Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/1d1b72-8bcf-4500-9125-321c14dd4639/1/M6OWXgowqg4AGbiWjfAD9KK2cEU.roa
File:                     M6OWXgowqg4AGbiWjfAD9KK2cEU.roa (raw, json)
Hash identifier:          Mn3auVPJVKZmcd7U+5PZV+yWCdwqL/ynkD+A6slAmw8=
Subject key identifier:   33:A3:96:5E:0A:30:AA:0E:00:19:B8:96:8D:F0:03:F4:A2:B6:70:45
Certificate issuer:       /CN=2860f15d278379483aaa0613cbf592e72cc81e48
Certificate serial:       018CC9BCD7787F80C9B263B70769453F6E44
Authority key identifier: 28:60:F1:5D:27:83:79:48:3A:AA:06:13:CB:F5:92:E7:2C:C8:1E:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGDxXSeDeUg6qgYTy_WS5yzIHkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/1d1b72-8bcf-4500-9125-321c14dd4639/1/M6OWXgowqg4AGbiWjfAD9KK2cEU.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198385
IP address blocks:        193.73.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/1d1b72-8bcf-4500-9125-321c14dd4639/1/KGDxXSeDeUg6qgYTy_WS5yzIHkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/1d1b72-8bcf-4500-9125-321c14dd4639/1/KGDxXSeDeUg6qgYTy_WS5yzIHkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KGDxXSeDeUg6qgYTy_WS5yzIHkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d7:78:7f:80:c9:b2:63:b7:07:69:45:3f:6e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2860f15d278379483aaa0613cbf592e72cc81e48
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a3965e0a30aa0e0019b8968df003f4a2b67045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e5:0b:f8:13:b9:ce:4f:f9:6e:e7:0f:c3:77:
                    d7:40:04:7d:83:3d:b7:f6:e3:54:91:cc:d8:a1:15:
                    7e:6f:b7:da:b9:72:c1:94:e4:df:91:1e:32:f6:f2:
                    f6:9a:b3:bd:d8:25:15:bb:9e:eb:0d:0d:7b:73:17:
                    2b:a4:be:28:fe:27:e8:36:5d:ae:de:67:54:b8:f7:
                    ca:95:58:41:e9:0f:25:0a:af:14:c5:c8:fb:3e:c4:
                    0d:7a:19:25:87:92:3e:e5:10:ac:9e:f2:f8:5f:80:
                    d6:49:35:5d:55:c4:9f:25:da:55:86:95:0f:64:d7:
                    29:b4:a8:64:c7:b8:91:b9:ea:7b:2f:dc:04:4d:7a:
                    d7:47:0b:09:bb:4c:48:ad:23:d9:77:81:9b:38:2d:
                    94:13:3a:6b:fb:64:fb:38:03:af:e4:89:bb:9d:51:
                    32:43:44:30:83:c3:c3:91:13:c2:3e:83:9f:80:d3:
                    69:d4:32:91:09:ce:3e:24:19:13:42:6d:42:c2:d1:
                    5f:63:75:96:e0:5d:0e:df:9a:9e:d0:28:79:66:1c:
                    fe:19:2d:f9:87:60:e1:80:f1:7c:65:ef:2e:ee:2f:
                    11:8c:25:50:ad:28:60:83:24:c9:29:ad:8f:c8:0d:
                    b8:75:f1:1f:a9:42:2d:ce:ad:c7:05:be:b5:bf:6c:
                    51:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A3:96:5E:0A:30:AA:0E:00:19:B8:96:8D:F0:03:F4:A2:B6:70:45
            X509v3 Authority Key Identifier:
                keyid:28:60:F1:5D:27:83:79:48:3A:AA:06:13:CB:F5:92:E7:2C:C8:1E:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGDxXSeDeUg6qgYTy_WS5yzIHkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d1b72-8bcf-4500-9125-321c14dd4639/1/M6OWXgowqg4AGbiWjfAD9KK2cEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/1d1b72-8bcf-4500-9125-321c14dd4639/1/KGDxXSeDeUg6qgYTy_WS5yzIHkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.73.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:91:a3:5e:ac:5b:13:f9:26:eb:86:b8:60:d4:ba:1b:95:7a:
         be:8b:3c:ef:29:8b:66:fc:7b:f6:b2:be:69:39:d9:d2:ee:b2:
         4c:d8:84:3c:43:b8:71:1f:89:b2:17:0b:9f:82:71:d1:31:83:
         95:59:11:02:36:37:e3:53:9c:fc:c4:ca:31:a0:1d:cb:09:bb:
         23:5c:b7:9e:9a:43:10:11:e1:a7:72:e6:74:b0:aa:2b:4a:21:
         b6:be:fe:52:1e:e3:04:52:59:b4:e5:3e:60:5c:19:15:38:0c:
         10:40:19:39:11:ee:69:21:cb:6d:57:85:b9:f1:74:23:a0:a7:
         5a:84:c1:97:65:8a:f0:63:67:dc:3f:7a:9c:86:63:fc:59:6c:
         6c:ea:5e:66:9e:32:90:e3:c3:49:95:05:b1:ac:66:4c:4f:bf:
         1e:f7:6d:b9:c9:73:4a:fd:25:d3:43:f4:5c:6f:a3:1f:54:9d:
         40:9d:34:c0:d6:34:3e:ff:df:13:83:ec:c6:d7:c7:89:a9:dc:
         a5:b7:b2:1e:69:bb:9a:fc:3e:e7:51:1d:ba:75:37:94:b7:aa:
         b4:5e:02:0d:75:6e:07:18:7e:05:3b:90:2c:c2:0b:55:a6:0d:
         73:70:84:27:97:44:4e:f2:c6:67:d5:b1:95:89:1e:95:e7:da:
         cd:0b:f8:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNd4f4DJsmO3B2lFP25EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjBmMTVkMjc4Mzc5NDgzYWFhMDYxM2NiZjU5MmU3MmNj
ODFlNDgwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2EzOTY1ZTBhMzBhYTBlMDAxOWI4OTY4ZGYwMDNmNGEyYjY3MDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+UL+BO5zk/5bucPw3fXQAR9gz23
9uNUkczYoRV+b7fauXLBlOTfkR4y9vL2mrO92CUVu57rDQ17cxcrpL4o/ifoNl2u
3mdUuPfKlVhB6Q8lCq8Uxcj7PsQNehklh5I+5RCsnvL4X4DWSTVdVcSfJdpVhpUP
ZNcptKhkx7iRuep7L9wETXrXRwsJu0xIrSPZd4GbOC2UEzpr+2T7OAOv5Im7nVEy
Q0Qwg8PDkRPCPoOfgNNp1DKRCc4+JBkTQm1CwtFfY3WW4F0O35qe0Ch5Zhz+GS35
h2DhgPF8Ze8u7i8RjCVQrShggyTJKa2PyA24dfEfqUItzq3HBb61v2xRHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOjll4KMKoOABm4lo3wA/SitnBFMB8GA1UdIwQY
MBaAFChg8V0ng3lIOqoGE8v1kucsyB5IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dEeFhTZURlVWc2cWdZVHlfV1M1eXpJSGtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xZDFiNzItOGJjZi00NTAwLTkxMjUt
MzIxYzE0ZGQ0NjM5LzEvTTZPV1hnb3dxZzRBR2JpV2pmQUQ5S0syY0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xZDFiNzItOGJjZi00NTAwLTkxMjUtMzIxYzE0ZGQ0NjM5
LzEvS0dEeFhTZURlVWc2cWdZVHlfV1M1eXpJSGtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwUl6MA0G
CSqGSIb3DQEBCwUAA4IBAQCVkaNerFsT+Sbrhrhg1LoblXq+izzvKYtm/Hv2sr5p
OdnS7rJM2IQ8Q7hxH4myFwufgnHRMYOVWRECNjfjU5z8xMoxoB3LCbsjXLeemkMQ
EeGncuZ0sKorSiG2vv5SHuMEUlm05T5gXBkVOAwQQBk5Ee5pIcttV4W58XQjoKda
hMGXZYrwY2fcP3qchmP8WWxs6l5mnjKQ48NJlQWxrGZMT78e9225yXNK/SXTQ/Rc
b6MfVJ1AnTTA1jQ+/98Tg+zG18eJqdylt7Ieabua/D7nUR26dTeUt6q0XgINdW4H
GH4FO5AswgtVpg1zcIQnl0RO8sZn1bGViR6V59rNC/jK
-----END CERTIFICATE-----