Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/M-eiQjoFScbReLrC6j2XeZYgXsk.roa
File:                     M-eiQjoFScbReLrC6j2XeZYgXsk.roa (raw, json)
Hash identifier:          u16I0u6i4/naMLPUcSnWlHe56J1IG2FxqRdk7W8fzDI=
Subject key identifier:   33:E7:A2:42:3A:05:49:C6:D1:78:BA:C2:EA:3D:97:79:96:20:5E:C9
Certificate issuer:       /CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
Certificate serial:       018CC56DF48121A2A435C7E8E69DFD1DBE7D
Authority key identifier: 3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/M-eiQjoFScbReLrC6j2XeZYgXsk.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61287
IP address blocks:        185.12.128.0/23 maxlen: 23
                          185.12.128.0/22 maxlen: 22
                          185.12.130.0/23 maxlen: 23
                          2a03:8d40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:81:21:a2:a4:35:c7:e8:e6:9d:fd:1d:be:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33e7a2423a0549c6d178bac2ea3d977996205ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:bc:3c:62:d8:02:10:2a:60:7f:7a:f7:ea:8b:
                    ff:4e:54:6e:78:f0:46:8d:c3:a9:d5:de:38:b7:21:
                    d5:b7:15:f9:01:f9:a4:41:a7:1c:f1:5f:7a:15:fc:
                    4e:77:c4:a7:21:79:41:d2:3a:e8:7c:2c:bc:25:86:
                    1c:8a:86:31:a5:54:34:de:90:f2:e5:14:c4:18:55:
                    ec:f1:8a:94:26:e3:2f:00:ca:6a:e7:52:e6:5b:44:
                    ba:06:c0:ea:60:f4:8d:14:76:41:b1:16:7d:1e:60:
                    2f:24:7a:17:59:16:db:09:58:83:cb:d4:c7:65:16:
                    18:4e:c4:60:4d:95:cd:79:c0:86:9b:c5:5b:45:a0:
                    63:36:8b:1a:85:b9:98:13:a7:a1:a3:70:ce:59:d2:
                    43:d1:18:99:b9:5a:52:bf:b3:81:1f:50:7a:11:9d:
                    2d:0b:0f:83:40:e8:1d:6f:5a:59:41:4c:c6:8b:16:
                    43:ef:cb:e2:1b:f0:c6:67:88:79:15:ec:4d:39:74:
                    33:f2:74:15:65:f2:12:44:94:16:51:fb:62:82:ef:
                    0a:f3:bf:84:cb:c8:d4:7a:d4:e6:20:f8:35:31:f7:
                    e8:9b:5e:aa:c7:d9:3f:7e:24:65:7b:32:13:67:24:
                    c2:4e:e7:f1:55:71:ed:0a:35:25:37:48:e2:1e:5f:
                    3e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E7:A2:42:3A:05:49:C6:D1:78:BA:C2:EA:3D:97:79:96:20:5E:C9
            X509v3 Authority Key Identifier:
                keyid:3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/M-eiQjoFScbReLrC6j2XeZYgXsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.128.0/22
                IPv6:
                  2a03:8d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:96:4b:57:a3:ea:c9:3d:e2:dd:1e:3d:7a:69:e2:24:f7:3a:
         ef:8b:d2:41:c3:1d:11:d1:51:9d:09:db:21:12:60:f5:70:50:
         3d:5b:7b:d7:6a:5e:ae:31:35:06:34:ba:cf:56:bb:68:dd:9b:
         21:fc:78:4e:1c:e2:69:6e:14:25:be:ea:46:93:ec:dd:52:aa:
         ec:c9:a7:e6:50:2b:4d:d7:c6:75:f1:fc:28:85:35:a0:bf:93:
         99:28:a8:24:06:b3:30:d4:fa:58:7e:8a:c2:1c:6b:41:7c:83:
         06:69:21:34:73:de:11:65:95:e1:d7:49:96:58:9a:7f:d0:03:
         c5:8c:fe:ae:d1:b0:f8:25:0f:4c:44:96:f5:2b:17:2f:ee:22:
         0f:d5:02:17:3b:86:43:f2:37:3a:94:d5:27:c8:7f:22:86:62:
         de:4a:d4:c1:56:0b:14:dd:89:3e:b6:5c:24:09:52:43:0d:e3:
         5f:25:f2:2d:25:10:90:5c:2e:17:45:5f:47:61:4c:1a:15:9f:
         83:0f:a5:2e:f1:5e:e5:28:c0:77:99:1d:7a:a5:de:2a:3a:12:
         24:f8:ce:ad:84:a3:6c:32:91:05:1f:34:bd:17:04:6b:e8:ba:
         fe:84:33:e2:6d:ba:34:45:cc:4c:5a:d8:e8:3d:41:21:01:93:
         99:c0:c7:e9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbfSBIaKkNcfo5p39Hb59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDk0MzZkMjEzNWMwODQ4OTdiNzRjNmFkMzZkYTE3MDBh
N2E5OGQwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U3YTI0MjNhMDU0OWM2ZDE3OGJhYzJlYTNkOTc3OTk2MjA1ZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbw8YtgCECpgf3r36ov/TlRuePBG
jcOp1d44tyHVtxX5AfmkQacc8V96FfxOd8SnIXlB0jrofCy8JYYcioYxpVQ03pDy
5RTEGFXs8YqUJuMvAMpq51LmW0S6BsDqYPSNFHZBsRZ9HmAvJHoXWRbbCViDy9TH
ZRYYTsRgTZXNecCGm8VbRaBjNosahbmYE6eho3DOWdJD0RiZuVpSv7OBH1B6EZ0t
Cw+DQOgdb1pZQUzGixZD78viG/DGZ4h5FexNOXQz8nQVZfISRJQWUftigu8K87+E
y8jUetTmIPg1Mffom16qx9k/fiRlezITZyTCTufxVXHtCjUlN0jiHl8+SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDPnokI6BUnG0Xi6wuo9l3mWIF7JMB8GA1UdIwQY
MBaAFDvZQ20hNcCEiXt0xq022hcAp6mNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTIt
MjYzN2QxMzMzOGYxLzEvTS1laVFqb0ZTY2JSZUxyQzZqMlhlWllnWHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTItMjYzN2QxMzMzOGYx
LzEvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQyAMA0E
AgACMAcDBQAqA41AMA0GCSqGSIb3DQEBCwUAA4IBAQBklktXo+rJPeLdHj16aeIk
9zrvi9JBwx0R0VGdCdshEmD1cFA9W3vXal6uMTUGNLrPVrto3Zsh/HhOHOJpbhQl
vupGk+zdUqrsyafmUCtN18Z18fwohTWgv5OZKKgkBrMw1PpYforCHGtBfIMGaSE0
c94RZZXh10mWWJp/0APFjP6u0bD4JQ9MRJb1Kxcv7iIP1QIXO4ZD8jc6lNUnyH8i
hmLeStTBVgsU3Yk+tlwkCVJDDeNfJfItJRCQXC4XRV9HYUwaFZ+DD6Uu8V7lKMB3
mR16pd4qOhIk+M6thKNsMpEFHzS9FwRr6Lr+hDPibbo0RcxMWtjoPUEhAZOZwMfp
-----END CERTIFICATE-----