQ3YjJjMTk0MjE4NDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC0DJpqEj2hyxxmlRPinSWPRbfxl
ZRYI82imGE5ZXJPlTfTZtCFON08ZT6nP+++MEJ+kQ617wGoSmiZ2xmmsXgeagjn0
2u6JjPyuP52it+jF9j8FLFRGHfVRXjb5sRYVWCPdx8yatW6gOwIfPmXyyvde/s6X
9P+NIRsREcdU9LI6nWOFLaxxHCEss2ShRQdz/LAtrHsFbyYujT3atWG4nkH3u+rk
X/Z6Zh8eeQbY2Adn4hA8FXOM4hHJX+tyZLmmu3H6hDyB/dpotANraVBEqq40iLsh
RT6pJ66o5PdcjR6N3z5t34zntLobRtn1owyuog0R7kyrJsEiruIsc/24pwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJsJuawuK36FH5FBo9ZHssGUIYRsMB8GA1UdIwQY
MBaAFI0RywFd+bqrYSKNu84X3U4A5jwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEt
YmE3NzFmZmQyNjljLzEvbXdtNXJDNHJmb1Vma1VHajFrZXl3WlFoaEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81ZDg5MTUtYzQ0OC00MGU3LThjYWEtYmE3NzFmZmQyNjlj
LzEvalJITEFWMzV1cXRoSW8yN3poZmRUZ0RtUEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCni7EAwQE
sqsAAwQAsqtoMA0GCSqGSIb3DQEBCwUAA4IBAQBV1+kuLzRQMC9MoYfVBhfM3GHd
LkZhGEKYcfUfOa0Q4/9a5zBncICTbG/Xn0K9nTOw4Y/KRK/AhMld2LS+KL1VAgEf
4WuvPLqv8nG5zld2FL5z5GdhfUKJiWVDfxn48aG0+1NQ3e2w566ygeub8NpX4fhR
oMdh4R/s0RfsL/7kxFjbsPLrfQKe0tBa11JAu/W3quNonLujuFbOJZ6i0jGE6HNe
+DqbZ85+OVqYvQcTvrDIEnWrfqd3SZ6n5sSBM0GwwEMaeMKKCCdsbtZkK2mPzmkI
e2pUYuj5oIPVFhmj5k30bK9M548bUC3oBaFZu4zwZ5DdfejfZJDZtmBO0TnJ
-----END CERTIFICATE-----