Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/eb7dd4-fc8f-4937-8db0-a665db22ef72/1/mcXzNzMVM7ne8Swx56wb7KlLFzI.roa
File:                     mcXzNzMVM7ne8Swx56wb7KlLFzI.roa (raw, json)
Hash identifier:          MEwQkJAhMcHg6QiopPYkEWOMmgVM1ULGZn1PRJtmxiI=
Subject key identifier:   99:C5:F3:37:33:15:33:B9:DE:F1:2C:31:E7:AC:1B:EC:A9:4B:17:32
Certificate issuer:       /CN=1caf2fa38e1d1a4d0e06609bf2976e81c50aad0a
Certificate serial:       018CC725B5C7C45359CB1023918C94D025A9
Authority key identifier: 1C:AF:2F:A3:8E:1D:1A:4D:0E:06:60:9B:F2:97:6E:81:C5:0A:AD:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HK8vo44dGk0OBmCb8pdugcUKrQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/eb7dd4-fc8f-4937-8db0-a665db22ef72/1/mcXzNzMVM7ne8Swx56wb7KlLFzI.roa
Signing time:             Mon 01 Jan 2024 22:29:46 +0000
ROA not before:           Mon 01 Jan 2024 22:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209116
IP address blocks:        5.181.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/eb7dd4-fc8f-4937-8db0-a665db22ef72/1/HK8vo44dGk0OBmCb8pdugcUKrQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/eb7dd4-fc8f-4937-8db0-a665db22ef72/1/HK8vo44dGk0OBmCb8pdugcUKrQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HK8vo44dGk0OBmCb8pdugcUKrQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b5:c7:c4:53:59:cb:10:23:91:8c:94:d0:25:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1caf2fa38e1d1a4d0e06609bf2976e81c50aad0a
        Validity
            Not Before: Jan  1 22:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99c5f337331533b9def12c31e7ac1beca94b1732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:46:fe:21:03:ae:f9:79:b7:8e:07:a1:3b:f5:
                    80:a8:47:6f:3f:b4:a3:5e:c7:b0:05:96:a0:66:20:
                    df:83:67:2d:75:6f:3e:2a:3d:b9:62:cb:f2:cb:88:
                    26:63:69:ff:16:2a:01:f3:e0:c6:06:2c:0a:32:ad:
                    e3:6b:c4:21:9e:52:00:c1:2f:1b:f6:84:b1:1e:95:
                    3b:ab:99:e8:0a:87:54:42:3c:e2:1a:08:59:90:d7:
                    f7:18:6e:fd:20:74:8b:24:0b:90:c8:1c:39:80:fa:
                    30:a0:94:49:3b:40:e0:ff:cf:94:39:13:4b:4e:78:
                    55:89:1e:db:69:83:7d:65:eb:cf:4a:c4:ab:19:0a:
                    10:b2:c5:3d:1a:98:28:bb:39:d4:77:6b:62:b8:26:
                    a8:01:27:e3:1f:27:60:ea:b2:b0:50:21:d3:6f:3f:
                    38:3c:69:2c:0a:a2:0f:19:b2:82:d9:3c:f8:5c:d8:
                    4c:97:dd:f9:8e:a3:a2:4a:f2:56:da:f9:33:b2:03:
                    0f:94:3d:12:57:6a:f3:57:3d:fa:a2:e2:a9:66:33:
                    73:ff:f3:33:a3:97:ae:bd:ea:00:97:c1:92:04:97:
                    d2:21:32:54:15:ab:f8:19:49:e7:54:6b:bb:4f:5e:
                    63:d9:61:73:d5:57:38:c8:48:a4:6c:21:d0:38:80:
                    2d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C5:F3:37:33:15:33:B9:DE:F1:2C:31:E7:AC:1B:EC:A9:4B:17:32
            X509v3 Authority Key Identifier:
                keyid:1C:AF:2F:A3:8E:1D:1A:4D:0E:06:60:9B:F2:97:6E:81:C5:0A:AD:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HK8vo44dGk0OBmCb8pdugcUKrQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/eb7dd4-fc8f-4937-8db0-a665db22ef72/1/mcXzNzMVM7ne8Swx56wb7KlLFzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/eb7dd4-fc8f-4937-8db0-a665db22ef72/1/HK8vo44dGk0OBmCb8pdugcUKrQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:6e:d2:e6:d9:51:e6:06:e0:47:6f:69:3f:20:a9:a1:80:86:
         0b:98:41:00:8e:68:68:25:98:4a:1e:31:a5:39:e7:4d:57:52:
         58:25:3f:cb:31:8c:5f:77:64:b1:90:1a:1e:bb:1a:07:96:30:
         5b:01:19:c2:55:5f:15:27:3e:fe:2a:28:1a:1f:85:1a:e1:77:
         8d:61:6e:95:cb:90:13:1b:1a:f3:22:ea:9a:18:de:a4:a9:2a:
         dd:d0:26:d0:6b:06:6d:4e:66:0e:e3:b7:df:12:67:3a:84:28:
         9f:49:91:c8:30:bc:ad:5d:e4:03:13:1d:eb:82:76:17:5b:21:
         e8:ba:28:06:00:21:df:3d:87:e9:e5:fa:53:fa:91:5f:7f:7a:
         12:d1:0a:f7:01:2a:59:63:9e:64:2c:81:a9:cf:e0:c0:be:d9:
         97:26:7e:9a:93:42:7a:80:7d:25:b4:b5:21:2b:45:af:78:41:
         10:61:04:35:ad:15:e7:28:ea:20:c1:8e:b4:66:6b:2d:10:89:
         c2:16:00:69:c5:50:3d:b8:2c:eb:7c:4f:1c:f2:6a:38:59:a1:
         4f:65:59:d4:ee:fd:94:98:75:e3:b5:fb:72:6e:e0:df:c4:2c:
         e5:5d:2e:ec:bf:41:1f:51:2f:9a:42:c2:db:2c:a6:dd:4d:1b:
         35:f1:f8:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbXHxFNZyxAjkYyU0CWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYWYyZmEzOGUxZDFhNGQwZTA2NjA5YmYyOTc2ZTgxYzUw
YWFkMGEwHhcNMjQwMTAxMjIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWM1ZjMzNzMzMTUzM2I5ZGVmMTJjMzFlN2FjMWJlY2E5NGIxNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0b+IQOu+Xm3jgehO/WAqEdvP7Sj
XsewBZagZiDfg2ctdW8+Kj25Ysvyy4gmY2n/FioB8+DGBiwKMq3ja8QhnlIAwS8b
9oSxHpU7q5noCodUQjziGghZkNf3GG79IHSLJAuQyBw5gPowoJRJO0Dg/8+UORNL
TnhViR7baYN9ZevPSsSrGQoQssU9GpgouznUd2tiuCaoASfjHydg6rKwUCHTbz84
PGksCqIPGbKC2Tz4XNhMl935jqOiSvJW2vkzsgMPlD0SV2rzVz36ouKpZjNz//Mz
o5euveoAl8GSBJfSITJUFav4GUnnVGu7T15j2WFz1Vc4yEikbCHQOIAt3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnF8zczFTO53vEsMeesG+ypSxcyMB8GA1UdIwQY
MBaAFByvL6OOHRpNDgZgm/KXboHFCq0KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEs4dm80NGRHazBPQm1DYjhwZHVnY1VLclFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lYjdkZDQtZmM4Zi00OTM3LThkYjAt
YTY2NWRiMjJlZjcyLzEvbWNYek56TVZNN25lOFN3eDU2d2I3S2xMRnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lYjdkZDQtZmM4Zi00OTM3LThkYjAtYTY2NWRiMjJlZjcy
LzEvSEs4dm80NGRHazBPQm1DYjhwZHVnY1VLclFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbX4MA0G
CSqGSIb3DQEBCwUAA4IBAQBbbtLm2VHmBuBHb2k/IKmhgIYLmEEAjmhoJZhKHjGl
OedNV1JYJT/LMYxfd2SxkBoeuxoHljBbARnCVV8VJz7+KigaH4Ua4XeNYW6Vy5AT
GxrzIuqaGN6kqSrd0CbQawZtTmYO47ffEmc6hCifSZHIMLytXeQDEx3rgnYXWyHo
uigGACHfPYfp5fpT+pFff3oS0Qr3ASpZY55kLIGpz+DAvtmXJn6ak0J6gH0ltLUh
K0WveEEQYQQ1rRXnKOogwY60ZmstEInCFgBpxVA9uCzrfE8c8mo4WaFPZVnU7v2U
mHXjtftybuDfxCzlXS7sv0EfUS+aQsLbLKbdTRs18fgu
-----END CERTIFICATE-----