Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/R-MErvGETPCjVxp6B3b45dzLQo8.roa
File:                     R-MErvGETPCjVxp6B3b45dzLQo8.roa (raw, json)
Hash identifier:          DnK2f7H2sLTbQab/AZiUmtnPfZsDGTx59V6S4e2Jn0Y=
Subject key identifier:   47:E3:04:AE:F1:84:4C:F0:A3:57:1A:7A:07:76:F8:E5:DC:CB:42:8F
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       019209F86E737B24276EB1C49D8CE0FAE327
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/R-MErvGETPCjVxp6B3b45dzLQo8.roa
Signing time:             Thu 19 Sep 2024 11:08:48 +0000
ROA not before:           Thu 19 Sep 2024 11:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149020
IP address blocks:        194.5.96.0/24 maxlen: 24
                          194.5.97.0/24 maxlen: 24
                          194.5.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:09:f8:6e:73:7b:24:27:6e:b1:c4:9d:8c:e0:fa:e3:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Sep 19 11:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47e304aef1844cf0a3571a7a0776f8e5dccb428f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d5:5c:ac:72:52:4c:b3:25:8f:c5:71:32:d7:
                    b9:e0:3e:42:3b:1f:9f:6d:4b:5e:d4:26:34:9e:ca:
                    7b:61:37:09:b6:e5:2f:88:e4:37:3f:b3:fe:b0:44:
                    d7:b7:28:a0:cf:a2:30:7b:3f:4d:ce:60:b3:35:c3:
                    9e:e5:c8:25:7d:7c:b4:be:fc:27:20:e3:53:33:55:
                    84:72:5a:c1:ce:36:eb:fe:21:ad:0c:de:a9:d4:d2:
                    2b:75:a9:48:43:fb:10:92:f6:57:e8:98:16:17:23:
                    35:d9:38:74:4c:a1:89:33:e8:d5:28:68:b0:bc:a8:
                    48:a7:7b:fe:29:b0:01:f5:38:dc:3f:65:45:78:b5:
                    19:e7:eb:b6:3a:25:67:bd:d5:c0:ec:55:3c:58:68:
                    e6:b8:54:20:5a:8a:bc:ac:24:21:7b:d0:ca:56:fd:
                    5f:cd:ac:07:1d:6e:b7:93:32:5e:ca:9a:87:c6:89:
                    28:dd:76:ac:3b:b4:3b:1c:06:a5:c1:40:0f:a4:eb:
                    be:91:ed:4d:80:e9:7f:ce:8a:cf:39:84:87:b4:81:
                    c1:8d:55:dd:3d:bb:a7:31:9f:a3:8d:90:66:e8:4e:
                    85:c6:7f:50:86:99:0b:bc:83:a6:b2:c5:6f:a4:6f:
                    bb:d2:db:1a:40:96:75:cd:8a:bc:b1:4b:25:a9:d3:
                    d7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E3:04:AE:F1:84:4C:F0:A3:57:1A:7A:07:76:F8:E5:DC:CB:42:8F
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/R-MErvGETPCjVxp6B3b45dzLQo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.96.0-194.5.98.255

    Signature Algorithm: sha256WithRSAEncryption
         22:89:53:31:b1:54:6c:0e:c9:b5:c0:13:b0:2a:0a:9b:04:2c:
         0c:61:95:32:9e:ee:f6:b7:b6:c5:69:f2:ce:f8:97:e1:b1:5a:
         eb:1c:73:fe:14:b1:c9:07:3f:83:00:3d:ba:a6:0b:ac:a3:75:
         82:ce:ba:e2:98:84:1f:a0:1e:7f:12:47:2f:08:08:93:a9:93:
         07:df:1d:0b:70:82:4b:08:e0:df:35:d4:5e:90:4c:48:99:9e:
         86:81:24:e8:70:c7:69:e5:7a:7f:64:d4:87:b3:3a:2f:45:2a:
         95:56:6d:cf:67:19:7a:7a:76:90:ef:d1:4d:cc:da:80:7c:f6:
         80:1c:2d:78:7c:6d:dc:14:9c:8d:d5:24:a9:35:15:14:29:a2:
         ba:2a:7a:1f:10:d5:85:e1:35:99:0f:25:78:ab:f4:be:64:e1:
         db:c4:4d:e1:90:dc:e7:11:ae:4a:7b:dd:f3:d6:0c:85:47:66:
         68:3a:a7:5e:b1:07:71:69:34:4f:10:86:93:d9:9a:0c:48:d3:
         b8:74:c4:a0:c1:7a:55:dd:f4:43:18:59:7f:cb:2e:70:87:2d:
         ac:98:52:08:90:51:6e:d6:6b:e0:01:95:28:bf:e6:15:92:29:
         80:6e:18:00:11:97:92:a5:2f:09:81:80:49:93:a0:ae:a5:c1:
         69:93:e4:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZIJ+G5zeyQnbrHEnYzg+uMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwOTE5MTEwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2UzMDRhZWYxODQ0Y2YwYTM1NzFhN2EwNzc2ZjhlNWRjY2I0MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdVcrHJSTLMlj8VxMte54D5COx+f
bUte1CY0nsp7YTcJtuUviOQ3P7P+sETXtyigz6Iwez9NzmCzNcOe5cglfXy0vvwn
IONTM1WEclrBzjbr/iGtDN6p1NIrdalIQ/sQkvZX6JgWFyM12Th0TKGJM+jVKGiw
vKhIp3v+KbAB9TjcP2VFeLUZ5+u2OiVnvdXA7FU8WGjmuFQgWoq8rCQhe9DKVv1f
zawHHW63kzJeypqHxoko3XasO7Q7HAalwUAPpOu+ke1NgOl/zorPOYSHtIHBjVXd
PbunMZ+jjZBm6E6Fxn9QhpkLvIOmssVvpG+70tsaQJZ1zYq8sUslqdPX4wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEfjBK7xhEzwo1caegd2+OXcy0KPMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvUi1NRXJ2R0VUUENqVnhwNkIzYjQ1ZHpMUW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXCBWAD
BADCBWIwDQYJKoZIhvcNAQELBQADggEBACKJUzGxVGwOybXAE7AqCpsELAxhlTKe
7va3tsVp8s74l+GxWuscc/4UsckHP4MAPbqmC6yjdYLOuuKYhB+gHn8SRy8ICJOp
kwffHQtwgksI4N811F6QTEiZnoaBJOhwx2nlen9k1IezOi9FKpVWbc9nGXp6dpDv
0U3M2oB89oAcLXh8bdwUnI3VJKk1FRQporoqeh8Q1YXhNZkPJXir9L5k4dvETeGQ
3OcRrkp73fPWDIVHZmg6p16xB3FpNE8QhpPZmgxI07h0xKDBelXd9EMYWX/LLnCH
LayYUgiQUW7Wa+ABlSi/5hWSKYBuGAARl5KlLwmBgEmToK6lwWmT5F4=
-----END CERTIFICATE-----