Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/mMFGiY7NGR_oYDBNLvr1AoY6wcw.roa
File:                     mMFGiY7NGR_oYDBNLvr1AoY6wcw.roa (raw, json)
Hash identifier:          sY47QRb6vV+wTLFcY9d3A69XqBOL02McXRulEddkrIE=
Subject key identifier:   98:C1:46:89:8E:CD:19:1F:E8:60:30:4D:2E:FA:F5:02:86:3A:C1:CC
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019205E7795F5573EBA7D3AB4C00B854C8B1
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/mMFGiY7NGR_oYDBNLvr1AoY6wcw.roa
Signing time:             Wed 18 Sep 2024 16:11:48 +0000
ROA not before:           Wed 18 Sep 2024 16:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214560
IP address blocks:        5.180.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:e7:79:5f:55:73:eb:a7:d3:ab:4c:00:b8:54:c8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Sep 18 16:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98c146898ecd191fe860304d2efaf502863ac1cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ab:ad:99:ce:f2:72:12:57:a6:8a:4f:4a:dd:
                    ab:5f:3e:93:53:65:59:f7:dd:4d:19:aa:48:5b:e5:
                    4f:8b:f0:b4:13:e5:4b:af:0f:72:ee:8f:cc:9b:d2:
                    ef:bf:2a:4d:98:73:86:5d:0b:b8:63:ef:d5:a4:bc:
                    c4:87:28:3c:ed:cc:16:ba:bd:b9:e7:00:db:8e:97:
                    d6:3c:87:e6:c2:b1:b6:6c:f9:3c:da:5e:64:69:5e:
                    7f:2e:c2:ac:8d:b1:99:ba:c2:09:57:3e:0a:ac:9a:
                    28:f2:4e:ba:47:60:43:91:04:c1:2b:ea:ad:9c:84:
                    7c:f5:0b:7a:86:ef:00:c1:93:81:eb:72:9f:d2:34:
                    03:9b:6a:da:83:18:4d:ea:4d:5c:58:a3:a0:18:98:
                    51:12:40:2b:57:00:9d:ed:85:e3:53:98:80:b0:1b:
                    9e:bb:d4:03:45:71:cd:67:40:75:8f:86:5c:02:40:
                    2c:06:f0:2e:42:4c:0e:84:e5:77:60:f5:7d:e3:1f:
                    f7:95:f4:4a:ca:85:4d:80:c8:28:cf:3e:7a:60:cd:
                    25:87:cd:95:45:a2:06:81:c6:14:ae:45:90:93:74:
                    3b:84:10:85:a2:f6:a3:87:47:ee:b1:43:08:b1:a0:
                    92:b9:56:59:0c:86:7d:7e:b4:03:26:0c:37:49:27:
                    06:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C1:46:89:8E:CD:19:1F:E8:60:30:4D:2E:FA:F5:02:86:3A:C1:CC
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/mMFGiY7NGR_oYDBNLvr1AoY6wcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:ff:f5:b7:ef:b6:3b:c8:1b:44:34:03:f2:b4:b7:b0:5b:e2:
         d5:da:b8:30:d7:f4:eb:99:80:78:5c:f5:79:99:4a:58:88:32:
         6a:93:f3:56:93:d4:f0:be:3c:7b:a7:cc:bb:c2:c0:75:7e:85:
         b8:a1:1c:9f:7e:e9:5e:3d:4d:b0:1c:8d:54:04:b0:dd:45:c0:
         9e:61:cb:69:4d:ac:60:e3:be:53:f3:c8:58:03:92:6f:6e:7d:
         98:df:19:c7:3e:b4:6e:22:a3:d2:5f:3a:cb:b7:b4:04:07:6f:
         ca:8c:e8:e2:6f:48:92:1a:f5:51:f3:e4:af:ee:d9:ad:33:e6:
         a0:e4:fe:90:07:0d:33:50:43:91:60:61:cc:f7:f6:70:31:66:
         f7:c3:41:28:96:52:33:c0:77:15:d5:ae:5f:2e:c8:6f:88:a7:
         32:1c:e8:38:a6:83:0a:92:25:02:53:3f:24:bf:a1:44:95:b8:
         49:94:a6:25:2a:d8:69:e3:a5:be:ba:6f:1d:bb:d8:c3:2f:31:
         e9:e0:df:a4:2c:84:51:6f:f0:9c:be:a8:1f:08:9a:ed:54:a3:
         ff:01:31:b2:ce:3f:9a:cf:1d:24:92:a8:ac:da:60:e5:ae:ff:
         28:14:6d:9e:11:1b:fc:eb:2d:ec:69:80:f9:4d:b5:8d:68:19:
         51:e1:ce:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIF53lfVXPrp9OrTAC4VMixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwOTE4MTYxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGMxNDY4OThlY2QxOTFmZTg2MDMwNGQyZWZhZjUwMjg2M2FjMWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlautmc7ychJXpopPSt2rXz6TU2VZ
991NGapIW+VPi/C0E+VLrw9y7o/Mm9LvvypNmHOGXQu4Y+/VpLzEhyg87cwWur25
5wDbjpfWPIfmwrG2bPk82l5kaV5/LsKsjbGZusIJVz4KrJoo8k66R2BDkQTBK+qt
nIR89Qt6hu8AwZOB63Kf0jQDm2ragxhN6k1cWKOgGJhREkArVwCd7YXjU5iAsBue
u9QDRXHNZ0B1j4ZcAkAsBvAuQkwOhOV3YPV94x/3lfRKyoVNgMgozz56YM0lh82V
RaIGgcYUrkWQk3Q7hBCFovajh0fusUMIsaCSuVZZDIZ9frQDJgw3SScGMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjBRomOzRkf6GAwTS769QKGOsHMMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvbU1GR2lZN05HUl9vWURCTkx2cjFBb1k2d2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQhMA0G
CSqGSIb3DQEBCwUAA4IBAQAY//W377Y7yBtENAPytLewW+LV2rgw1/TrmYB4XPV5
mUpYiDJqk/NWk9Twvjx7p8y7wsB1foW4oRyffulePU2wHI1UBLDdRcCeYctpTaxg
475T88hYA5Jvbn2Y3xnHPrRuIqPSXzrLt7QEB2/KjOjib0iSGvVR8+Sv7tmtM+ag
5P6QBw0zUEORYGHM9/ZwMWb3w0EollIzwHcV1a5fLshviKcyHOg4poMKkiUCUz8k
v6FElbhJlKYlKthp46W+um8du9jDLzHp4N+kLIRRb/CcvqgfCJrtVKP/ATGyzj+a
zx0kkqis2mDlrv8oFG2eERv86y3saYD5TbWNaBlR4c7o
-----END CERTIFICATE-----