Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/M6UOqfJXqFcYTfchRFGdDbaGY5s.roa
File:                     M6UOqfJXqFcYTfchRFGdDbaGY5s.roa (raw, json)
Hash identifier:          KRDo3+ThehRITJy11OX6jEFrlkauVGJU5o5zvy1cmVo=
Subject key identifier:   33:A5:0E:A9:F2:57:A8:57:18:4D:F7:21:44:51:9D:0D:B6:86:63:9B
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       018CC5DC893EE0603ABD97155A1B268F38AB
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/M6UOqfJXqFcYTfchRFGdDbaGY5s.roa
Signing time:             Mon 01 Jan 2024 16:30:13 +0000
ROA not before:           Mon 01 Jan 2024 16:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64249
IP address blocks:        147.189.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:89:3e:e0:60:3a:bd:97:15:5a:1b:26:8f:38:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 16:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33a50ea9f257a857184df72144519d0db686639b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:42:e6:0d:22:ea:48:db:27:c0:20:6c:39:55:
                    f1:02:b8:07:18:91:a1:8a:ea:ef:2b:ef:91:31:a6:
                    0e:ea:55:65:72:de:2d:45:b5:a7:69:76:d3:64:d0:
                    34:de:b2:b2:df:81:73:c2:aa:e2:e9:2e:23:cc:0e:
                    b9:0f:fd:2e:a0:27:18:09:05:9d:63:16:98:4c:34:
                    ec:5b:07:1c:92:81:16:d6:f7:2e:00:1f:5e:fa:22:
                    8c:e0:bb:01:f7:61:41:24:6e:08:24:20:86:29:65:
                    3b:89:af:47:6f:85:1f:0c:2f:b0:ab:a8:3e:a0:9a:
                    c3:93:a9:37:f5:1e:6c:79:25:6b:b9:81:ac:77:90:
                    c4:2e:cf:60:73:70:f6:1b:f1:f1:e0:a8:6d:54:04:
                    da:c5:e5:fd:92:ef:93:a3:88:e3:4d:f6:57:54:0e:
                    a4:fb:a5:5e:bb:38:4a:0c:a1:06:bc:9b:90:3d:9a:
                    1e:d7:5a:b8:71:4c:39:c4:fc:57:46:e6:03:0c:0c:
                    9e:ec:b2:cc:25:b1:11:e2:38:09:c7:ec:13:71:cf:
                    4f:25:78:65:1b:ad:3e:78:0c:e5:e4:4e:10:fd:88:
                    fa:55:01:2a:9c:07:f1:70:3b:58:17:4d:1f:1f:06:
                    d6:23:34:cc:47:25:d4:9c:ee:28:73:a9:4b:9b:e0:
                    e4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A5:0E:A9:F2:57:A8:57:18:4D:F7:21:44:51:9D:0D:B6:86:63:9B
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/M6UOqfJXqFcYTfchRFGdDbaGY5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:9f:a4:18:a0:78:35:c1:d9:cb:01:ff:ea:90:c0:0e:9b:dc:
         b7:64:8a:db:08:63:dc:82:04:e2:73:af:17:db:97:ae:f0:e7:
         bb:8a:dc:15:dd:83:73:b6:dd:64:e3:44:60:2b:ca:a1:ba:50:
         f0:f9:ae:33:f2:82:51:53:e1:ec:b0:fd:e6:5d:a9:33:a7:a8:
         39:aa:fc:be:47:0e:7a:8b:2b:c5:65:d9:9e:ef:99:f8:d2:b7:
         dd:ce:ff:98:6e:b8:d9:ba:42:00:82:4c:be:ca:2e:64:ad:d0:
         07:e7:ca:07:6e:6c:4e:42:b9:92:dd:48:88:6d:9e:f3:d5:e8:
         a3:9b:b3:ef:a0:26:69:4c:76:5c:f6:5b:9b:2e:8f:67:4a:59:
         e3:c6:de:bf:cc:08:a3:81:c8:53:b7:f9:f5:07:b2:4d:86:f6:
         a5:46:c3:7d:61:41:e6:29:9a:74:ae:ec:3a:ce:92:8f:19:8e:
         57:66:3e:08:5b:c2:f0:9b:eb:e1:e9:16:aa:4e:db:90:97:48:
         15:85:46:2d:12:0a:5c:49:0d:63:90:f4:c8:72:8a:d9:e4:ea:
         47:4f:2b:8d:97:38:e8:f3:d5:ff:41:c0:f3:b3:29:c1:e7:03:
         22:1a:47:00:53:bc:11:33:2c:ad:ba:0b:a0:ec:bd:7a:f1:7b:
         31:71:b4:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3Ik+4GA6vZcVWhsmjzirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5M2FjNmNkMjI0MDI0OWJiYTYwMTcxZjA4NmU5MTAxY2M4
N2NhMjQwHhcNMjQwMTAxMTYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2E1MGVhOWYyNTdhODU3MTg0ZGY3MjE0NDUxOWQwZGI2ODY2MzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ELmDSLqSNsnwCBsOVXxArgHGJGh
iurvK++RMaYO6lVlct4tRbWnaXbTZNA03rKy34Fzwqri6S4jzA65D/0uoCcYCQWd
YxaYTDTsWwcckoEW1vcuAB9e+iKM4LsB92FBJG4IJCCGKWU7ia9Hb4UfDC+wq6g+
oJrDk6k39R5seSVruYGsd5DELs9gc3D2G/Hx4KhtVATaxeX9ku+To4jjTfZXVA6k
+6VeuzhKDKEGvJuQPZoe11q4cUw5xPxXRuYDDAye7LLMJbER4jgJx+wTcc9PJXhl
G60+eAzl5E4Q/Yj6VQEqnAfxcDtYF00fHwbWIzTMRyXUnO4oc6lLm+DksQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDOlDqnyV6hXGE33IURRnQ22hmObMB8GA1UdIwQY
MBaAFPk6xs0iQCSbumAXHwhukQHMh8okMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Uckd6U0pBSkp1NllCY2ZDRzZSQWN5SHlpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNl
LWY3NTJkODE2MDVmYi8xL002VU9xZkpYcUZjWVRmY2hSRkdkRGJhR1k1cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNlLWY3NTJkODE2MDVm
Yi8xLzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTvYkw
DQYJKoZIhvcNAQELBQADggEBAFmfpBigeDXB2csB/+qQwA6b3LdkitsIY9yCBOJz
rxfbl67w57uK3BXdg3O23WTjRGAryqG6UPD5rjPyglFT4eyw/eZdqTOnqDmq/L5H
DnqLK8Vl2Z7vmfjSt93O/5huuNm6QgCCTL7KLmSt0AfnygdubE5CuZLdSIhtnvPV
6KObs++gJmlMdlz2W5suj2dKWePG3r/MCKOByFO3+fUHsk2G9qVGw31hQeYpmnSu
7DrOko8ZjldmPghbwvCb6+HpFqpO25CXSBWFRi0SClxJDWOQ9Mhyitnk6kdPK42X
OOjz1f9BwPOzKcHnAyIaRwBTvBEzLK26C6DsvXrxezFxtH0=
-----END CERTIFICATE-----