Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/mfzeQJpvmP7ZzSvsC9sU-G4Yig4.roa
File:                     mfzeQJpvmP7ZzSvsC9sU-G4Yig4.roa (raw, json)
Hash identifier:          Uy1mDDjUHMKihQvgnchtP8tcWT4Fmd7rzu2EXVQYt14=
Subject key identifier:   99:FC:DE:40:9A:6F:98:FE:D9:CD:2B:EC:0B:DB:14:F8:6E:18:8A:0E
Certificate issuer:       /CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Certificate serial:       018CC3B726DEB12C99D1E04A9823A4F2789D
Authority key identifier: 53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/mfzeQJpvmP7ZzSvsC9sU-G4Yig4.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.239.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:26:de:b1:2c:99:d1:e0:4a:98:23:a4:f2:78:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99fcde409a6f98fed9cd2bec0bdb14f86e188a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:39:0d:51:a0:c1:b9:01:9e:e7:05:23:e1:3f:
                    41:ee:e7:33:c5:72:66:4e:40:bb:e2:ea:1a:40:79:
                    22:3b:9b:72:48:fa:29:b7:db:90:53:1f:b3:1c:48:
                    b6:2c:f2:db:50:5f:c3:42:78:f2:d1:8f:71:ee:d2:
                    eb:7e:0c:0a:11:d8:99:e6:57:f5:eb:ee:7b:74:7c:
                    8b:22:d5:c4:b8:15:46:27:09:92:af:b8:22:7e:eb:
                    41:d7:57:1c:3e:4a:d6:4a:fc:1d:6c:ca:7c:3a:15:
                    ab:ab:6a:50:5b:e1:3c:dc:7d:98:d8:0b:7f:1c:03:
                    ae:e6:c8:37:db:8e:d3:13:dc:77:5c:91:4f:7f:c1:
                    92:fc:cf:9b:f6:5d:c9:90:79:07:78:fe:df:e3:8e:
                    f0:cd:19:fc:01:92:63:9e:bd:88:17:cf:45:30:df:
                    22:9c:85:c4:1f:72:4c:9f:ab:c2:73:9e:9d:06:33:
                    a6:8e:69:6e:b7:64:e0:51:d7:fa:11:ac:71:38:df:
                    82:12:d0:10:7a:33:3c:f3:3c:81:64:f5:ec:1d:24:
                    24:45:6b:3a:b0:f1:23:8f:3f:4f:c3:e0:fa:f2:47:
                    7f:29:dd:6b:1d:66:ed:cb:ef:05:0f:45:86:69:ff:
                    7d:b7:43:23:a3:1c:f2:cb:b6:33:a6:1c:79:df:10:
                    4e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FC:DE:40:9A:6F:98:FE:D9:CD:2B:EC:0B:DB:14:F8:6E:18:8A:0E
            X509v3 Authority Key Identifier:
                keyid:53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/mfzeQJpvmP7ZzSvsC9sU-G4Yig4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:0f:99:b9:fd:01:06:55:29:7c:fc:92:6d:76:e2:03:6b:84:
         ba:86:1e:c4:63:a2:b3:7a:50:d0:28:aa:c9:f0:b6:cd:e2:4e:
         ed:2a:ff:9b:69:00:69:86:f6:dc:9b:5c:71:89:d8:d6:95:e2:
         59:5d:cf:23:96:a8:89:45:a5:e8:5e:56:9f:d9:13:c9:a7:ff:
         97:25:82:61:c0:7a:e8:17:86:f2:1f:5a:75:28:27:9e:05:d2:
         6f:b7:15:cf:67:d1:50:ea:27:0a:72:d7:f0:91:c4:59:f9:ff:
         8e:34:22:c0:d3:6f:c8:58:f9:b9:c4:74:98:3d:af:31:82:8d:
         f7:f8:4d:cd:66:c6:a6:cf:a7:32:67:aa:84:c8:79:25:ff:25:
         94:d9:1d:29:b8:32:6d:1f:53:d9:1b:0b:9f:5d:55:e1:e1:85:
         8f:e8:9e:9d:a9:ca:10:f0:17:5b:39:5b:f0:38:9e:54:14:3b:
         dc:60:50:77:34:f7:88:e7:33:fc:56:52:6f:3f:f1:44:76:20:
         e8:e1:15:83:73:48:9f:da:7c:cb:c0:70:89:76:c5:9d:b4:da:
         31:73:4d:48:45:8a:e1:11:3f:d2:30:de:94:a9:c2:a0:84:08:
         67:41:1d:3b:5e:7c:97:85:42:88:70:bc:14:15:0a:b3:88:46:
         6d:71:14:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtybesSyZ0eBKmCOk8nidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDAzNTlmOWY4YjIwODE1Y2U0ZDk4OGUxMDliZjgyMzA2
ZTRjNzQwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZjZGU0MDlhNmY5OGZlZDljZDJiZWMwYmRiMTRmODZlMTg4YTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzkNUaDBuQGe5wUj4T9B7uczxXJm
TkC74uoaQHkiO5tySPopt9uQUx+zHEi2LPLbUF/DQnjy0Y9x7tLrfgwKEdiZ5lf1
6+57dHyLItXEuBVGJwmSr7gifutB11ccPkrWSvwdbMp8OhWrq2pQW+E83H2Y2At/
HAOu5sg3247TE9x3XJFPf8GS/M+b9l3JkHkHeP7f447wzRn8AZJjnr2IF89FMN8i
nIXEH3JMn6vCc56dBjOmjmlut2TgUdf6EaxxON+CEtAQejM88zyBZPXsHSQkRWs6
sPEjjz9Pw+D68kd/Kd1rHWbty+8FD0WGaf99t0Mjoxzyy7Yzphx53xBO5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn83kCab5j+2c0r7AvbFPhuGIoOMB8GA1UdIwQY
MBaAFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTkt
YTZjNDljZTkwNzU2LzEvbWZ6ZVFKcHZtUDdaelN2c0M5c1UtRzRZaWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTktYTZjNDljZTkwNzU2
LzEvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+/MA0G
CSqGSIb3DQEBCwUAA4IBAQAMD5m5/QEGVSl8/JJtduIDa4S6hh7EY6KzelDQKKrJ
8LbN4k7tKv+baQBphvbcm1xxidjWleJZXc8jlqiJRaXoXlaf2RPJp/+XJYJhwHro
F4byH1p1KCeeBdJvtxXPZ9FQ6icKctfwkcRZ+f+ONCLA02/IWPm5xHSYPa8xgo33
+E3NZsamz6cyZ6qEyHkl/yWU2R0puDJtH1PZGwufXVXh4YWP6J6dqcoQ8BdbOVvw
OJ5UFDvcYFB3NPeI5zP8VlJvP/FEdiDo4RWDc0if2nzLwHCJdsWdtNoxc01IRYrh
ET/SMN6UqcKghAhnQR07XnyXhUKIcLwUFQqziEZtcRSR
-----END CERTIFICATE-----