Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/M6nSAxcosVJJCn-rRDM0oYgrrUw.roa
File:                     M6nSAxcosVJJCn-rRDM0oYgrrUw.roa (raw, json)
Hash identifier:          D/awEMh9IOrqBt9rWPDus2VprmLG2mc3x5fRya41ctY=
Subject key identifier:   33:A9:D2:03:17:28:B1:52:49:0A:7F:AB:44:33:34:A1:88:2B:AD:4C
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       019305BBEB6B58588CF4FBF3A96358258CBA
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/M6nSAxcosVJJCn-rRDM0oYgrrUw.roa
Signing time:             Thu 07 Nov 2024 08:27:01 +0000
ROA not before:           Thu 07 Nov 2024 08:27:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13646
IP address blocks:        185.101.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:bb:eb:6b:58:58:8c:f4:fb:f3:a9:63:58:25:8c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Nov  7 08:27:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a9d2031728b152490a7fab443334a1882bad4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7f:cd:0f:ab:84:96:fc:6c:42:4c:8c:24:e0:
                    46:fa:50:f7:f3:c2:8d:88:d6:d0:e7:ec:79:ea:73:
                    23:20:e0:61:84:b2:d4:c6:fe:96:44:bc:da:b3:e1:
                    af:ef:f4:5d:7f:9d:25:20:3b:f8:f3:0d:a2:20:a1:
                    d7:76:22:4c:01:67:49:af:54:ce:93:9c:3d:1d:79:
                    04:b5:e2:8d:cd:39:11:74:83:82:9a:35:00:db:00:
                    72:68:09:36:08:02:4c:1c:f1:d8:d8:9f:b9:38:0d:
                    cc:07:43:d3:cb:e7:46:3a:c6:84:53:f5:1b:02:77:
                    c8:f4:64:c3:ba:ab:e4:00:ad:45:49:e7:52:cb:20:
                    aa:b2:f2:06:3b:3f:61:04:f8:07:b1:b2:17:26:95:
                    b5:7d:01:b7:e8:ab:9f:bd:51:42:35:89:31:ca:34:
                    d0:2e:c3:dc:3c:d8:b4:3a:6f:f9:52:3b:5d:42:66:
                    1a:f8:57:a5:97:6e:b1:2c:e9:d3:a6:24:af:f7:05:
                    0a:48:1c:f5:62:8d:37:70:69:18:f5:92:c9:a1:d9:
                    02:d9:0b:84:d1:4e:df:6c:7a:d8:9a:a3:92:a0:92:
                    de:15:72:0a:10:b3:1c:13:84:a6:56:56:7e:4f:4e:
                    16:21:9a:58:17:ca:27:41:92:79:6a:a3:22:47:ae:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A9:D2:03:17:28:B1:52:49:0A:7F:AB:44:33:34:A1:88:2B:AD:4C
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/M6nSAxcosVJJCn-rRDM0oYgrrUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:29:17:4c:4d:22:7f:3d:aa:5a:78:20:2b:43:48:cd:4b:9f:
         26:6e:8c:0d:df:3a:b4:7e:26:1a:cf:03:52:a8:cc:20:ff:9e:
         13:60:af:42:c7:4c:d3:c0:dc:28:cf:cf:7e:96:10:1e:45:87:
         62:8d:7e:65:a6:b0:14:1e:9c:33:3b:ad:b1:4f:fd:5f:f8:a6:
         8f:8e:3f:70:f6:1f:d3:ec:a7:2a:58:7c:73:57:4d:21:f5:26:
         34:db:88:60:e7:93:c1:d1:08:87:cb:08:d3:a4:de:60:1c:26:
         74:4c:32:06:07:0e:22:02:3c:ba:d5:a7:b5:8c:e8:6a:90:1b:
         14:2a:ad:c3:6d:4d:fa:e9:7a:6a:4b:42:79:4d:7d:1b:a6:fb:
         4b:b5:3b:97:5d:c6:e2:55:50:dc:e8:09:a6:1c:2c:06:f2:36:
         98:20:3a:b6:dc:b6:de:a9:14:bc:f2:91:ce:ef:47:34:70:e4:
         61:2c:2a:08:09:42:cb:af:f8:3e:9a:6b:2e:54:e4:3a:75:b7:
         d1:fc:ad:c0:34:93:db:04:07:a8:7d:07:cf:ad:11:9f:d8:42:
         54:3b:7a:78:ed:60:48:16:3d:58:22:96:d9:ae:a4:ee:76:6b:
         f8:cf:62:ad:7b:3a:35:b8:68:30:4a:a9:ea:fb:18:33:87:db:
         05:7e:13:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFu+trWFiM9PvzqWNYJYy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjQxMTA3MDgyNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2E5ZDIwMzE3MjhiMTUyNDkwYTdmYWI0NDMzMzRhMTg4MmJhZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH/ND6uElvxsQkyMJOBG+lD388KN
iNbQ5+x56nMjIOBhhLLUxv6WRLzas+Gv7/Rdf50lIDv48w2iIKHXdiJMAWdJr1TO
k5w9HXkEteKNzTkRdIOCmjUA2wByaAk2CAJMHPHY2J+5OA3MB0PTy+dGOsaEU/Ub
AnfI9GTDuqvkAK1FSedSyyCqsvIGOz9hBPgHsbIXJpW1fQG36KufvVFCNYkxyjTQ
LsPcPNi0Om/5UjtdQmYa+Fell26xLOnTpiSv9wUKSBz1Yo03cGkY9ZLJodkC2QuE
0U7fbHrYmqOSoJLeFXIKELMcE4SmVlZ+T04WIZpYF8onQZJ5aqMiR67gzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOp0gMXKLFSSQp/q0QzNKGIK61MMB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvTTZuU0F4Y29zVkpKQ24tclJETTBvWWdyclV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWWoMA0G
CSqGSIb3DQEBCwUAA4IBAQBnKRdMTSJ/PapaeCArQ0jNS58mbowN3zq0fiYazwNS
qMwg/54TYK9Cx0zTwNwoz89+lhAeRYdijX5lprAUHpwzO62xT/1f+KaPjj9w9h/T
7KcqWHxzV00h9SY024hg55PB0QiHywjTpN5gHCZ0TDIGBw4iAjy61ae1jOhqkBsU
Kq3DbU366XpqS0J5TX0bpvtLtTuXXcbiVVDc6AmmHCwG8jaYIDq23LbeqRS88pHO
70c0cORhLCoICULLr/g+mmsuVOQ6dbfR/K3ANJPbBAeofQfPrRGf2EJUO3p47WBI
Fj1YIpbZrqTudmv4z2Ktezo1uGgwSqnq+xgzh9sFfhPw
-----END CERTIFICATE-----