Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/M_W4pSrBJlMb-EJRzmHrgCvFBGI.roa
File:                     M_W4pSrBJlMb-EJRzmHrgCvFBGI.roa (raw, json)
Hash identifier:          pNul5ZSY7gQliLmQ5ACG/QRWnxZQF1t5QxauJWEdGbc=
Subject key identifier:   33:F5:B8:A5:2A:C1:26:53:1B:F8:42:51:CE:61:EB:80:2B:C5:04:62
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       01927A68F6575B46175076EB71B15FD745E0
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/M_W4pSrBJlMb-EJRzmHrgCvFBGI.roa
Signing time:             Fri 11 Oct 2024 07:09:12 +0000
ROA not before:           Fri 11 Oct 2024 07:09:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        62.228.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:68:f6:57:5b:46:17:50:76:eb:71:b1:5f:d7:45:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Oct 11 07:09:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33f5b8a52ac126531bf84251ce61eb802bc50462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:3d:55:f4:bd:08:a0:a2:9c:44:c4:f0:f5:
                    4d:e2:d0:c5:81:5b:c8:a2:a2:63:97:c3:84:76:12:
                    31:1a:27:b1:64:d1:f7:7d:41:88:1a:a3:04:a7:0d:
                    08:61:8b:f4:d9:17:f4:89:6c:f6:60:2d:85:9c:16:
                    71:13:31:cb:12:fa:46:ba:d8:02:75:57:5f:c0:7b:
                    16:57:61:da:f6:60:03:89:7e:d1:14:3a:b1:f3:81:
                    0b:26:58:3b:40:a5:ff:b5:a4:ba:2a:1d:4e:cc:d8:
                    c5:2f:54:75:16:c2:22:79:d1:98:d4:56:ed:30:d9:
                    53:b2:bf:da:5a:64:af:bb:66:ae:8c:ac:95:e4:9f:
                    c1:b8:10:24:59:ce:ac:8d:ce:32:0f:36:58:8d:0b:
                    51:68:48:27:d2:b8:de:7c:1c:e1:ab:d4:84:d1:b5:
                    10:c0:c7:bb:6a:bb:d6:d0:67:96:93:1f:e4:fe:f9:
                    e4:a8:ee:75:e7:85:45:19:35:bb:15:cb:84:42:77:
                    14:d6:c8:49:d2:9e:5d:58:c2:6d:38:ec:75:9a:3a:
                    46:22:ce:66:3e:4e:bd:b2:d7:75:dd:90:4b:42:c9:
                    e8:fb:31:3b:80:d7:82:05:d8:f3:84:67:d9:3d:a1:
                    59:f4:d6:e0:cf:46:38:c6:84:52:a3:55:e7:a6:5d:
                    81:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F5:B8:A5:2A:C1:26:53:1B:F8:42:51:CE:61:EB:80:2B:C5:04:62
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/M_W4pSrBJlMb-EJRzmHrgCvFBGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7f:03:33:27:3a:4a:c6:cf:92:3c:66:43:88:c1:55:e7:27:
         3d:a8:cd:12:67:03:6e:6a:4b:cb:d0:4d:d9:34:64:41:05:c7:
         de:f3:2e:e0:a8:7b:71:a2:fb:6f:86:52:ee:94:5e:46:97:1a:
         95:90:0c:df:8b:fd:53:82:69:3c:d8:0a:a4:d7:6c:94:52:2d:
         0c:bc:09:7d:27:67:19:27:78:62:2a:4d:19:94:79:0e:e4:55:
         29:84:df:7e:30:2e:c4:60:67:a9:1a:85:19:54:34:c4:6b:69:
         90:61:f0:c0:f6:b5:9e:64:6a:ea:33:d8:45:21:a9:1b:c5:ad:
         92:44:33:43:da:a0:bd:05:04:d2:ef:f6:53:15:27:e9:71:9d:
         38:28:78:ce:fa:d8:08:9a:42:d8:b8:fc:b8:73:7f:50:a3:2d:
         f9:40:0f:77:31:f2:67:b5:a2:95:b9:4c:4f:fd:68:37:6d:75:
         91:cb:70:a6:a2:d6:3c:6f:02:40:da:be:b0:94:63:f7:b2:dd:
         79:36:18:d3:2c:ec:44:5e:0e:de:65:c9:07:55:94:1c:5a:1d:
         7a:44:13:26:4e:be:79:7f:bb:9c:6c:72:a3:06:e0:eb:71:53:
         9a:42:ab:f1:71:fd:f3:8b:37:5f:77:ab:cc:db:15:fa:26:cc:
         de:61:fd:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ6aPZXW0YXUHbrcbFf10XgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQxMDExMDcwOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Y1YjhhNTJhYzEyNjUzMWJmODQyNTFjZTYxZWI4MDJiYzUwNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQI9VfS9CKCinETE8PVN4tDFgVvI
oqJjl8OEdhIxGiexZNH3fUGIGqMEpw0IYYv02Rf0iWz2YC2FnBZxEzHLEvpGutgC
dVdfwHsWV2Ha9mADiX7RFDqx84ELJlg7QKX/taS6Kh1OzNjFL1R1FsIiedGY1Fbt
MNlTsr/aWmSvu2aujKyV5J/BuBAkWc6sjc4yDzZYjQtRaEgn0rjefBzhq9SE0bUQ
wMe7arvW0GeWkx/k/vnkqO5154VFGTW7FcuEQncU1shJ0p5dWMJtOOx1mjpGIs5m
Pk69std13ZBLQsno+zE7gNeCBdjzhGfZPaFZ9Nbgz0Y4xoRSo1Xnpl2BjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDP1uKUqwSZTG/hCUc5h64ArxQRiMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvTV9XNHBTckJKbE1iLUVKUnptSHJnQ3ZGQkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPuTmMA0G
CSqGSIb3DQEBCwUAA4IBAQA7fwMzJzpKxs+SPGZDiMFV5yc9qM0SZwNuakvL0E3Z
NGRBBcfe8y7gqHtxovtvhlLulF5GlxqVkAzfi/1Tgmk82Aqk12yUUi0MvAl9J2cZ
J3hiKk0ZlHkO5FUphN9+MC7EYGepGoUZVDTEa2mQYfDA9rWeZGrqM9hFIakbxa2S
RDND2qC9BQTS7/ZTFSfpcZ04KHjO+tgImkLYuPy4c39Qoy35QA93MfJntaKVuUxP
/Wg3bXWRy3CmotY8bwJA2r6wlGP3st15NhjTLOxEXg7eZckHVZQcWh16RBMmTr55
f7ucbHKjBuDrcVOaQqvxcf3zizdfd6vM2xX6JszeYf18
-----END CERTIFICATE-----