Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/mWXMa4dC33KXdbyhmRJVNcEMCXQ.roa
File:                     mWXMa4dC33KXdbyhmRJVNcEMCXQ.roa (raw, json)
Hash identifier:          Ex032lvTGot1BocrdW+67w/RPUOcm3iOvnPMdEQ/twk=
Subject key identifier:   99:65:CC:6B:87:42:DF:72:97:75:BC:A1:99:12:55:35:C1:0C:09:74
Certificate issuer:       /CN=94dec641051b026b95c8459150ca47ddaec89668
Certificate serial:       018CCA9A0E70F8199327EC97249759BE35C0
Authority key identifier: 94:DE:C6:41:05:1B:02:6B:95:C8:45:91:50:CA:47:DD:AE:C8:96:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/mWXMa4dC33KXdbyhmRJVNcEMCXQ.roa
Signing time:             Tue 02 Jan 2024 14:35:42 +0000
ROA not before:           Tue 02 Jan 2024 14:35:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206768
IP address blocks:        185.79.212.0/24 maxlen: 24
                          2a01:7640:9000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:0e:70:f8:19:93:27:ec:97:24:97:59:be:35:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94dec641051b026b95c8459150ca47ddaec89668
        Validity
            Not Before: Jan  2 14:35:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9965cc6b8742df729775bca199125535c10c0974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:40:90:43:35:fa:a9:c3:e7:c6:27:1e:53:47:
                    1c:dc:aa:84:a2:ca:35:1e:50:df:7c:f4:55:18:3a:
                    ad:7b:5a:e2:81:1f:10:83:07:39:e7:c0:a4:6e:4a:
                    65:00:49:43:ca:6d:09:95:35:62:85:c8:a7:f4:2d:
                    fb:4a:b6:cd:ee:d0:bb:f3:26:6b:f5:12:67:f8:4a:
                    54:06:f9:db:69:bf:f9:b1:32:bb:63:9d:9f:ef:a0:
                    78:45:81:0a:77:ac:0e:7b:cd:f2:94:f0:eb:88:c8:
                    bc:3a:92:1e:e7:1f:d6:3d:d9:ff:28:c1:45:cf:02:
                    2b:02:2f:78:af:4b:53:a0:54:6c:89:77:2d:9a:9a:
                    30:c3:36:41:96:66:f7:61:56:ac:03:d3:e7:07:b1:
                    48:fa:2c:31:b4:b7:83:1b:31:c7:29:f1:48:dc:d3:
                    f7:eb:51:f0:be:9c:19:4a:2b:43:55:48:2e:74:ad:
                    7b:02:62:7a:63:81:8a:e9:93:0d:af:72:d2:e4:b4:
                    4e:58:c2:e7:71:87:df:d7:93:0d:c7:f6:0c:52:97:
                    c0:08:1e:f5:60:6c:11:14:33:a6:85:d4:52:56:91:
                    ab:47:09:ee:86:89:e1:ac:4c:87:40:4d:69:8e:5b:
                    51:ae:55:99:d0:62:5d:b0:fb:72:53:3e:cf:ad:00:
                    63:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:65:CC:6B:87:42:DF:72:97:75:BC:A1:99:12:55:35:C1:0C:09:74
            X509v3 Authority Key Identifier:
                keyid:94:DE:C6:41:05:1B:02:6B:95:C8:45:91:50:CA:47:DD:AE:C8:96:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/mWXMa4dC33KXdbyhmRJVNcEMCXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/351113-ed85-42b2-b64f-9ea64862a9ab/1/lN7GQQUbAmuVyEWRUMpH3a7Ilmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.212.0/24
                IPv6:
                  2a01:7640:9000::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:64:49:17:df:06:b4:a8:a7:90:e5:b3:f7:a7:da:dc:ac:3a:
         ce:f0:0b:4d:33:b1:33:bd:6b:2e:23:1d:cf:65:aa:99:53:a9:
         2c:e1:54:87:1a:51:6a:65:33:a1:37:09:3a:c3:5d:ee:3c:d1:
         f6:9d:18:01:07:83:70:95:5d:43:dc:41:f7:d8:88:d0:3c:94:
         51:56:93:79:44:0f:f9:45:54:94:d7:f6:b1:97:fb:a7:57:7a:
         7e:d5:d8:5f:50:3a:d8:de:d5:de:cd:cb:4e:a4:15:63:44:a8:
         4b:25:70:c8:db:de:dd:3e:78:8b:ca:ed:2e:61:1e:ff:4f:ae:
         88:82:07:c0:86:52:ce:64:0f:bb:2a:a1:ff:fd:71:a8:fd:df:
         c2:cf:61:23:5a:1f:99:01:3c:61:c6:87:ff:67:79:22:cc:7f:
         ca:0d:47:e2:f6:a8:b6:16:cb:8d:86:cc:24:ec:3f:e8:c2:25:
         dd:13:c6:b0:83:05:8b:04:bd:82:93:1c:16:ca:b3:35:a3:50:
         00:19:29:87:fb:d9:7d:60:99:86:3f:ed:38:01:25:8f:1a:4a:
         7c:8f:0a:38:51:e8:8b:3f:ce:18:53:34:e9:16:db:11:6f:63:
         15:15:46:bd:5b:9d:a4:6c:bb:e2:71:ed:7a:f7:93:25:c2:a7:
         2c:4c:df:e3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmg5w+BmTJ+yXJJdZvjXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZGVjNjQxMDUxYjAyNmI5NWM4NDU5MTUwY2E0N2RkYWVj
ODk2NjgwHhcNMjQwMTAyMTQzNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTY1Y2M2Yjg3NDJkZjcyOTc3NWJjYTE5OTEyNTUzNWMxMGMwOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmECQQzX6qcPnxiceU0cc3KqEoso1
HlDffPRVGDqte1rigR8Qgwc558CkbkplAElDym0JlTVihcin9C37SrbN7tC78yZr
9RJn+EpUBvnbab/5sTK7Y52f76B4RYEKd6wOe83ylPDriMi8OpIe5x/WPdn/KMFF
zwIrAi94r0tToFRsiXctmpowwzZBlmb3YVasA9PnB7FI+iwxtLeDGzHHKfFI3NP3
61HwvpwZSitDVUgudK17AmJ6Y4GK6ZMNr3LS5LROWMLncYff15MNx/YMUpfACB71
YGwRFDOmhdRSVpGrRwnuhonhrEyHQE1pjltRrlWZ0GJdsPtyUz7PrQBjGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJllzGuHQt9yl3W8oZkSVTXBDAl0MB8GA1UdIwQY
MBaAFJTexkEFGwJrlchFkVDKR92uyJZoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE43R1FRVWJBbXVWeUVXUlVNcEgzYTdJbG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi8zNTExMTMtZWQ4NS00MmIyLWI2NGYt
OWVhNjQ4NjJhOWFiLzEvbVdYTWE0ZEMzM0tYZGJ5aG1SSlZOY0VNQ1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi8zNTExMTMtZWQ4NS00MmIyLWI2NGYtOWVhNjQ4NjJhOWFi
LzEvbE43R1FRVWJBbXVWeUVXUlVNcEgzYTdJbG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuU/UMA8E
AgACMAkDBwAqAXZAkAAwDQYJKoZIhvcNAQELBQADggEBAH1kSRffBrSop5Dls/en
2tysOs7wC00zsTO9ay4jHc9lqplTqSzhVIcaUWplM6E3CTrDXe480fadGAEHg3CV
XUPcQffYiNA8lFFWk3lED/lFVJTX9rGX+6dXen7V2F9QOtje1d7Ny06kFWNEqEsl
cMjb3t0+eIvK7S5hHv9ProiCB8CGUs5kD7sqof/9caj938LPYSNaH5kBPGHGh/9n
eSLMf8oNR+L2qLYWy42GzCTsP+jCJd0TxrCDBYsEvYKTHBbKszWjUAAZKYf72X1g
mYY/7TgBJY8aSnyPCjhR6Is/zhhTNOkW2xFvYxUVRr1bnaRsu+Jx7Xr3kyXCpyxM
3+M=
-----END CERTIFICATE-----