Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/bd59ae-5b7d-4c26-8e14-24b9e8211885/1/mMenwNhKAdIfW_wajXJsf8i4pRs.roa
File:                     mMenwNhKAdIfW_wajXJsf8i4pRs.roa (raw, json)
Hash identifier:          bWg8bt+zwetpGFHSAXSDBleG3++7MYRZEKuodpyHW/o=
Subject key identifier:   98:C7:A7:C0:D8:4A:01:D2:1F:5B:FC:1A:8D:72:6C:7F:C8:B8:A5:1B
Certificate issuer:       /CN=b215270e3b5976b44f3adece57047d1e0787ba75
Certificate serial:       018CC64B38C2B3CB6ED4961A03BD20E630BA
Authority key identifier: B2:15:27:0E:3B:59:76:B4:4F:3A:DE:CE:57:04:7D:1E:07:87:BA:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/shUnDjtZdrRPOt7OVwR9HgeHunU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/bd59ae-5b7d-4c26-8e14-24b9e8211885/1/mMenwNhKAdIfW_wajXJsf8i4pRs.roa
Signing time:             Mon 01 Jan 2024 18:31:07 +0000
ROA not before:           Mon 01 Jan 2024 18:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        193.38.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/bd59ae-5b7d-4c26-8e14-24b9e8211885/1/shUnDjtZdrRPOt7OVwR9HgeHunU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/bd59ae-5b7d-4c26-8e14-24b9e8211885/1/shUnDjtZdrRPOt7OVwR9HgeHunU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/shUnDjtZdrRPOt7OVwR9HgeHunU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:38:c2:b3:cb:6e:d4:96:1a:03:bd:20:e6:30:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b215270e3b5976b44f3adece57047d1e0787ba75
        Validity
            Not Before: Jan  1 18:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98c7a7c0d84a01d21f5bfc1a8d726c7fc8b8a51b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ef:72:07:43:d5:b3:07:eb:51:92:4f:86:db:
                    71:f5:6c:cc:ad:57:62:61:3d:74:64:bf:cc:79:dc:
                    78:b7:dc:5c:99:a5:f2:b1:57:98:cd:ca:ed:2f:9e:
                    44:52:76:70:ee:ec:4f:96:7c:88:3b:21:81:d1:74:
                    87:61:b3:91:8b:ec:3f:10:09:7d:9f:dc:d8:79:56:
                    c2:47:46:4d:3a:80:7e:82:4a:b7:4a:54:06:5b:b8:
                    61:2f:5f:8c:28:b6:ad:b8:5c:07:b2:87:71:4f:b1:
                    54:33:40:c3:18:37:61:bb:30:7c:eb:41:2e:48:d2:
                    79:d4:89:22:3b:0c:66:8d:27:e2:4b:de:8b:d6:7e:
                    94:a4:46:88:44:62:df:49:ca:c2:d1:3f:11:ba:7a:
                    e3:f5:ed:b2:93:3a:90:26:87:d7:e6:17:a6:e1:d2:
                    1c:46:d6:c1:dd:18:df:90:a8:3f:eb:f9:da:f3:d3:
                    63:3b:60:5d:5c:8d:04:2a:3a:c6:a4:d5:e7:3e:61:
                    05:25:d7:4d:09:8f:77:77:b7:d9:77:cc:6e:f2:6c:
                    67:75:bf:63:d1:92:10:25:18:db:d2:b2:c8:2d:25:
                    40:54:45:db:a5:9b:fe:dc:bf:7d:35:8a:fb:e3:18:
                    04:9d:fa:e2:be:eb:c4:21:64:83:43:ff:ba:00:e7:
                    16:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C7:A7:C0:D8:4A:01:D2:1F:5B:FC:1A:8D:72:6C:7F:C8:B8:A5:1B
            X509v3 Authority Key Identifier:
                keyid:B2:15:27:0E:3B:59:76:B4:4F:3A:DE:CE:57:04:7D:1E:07:87:BA:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/shUnDjtZdrRPOt7OVwR9HgeHunU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bd59ae-5b7d-4c26-8e14-24b9e8211885/1/mMenwNhKAdIfW_wajXJsf8i4pRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bd59ae-5b7d-4c26-8e14-24b9e8211885/1/shUnDjtZdrRPOt7OVwR9HgeHunU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:1e:a6:89:e7:64:c3:4e:4e:01:9b:41:d5:56:03:2d:78:3b:
         30:b5:18:49:8d:e2:72:3d:6c:2f:8d:53:55:ea:13:94:c5:58:
         68:4a:f9:ff:d0:6c:57:8b:e3:36:9e:17:7a:38:ad:a2:a9:0a:
         15:de:79:5a:2c:72:52:97:55:d9:54:31:8e:f2:94:2e:10:81:
         12:db:04:9e:c8:74:d6:13:18:57:01:1d:7c:ff:7e:3a:f8:47:
         fc:f0:db:e4:68:7e:f7:1d:82:9a:6a:96:30:c6:86:8c:20:c9:
         91:38:85:15:20:eb:9a:8d:2e:93:c3:cd:78:12:ad:b9:e3:f5:
         ff:50:dd:1e:e8:66:71:84:b4:bf:6c:56:02:88:31:35:43:9b:
         08:8d:fc:e9:79:85:e9:ab:d1:dc:c1:ec:37:2d:9e:6a:50:34:
         60:6a:3e:7a:a2:de:e3:eb:a8:b4:d0:fb:23:a0:e6:40:b8:a6:
         e6:9b:8b:53:50:53:89:a7:da:2d:b4:75:e3:12:95:43:40:63:
         ab:e5:fb:57:f6:44:85:7d:77:05:32:dd:9a:88:af:3e:14:2b:
         88:b1:01:7a:c0:74:6c:9b:fa:de:ca:bf:4f:bd:b0:27:01:ee:
         02:98:23:b5:53:e1:08:95:56:2d:66:f2:4c:25:65:ca:a1:8a:
         b8:22:16:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzjCs8tu1JYaA70g5jC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMTUyNzBlM2I1OTc2YjQ0ZjNhZGVjZTU3MDQ3ZDFlMDc4
N2JhNzUwHhcNMjQwMTAxMTgzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGM3YTdjMGQ4NGEwMWQyMWY1YmZjMWE4ZDcyNmM3ZmM4YjhhNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie9yB0PVswfrUZJPhttx9WzMrVdi
YT10ZL/Medx4t9xcmaXysVeYzcrtL55EUnZw7uxPlnyIOyGB0XSHYbORi+w/EAl9
n9zYeVbCR0ZNOoB+gkq3SlQGW7hhL1+MKLatuFwHsodxT7FUM0DDGDdhuzB860Eu
SNJ51IkiOwxmjSfiS96L1n6UpEaIRGLfScrC0T8Runrj9e2ykzqQJofX5hem4dIc
RtbB3RjfkKg/6/na89NjO2BdXI0EKjrGpNXnPmEFJddNCY93d7fZd8xu8mxndb9j
0ZIQJRjb0rLILSVAVEXbpZv+3L99NYr74xgEnfrivuvEIWSDQ/+6AOcWDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjHp8DYSgHSH1v8Go1ybH/IuKUbMB8GA1UdIwQY
MBaAFLIVJw47WXa0TzrezlcEfR4Hh7p1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hVbkRqdFpkclJQT3Q3T1Z3UjlIZ2VIdW5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9iZDU5YWUtNWI3ZC00YzI2LThlMTQt
MjRiOWU4MjExODg1LzEvbU1lbndOaEtBZElmV193YWpYSnNmOGk0cFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9iZDU5YWUtNWI3ZC00YzI2LThlMTQtMjRiOWU4MjExODg1
LzEvc2hVbkRqdFpkclJQT3Q3T1Z3UjlIZ2VIdW5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSaQMA0G
CSqGSIb3DQEBCwUAA4IBAQB1HqaJ52TDTk4Bm0HVVgMteDswtRhJjeJyPWwvjVNV
6hOUxVhoSvn/0GxXi+M2nhd6OK2iqQoV3nlaLHJSl1XZVDGO8pQuEIES2wSeyHTW
ExhXAR18/346+Ef88NvkaH73HYKaapYwxoaMIMmROIUVIOuajS6Tw814Eq254/X/
UN0e6GZxhLS/bFYCiDE1Q5sIjfzpeYXpq9Hcwew3LZ5qUDRgaj56ot7j66i00Psj
oOZAuKbmm4tTUFOJp9ottHXjEpVDQGOr5ftX9kSFfXcFMt2aiK8+FCuIsQF6wHRs
m/reyr9PvbAnAe4CmCO1U+EIlVYtZvJMJWXKoYq4IhZP
-----END CERTIFICATE-----