Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/M2hbsMpmnbWK9EkUNss2aBCadYk.roa
File:                     M2hbsMpmnbWK9EkUNss2aBCadYk.roa (raw, json)
Hash identifier:          5L1lSTVQgBL9Fa2pVtW5FMx8uBLa3RQ5cNYn8oX44VU=
Subject key identifier:   33:68:5B:B0:CA:66:9D:B5:8A:F4:49:14:36:CB:36:68:10:9A:75:89
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC188C2A34A27655E427A229F0ED3A
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/M2hbsMpmnbWK9EkUNss2aBCadYk.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8971
IP address blocks:        193.81.246.0/24 maxlen: 24
                          193.80.22.0/24 maxlen: 24
                          193.80.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:18:8c:2a:34:a2:76:55:e4:27:a2:29:f0:ed:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33685bb0ca669db58af4491436cb3668109a7589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d0:b5:88:6d:d4:e4:cc:d9:88:f1:54:42:f4:
                    b4:ee:d0:93:61:c9:35:bd:36:10:7d:d7:da:c4:b7:
                    ca:31:4b:2e:b2:0f:c3:12:d7:09:03:1b:ee:e7:0f:
                    ac:74:62:a7:19:d6:5b:81:fc:e3:03:f3:45:9a:0c:
                    7c:22:fd:48:3c:c6:18:8c:e5:5a:95:58:ac:61:b9:
                    24:d1:c6:0b:09:de:dd:eb:e8:db:7a:cb:c5:aa:cb:
                    6f:07:51:25:eb:3d:31:81:88:8d:ae:0f:11:c5:74:
                    68:8c:2f:ec:85:37:76:a2:aa:f3:75:0b:8c:e5:34:
                    a3:14:fe:24:82:32:0a:c9:f0:8a:12:7b:c9:63:ae:
                    fb:ec:de:08:82:1c:7f:a1:06:0b:5d:1d:ee:90:8f:
                    3b:f8:a2:54:c3:fa:52:9c:fa:d2:6a:57:94:b9:e7:
                    6a:5a:2d:06:21:40:2c:21:12:eb:91:12:39:15:e0:
                    45:03:3f:7e:41:dc:61:d8:3a:dd:52:4d:18:5c:fd:
                    0d:fc:9f:26:7a:b0:fd:cc:f1:7a:b5:5b:ab:7c:2e:
                    c3:95:31:08:40:41:57:d8:fe:e8:4a:7b:69:0f:13:
                    c5:ba:a7:43:a5:ff:76:6b:6f:3f:5a:d7:14:67:4a:
                    38:20:29:82:a6:cd:a6:cb:bd:af:90:ed:a3:c7:4b:
                    b0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:68:5B:B0:CA:66:9D:B5:8A:F4:49:14:36:CB:36:68:10:9A:75:89
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/M2hbsMpmnbWK9EkUNss2aBCadYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.80.22.0/24
                  193.80.42.0/24
                  193.81.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:ad:8d:e6:46:c1:21:35:91:5e:ec:86:ba:1d:91:28:e7:34:
         6b:ef:f3:10:12:31:5a:55:7c:51:57:ff:fe:53:a0:d5:c7:96:
         f9:53:46:dd:1a:38:4a:7e:4d:e0:6d:bd:5e:95:8c:28:21:50:
         69:e1:65:b0:f7:a6:33:06:11:8b:c1:cc:3d:d6:5a:90:fc:43:
         99:05:dc:58:93:2a:a8:db:81:54:84:99:e9:b6:7b:24:44:18:
         d1:f9:21:c3:f6:ab:81:d6:a0:4e:a4:ee:5e:f5:3b:f4:81:64:
         e9:af:ae:fd:3e:76:b5:50:2f:32:3f:86:8d:d5:47:55:0a:ff:
         43:0d:dc:30:6e:7c:7b:39:e8:40:00:7b:66:e2:e0:ac:f7:50:
         a2:dd:7c:a8:e4:f2:96:d9:c7:87:d9:3e:fb:f2:eb:d5:e3:64:
         a4:98:d6:5e:e6:a6:b1:48:f0:e2:ed:9e:d6:5c:07:27:90:f5:
         68:90:ee:07:20:7b:d9:b6:7e:56:4a:02:02:8e:0a:b9:16:59:
         e8:29:d5:18:04:37:d0:8c:34:75:c5:63:a3:3a:9a:6e:57:5e:
         be:4b:c2:c2:21:5c:54:90:90:a4:d0:a5:af:1f:dc:b1:72:84:
         c1:b2:b8:9a:3a:9b:b4:29:63:e2:75:e3:06:d5:e0:f3:c5:77:
         e4:a7:28:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3BiMKjSidlXkJ6Ip8O06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzY4NWJiMGNhNjY5ZGI1OGFmNDQ5MTQzNmNiMzY2ODEwOWE3NTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdC1iG3U5MzZiPFUQvS07tCTYck1
vTYQfdfaxLfKMUsusg/DEtcJAxvu5w+sdGKnGdZbgfzjA/NFmgx8Iv1IPMYYjOVa
lVisYbkk0cYLCd7d6+jbesvFqstvB1El6z0xgYiNrg8RxXRojC/shTd2oqrzdQuM
5TSjFP4kgjIKyfCKEnvJY6777N4Ighx/oQYLXR3ukI87+KJUw/pSnPrSaleUuedq
Wi0GIUAsIRLrkRI5FeBFAz9+Qdxh2DrdUk0YXP0N/J8merD9zPF6tVurfC7DlTEI
QEFX2P7oSntpDxPFuqdDpf92a28/WtcUZ0o4ICmCps2my72vkO2jx0uwgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDNoW7DKZp21ivRJFDbLNmgQmnWJMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvTTJoYnNNcG1uYldLOUVrVU5zczJhQkNhZFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwVAWAwQA
wVAqAwQAwVH2MA0GCSqGSIb3DQEBCwUAA4IBAQBYrY3mRsEhNZFe7Ia6HZEo5zRr
7/MQEjFaVXxRV//+U6DVx5b5U0bdGjhKfk3gbb1elYwoIVBp4WWw96YzBhGLwcw9
1lqQ/EOZBdxYkyqo24FUhJnptnskRBjR+SHD9quB1qBOpO5e9Tv0gWTpr679Pna1
UC8yP4aN1UdVCv9DDdwwbnx7OehAAHtm4uCs91Ci3Xyo5PKW2ceH2T778uvV42Sk
mNZe5qaxSPDi7Z7WXAcnkPVokO4HIHvZtn5WSgICjgq5FlnoKdUYBDfQjDR1xWOj
OppuV16+S8LCIVxUkJCk0KWvH9yxcoTBsriaOpu0KWPideMG1eDzxXfkpyhc
-----END CERTIFICATE-----