Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/mXJk2JZaX_rpeuxneOaZFpEOMdc.roa
File:                     mXJk2JZaX_rpeuxneOaZFpEOMdc.roa (raw, json)
Hash identifier:          5jueZ1GHcyO7m7ORxSAjmNaw2O5jJE+uUva8pQfP9ZQ=
Subject key identifier:   99:72:64:D8:96:5A:5F:FA:E9:7A:EC:67:78:E6:99:16:91:0E:31:D7
Certificate issuer:       /CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
Certificate serial:       0192972EFC484E304303CC2F6B26F40F54D3
Authority key identifier: 7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/mXJk2JZaX_rpeuxneOaZFpEOMdc.roa
Signing time:             Wed 16 Oct 2024 21:14:51 +0000
ROA not before:           Wed 16 Oct 2024 21:14:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205544
IP address blocks:        176.113.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:97:2e:fc:48:4e:30:43:03:cc:2f:6b:26:f4:0f:54:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca643bb399c6d87adc4c7cba5d2b72fbd00d046
        Validity
            Not Before: Oct 16 21:14:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=997264d8965a5ffae97aec6778e69916910e31d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fb:22:6a:73:3f:2d:34:23:d1:1c:10:5e:38:
                    56:b7:01:90:9f:49:d4:c9:89:04:84:ce:84:7d:fd:
                    dc:5d:b0:1a:1e:1d:17:59:19:7f:08:97:55:73:38:
                    36:59:e4:52:3a:fa:b4:46:51:a8:e3:cd:21:f4:14:
                    35:94:37:1e:c4:81:0a:b2:30:38:e6:39:f2:e4:8c:
                    e4:4d:2d:2b:dd:43:8a:5f:6c:33:90:9d:58:36:09:
                    01:23:34:39:2c:29:d1:d4:c4:62:35:6d:b7:ea:14:
                    a1:a7:9f:07:7f:1e:6e:5d:c6:24:50:56:86:57:cf:
                    e3:87:dc:98:16:12:2a:10:72:70:98:b3:9d:c1:68:
                    4a:ad:30:3b:22:d6:17:af:3b:40:2f:65:4f:71:81:
                    31:9d:5d:8f:8c:77:18:24:71:97:a3:99:d9:f4:46:
                    fe:80:1a:90:71:8d:87:3d:c1:4d:ff:fe:72:c2:d8:
                    39:47:05:38:5b:47:40:5c:89:5d:d8:91:93:45:64:
                    60:3e:99:c8:ee:fb:2f:95:94:d4:2a:de:d0:59:69:
                    a9:9a:b1:42:95:af:48:c4:12:63:eb:f6:cc:7a:71:
                    9f:19:89:af:81:8c:af:04:8e:05:fb:15:c9:8b:4c:
                    fd:8f:d4:79:ea:10:4a:e7:78:85:14:8d:24:56:74:
                    32:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:72:64:D8:96:5A:5F:FA:E9:7A:EC:67:78:E6:99:16:91:0E:31:D7
            X509v3 Authority Key Identifier:
                keyid:7C:A6:43:BB:39:9C:6D:87:AD:C4:C7:CB:A5:D2:B7:2F:BD:00:D0:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKZDuzmcbYetxMfLpdK3L70A0EY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/mXJk2JZaX_rpeuxneOaZFpEOMdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/c0301d-5801-4ac6-b503-44ea64721c9e/1/fKZDuzmcbYetxMfLpdK3L70A0EY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:ec:4d:d9:b5:d1:6b:55:7b:49:a2:5f:49:99:da:c0:66:f6:
         29:ec:51:f8:93:9f:38:f0:b6:2b:b9:e9:8e:b1:cf:bf:5c:83:
         05:c8:3d:95:8b:86:bd:f6:e5:14:55:f5:8a:72:9d:2d:ae:e2:
         14:1a:8f:b0:dc:0d:c4:81:2f:07:22:34:5f:07:83:22:42:32:
         70:62:fc:c3:54:bc:c6:9f:ff:06:21:cb:2f:e6:52:80:98:89:
         88:91:e8:64:85:d7:8a:11:9c:b9:55:7a:a2:3a:28:eb:ff:5e:
         9d:d6:81:0d:a4:27:b6:f8:f4:5e:0e:d1:54:7f:6e:23:54:95:
         8a:6a:cd:59:63:54:87:99:94:ec:b5:74:51:a1:f5:1f:88:b9:
         5d:3d:31:c2:82:2b:4f:03:e0:a9:34:db:7c:57:1d:b3:6e:07:
         50:3e:d4:aa:a1:86:c3:76:06:3a:88:27:a1:f8:09:18:e7:17:
         db:99:76:fe:f5:8f:ef:49:ce:42:79:49:79:2e:82:a7:92:7d:
         a4:0b:32:55:98:4d:9d:e1:ba:01:7c:b2:01:a7:e3:e8:bc:54:
         e2:99:e4:fe:0a:64:cc:32:b6:06:34:01:4c:de:2d:92:87:b9:
         0c:77:de:08:31:a8:0f:91:96:8d:44:a1:ab:5c:22:df:92:ba:
         49:a0:a4:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKXLvxITjBDA8wvayb0D1TTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTY0M2JiMzk5YzZkODdhZGM0YzdjYmE1ZDJiNzJmYmQw
MGQwNDYwHhcNMjQxMDE2MjExNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTcyNjRkODk2NWE1ZmZhZTk3YWVjNjc3OGU2OTkxNjkxMGUzMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvsianM/LTQj0RwQXjhWtwGQn0nU
yYkEhM6Eff3cXbAaHh0XWRl/CJdVczg2WeRSOvq0RlGo480h9BQ1lDcexIEKsjA4
5jny5IzkTS0r3UOKX2wzkJ1YNgkBIzQ5LCnR1MRiNW236hShp58Hfx5uXcYkUFaG
V8/jh9yYFhIqEHJwmLOdwWhKrTA7ItYXrztAL2VPcYExnV2PjHcYJHGXo5nZ9Eb+
gBqQcY2HPcFN//5ywtg5RwU4W0dAXIld2JGTRWRgPpnI7vsvlZTUKt7QWWmpmrFC
la9IxBJj6/bMenGfGYmvgYyvBI4F+xXJi0z9j9R56hBK53iFFI0kVnQy6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlyZNiWWl/66XrsZ3jmmRaRDjHXMB8GA1UdIwQY
MBaAFHymQ7s5nG2HrcTHy6XSty+9ANBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMt
NDRlYTY0NzIxYzllLzEvbVhKazJKWmFYX3JwZXV4bmVPYVpGcEVPTWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jMDMwMWQtNTgwMS00YWM2LWI1MDMtNDRlYTY0NzIxYzll
LzEvZktaRHV6bWNiWWV0eE1mTHBkSzNMNzBBMEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHFAMA0G
CSqGSIb3DQEBCwUAA4IBAQBk7E3ZtdFrVXtJol9JmdrAZvYp7FH4k5848LYruemO
sc+/XIMFyD2Vi4a99uUUVfWKcp0truIUGo+w3A3EgS8HIjRfB4MiQjJwYvzDVLzG
n/8GIcsv5lKAmImIkehkhdeKEZy5VXqiOijr/16d1oENpCe2+PReDtFUf24jVJWK
as1ZY1SHmZTstXRRofUfiLldPTHCgitPA+CpNNt8Vx2zbgdQPtSqoYbDdgY6iCeh
+AkY5xfbmXb+9Y/vSc5CeUl5LoKnkn2kCzJVmE2d4boBfLIBp+PovFTimeT+CmTM
MrYGNAFM3i2Sh7kMd94IMagPkZaNRKGrXCLfkrpJoKSD
-----END CERTIFICATE-----