Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/mwAOEy6fBCEXFlqUWscNMnA8DSk.roa
File:                     mwAOEy6fBCEXFlqUWscNMnA8DSk.roa (raw, json)
Hash identifier:          i4b3bpx1i6M62etR6GtBmYrt7+hKlhkrkmpV1J+NTgM=
Subject key identifier:   9B:00:0E:13:2E:9F:04:21:17:16:5A:94:5A:C7:0D:32:70:3C:0D:29
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC224D385C623C16065569E6253C5A
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/mwAOEy6fBCEXFlqUWscNMnA8DSk.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205903
IP address blocks:        213.33.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:22:4d:38:5c:62:3c:16:06:55:69:e6:25:3c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b000e132e9f042117165a945ac70d32703c0d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:89:71:0b:4e:37:71:d8:05:ca:5b:12:fb:df:
                    7f:b6:f4:89:0c:db:aa:be:09:59:f4:54:48:55:11:
                    12:ed:1d:8a:2f:26:3d:b2:24:e7:9f:64:12:b1:0f:
                    76:9c:71:e4:7d:2a:a4:5e:7b:00:05:8c:03:32:c1:
                    e9:5c:c8:3f:b5:cd:77:17:2d:a8:81:57:e2:d9:55:
                    69:a2:5f:aa:e5:8a:39:7e:8d:cd:e1:8c:ec:4e:22:
                    82:c5:a8:95:b8:d4:c2:95:1c:96:a4:af:e8:ed:33:
                    c3:d3:12:fa:af:06:5e:02:5b:01:8f:ac:1f:29:e4:
                    c3:c2:00:72:b6:fc:cc:3d:d4:c5:14:cb:f0:4f:5c:
                    14:0b:25:ce:3a:1b:a0:24:8f:ef:81:39:aa:c8:53:
                    e3:bd:d2:55:68:de:0c:15:3a:1b:6d:a2:71:da:b6:
                    57:c0:69:65:92:40:93:62:d3:0b:13:8f:bd:38:ae:
                    eb:78:d8:21:65:cc:ec:0c:18:28:03:43:84:c3:28:
                    7f:4f:21:84:7d:0e:e5:91:6a:bb:e8:0f:ab:98:f4:
                    4b:07:aa:8d:a3:80:b1:f0:ea:b3:5c:ee:b6:1b:41:
                    ca:30:57:8f:54:5b:53:4d:6b:ba:0a:7f:8b:dd:24:
                    39:f0:b7:b2:ce:e6:eb:d2:11:b0:42:02:71:82:03:
                    c0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:00:0E:13:2E:9F:04:21:17:16:5A:94:5A:C7:0D:32:70:3C:0D:29
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/mwAOEy6fBCEXFlqUWscNMnA8DSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:40:f3:bc:81:ea:f0:59:5c:3b:6a:bc:ad:2a:5e:88:07:1c:
         40:9c:87:8a:24:fe:dd:e4:91:dc:2e:9b:e6:04:5c:ea:7e:6d:
         60:ea:f5:96:99:1d:11:f2:a3:9e:63:d2:b9:66:e9:3f:22:9d:
         79:49:cb:51:9d:fe:5f:cc:85:c9:8b:bb:ec:04:1f:e9:24:79:
         e6:aa:bf:37:c0:18:01:0d:e5:1a:da:cb:ac:05:24:5b:18:88:
         94:32:13:22:92:52:89:a5:04:5c:2b:4e:56:1e:5f:3c:04:75:
         e7:25:d6:d0:36:e4:78:6a:56:78:a6:e8:6a:57:fa:ed:3c:f8:
         6e:2f:cd:c3:bf:f1:08:95:40:2c:4d:45:ed:0e:50:d9:0a:3a:
         86:86:61:18:58:36:ab:c1:35:6a:83:6f:1a:f5:e1:4b:36:b2:
         6b:a6:2a:7d:06:fb:09:eb:5e:85:79:8d:b7:6e:2e:bb:bc:7f:
         35:f5:63:4b:6b:af:14:fa:31:35:c6:ef:74:fe:62:5d:70:de:
         a6:43:b0:6b:8c:cc:c6:95:4e:99:d1:7b:6c:bc:17:b8:5a:74:
         7b:dd:61:96:1f:1e:91:a4:d5:47:19:b7:e3:70:22:5d:60:0e:
         29:fc:87:18:27:ac:08:dd:35:e5:07:24:7f:b7:e7:d0:32:31:
         b8:6e:f6:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CJNOFxiPBYGVWnmJTxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjAwMGUxMzJlOWYwNDIxMTcxNjVhOTQ1YWM3MGQzMjcwM2MwZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIlxC043cdgFylsS+99/tvSJDNuq
vglZ9FRIVRES7R2KLyY9siTnn2QSsQ92nHHkfSqkXnsABYwDMsHpXMg/tc13Fy2o
gVfi2VVpol+q5Yo5fo3N4YzsTiKCxaiVuNTClRyWpK/o7TPD0xL6rwZeAlsBj6wf
KeTDwgBytvzMPdTFFMvwT1wUCyXOOhugJI/vgTmqyFPjvdJVaN4MFTobbaJx2rZX
wGllkkCTYtMLE4+9OK7reNghZczsDBgoA0OEwyh/TyGEfQ7lkWq76A+rmPRLB6qN
o4Cx8OqzXO62G0HKMFePVFtTTWu6Cn+L3SQ58Leyzubr0hGwQgJxggPAbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsADhMunwQhFxZalFrHDTJwPA0pMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvbXdBT0V5NmZCQ0VYRmxxVVdzY05NbkE4RFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SExMA0G
CSqGSIb3DQEBCwUAA4IBAQC0QPO8gerwWVw7arytKl6IBxxAnIeKJP7d5JHcLpvm
BFzqfm1g6vWWmR0R8qOeY9K5Zuk/Ip15SctRnf5fzIXJi7vsBB/pJHnmqr83wBgB
DeUa2susBSRbGIiUMhMiklKJpQRcK05WHl88BHXnJdbQNuR4alZ4puhqV/rtPPhu
L83Dv/EIlUAsTUXtDlDZCjqGhmEYWDarwTVqg28a9eFLNrJrpip9BvsJ616FeY23
bi67vH819WNLa68U+jE1xu90/mJdcN6mQ7BrjMzGlU6Z0XtsvBe4WnR73WGWHx6R
pNVHGbfjcCJdYA4p/IcYJ6wI3TXlByR/t+fQMjG4bvYr
-----END CERTIFICATE-----