Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/M5vl2H0xyAqk3MUkrH9eLKxeAeM.roa
File:                     M5vl2H0xyAqk3MUkrH9eLKxeAeM.roa (raw, json)
Hash identifier:          BemUhDCWxzfBqQ7daWmpHu3fORTQ1HKewbMKD189PFY=
Subject key identifier:   33:9B:E5:D8:7D:31:C8:0A:A4:DC:C5:24:AC:7F:5E:2C:AC:5E:01:E3
Certificate issuer:       /CN=749ea3b1e58ba060b41fc2a078f6016264759664
Certificate serial:       018CC94DF46BE667CA912BEFB326E159CADB
Authority key identifier: 74:9E:A3:B1:E5:8B:A0:60:B4:1F:C2:A0:78:F6:01:62:64:75:96:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/M5vl2H0xyAqk3MUkrH9eLKxeAeM.roa
Signing time:             Tue 02 Jan 2024 08:32:58 +0000
ROA not before:           Tue 02 Jan 2024 08:32:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59767
IP address blocks:        185.34.4.0/22 maxlen: 22
                          2a04:5d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:f4:6b:e6:67:ca:91:2b:ef:b3:26:e1:59:ca:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749ea3b1e58ba060b41fc2a078f6016264759664
        Validity
            Not Before: Jan  2 08:32:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=339be5d87d31c80aa4dcc524ac7f5e2cac5e01e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b7:c8:a7:dd:aa:71:c9:24:dc:ca:cb:a2:c7:
                    2d:da:49:68:0e:37:f2:2d:57:f7:62:29:59:e5:3a:
                    79:95:9d:a0:76:95:de:2c:49:f8:e1:ee:b8:2b:c7:
                    f5:50:7a:f0:f2:06:07:b7:71:0a:70:15:a6:e7:3a:
                    5e:15:47:dc:6c:a9:19:18:54:38:40:bc:42:89:e7:
                    6b:0b:6b:c5:1e:4a:ae:68:8f:2d:02:4c:e4:b9:e2:
                    5d:4c:c5:52:58:bf:a8:b1:6f:8d:ad:21:fc:ac:cc:
                    fc:57:52:90:a5:e9:8a:65:a9:a2:18:74:c9:6c:dd:
                    29:88:a7:6c:74:af:39:b0:77:bc:f0:54:ee:3b:2e:
                    5b:be:52:f8:53:b8:1e:ca:05:75:ff:5f:60:3e:17:
                    b5:12:da:ea:7c:3a:09:7f:41:1f:14:52:20:20:bf:
                    eb:54:0e:3e:42:56:45:27:09:ef:58:a6:76:b8:bf:
                    33:97:6d:b4:b3:b2:a8:18:bf:8a:55:a1:16:d4:d7:
                    9f:b3:07:dd:b4:a2:80:1a:e2:ba:5c:33:6f:09:63:
                    78:e7:cf:f5:87:fe:3c:1b:55:0a:16:4a:df:d3:c9:
                    c7:d7:77:f7:37:5b:d4:27:c2:fc:48:a2:3c:93:9b:
                    af:cf:04:e1:35:62:6a:5a:dc:bb:26:3e:24:68:51:
                    4d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9B:E5:D8:7D:31:C8:0A:A4:DC:C5:24:AC:7F:5E:2C:AC:5E:01:E3
            X509v3 Authority Key Identifier:
                keyid:74:9E:A3:B1:E5:8B:A0:60:B4:1F:C2:A0:78:F6:01:62:64:75:96:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJ6jseWLoGC0H8KgePYBYmR1lmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/M5vl2H0xyAqk3MUkrH9eLKxeAeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/86246a-f033-4e48-b7dd-2f4242a13d00/1/dJ6jseWLoGC0H8KgePYBYmR1lmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.4.0/22
                IPv6:
                  2a04:5d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:82:51:1c:2b:1c:cb:47:0e:1f:df:65:92:b4:a2:12:d1:46:
         81:94:78:bb:88:ff:42:7b:27:e0:5b:e4:95:c7:76:7b:70:f0:
         c7:84:fd:ed:3b:cb:9b:6c:ec:33:50:54:2e:9f:21:70:33:96:
         f4:c9:e3:a4:ab:14:9d:d6:fa:dd:fe:cb:66:ee:21:59:e4:ab:
         ac:18:81:1d:33:34:94:cd:27:6f:3b:67:92:b6:24:8b:d4:16:
         f7:b2:65:78:44:d7:52:d7:ad:9c:ab:09:0a:07:6a:d2:02:bd:
         95:2d:97:d4:d1:fd:00:aa:e4:a7:d6:db:c4:d7:4f:dd:70:64:
         9d:98:a7:86:80:67:e0:cb:65:b6:38:99:b4:6a:44:a6:17:29:
         60:46:9c:51:9d:92:8c:04:7a:63:25:7e:c8:47:a7:b3:31:37:
         ef:4a:3a:3e:07:08:6e:78:cc:c2:76:3b:8e:d0:30:0f:82:e4:
         8e:15:8d:5e:de:b5:d0:ac:3e:aa:ae:10:10:31:84:81:2a:bd:
         17:95:b4:4d:a8:1a:69:e6:96:36:ee:d8:55:8b:7b:d2:c5:98:
         ea:67:2c:03:8c:1a:da:b7:7c:ba:6f:ff:f3:0f:ce:12:75:aa:
         81:73:e9:9a:1e:92:4e:80:ae:60:2f:b2:d6:71:8d:60:67:b7:
         96:d0:a8:0f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTfRr5mfKkSvvsybhWcrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OWVhM2IxZTU4YmEwNjBiNDFmYzJhMDc4ZjYwMTYyNjQ3
NTk2NjQwHhcNMjQwMTAyMDgzMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzliZTVkODdkMzFjODBhYTRkY2M1MjRhYzdmNWUyY2FjNWUwMWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbfIp92qcckk3MrLosct2kloDjfy
LVf3YilZ5Tp5lZ2gdpXeLEn44e64K8f1UHrw8gYHt3EKcBWm5zpeFUfcbKkZGFQ4
QLxCiedrC2vFHkquaI8tAkzkueJdTMVSWL+osW+NrSH8rMz8V1KQpemKZamiGHTJ
bN0piKdsdK85sHe88FTuOy5bvlL4U7geygV1/19gPhe1EtrqfDoJf0EfFFIgIL/r
VA4+QlZFJwnvWKZ2uL8zl220s7KoGL+KVaEW1NefswfdtKKAGuK6XDNvCWN458/1
h/48G1UKFkrf08nH13f3N1vUJ8L8SKI8k5uvzwThNWJqWty7Jj4kaFFNNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDOb5dh9McgKpNzFJKx/XiysXgHjMB8GA1UdIwQY
MBaAFHSeo7Hli6BgtB/CoHj2AWJkdZZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEo2anNlV0xvR0MwSDhLZ2VQWUJZbVIxbG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy84NjI0NmEtZjAzMy00ZTQ4LWI3ZGQt
MmY0MjQyYTEzZDAwLzEvTTV2bDJIMHh5QXFrM01Va3JIOWVMS3hlQWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy84NjI0NmEtZjAzMy00ZTQ4LWI3ZGQtMmY0MjQyYTEzZDAw
LzEvZEo2anNlV0xvR0MwSDhLZ2VQWUJZbVIxbG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSIEMA0E
AgACMAcDBQMqBF1AMA0GCSqGSIb3DQEBCwUAA4IBAQBiglEcKxzLRw4f32WStKIS
0UaBlHi7iP9CeyfgW+SVx3Z7cPDHhP3tO8ubbOwzUFQunyFwM5b0yeOkqxSd1vrd
/stm7iFZ5KusGIEdMzSUzSdvO2eStiSL1Bb3smV4RNdS162cqwkKB2rSAr2VLZfU
0f0AquSn1tvE10/dcGSdmKeGgGfgy2W2OJm0akSmFylgRpxRnZKMBHpjJX7IR6ez
MTfvSjo+BwhueMzCdjuO0DAPguSOFY1e3rXQrD6qrhAQMYSBKr0XlbRNqBpp5pY2
7thVi3vSxZjqZywDjBrat3y6b//zD84SdaqBc+maHpJOgK5gL7LWcY1gZ7eW0KgP
-----END CERTIFICATE-----