Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/M46xm_5TL9kx7D2WVXCdBMWIYcs.roa
File:                     M46xm_5TL9kx7D2WVXCdBMWIYcs.roa (raw, json)
Hash identifier:          g8ZIF1f0yq8D+uFCLafFyegaPc5iBw6u79003Z7fsG0=
Subject key identifier:   33:8E:B1:9B:FE:53:2F:D9:31:EC:3D:96:55:70:9D:04:C5:88:61:CB
Certificate issuer:       /CN=97da420008cfb9193499278ef558bd42d61c7f75
Certificate serial:       018CC8DF9A627770C63CF1319C3363A99D76
Authority key identifier: 97:DA:42:00:08:CF:B9:19:34:99:27:8E:F5:58:BD:42:D6:1C:7F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/M46xm_5TL9kx7D2WVXCdBMWIYcs.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56410
IP address blocks:        217.115.124.0/24 maxlen: 24
                          217.115.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9a:62:77:70:c6:3c:f1:31:9c:33:63:a9:9d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97da420008cfb9193499278ef558bd42d61c7f75
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=338eb19bfe532fd931ec3d9655709d04c58861cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e8:ce:7b:8e:6f:5d:17:b3:e1:b3:3e:b0:a3:
                    3e:96:d7:75:9a:50:7e:09:6e:9e:8c:2b:25:0e:da:
                    7a:5f:71:97:4a:30:76:19:58:5f:ab:00:97:81:e0:
                    be:7b:10:84:1e:51:46:c2:67:f6:5c:1d:44:72:09:
                    a3:d7:f8:46:b4:d2:56:f8:85:80:fc:9c:7f:04:d8:
                    e9:ac:bd:aa:1a:ea:69:72:c6:bd:fb:55:41:62:af:
                    95:fe:14:ed:fb:15:1f:b9:df:3f:ac:46:3f:9c:ad:
                    2c:ee:f2:2d:6b:1e:45:23:ca:fe:15:9f:6c:7c:1c:
                    7e:b9:5f:98:ce:89:3b:c8:c4:38:0a:4f:9a:3e:0c:
                    f0:3b:b6:63:76:d4:e0:4d:8f:2c:a2:ca:ec:ec:4a:
                    af:47:8c:e2:f1:99:85:4a:ce:43:03:cb:a6:4f:21:
                    40:bf:f1:44:f6:26:f9:0c:6c:c9:a1:65:7d:1b:64:
                    be:e9:a1:45:90:6e:eb:07:25:4f:5d:95:67:40:54:
                    32:8c:48:03:73:ce:85:0c:08:ba:06:62:1f:c5:21:
                    ff:8c:02:c7:22:d6:8c:a3:e0:3b:fe:b7:b6:15:d7:
                    1e:05:87:da:3c:33:0c:9e:c3:d4:8d:d5:7e:09:4e:
                    e8:aa:40:ac:1d:8b:c1:9a:f7:52:f3:86:d0:71:5a:
                    52:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:8E:B1:9B:FE:53:2F:D9:31:EC:3D:96:55:70:9D:04:C5:88:61:CB
            X509v3 Authority Key Identifier:
                keyid:97:DA:42:00:08:CF:B9:19:34:99:27:8E:F5:58:BD:42:D6:1C:7F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/M46xm_5TL9kx7D2WVXCdBMWIYcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/139044-9ebc-4559-ba10-a38e1eca4fd4/1/l9pCAAjPuRk0mSeO9Vi9QtYcf3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.115.121.0/24
                  217.115.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:cd:f1:c5:db:fd:bf:a5:d9:8c:26:12:13:1b:47:b9:9b:84:
         2e:30:36:9c:33:a8:9c:d7:ac:84:c4:52:c4:5f:5f:42:a6:a0:
         aa:03:37:c8:ad:36:98:53:6f:28:ca:1e:6d:c4:13:9b:5a:00:
         e8:45:33:e4:e2:99:e5:64:c3:ed:6a:82:31:66:f8:f8:25:b6:
         fc:bb:6c:66:07:82:c1:a7:17:20:1b:3e:44:da:2b:ac:72:1b:
         b7:0d:53:9b:0d:70:c6:32:74:31:5d:2f:63:52:fb:65:a9:c2:
         92:52:cc:fe:14:b8:0f:d7:dc:4e:5e:06:0f:96:6f:0c:d9:9f:
         11:db:bd:ef:c9:5d:a9:f6:61:61:29:10:4b:23:6f:36:40:41:
         a4:19:fa:21:8a:0f:c4:52:d4:60:fb:19:33:7d:86:2d:30:c4:
         4c:c8:17:37:6a:d3:ec:09:d5:4b:14:2e:b7:b9:86:dc:bb:8f:
         5a:b3:3a:f0:be:f3:93:f0:47:69:79:c5:8d:51:5e:33:52:86:
         50:19:fc:26:cb:51:3e:06:06:a4:3b:0b:19:fd:7f:43:d9:ce:
         59:96:33:25:de:2d:5d:82:5e:a2:d5:20:32:75:e0:d5:94:0a:
         e7:3a:a6:65:de:2e:50:e0:f0:2b:09:74:42:35:9a:cf:6c:e0:
         b0:e8:b0:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI35pid3DGPPExnDNjqZ12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZGE0MjAwMDhjZmI5MTkzNDk5Mjc4ZWY1NThiZDQyZDYx
YzdmNzUwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzhlYjE5YmZlNTMyZmQ5MzFlYzNkOTY1NTcwOWQwNGM1ODg2MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4OjOe45vXRez4bM+sKM+ltd1mlB+
CW6ejCslDtp6X3GXSjB2GVhfqwCXgeC+exCEHlFGwmf2XB1Ecgmj1/hGtNJW+IWA
/Jx/BNjprL2qGuppcsa9+1VBYq+V/hTt+xUfud8/rEY/nK0s7vItax5FI8r+FZ9s
fBx+uV+Yzok7yMQ4Ck+aPgzwO7ZjdtTgTY8sosrs7EqvR4zi8ZmFSs5DA8umTyFA
v/FE9ib5DGzJoWV9G2S+6aFFkG7rByVPXZVnQFQyjEgDc86FDAi6BmIfxSH/jALH
ItaMo+A7/re2FdceBYfaPDMMnsPUjdV+CU7oqkCsHYvBmvdS84bQcVpS5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDOOsZv+Uy/ZMew9llVwnQTFiGHLMB8GA1UdIwQY
MBaAFJfaQgAIz7kZNJknjvVYvULWHH91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDlwQ0FBalB1UmswbVNlTzlWaTlRdFljZjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xMzkwNDQtOWViYy00NTU5LWJhMTAt
YTM4ZTFlY2E0ZmQ0LzEvTTQ2eG1fNVRMOWt4N0QyV1ZYQ2RCTVdJWWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xMzkwNDQtOWViYy00NTU5LWJhMTAtYTM4ZTFlY2E0ZmQ0
LzEvbDlwQ0FBalB1UmswbVNlTzlWaTlRdFljZjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2XN5AwQA
2XN8MA0GCSqGSIb3DQEBCwUAA4IBAQA/zfHF2/2/pdmMJhITG0e5m4QuMDacM6ic
16yExFLEX19CpqCqAzfIrTaYU28oyh5txBObWgDoRTPk4pnlZMPtaoIxZvj4Jbb8
u2xmB4LBpxcgGz5E2iuschu3DVObDXDGMnQxXS9jUvtlqcKSUsz+FLgP19xOXgYP
lm8M2Z8R273vyV2p9mFhKRBLI282QEGkGfohig/EUtRg+xkzfYYtMMRMyBc3atPs
CdVLFC63uYbcu49aszrwvvOT8EdpecWNUV4zUoZQGfwmy1E+BgakOwsZ/X9D2c5Z
ljMl3i1dgl6i1SAydeDVlArnOqZl3i5Q4PArCXRCNZrPbOCw6LBS
-----END CERTIFICATE-----