Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/M9F2wNFxZmzOcsrCwaGpd_Y061M.roa
File:                     M9F2wNFxZmzOcsrCwaGpd_Y061M.roa (raw, json)
Hash identifier:          U2kpDJFhj7zOdCY6iBsapELm5ZTO+PHt2eQS0Ny9ibo=
Subject key identifier:   33:D1:76:C0:D1:71:66:6C:CE:72:CA:C2:C1:A1:A9:77:F6:34:EB:53
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       018CC8DCDE65DFE1291CE11CDF7B71096B41
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/M9F2wNFxZmzOcsrCwaGpd_Y061M.roa
Signing time:             Tue 02 Jan 2024 06:29:27 +0000
ROA not before:           Tue 02 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206531
IP address blocks:        94.188.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:de:65:df:e1:29:1c:e1:1c:df:7b:71:09:6b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Jan  2 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33d176c0d171666cce72cac2c1a1a977f634eb53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:13:f5:b9:58:f1:02:5e:2a:05:39:36:5c:9a:
                    24:c7:5a:3f:be:57:06:99:28:48:aa:55:8b:18:ca:
                    bc:f5:df:4b:77:9d:aa:02:e2:19:2e:80:9e:29:1a:
                    17:b7:df:c2:02:1d:33:3f:1f:22:c3:36:24:17:80:
                    ae:25:b5:03:f7:af:54:c2:d6:1a:1b:46:ad:36:ef:
                    79:9c:44:d2:b2:a5:4d:85:d5:cb:5f:7f:29:e1:3d:
                    f5:ad:73:62:c4:26:cd:c2:16:65:a9:d3:3d:c6:10:
                    24:67:6a:9f:67:f3:8e:b0:b9:9f:b4:39:d5:0d:f0:
                    39:38:a3:fa:c4:d2:ed:52:41:fc:c3:0f:de:bb:82:
                    7c:dc:14:b8:ef:ea:35:0a:46:bf:5b:72:75:83:fa:
                    40:ca:f9:f2:ce:ca:31:ce:cc:b2:4d:31:1c:44:90:
                    b4:43:c1:88:19:1b:1b:67:0f:45:04:1a:94:45:fa:
                    22:7f:c2:93:d0:54:6e:11:bb:cc:7c:46:00:15:f3:
                    18:23:b7:c1:fd:2d:36:1c:a4:ca:a9:21:dc:2e:91:
                    35:52:3a:f8:8e:ce:de:5c:cb:e2:ee:67:a1:bb:ed:
                    5b:97:d7:d0:07:a7:00:d4:4a:97:8c:6c:6a:0e:52:
                    e1:c4:78:f1:6e:5e:94:aa:bd:2a:63:39:d5:6a:a2:
                    1e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D1:76:C0:D1:71:66:6C:CE:72:CA:C2:C1:A1:A9:77:F6:34:EB:53
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/M9F2wNFxZmzOcsrCwaGpd_Y061M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:0f:1d:5e:e9:d0:b6:60:e5:31:ec:e6:df:7c:ad:21:1a:21:
         30:03:de:62:b4:25:ff:9e:8a:c7:fc:9c:79:ec:f8:e5:7f:fe:
         4f:2c:cb:25:1e:24:04:55:cf:1f:06:4b:bf:51:a6:52:1c:04:
         06:1a:bb:0d:1b:02:9e:25:8a:3a:4e:83:41:0f:86:46:26:ff:
         70:d4:1d:a3:bf:be:81:47:d0:1f:e1:cf:41:43:9a:c2:b7:d6:
         be:10:b5:a1:9f:7b:48:8f:7d:0b:e9:43:46:1b:65:3a:69:98:
         45:62:d8:e0:f7:ed:9f:73:6a:fc:2d:aa:60:f9:6a:22:31:b4:
         33:48:de:74:49:e9:25:1c:65:cb:9d:5b:7f:1d:de:b5:12:27:
         5e:27:90:01:4a:f8:24:71:3f:19:ac:34:6a:21:b5:6a:6f:df:
         dd:0c:41:71:b3:63:6c:17:ea:6e:08:de:1a:54:f8:14:61:55:
         ef:2e:df:63:74:cb:4b:01:84:3a:56:86:4d:16:21:88:e1:6d:
         69:49:19:64:b8:12:01:c9:10:94:80:c1:35:1f:08:0c:b6:fd:
         72:68:e6:b7:be:64:8e:2f:c1:1e:c7:01:73:3d:61:14:64:b9:
         26:ba:35:b6:92:08:c6:93:53:d5:91:40:67:b9:32:4a:bd:66:
         5d:e4:8d:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3N5l3+EpHOEc33txCWtBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjQwMTAyMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2QxNzZjMGQxNzE2NjZjY2U3MmNhYzJjMWExYTk3N2Y2MzRlYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxP1uVjxAl4qBTk2XJokx1o/vlcG
mShIqlWLGMq89d9Ld52qAuIZLoCeKRoXt9/CAh0zPx8iwzYkF4CuJbUD969UwtYa
G0atNu95nETSsqVNhdXLX38p4T31rXNixCbNwhZlqdM9xhAkZ2qfZ/OOsLmftDnV
DfA5OKP6xNLtUkH8ww/eu4J83BS47+o1Cka/W3J1g/pAyvnyzsoxzsyyTTEcRJC0
Q8GIGRsbZw9FBBqURfoif8KT0FRuEbvMfEYAFfMYI7fB/S02HKTKqSHcLpE1Ujr4
js7eXMvi7mehu+1bl9fQB6cA1EqXjGxqDlLhxHjxbl6Uqr0qYznVaqIefwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPRdsDRcWZsznLKwsGhqXf2NOtTMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvTTlGMndORnhabXpPY3NyQ3dhR3BkX1kwNjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrzEMA0G
CSqGSIb3DQEBCwUAA4IBAQBKDx1e6dC2YOUx7ObffK0hGiEwA95itCX/norH/Jx5
7Pjlf/5PLMslHiQEVc8fBku/UaZSHAQGGrsNGwKeJYo6ToNBD4ZGJv9w1B2jv76B
R9Af4c9BQ5rCt9a+ELWhn3tIj30L6UNGG2U6aZhFYtjg9+2fc2r8Lapg+WoiMbQz
SN50SeklHGXLnVt/Hd61EideJ5ABSvgkcT8ZrDRqIbVqb9/dDEFxs2NsF+puCN4a
VPgUYVXvLt9jdMtLAYQ6VoZNFiGI4W1pSRlkuBIByRCUgME1HwgMtv1yaOa3vmSO
L8EexwFzPWEUZLkmujW2kgjGk1PVkUBnuTJKvWZd5I3Z
-----END CERTIFICATE-----