Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/m_KwYRD8U61aQpeEgc4hxBr1sLM.roa
File:                     m_KwYRD8U61aQpeEgc4hxBr1sLM.roa (raw, json)
Hash identifier:          7rlSYuMaUAwl9rYpPZFnIsVPTQEYjzloGRO3P4fytjQ=
Subject key identifier:   9B:F2:B0:61:10:FC:53:AD:5A:42:97:84:81:CE:21:C4:1A:F5:B0:B3
Certificate issuer:       /CN=63e24977993c15bcc134b174937f41b2129f56d1
Certificate serial:       018CC4247460BF6B13F8A2DE4CAC361C4A6F
Authority key identifier: 63:E2:49:77:99:3C:15:BC:C1:34:B1:74:93:7F:41:B2:12:9F:56:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-JJd5k8FbzBNLF0k39BshKfVtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/m_KwYRD8U61aQpeEgc4hxBr1sLM.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210771
IP address blocks:        185.208.144.0/24 maxlen: 24
                          185.208.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/Y-JJd5k8FbzBNLF0k39BshKfVtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/Y-JJd5k8FbzBNLF0k39BshKfVtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-JJd5k8FbzBNLF0k39BshKfVtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:74:60:bf:6b:13:f8:a2:de:4c:ac:36:1c:4a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e24977993c15bcc134b174937f41b2129f56d1
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bf2b06110fc53ad5a42978481ce21c41af5b0b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7c:d7:ef:ef:27:ee:e5:41:ba:53:2e:34:d9:
                    d4:b3:30:72:b9:f9:2c:40:c2:81:10:67:3a:ed:71:
                    5d:2c:03:69:04:e6:43:b1:e1:c0:3a:96:99:3a:c9:
                    48:cf:53:3c:df:eb:49:d1:c8:7f:2a:0e:a1:e3:fa:
                    84:10:6d:75:14:20:01:8d:a0:7d:15:83:48:2e:a4:
                    31:14:38:86:4e:94:35:80:40:dd:a0:e0:a7:8a:9f:
                    25:ad:4c:53:93:e9:1c:7e:58:8d:c1:c8:66:34:eb:
                    64:84:c4:25:8c:82:66:0a:c9:39:37:92:db:f7:63:
                    31:84:44:5b:64:fe:61:47:b3:c6:e0:a2:de:ea:05:
                    75:db:22:da:3d:63:35:21:da:12:a4:7c:61:c7:6b:
                    09:c2:0b:f0:17:fa:29:1b:31:4e:6c:6e:fa:96:dc:
                    ee:ef:a0:df:77:89:eb:a2:7c:5c:46:fb:f1:d3:5d:
                    33:fd:be:03:e1:c5:eb:eb:2c:f8:ba:05:50:cc:c4:
                    79:b0:b2:51:3d:0a:ea:e3:14:88:66:48:c0:be:13:
                    0e:4d:56:0d:e8:a2:c4:c9:49:67:a5:dc:82:a0:54:
                    ed:74:a3:b3:8f:d1:13:6f:cb:5b:4e:0a:93:65:3b:
                    07:cb:ca:06:eb:37:c6:6b:ce:4a:5e:f9:21:70:df:
                    c0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F2:B0:61:10:FC:53:AD:5A:42:97:84:81:CE:21:C4:1A:F5:B0:B3
            X509v3 Authority Key Identifier:
                keyid:63:E2:49:77:99:3C:15:BC:C1:34:B1:74:93:7F:41:B2:12:9F:56:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-JJd5k8FbzBNLF0k39BshKfVtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/m_KwYRD8U61aQpeEgc4hxBr1sLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd8116-5e98-45ef-af74-073a5db0efb5/1/Y-JJd5k8FbzBNLF0k39BshKfVtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.144.0/24
                  185.208.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:1e:01:32:c8:f0:8c:da:c3:f3:87:43:ea:99:4e:30:9e:aa:
         e8:30:8a:df:72:16:7c:d3:34:33:fd:79:d4:84:b5:6b:2a:19:
         17:f1:7d:10:9b:1d:c1:6a:47:5c:08:34:29:8f:7b:de:9a:4c:
         e3:11:49:16:4e:fd:ab:18:a4:97:58:4c:8c:69:3e:20:5a:89:
         cf:7a:93:c5:5c:53:02:11:a2:1d:cc:87:94:1b:74:b2:6e:9e:
         f8:14:93:b3:85:8f:05:0c:61:64:2b:e9:b1:3b:c7:02:a8:02:
         8f:52:b9:28:7a:88:a1:76:c4:68:4b:3d:cf:da:24:94:4b:af:
         e9:45:d5:ae:0f:fd:62:9f:07:ac:81:a6:83:c5:be:d4:1a:63:
         1a:78:6a:fa:4f:2f:c7:6e:0b:ed:97:f2:5e:2a:42:25:2c:7d:
         2c:d0:09:b8:56:6e:9f:b7:81:83:c1:e0:26:35:80:b0:91:a1:
         a9:40:c5:ca:7f:1f:81:7e:7b:fd:98:ca:b0:32:44:c9:f8:de:
         4b:13:eb:93:4a:89:2c:1d:bd:3b:1f:9b:19:20:39:63:8e:95:
         cf:08:85:a8:1a:9c:e1:09:c1:77:47:62:9a:c6:f1:e3:ad:9d:
         8e:7c:ca:f5:db:21:00:a6:46:0f:82:7f:3d:ec:24:60:b8:ae:
         dd:f6:7c:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJHRgv2sT+KLeTKw2HEpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTI0OTc3OTkzYzE1YmNjMTM0YjE3NDkzN2Y0MWIyMTI5
ZjU2ZDEwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmYyYjA2MTEwZmM1M2FkNWE0Mjk3ODQ4MWNlMjFjNDFhZjViMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnzX7+8n7uVBulMuNNnUszByufks
QMKBEGc67XFdLANpBOZDseHAOpaZOslIz1M83+tJ0ch/Kg6h4/qEEG11FCABjaB9
FYNILqQxFDiGTpQ1gEDdoOCnip8lrUxTk+kcfliNwchmNOtkhMQljIJmCsk5N5Lb
92MxhERbZP5hR7PG4KLe6gV12yLaPWM1IdoSpHxhx2sJwgvwF/opGzFObG76ltzu
76Dfd4nronxcRvvx010z/b4D4cXr6yz4ugVQzMR5sLJRPQrq4xSIZkjAvhMOTVYN
6KLEyUlnpdyCoFTtdKOzj9ETb8tbTgqTZTsHy8oG6zfGa85KXvkhcN/A5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJvysGEQ/FOtWkKXhIHOIcQa9bCzMB8GA1UdIwQY
MBaAFGPiSXeZPBW8wTSxdJN/QbISn1bRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1KSmQ1azhGYnpCTkxGMGszOUJzaEtmVnRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mZDgxMTYtNWU5OC00NWVmLWFmNzQt
MDczYTVkYjBlZmI1LzEvbV9Ld1lSRDhVNjFhUXBlRWdjNGh4QnIxc0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mZDgxMTYtNWU5OC00NWVmLWFmNzQtMDczYTVkYjBlZmI1
LzEvWS1KSmQ1azhGYnpCTkxGMGszOUJzaEtmVnRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudCQAwQA
udCTMA0GCSqGSIb3DQEBCwUAA4IBAQALHgEyyPCM2sPzh0PqmU4wnqroMIrfchZ8
0zQz/XnUhLVrKhkX8X0Qmx3BakdcCDQpj3vemkzjEUkWTv2rGKSXWEyMaT4gWonP
epPFXFMCEaIdzIeUG3Sybp74FJOzhY8FDGFkK+mxO8cCqAKPUrkoeoihdsRoSz3P
2iSUS6/pRdWuD/1inwesgaaDxb7UGmMaeGr6Ty/Hbgvtl/JeKkIlLH0s0Am4Vm6f
t4GDweAmNYCwkaGpQMXKfx+Bfnv9mMqwMkTJ+N5LE+uTSoksHb07H5sZIDljjpXP
CIWoGpzhCcF3R2KaxvHjrZ2OfMr12yEApkYPgn897CRguK7d9nzc
-----END CERTIFICATE-----