Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/mUrmeukjQNjozVMBDAi2xF2cBcI.roa
File:                     mUrmeukjQNjozVMBDAi2xF2cBcI.roa (raw, json)
Hash identifier:          rZTOHZQa2h1xc475bSkNWYD6hOh9BtvrNV19F1O5gpE=
Subject key identifier:   99:4A:E6:7A:E9:23:40:D8:E8:CD:53:01:0C:08:B6:C4:5D:9C:05:C2
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018D649EF832C9DB23A83136B9187A8E4D14
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/mUrmeukjQNjozVMBDAi2xF2cBcI.roa
Signing time:             Thu 01 Feb 2024 12:22:36 +0000
ROA not before:           Thu 01 Feb 2024 12:22:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12722
IP address blocks:        85.235.81.0/24 maxlen: 24
                          192.109.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:9e:f8:32:c9:db:23:a8:31:36:b9:18:7a:8e:4d:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Feb  1 12:22:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=994ae67ae92340d8e8cd53010c08b6c45d9c05c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:49:77:03:b7:89:9a:5d:62:33:e0:a7:b2:b0:
                    c0:f7:80:5d:6c:4f:b0:21:20:33:3c:57:4f:27:dc:
                    2c:95:55:ba:2d:de:47:2d:5b:aa:53:16:97:97:8c:
                    59:c4:01:d4:b5:5f:c0:97:2f:42:80:e4:46:f4:d9:
                    1c:ca:db:75:97:66:76:40:70:2f:d3:ed:11:3f:04:
                    9b:e2:be:81:12:31:e3:b2:8c:7e:bc:96:e4:8a:a9:
                    0d:05:67:d3:cd:14:a7:78:cb:cb:5c:13:2b:f5:8f:
                    d0:1f:cf:bc:0f:aa:2a:0e:6e:af:20:31:96:73:3f:
                    a1:02:84:14:0e:f4:9b:01:a3:15:25:7d:b9:cd:76:
                    b6:f1:d0:26:e0:0b:e9:e1:5f:77:47:1d:b2:2f:11:
                    83:ef:9c:59:73:d0:0a:b9:c6:6c:08:a4:35:e7:0c:
                    d9:76:8f:ac:85:7a:38:e8:fc:bd:c7:3a:63:b3:28:
                    35:c3:a9:c8:47:dc:59:ea:99:eb:95:6c:ff:96:5c:
                    b5:bd:0d:2c:44:7f:e0:9f:92:c9:e3:9d:a7:c9:1c:
                    dc:d1:0c:20:83:ea:c9:a7:95:11:0c:e9:5b:cd:d3:
                    8f:6d:d9:e3:3b:9f:fa:49:49:01:3b:78:0c:1f:a2:
                    f2:f1:70:4d:91:24:51:58:9a:4f:05:83:2e:17:0b:
                    25:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4A:E6:7A:E9:23:40:D8:E8:CD:53:01:0C:08:B6:C4:5D:9C:05:C2
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/mUrmeukjQNjozVMBDAi2xF2cBcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.81.0/24
                  192.109.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:71:d1:74:0e:0d:92:8a:c7:bd:87:10:2a:c7:2c:40:0d:45:
         ed:78:f6:9b:bb:3b:17:39:88:ad:52:df:bb:40:b1:4f:3a:59:
         a7:8d:a0:e4:ea:1f:27:a0:57:f0:ca:25:ec:c9:47:2b:1c:d6:
         1a:b0:b7:0a:f6:55:b0:db:1d:07:04:87:d2:4e:37:58:55:b7:
         10:b8:d7:f2:52:51:7c:cc:1c:5d:2b:a0:26:ad:1c:62:74:2f:
         26:98:4f:52:48:7b:c8:3d:d2:00:0d:f0:8b:98:30:ad:e4:1a:
         a9:8d:5a:92:43:82:9a:46:3c:6f:9d:63:94:8c:e8:79:6d:fb:
         33:0e:4d:8a:56:cd:50:2a:81:fc:f3:71:24:79:6d:38:dc:06:
         72:84:c9:91:5c:23:d3:4a:7d:2c:58:23:76:97:b1:54:4e:83:
         43:a2:cc:ad:92:e5:a0:7d:f1:d2:68:5c:33:c0:71:8c:7a:7c:
         be:54:29:ca:82:a8:9b:e7:cb:3e:b0:21:0c:35:52:cc:73:bc:
         9b:72:99:8d:46:46:70:c9:eb:e2:fb:c0:7b:94:42:4c:d4:78:
         58:ba:b1:1f:98:35:bd:62:fc:d2:18:f0:11:a6:35:02:88:45:
         75:3c:3b:b8:10:d6:68:01:c6:ed:61:50:37:5c:54:c4:9d:00:
         bc:47:42:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1knvgyydsjqDE2uRh6jk0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMjAxMTIyMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTRhZTY3YWU5MjM0MGQ4ZThjZDUzMDEwYzA4YjZjNDVkOWMwNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0El3A7eJml1iM+CnsrDA94BdbE+w
ISAzPFdPJ9wslVW6Ld5HLVuqUxaXl4xZxAHUtV/Aly9CgORG9Nkcytt1l2Z2QHAv
0+0RPwSb4r6BEjHjsox+vJbkiqkNBWfTzRSneMvLXBMr9Y/QH8+8D6oqDm6vIDGW
cz+hAoQUDvSbAaMVJX25zXa28dAm4Avp4V93Rx2yLxGD75xZc9AKucZsCKQ15wzZ
do+shXo46Py9xzpjsyg1w6nIR9xZ6pnrlWz/lly1vQ0sRH/gn5LJ452nyRzc0Qwg
g+rJp5URDOlbzdOPbdnjO5/6SUkBO3gMH6Ly8XBNkSRRWJpPBYMuFwslcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJlK5nrpI0DY6M1TAQwItsRdnAXCMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvbVVybWV1a2pRTmpvelZNQkRBaTJ4RjJjQmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVetRAwQA
wG1hMA0GCSqGSIb3DQEBCwUAA4IBAQAwcdF0Dg2Sise9hxAqxyxADUXtePabuzsX
OYitUt+7QLFPOlmnjaDk6h8noFfwyiXsyUcrHNYasLcK9lWw2x0HBIfSTjdYVbcQ
uNfyUlF8zBxdK6AmrRxidC8mmE9SSHvIPdIADfCLmDCt5BqpjVqSQ4KaRjxvnWOU
jOh5bfszDk2KVs1QKoH883EkeW043AZyhMmRXCPTSn0sWCN2l7FUToNDosytkuWg
ffHSaFwzwHGMeny+VCnKgqib58s+sCEMNVLMc7ybcpmNRkZwyevi+8B7lEJM1HhY
urEfmDW9YvzSGPARpjUCiEV1PDu4ENZoAcbtYVA3XFTEnQC8R0I6
-----END CERTIFICATE-----