Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1a6888-b9ad-4b81-b935-6beaee5b58a3/1/TMU3yyVqBpcm-SueLtMjBMmrOGM.roa
File:                     TMU3yyVqBpcm-SueLtMjBMmrOGM.roa (raw, json)
Hash identifier:          MrGqP3N2SUuR2zsJEziUimKULBlboWtxiNL31qOGtBk=
Subject key identifier:   4C:C5:37:CB:25:6A:06:97:26:F9:2B:9E:2E:D3:23:04:C9:AB:38:63
Certificate issuer:       /CN=8546af18f7078aac00c2fcd2ca67f93280217e15
Certificate serial:       018CC26D366E088BE711D8C94F0F8C8A18AF
Authority key identifier: 85:46:AF:18:F7:07:8A:AC:00:C2:FC:D2:CA:67:F9:32:80:21:7E:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUavGPcHiqwAwvzSymf5MoAhfhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1a6888-b9ad-4b81-b935-6beaee5b58a3/1/TMU3yyVqBpcm-SueLtMjBMmrOGM.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43046
IP address blocks:        194.102.131.0/24 maxlen: 24
                          2001:67c:53c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1a6888-b9ad-4b81-b935-6beaee5b58a3/1/hUavGPcHiqwAwvzSymf5MoAhfhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1a6888-b9ad-4b81-b935-6beaee5b58a3/1/hUavGPcHiqwAwvzSymf5MoAhfhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUavGPcHiqwAwvzSymf5MoAhfhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:6e:08:8b:e7:11:d8:c9:4f:0f:8c:8a:18:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8546af18f7078aac00c2fcd2ca67f93280217e15
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc537cb256a069726f92b9e2ed32304c9ab3863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e9:e1:35:26:01:9a:e7:f9:bf:1e:20:d5:fc:
                    41:cd:1a:c5:0d:74:c3:e6:62:f2:74:51:d9:8b:f7:
                    05:12:e7:f4:69:e3:4d:d1:dc:e5:b1:c8:f3:e3:e3:
                    df:ab:48:cb:72:56:e8:32:5d:9c:19:cf:b1:72:ad:
                    1c:20:d9:e8:4f:f0:ff:97:ba:01:38:3d:f4:77:ce:
                    a5:ca:73:38:c6:2c:7d:70:11:52:9c:e3:84:43:9a:
                    09:15:79:16:3d:8a:e4:a6:57:0a:a2:a6:7f:c5:84:
                    78:f2:33:51:d0:f6:81:35:7e:73:10:b1:94:d2:a1:
                    e7:48:ce:80:a4:ea:80:26:61:51:47:23:80:5d:8a:
                    b0:64:8f:b5:80:ef:39:9c:c0:37:bb:ef:41:62:98:
                    e2:90:7f:31:58:ac:69:c7:d3:b4:fb:6c:05:43:a9:
                    82:ce:e2:f3:dc:1d:b6:af:5b:32:c7:28:81:ae:20:
                    cd:d4:b8:ba:e6:71:14:b3:22:f9:8b:67:3c:da:0a:
                    6e:b3:b6:31:7d:cc:1b:f0:bb:3e:c4:30:c1:6e:ab:
                    c5:88:30:4d:a4:82:d7:98:41:b9:96:c5:52:e4:6a:
                    0d:47:1b:90:e3:d0:b3:95:61:d9:c6:df:c0:98:14:
                    8a:e5:f5:75:58:28:c2:36:0f:05:af:1d:c1:80:f4:
                    00:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C5:37:CB:25:6A:06:97:26:F9:2B:9E:2E:D3:23:04:C9:AB:38:63
            X509v3 Authority Key Identifier:
                keyid:85:46:AF:18:F7:07:8A:AC:00:C2:FC:D2:CA:67:F9:32:80:21:7E:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUavGPcHiqwAwvzSymf5MoAhfhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1a6888-b9ad-4b81-b935-6beaee5b58a3/1/TMU3yyVqBpcm-SueLtMjBMmrOGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1a6888-b9ad-4b81-b935-6beaee5b58a3/1/hUavGPcHiqwAwvzSymf5MoAhfhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.131.0/24
                IPv6:
                  2001:67c:53c::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:4d:4c:e1:36:27:8a:75:7c:ef:83:05:3b:ef:a8:20:c8:8e:
         26:12:04:d1:65:27:c9:3c:68:ca:d9:9f:42:b3:02:c2:29:3f:
         45:e0:74:06:8a:0b:41:bd:69:4c:35:20:46:29:b2:d5:ad:15:
         20:b5:9d:ab:8f:80:dc:f4:67:61:ee:02:f8:c8:08:0d:a4:e9:
         bd:d1:1c:59:56:4f:90:a0:69:17:99:c6:f8:e6:42:d4:9b:eb:
         fc:ae:87:5b:f3:e0:cc:f8:a7:6e:0d:bb:90:03:36:86:ff:06:
         13:6e:a2:91:55:3c:e9:82:2d:9c:fb:b6:eb:ed:e5:92:8f:6e:
         c8:85:e5:09:61:19:24:b3:4c:bb:aa:9c:6a:f8:8c:92:1e:66:
         e4:fa:8c:03:98:d1:e4:1f:b8:90:d4:a7:31:a2:ae:e2:7e:4d:
         79:24:35:35:8e:19:fc:cb:e2:40:16:38:e1:85:f0:89:bb:0c:
         d7:1f:f9:fb:0a:a6:0c:3d:2c:df:a3:5a:a3:90:a5:b5:d2:35:
         78:bb:1c:0b:13:9d:b1:9a:ef:04:ec:c2:11:d5:14:21:53:b4:
         a1:e0:57:cf:44:4c:a5:b3:93:34:83:95:d3:88:cd:fe:16:2f:
         f2:af:94:0b:48:c5:66:91:c6:b0:54:e2:18:7b:37:5d:b7:f0:
         3e:b9:63:dd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbTZuCIvnEdjJTw+MihivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NDZhZjE4ZjcwNzhhYWMwMGMyZmNkMmNhNjdmOTMyODAy
MTdlMTUwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M1MzdjYjI1NmEwNjk3MjZmOTJiOWUyZWQzMjMwNGM5YWIzODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3enhNSYBmuf5vx4g1fxBzRrFDXTD
5mLydFHZi/cFEuf0aeNN0dzlscjz4+Pfq0jLclboMl2cGc+xcq0cINnoT/D/l7oB
OD30d86lynM4xix9cBFSnOOEQ5oJFXkWPYrkplcKoqZ/xYR48jNR0PaBNX5zELGU
0qHnSM6ApOqAJmFRRyOAXYqwZI+1gO85nMA3u+9BYpjikH8xWKxpx9O0+2wFQ6mC
zuLz3B22r1syxyiBriDN1Li65nEUsyL5i2c82gpus7Yxfcwb8Ls+xDDBbqvFiDBN
pILXmEG5lsVS5GoNRxuQ49CzlWHZxt/AmBSK5fV1WCjCNg8Frx3BgPQASQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEzFN8slagaXJvkrni7TIwTJqzhjMB8GA1UdIwQY
MBaAFIVGrxj3B4qsAML80spn+TKAIX4VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFVhdkdQY0hpcXdBd3Z6U3ltZjVNb0FoZmhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xYTY4ODgtYjlhZC00YjgxLWI5MzUt
NmJlYWVlNWI1OGEzLzEvVE1VM3l5VnFCcGNtLVN1ZUx0TWpCTW1yT0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xYTY4ODgtYjlhZC00YjgxLWI5MzUtNmJlYWVlNWI1OGEz
LzEvaFVhdkdQY0hpcXdBd3Z6U3ltZjVNb0FoZmhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwmaDMA8E
AgACMAkDBwAgAQZ8BTwwDQYJKoZIhvcNAQELBQADggEBAFlNTOE2J4p1fO+DBTvv
qCDIjiYSBNFlJ8k8aMrZn0KzAsIpP0XgdAaKC0G9aUw1IEYpstWtFSC1nauPgNz0
Z2HuAvjICA2k6b3RHFlWT5CgaReZxvjmQtSb6/yuh1vz4Mz4p24Nu5ADNob/BhNu
opFVPOmCLZz7tuvt5ZKPbsiF5QlhGSSzTLuqnGr4jJIeZuT6jAOY0eQfuJDUpzGi
ruJ+TXkkNTWOGfzL4kAWOOGF8Im7DNcf+fsKpgw9LN+jWqOQpbXSNXi7HAsTnbGa
7wTswhHVFCFTtKHgV89ETKWzkzSDldOIzf4WL/KvlAtIxWaRxrBU4hh7N1238D65
Y90=
-----END CERTIFICATE-----