Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/M3xOqG9NmFP9bH2F8idLoqyE5E0.roa
File:                     M3xOqG9NmFP9bH2F8idLoqyE5E0.roa (raw, json)
Hash identifier:          5OTcqvNPaqvr5Y3xz2aE+nW1Ps32qWhX5NCk/mjlkPA=
Subject key identifier:   33:7C:4E:A8:6F:4D:98:53:FD:6C:7D:85:F2:27:4B:A2:AC:84:E4:4D
Certificate issuer:       /CN=67b3b58b452239001eac2e221ba56c3afed7a790
Certificate serial:       018CC7951562DA323EBC0D90692DCB3566D1
Authority key identifier: 67:B3:B5:8B:45:22:39:00:1E:AC:2E:22:1B:A5:6C:3A:FE:D7:A7:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/M3xOqG9NmFP9bH2F8idLoqyE5E0.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50137
IP address blocks:        193.104.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:15:62:da:32:3e:bc:0d:90:69:2d:cb:35:66:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b3b58b452239001eac2e221ba56c3afed7a790
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=337c4ea86f4d9853fd6c7d85f2274ba2ac84e44d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:83:e1:71:fa:9a:3c:ab:88:36:2d:49:01:4e:
                    2a:d8:b0:e2:8a:9b:e2:ed:5b:7b:f1:33:ff:80:4b:
                    00:9a:71:2b:2f:44:50:5d:2a:0c:c3:30:a0:da:ad:
                    34:22:3d:01:5b:99:8b:28:b6:78:44:6e:82:7e:4a:
                    04:c3:0f:e6:b1:da:a2:f4:a8:5b:93:62:14:f6:da:
                    c3:d6:63:56:0f:05:ec:0f:77:76:86:bf:80:ce:18:
                    8e:96:d4:a9:d3:cb:27:7a:1c:0b:e3:0e:6c:fd:b2:
                    0d:ed:ca:bc:05:fa:c4:48:bd:32:fb:03:db:af:60:
                    d5:fd:9a:51:5a:87:ba:de:cf:de:f2:62:b2:1a:0f:
                    58:b1:c1:06:fc:70:3a:ae:cb:21:10:da:39:a0:17:
                    79:ec:e0:71:74:6c:9a:ab:30:b9:65:4a:32:cc:60:
                    b2:cb:a3:b1:aa:76:45:e6:9a:1c:98:e1:91:ae:6f:
                    fa:e0:3e:9d:c2:62:4e:7a:f5:f9:d7:ee:3e:7f:89:
                    75:37:ad:eb:4c:ee:4a:34:8a:70:33:b3:7b:81:fb:
                    5b:f3:87:18:e0:2a:61:df:14:54:ac:d0:ed:cf:7d:
                    1c:46:91:1a:83:23:31:4a:3f:4e:55:c9:9d:12:06:
                    5c:9d:73:d8:07:da:23:82:8b:f0:f9:19:9a:96:a8:
                    8c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7C:4E:A8:6F:4D:98:53:FD:6C:7D:85:F2:27:4B:A2:AC:84:E4:4D
            X509v3 Authority Key Identifier:
                keyid:67:B3:B5:8B:45:22:39:00:1E:AC:2E:22:1B:A5:6C:3A:FE:D7:A7:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/M3xOqG9NmFP9bH2F8idLoqyE5E0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/73e504-b7bb-4ff8-bad8-b79552e700c5/1/Z7O1i0UiOQAerC4iG6VsOv7Xp5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:9d:b3:5b:d4:ce:27:24:ef:2a:01:d5:cd:9d:4b:53:d1:26:
         35:4d:7e:84:e1:9c:2d:fe:ac:8f:32:f9:29:a5:72:01:47:00:
         a9:b2:49:de:66:f1:0b:fc:d7:a5:87:31:37:97:2c:15:9e:39:
         38:08:39:0a:f0:0a:4d:9a:fe:36:0f:06:ae:c8:de:9b:6d:04:
         d7:bb:4c:f9:45:0c:94:b6:cc:45:00:9c:3f:83:d9:84:0e:d4:
         81:ef:7a:87:18:68:55:d9:40:b4:61:f3:d7:b3:3f:9e:3b:5c:
         2d:c9:12:fa:1b:9f:07:b7:5c:3f:4b:47:77:62:a7:2c:4c:84:
         88:34:24:d8:fc:63:64:91:4c:c6:39:12:bc:76:65:9d:09:c0:
         cf:5b:76:0c:6a:b7:f9:dc:24:c5:23:94:ff:0c:d7:1b:95:aa:
         ac:e9:98:2f:8b:45:45:f4:be:3f:27:5c:a4:89:88:9a:6d:aa:
         4a:5a:86:af:8b:a1:f5:a7:16:1e:82:04:8a:f8:8b:8c:ae:62:
         c6:1c:fa:0b:e7:d6:fe:fb:1a:3a:d4:5e:78:95:e1:ec:f2:8f:
         5a:cf:66:c7:b4:24:19:a3:f5:e6:d2:a2:44:9d:2a:59:4e:87:
         7e:f1:30:1f:2f:5b:d2:c6:cd:cb:e4:ad:5b:91:dd:e1:14:7d:
         ca:b6:54:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRVi2jI+vA2QaS3LNWbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjNiNThiNDUyMjM5MDAxZWFjMmUyMjFiYTU2YzNhZmVk
N2E3OTAwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdjNGVhODZmNGQ5ODUzZmQ2YzdkODVmMjI3NGJhMmFjODRlNDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4PhcfqaPKuINi1JAU4q2LDiipvi
7Vt78TP/gEsAmnErL0RQXSoMwzCg2q00Ij0BW5mLKLZ4RG6CfkoEww/msdqi9Khb
k2IU9trD1mNWDwXsD3d2hr+AzhiOltSp08snehwL4w5s/bIN7cq8BfrESL0y+wPb
r2DV/ZpRWoe63s/e8mKyGg9YscEG/HA6rsshENo5oBd57OBxdGyaqzC5ZUoyzGCy
y6OxqnZF5pocmOGRrm/64D6dwmJOevX51+4+f4l1N63rTO5KNIpwM7N7gftb84cY
4Cph3xRUrNDtz30cRpEagyMxSj9OVcmdEgZcnXPYB9ojgovw+RmalqiMGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN8TqhvTZhT/Wx9hfInS6KshORNMB8GA1UdIwQY
MBaAFGeztYtFIjkAHqwuIhulbDr+16eQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdPMWkwVWlPUUFlckM0aUc2VnNPdjdYcDVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy83M2U1MDQtYjdiYi00ZmY4LWJhZDgt
Yjc5NTUyZTcwMGM1LzEvTTN4T3FHOU5tRlA5YkgyRjhpZExvcXlFNUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy83M2U1MDQtYjdiYi00ZmY4LWJhZDgtYjc5NTUyZTcwMGM1
LzEvWjdPMWkwVWlPUUFlckM0aUc2VnNPdjdYcDVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWiWMA0G
CSqGSIb3DQEBCwUAA4IBAQB5nbNb1M4nJO8qAdXNnUtT0SY1TX6E4Zwt/qyPMvkp
pXIBRwCpskneZvEL/NelhzE3lywVnjk4CDkK8ApNmv42DwauyN6bbQTXu0z5RQyU
tsxFAJw/g9mEDtSB73qHGGhV2UC0YfPXsz+eO1wtyRL6G58Ht1w/S0d3YqcsTISI
NCTY/GNkkUzGORK8dmWdCcDPW3YMarf53CTFI5T/DNcblaqs6Zgvi0VF9L4/J1yk
iYiabapKWoavi6H1pxYeggSK+IuMrmLGHPoL59b++xo61F54leHs8o9az2bHtCQZ
o/Xm0qJEnSpZTod+8TAfL1vSxs3L5K1bkd3hFH3KtlTJ
-----END CERTIFICATE-----