Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/mFi3nGvqzW_jv9Nejg1b9_acHTI.roa
File:                     mFi3nGvqzW_jv9Nejg1b9_acHTI.roa (raw, json)
Hash identifier:          w5Mmp5eYD5QSJyxVRgUC0GtQylBYPZnMt+Ue/BBylZo=
Subject key identifier:   98:58:B7:9C:6B:EA:CD:6F:E3:BF:D3:5E:8E:0D:5B:F7:F6:9C:1D:32
Certificate issuer:       /CN=d36483e667c9fce8f80f5aaa5ac6e916bc54e654
Certificate serial:       018CC801F49092FB4AB5DEBAB10776EA02A4
Authority key identifier: D3:64:83:E6:67:C9:FC:E8:F8:0F:5A:AA:5A:C6:E9:16:BC:54:E6:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/mFi3nGvqzW_jv9Nejg1b9_acHTI.roa
Signing time:             Tue 02 Jan 2024 02:30:20 +0000
ROA not before:           Tue 02 Jan 2024 02:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51367
IP address blocks:        195.191.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:f4:90:92:fb:4a:b5:de:ba:b1:07:76:ea:02:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d36483e667c9fce8f80f5aaa5ac6e916bc54e654
        Validity
            Not Before: Jan  2 02:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9858b79c6beacd6fe3bfd35e8e0d5bf7f69c1d32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5c:f8:67:72:db:68:93:11:56:db:b4:a0:2c:
                    97:d9:d7:37:b2:39:05:ef:ce:37:fb:f8:aa:e9:6d:
                    dc:83:1a:97:1d:50:a8:eb:77:8b:2f:f6:1a:f2:27:
                    0b:f3:b9:ec:ff:dd:63:61:9e:4d:59:0b:52:56:d8:
                    52:6c:9a:27:d9:22:02:d9:e5:ff:23:33:f1:cd:70:
                    57:db:3d:3d:79:be:53:4d:9d:cc:4e:bf:3d:93:ce:
                    9e:1f:a1:ce:32:82:92:ce:b0:c7:a9:c8:9d:33:c1:
                    a6:e5:f2:ed:8f:64:c5:74:cc:2b:fe:d7:5a:85:6e:
                    3c:03:b1:92:97:f1:ad:97:62:01:b1:06:86:6c:80:
                    36:31:a0:bf:7d:08:22:f4:f9:cf:16:f6:2f:f6:8f:
                    8d:ec:e7:dd:0b:47:2e:af:b8:63:a7:18:59:ae:ae:
                    87:90:4c:ae:e0:13:73:c8:05:5e:7a:d8:73:c7:73:
                    d2:36:d2:9c:62:ff:f2:bc:75:00:ab:24:01:f2:56:
                    59:31:0c:bd:0d:ab:59:d7:55:b2:30:19:27:34:eb:
                    ce:7c:e6:fe:f8:5d:0c:33:38:e4:7c:ed:c9:73:42:
                    3a:de:dd:7c:be:77:a1:b5:a1:1f:89:bc:7b:b9:d2:
                    be:3d:70:97:70:b6:ca:fe:78:30:06:d8:49:53:28:
                    d8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:58:B7:9C:6B:EA:CD:6F:E3:BF:D3:5E:8E:0D:5B:F7:F6:9C:1D:32
            X509v3 Authority Key Identifier:
                keyid:D3:64:83:E6:67:C9:FC:E8:F8:0F:5A:AA:5A:C6:E9:16:BC:54:E6:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/mFi3nGvqzW_jv9Nejg1b9_acHTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9e6996-2e89-4829-a37b-0734ffba8ca6/1/02SD5mfJ_Oj4D1qqWsbpFrxU5lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:44:10:e5:06:7c:ce:02:de:53:1f:29:c0:ba:59:46:32:43:
         8d:52:9e:47:40:fa:0f:de:08:29:09:42:bb:f6:42:71:e7:7b:
         6b:e3:11:a4:f0:1f:3d:dd:13:52:db:1d:48:88:10:f5:a2:f8:
         58:c5:9d:a2:aa:e3:d7:13:1e:f2:ed:ec:e4:e1:3c:f5:34:fb:
         70:38:c9:33:ee:b9:d2:cc:24:70:f7:32:91:a5:96:21:eb:94:
         92:95:98:94:84:45:1f:4f:35:fc:dc:53:94:40:bd:ad:b0:3b:
         cb:1c:7f:74:6c:1b:fb:ec:90:07:2b:11:29:f3:73:d5:55:54:
         0e:d3:16:e6:d7:b9:96:2c:00:02:92:85:f2:dd:83:91:48:81:
         63:d6:5e:12:45:44:ac:8e:12:08:22:fb:5d:bb:cd:31:d5:56:
         04:4a:ff:2d:f8:c8:c3:93:63:07:c7:33:3a:5c:07:2e:1b:af:
         96:1b:5f:79:69:72:c8:0d:a0:00:ed:75:4d:32:16:61:d1:24:
         dc:f6:24:d2:dc:60:9a:94:49:88:e1:0e:9f:1d:07:4d:c4:76:
         ea:94:db:3f:5d:5d:d7:ce:2d:69:4d:4c:e5:36:ff:ab:c4:08:
         81:20:53:79:a3:cc:91:3e:6e:73:46:d9:89:9d:5a:d2:f2:a2:
         04:07:ab:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAfSQkvtKtd66sQd26gKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjQ4M2U2NjdjOWZjZThmODBmNWFhYTVhYzZlOTE2YmM1
NGU2NTQwHhcNMjQwMTAyMDIzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODU4Yjc5YzZiZWFjZDZmZTNiZmQzNWU4ZTBkNWJmN2Y2OWMxZDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFz4Z3LbaJMRVtu0oCyX2dc3sjkF
7843+/iq6W3cgxqXHVCo63eLL/Ya8icL87ns/91jYZ5NWQtSVthSbJon2SIC2eX/
IzPxzXBX2z09eb5TTZ3MTr89k86eH6HOMoKSzrDHqcidM8Gm5fLtj2TFdMwr/tda
hW48A7GSl/Gtl2IBsQaGbIA2MaC/fQgi9PnPFvYv9o+N7OfdC0cur7hjpxhZrq6H
kEyu4BNzyAVeethzx3PSNtKcYv/yvHUAqyQB8lZZMQy9DatZ11WyMBknNOvOfOb+
+F0MMzjkfO3Jc0I63t18vnehtaEfibx7udK+PXCXcLbK/ngwBthJUyjYzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhYt5xr6s1v47/TXo4NW/f2nB0yMB8GA1UdIwQY
MBaAFNNkg+Znyfzo+A9aqlrG6Ra8VOZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJTRDVtZkpfT2o0RDFxcVdzYnBGcnhVNWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85ZTY5OTYtMmU4OS00ODI5LWEzN2It
MDczNGZmYmE4Y2E2LzEvbUZpM25HdnF6V19qdjlOZWpnMWI5X2FjSFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85ZTY5OTYtMmU4OS00ODI5LWEzN2ItMDczNGZmYmE4Y2E2
LzEvMDJTRDVtZkpfT2o0RDFxcVdzYnBGcnhVNWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79IMA0G
CSqGSIb3DQEBCwUAA4IBAQBVRBDlBnzOAt5THynAullGMkONUp5HQPoP3ggpCUK7
9kJx53tr4xGk8B893RNS2x1IiBD1ovhYxZ2iquPXEx7y7ezk4Tz1NPtwOMkz7rnS
zCRw9zKRpZYh65SSlZiUhEUfTzX83FOUQL2tsDvLHH90bBv77JAHKxEp83PVVVQO
0xbm17mWLAACkoXy3YORSIFj1l4SRUSsjhIIIvtdu80x1VYESv8t+MjDk2MHxzM6
XAcuG6+WG195aXLIDaAA7XVNMhZh0STc9iTS3GCalEmI4Q6fHQdNxHbqlNs/XV3X
zi1pTUzlNv+rxAiBIFN5o8yRPm5zRtmJnVrS8qIEB6u5
-----END CERTIFICATE-----