Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/mNtMaj40L_g69mB1oQhCEzLpCdM.roa
File:                     mNtMaj40L_g69mB1oQhCEzLpCdM.roa (raw, json)
Hash identifier:          qzsb0NAx2zGbYRZ1ax1gMSbK7MH/852sN7b7maMxteA=
Subject key identifier:   98:DB:4C:6A:3E:34:2F:F8:3A:F6:60:75:A1:08:42:13:32:E9:09:D3
Certificate issuer:       /CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
Certificate serial:       018CC80155F49A2E51106144478E2D61940F
Authority key identifier: 81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/mNtMaj40L_g69mB1oQhCEzLpCdM.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199313
IP address blocks:        195.64.236.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 01:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:f4:9a:2e:51:10:61:44:47:8e:2d:61:94:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81fa48f40bc84540c46bd23be9b90897aa184f4d
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98db4c6a3e342ff83af66075a108421332e909d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:8b:d3:b6:9b:62:05:27:42:d9:b1:f5:88:
                    cb:c8:03:ff:a8:48:47:cf:ff:a4:e6:88:11:73:3b:
                    29:bc:c3:a3:98:e5:47:dd:e9:da:98:81:53:a4:e5:
                    6b:01:d3:23:dc:f3:43:91:a7:4f:e3:18:76:37:02:
                    cf:08:2a:3e:7d:2c:8c:19:d5:97:13:8e:f4:f3:68:
                    8e:31:05:a1:8c:9b:e0:27:76:c7:86:65:43:15:25:
                    09:ca:f9:f9:79:44:b2:4e:50:2d:0a:37:6c:31:1f:
                    6d:5c:6e:0c:90:2f:4f:91:dd:3c:fc:85:af:3d:94:
                    bc:69:85:68:46:11:9d:bf:78:a2:ee:63:a8:af:52:
                    98:3b:10:d8:c3:60:5d:a7:a8:8f:8b:ca:09:c6:fe:
                    92:68:e9:b4:16:cd:04:4c:7f:f5:90:1c:65:e5:0b:
                    c8:2a:1d:16:67:7a:e7:22:3d:76:81:7c:56:48:2b:
                    50:f5:7c:40:bf:b2:4d:64:d0:c2:d3:78:df:51:00:
                    13:10:70:51:9d:18:65:ae:29:26:9d:da:85:e4:44:
                    14:d8:d7:e2:de:d7:ef:dd:f9:33:b9:86:75:de:3b:
                    ee:e9:2b:f7:e8:6b:16:87:28:dd:55:16:83:12:a7:
                    3f:e3:75:11:d5:07:ba:12:82:d0:24:8a:58:ec:38:
                    1f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DB:4C:6A:3E:34:2F:F8:3A:F6:60:75:A1:08:42:13:32:E9:09:D3
            X509v3 Authority Key Identifier:
                keyid:81:FA:48:F4:0B:C8:45:40:C4:6B:D2:3B:E9:B9:08:97:AA:18:4F:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gfpI9AvIRUDEa9I76bkIl6oYT00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/mNtMaj40L_g69mB1oQhCEzLpCdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/146078-f9b2-4163-af1a-8e93cb5c5355/1/gfpI9AvIRUDEa9I76bkIl6oYT00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:a8:80:39:03:3f:b2:11:8a:18:8f:13:65:5b:26:64:6b:a0:
         52:c9:4f:4e:91:ed:48:5b:15:7e:ac:de:18:04:70:06:6d:e1:
         f5:bf:12:f8:54:58:02:75:27:03:b6:de:78:6f:f3:92:f9:f9:
         c6:53:49:59:9b:43:0c:56:be:9a:ca:23:0e:a3:73:94:39:3f:
         04:0f:f1:bc:6d:a4:ca:ba:9d:2e:df:e5:95:0b:f5:99:5b:d0:
         10:6e:9a:30:d5:c8:4d:fa:a0:ee:e8:92:cd:2c:00:25:92:2c:
         44:ac:53:0a:45:44:0f:3a:b8:fc:05:d4:2a:e1:6a:27:8e:9a:
         64:f1:68:b8:01:e2:72:9e:8e:24:65:ef:4c:1d:04:74:08:4b:
         f4:10:50:18:81:de:68:72:cb:60:9b:88:ab:98:dd:fb:a1:a5:
         79:da:ce:9f:7a:de:7e:f2:32:09:cf:62:af:cc:ca:7e:ff:67:
         7b:a6:08:04:79:d4:d8:92:50:fd:12:14:d7:cd:69:19:54:54:
         02:9e:42:df:11:c6:6f:15:8c:d6:c0:65:fa:a0:01:e5:05:e7:
         7d:9f:bf:86:30:8b:9a:4c:b8:6a:fd:b8:54:e1:ed:f2:c0:67:
         a6:fc:1a:1e:00:2e:be:be:1a:bb:de:9d:bb:cb:ea:65:61:55:
         d5:c8:7a:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAVX0mi5REGFER44tYZQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZmE0OGY0MGJjODQ1NDBjNDZiZDIzYmU5YjkwODk3YWEx
ODRmNGQwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGRiNGM2YTNlMzQyZmY4M2FmNjYwNzVhMTA4NDIxMzMyZTkwOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv72L07abYgUnQtmx9YjLyAP/qEhH
z/+k5ogRczspvMOjmOVH3enamIFTpOVrAdMj3PNDkadP4xh2NwLPCCo+fSyMGdWX
E47082iOMQWhjJvgJ3bHhmVDFSUJyvn5eUSyTlAtCjdsMR9tXG4MkC9Pkd08/IWv
PZS8aYVoRhGdv3ii7mOor1KYOxDYw2Bdp6iPi8oJxv6SaOm0Fs0ETH/1kBxl5QvI
Kh0WZ3rnIj12gXxWSCtQ9XxAv7JNZNDC03jfUQATEHBRnRhlrikmndqF5EQU2Nfi
3tfv3fkzuYZ13jvu6Sv36GsWhyjdVRaDEqc/43UR1Qe6EoLQJIpY7Dgf/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjbTGo+NC/4OvZgdaEIQhMy6QnTMB8GA1UdIwQY
MBaAFIH6SPQLyEVAxGvSO+m5CJeqGE9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEt
OGU5M2NiNWM1MzU1LzEvbU50TWFqNDBMX2c2OW1CMW9RaENFekxwQ2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xNDYwNzgtZjliMi00MTYzLWFmMWEtOGU5M2NiNWM1MzU1
LzEvZ2ZwSTlBdklSVURFYTlJNzZia0lsNm9ZVDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0DsMA0G
CSqGSIb3DQEBCwUAA4IBAQCFqIA5Az+yEYoYjxNlWyZka6BSyU9Oke1IWxV+rN4Y
BHAGbeH1vxL4VFgCdScDtt54b/OS+fnGU0lZm0MMVr6ayiMOo3OUOT8ED/G8baTK
up0u3+WVC/WZW9AQbpow1chN+qDu6JLNLAAlkixErFMKRUQPOrj8BdQq4Wonjppk
8Wi4AeJyno4kZe9MHQR0CEv0EFAYgd5ocstgm4irmN37oaV52s6fet5+8jIJz2Kv
zMp+/2d7pggEedTYklD9EhTXzWkZVFQCnkLfEcZvFYzWwGX6oAHlBed9n7+GMIua
TLhq/bhU4e3ywGem/BoeAC6+vhq73p27y+plYVXVyHp3
-----END CERTIFICATE-----