Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/mPlpmpbLLGOV1Wmm6ZqVUGS6WDw.roa
File:                     mPlpmpbLLGOV1Wmm6ZqVUGS6WDw.roa (raw, json)
Hash identifier:          e398+licWZpBPKfhotAUnDZ1K8xPaGrXB9DX3j1jpGg=
Subject key identifier:   98:F9:69:9A:96:CB:2C:63:95:D5:69:A6:E9:9A:95:50:64:BA:58:3C
Certificate issuer:       /CN=894928a39627cd5ee5f975bd897c2d775ab29940
Certificate serial:       018CCA99B2971D44C2A02B9E4BD94B907E3B
Authority key identifier: 89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/mPlpmpbLLGOV1Wmm6ZqVUGS6WDw.roa
Signing time:             Tue 02 Jan 2024 14:35:19 +0000
ROA not before:           Tue 02 Jan 2024 14:35:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52756
IP address blocks:        149.226.240.0/24 maxlen: 24
                          149.226.243.0/24 maxlen: 24
                          149.226.241.0/24 maxlen: 24
                          149.226.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:b2:97:1d:44:c2:a0:2b:9e:4b:d9:4b:90:7e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=894928a39627cd5ee5f975bd897c2d775ab29940
        Validity
            Not Before: Jan  2 14:35:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98f9699a96cb2c6395d569a6e99a955064ba583c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:57:48:c1:db:81:8f:43:c6:5c:e8:06:de:b4:
                    d6:7f:33:c2:b6:e7:44:59:0b:8b:6e:85:cc:af:51:
                    82:23:eb:a9:66:32:f2:04:15:1e:fc:3d:44:a6:ff:
                    d2:e6:95:55:30:2d:2d:5a:a7:e9:13:cb:4a:a0:05:
                    62:10:b1:9d:df:bf:be:65:3f:35:48:aa:49:c5:76:
                    5d:ff:df:44:36:19:41:74:02:8f:da:bd:19:7c:51:
                    8b:71:55:b8:12:3d:7d:b9:3b:93:31:56:a8:7a:a5:
                    37:8b:6d:ec:df:ad:b4:01:a7:f8:59:88:ab:41:bc:
                    5f:e5:dc:38:12:20:28:cd:21:8a:1b:e2:94:67:99:
                    a1:94:79:7d:3d:59:c1:8e:de:39:74:e3:63:2e:d2:
                    b3:e4:44:5f:88:eb:96:4b:56:76:f6:e3:54:6d:0f:
                    62:4a:a0:7c:cd:3c:79:a9:55:24:1d:89:12:dc:b2:
                    cc:e9:d1:cb:c8:b4:da:33:2a:d7:fa:f0:6f:f9:53:
                    f5:08:47:b7:61:fc:b9:ae:8a:44:69:b4:b1:5a:28:
                    85:52:c8:72:d2:7c:a4:60:d2:35:d5:3f:60:68:1c:
                    43:2a:5c:e2:bb:79:79:0a:fc:95:43:6f:92:2e:f1:
                    ff:a2:67:59:fb:00:82:96:ad:2e:0e:14:98:5b:5e:
                    89:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F9:69:9A:96:CB:2C:63:95:D5:69:A6:E9:9A:95:50:64:BA:58:3C
            X509v3 Authority Key Identifier:
                keyid:89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/mPlpmpbLLGOV1Wmm6ZqVUGS6WDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.226.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:46:50:b9:0c:d9:6d:5c:0a:6b:4d:d5:ff:8d:b9:91:57:c3:
         e6:57:f2:a7:3f:b0:b2:e9:1b:6b:27:d4:7f:e3:61:40:ce:52:
         47:24:7f:70:e1:bd:db:e1:8b:32:75:1a:ba:83:1f:80:a8:0f:
         34:8c:0c:43:63:1f:8c:33:95:eb:75:15:5e:fd:e6:c9:0a:81:
         c2:7f:55:f8:5e:fd:2b:8c:84:14:a1:2f:1c:85:83:ba:ea:57:
         4a:83:af:13:f4:52:3c:b3:1b:78:c3:f9:03:95:94:04:82:17:
         6f:50:83:8a:ae:38:df:2a:70:55:43:e0:78:1e:87:7c:00:0c:
         b0:b6:9b:08:c3:1f:b4:63:f5:53:3f:29:4e:f1:1a:86:e0:e0:
         c9:ee:f7:7d:4e:ca:8b:e0:cc:24:88:e4:4c:cd:04:69:c7:47:
         92:1d:65:86:78:64:fc:16:4c:22:51:1b:ad:92:ec:49:0e:a7:
         83:4a:ef:18:57:77:54:86:f9:79:0b:a2:1a:b8:9b:49:5c:d0:
         c9:32:51:63:cd:5e:16:b0:d5:0d:69:1d:90:36:59:1e:c6:a1:
         26:c4:2f:d3:40:a7:ea:a4:57:ab:bc:c2:c7:d5:35:9b:80:d9:
         c6:bc:63:d1:c7:cf:00:2c:c9:b6:5d:63:f9:a8:12:4a:a0:62:
         8d:03:4c:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmbKXHUTCoCueS9lLkH47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NDkyOGEzOTYyN2NkNWVlNWY5NzViZDg5N2MyZDc3NWFi
Mjk5NDAwHhcNMjQwMTAyMTQzNTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGY5Njk5YTk2Y2IyYzYzOTVkNTY5YTZlOTlhOTU1MDY0YmE1ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFdIwduBj0PGXOgG3rTWfzPCtudE
WQuLboXMr1GCI+upZjLyBBUe/D1Epv/S5pVVMC0tWqfpE8tKoAViELGd37++ZT81
SKpJxXZd/99ENhlBdAKP2r0ZfFGLcVW4Ej19uTuTMVaoeqU3i23s3620Aaf4WYir
Qbxf5dw4EiAozSGKG+KUZ5mhlHl9PVnBjt45dONjLtKz5ERfiOuWS1Z29uNUbQ9i
SqB8zTx5qVUkHYkS3LLM6dHLyLTaMyrX+vBv+VP1CEe3Yfy5ropEabSxWiiFUshy
0nykYNI11T9gaBxDKlziu3l5CvyVQ2+SLvH/omdZ+wCClq0uDhSYW16J6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJj5aZqWyyxjldVppumalVBkulg8MB8GA1UdIwQY
MBaAFIlJKKOWJ81e5fl1vYl8LXdasplAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEt
MTU5M2Q0MDQ1Y2JjLzEvbVBscG1wYkxMR09WMVdtbTZacVZVR1M2V0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEtMTU5M2Q0MDQ1Y2Jj
LzEvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCleLwMA0G
CSqGSIb3DQEBCwUAA4IBAQCqRlC5DNltXAprTdX/jbmRV8PmV/KnP7Cy6RtrJ9R/
42FAzlJHJH9w4b3b4YsydRq6gx+AqA80jAxDYx+MM5XrdRVe/ebJCoHCf1X4Xv0r
jIQUoS8chYO66ldKg68T9FI8sxt4w/kDlZQEghdvUIOKrjjfKnBVQ+B4Hod8AAyw
tpsIwx+0Y/VTPylO8RqG4ODJ7vd9TsqL4MwkiORMzQRpx0eSHWWGeGT8FkwiURut
kuxJDqeDSu8YV3dUhvl5C6IauJtJXNDJMlFjzV4WsNUNaR2QNlkexqEmxC/TQKfq
pFervMLH1TWbgNnGvGPRx88ALMm2XWP5qBJKoGKNA0wV
-----END CERTIFICATE-----