Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/913752-b8dc-4dff-8667-747b0e57ab5e/1/cM1fXMYwzWi_79ETQL1KNWR2bIc.roa
File:                     cM1fXMYwzWi_79ETQL1KNWR2bIc.roa (raw, json)
Hash identifier:          X+LyDq6YTfKhp9IR2dh7v+pWIUpboc2CYPpEr+4w4ek=
Subject key identifier:   70:CD:5F:5C:C6:30:CD:68:BF:EF:D1:13:40:BD:4A:35:64:76:6C:87
Certificate issuer:       /CN=424fd1a3a0258dcca67fc9dddbf4e36157e6a716
Certificate serial:       018CC794D063F0A927E98DA1F0EC22B46C10
Authority key identifier: 42:4F:D1:A3:A0:25:8D:CC:A6:7F:C9:DD:DB:F4:E3:61:57:E6:A7:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_Ro6Aljcymf8nd2_TjYVfmpxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/913752-b8dc-4dff-8667-747b0e57ab5e/1/cM1fXMYwzWi_79ETQL1KNWR2bIc.roa
Signing time:             Tue 02 Jan 2024 00:31:07 +0000
ROA not before:           Tue 02 Jan 2024 00:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41289
IP address blocks:        141.38.0.0/16 maxlen: 16
                          141.38.12.0/24 maxlen: 24
                          2001:67c:1364::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/913752-b8dc-4dff-8667-747b0e57ab5e/1/Qk_Ro6Aljcymf8nd2_TjYVfmpxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/913752-b8dc-4dff-8667-747b0e57ab5e/1/Qk_Ro6Aljcymf8nd2_TjYVfmpxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_Ro6Aljcymf8nd2_TjYVfmpxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d0:63:f0:a9:27:e9:8d:a1:f0:ec:22:b4:6c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424fd1a3a0258dcca67fc9dddbf4e36157e6a716
        Validity
            Not Before: Jan  2 00:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70cd5f5cc630cd68bfefd11340bd4a3564766c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9d:18:2a:01:12:0c:9e:9e:68:58:65:ef:ed:
                    52:4a:ff:aa:5f:71:1e:46:93:eb:fc:0c:bf:11:08:
                    e7:3a:02:29:d2:de:94:aa:3d:7b:f4:59:24:ce:45:
                    82:5f:7b:87:54:5d:df:13:03:46:bc:f6:7f:8c:ce:
                    50:56:57:57:02:04:69:5e:b1:2b:09:c1:d9:35:79:
                    ba:d8:41:b6:0e:6f:62:f9:05:d1:1c:8a:be:7e:b5:
                    f6:ef:f7:41:57:c0:7d:b7:59:ae:aa:6f:4d:9c:84:
                    31:11:73:d4:4a:a8:70:5d:f8:21:d7:79:6d:71:78:
                    d4:f4:7b:d0:90:17:41:73:d4:d0:be:48:9e:48:af:
                    1b:c5:20:c1:ed:43:1e:78:a1:c4:e0:9e:bb:9e:5e:
                    cf:8d:c8:0a:92:1b:14:40:8e:37:62:cd:da:60:5f:
                    80:ba:4b:c1:80:5e:5a:c0:18:bd:e0:07:06:92:ae:
                    e6:b4:d3:f1:3f:8d:0c:5c:3f:04:e6:3c:5a:4c:b1:
                    57:92:01:18:da:ca:3a:0c:26:aa:27:8f:60:12:4c:
                    ad:be:70:dc:9c:c2:71:43:08:29:77:71:ab:29:e0:
                    42:36:ff:9f:8d:c6:5b:d1:31:5e:a1:1e:bd:f3:1f:
                    09:5d:38:f6:c6:02:46:e9:2a:51:ef:aa:e4:a7:8c:
                    25:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:CD:5F:5C:C6:30:CD:68:BF:EF:D1:13:40:BD:4A:35:64:76:6C:87
            X509v3 Authority Key Identifier:
                keyid:42:4F:D1:A3:A0:25:8D:CC:A6:7F:C9:DD:DB:F4:E3:61:57:E6:A7:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_Ro6Aljcymf8nd2_TjYVfmpxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/913752-b8dc-4dff-8667-747b0e57ab5e/1/cM1fXMYwzWi_79ETQL1KNWR2bIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/913752-b8dc-4dff-8667-747b0e57ab5e/1/Qk_Ro6Aljcymf8nd2_TjYVfmpxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.38.0.0/16
                IPv6:
                  2001:67c:1364::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:32:2b:7e:be:44:08:08:a0:27:76:80:bf:ca:0d:9e:21:ff:
         2b:47:c7:f5:35:8f:b6:c4:1e:b4:ef:b8:44:d9:75:68:12:46:
         4b:41:eb:c6:a3:09:46:01:a2:68:54:f9:3c:d8:1e:78:b6:a2:
         9a:b4:c4:a4:cb:27:4f:3c:cc:a7:ed:5f:a5:d4:cc:f0:8f:f3:
         44:7c:a4:32:76:10:9b:3a:a5:09:a7:7c:72:f9:3a:d8:b4:d3:
         7b:58:fe:1d:43:03:29:6b:c0:e6:d8:62:dc:fc:b5:cf:8f:18:
         da:a2:7b:77:85:cb:1f:08:2e:07:5b:d8:4e:ae:dc:6b:41:68:
         25:e1:f3:49:60:08:77:eb:23:77:97:42:da:da:70:8e:20:e1:
         46:85:37:83:96:a3:69:ae:e4:2e:f0:ce:4c:c1:1c:75:98:a2:
         01:91:90:64:8c:22:80:8b:7d:0b:0e:ba:a9:9c:c1:e8:22:a9:
         ef:af:ac:00:1d:1f:a6:02:fd:5a:0c:92:fb:af:41:d8:fa:bf:
         e2:a5:ca:32:74:b1:31:10:f3:01:b7:b8:0e:d0:57:af:c5:a9:
         a1:75:34:2f:f8:a5:59:de:e3:7c:6a:f7:e4:ea:f2:92:f7:05:
         47:7b:aa:c9:29:ed:8f:19:70:06:b0:94:db:45:5c:6d:08:54:
         9e:29:38:34
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHlNBj8Kkn6Y2h8OwitGwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZkMWEzYTAyNThkY2NhNjdmYzlkZGRiZjRlMzYxNTdl
NmE3MTYwHhcNMjQwMTAyMDAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGNkNWY1Y2M2MzBjZDY4YmZlZmQxMTM0MGJkNGEzNTY0NzY2Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJ0YKgESDJ6eaFhl7+1SSv+qX3Ee
RpPr/Ay/EQjnOgIp0t6Uqj179FkkzkWCX3uHVF3fEwNGvPZ/jM5QVldXAgRpXrEr
CcHZNXm62EG2Dm9i+QXRHIq+frX27/dBV8B9t1muqm9NnIQxEXPUSqhwXfgh13lt
cXjU9HvQkBdBc9TQvkieSK8bxSDB7UMeeKHE4J67nl7PjcgKkhsUQI43Ys3aYF+A
ukvBgF5awBi94AcGkq7mtNPxP40MXD8E5jxaTLFXkgEY2so6DCaqJ49gEkytvnDc
nMJxQwgpd3GrKeBCNv+fjcZb0TFeoR698x8JXTj2xgJG6SpR76rkp4wluQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFHDNX1zGMM1ov+/RE0C9SjVkdmyHMB8GA1UdIwQY
MBaAFEJP0aOgJY3Mpn/J3dv042FX5qcWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfUm82QWxqY3ltZjhuZDJfVGpZVmZtcHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85MTM3NTItYjhkYy00ZGZmLTg2Njct
NzQ3YjBlNTdhYjVlLzEvY00xZlhNWXd6V2lfNzlFVFFMMUtOV1IyYkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85MTM3NTItYjhkYy00ZGZmLTg2NjctNzQ3YjBlNTdhYjVl
LzEvUWtfUm82QWxqY3ltZjhuZDJfVGpZVmZtcHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjALBAIAATAFAwMAjSYwDwQC
AAIwCQMHACABBnwTZDANBgkqhkiG9w0BAQsFAAOCAQEAAjIrfr5ECAigJ3aAv8oN
niH/K0fH9TWPtsQetO+4RNl1aBJGS0HrxqMJRgGiaFT5PNgeeLaimrTEpMsnTzzM
p+1fpdTM8I/zRHykMnYQmzqlCad8cvk62LTTe1j+HUMDKWvA5thi3Py1z48Y2qJ7
d4XLHwguB1vYTq7ca0FoJeHzSWAId+sjd5dC2tpwjiDhRoU3g5ajaa7kLvDOTMEc
dZiiAZGQZIwigIt9Cw66qZzB6CKp76+sAB0fpgL9WgyS+69B2Pq/4qXKMnSxMRDz
Abe4DtBXr8WpoXU0L/ilWd7jfGr35OrykvcFR3uqySntjxlwBrCU20VcbQhUnik4
NA==
-----END CERTIFICATE-----