Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/M2OH_WFXBTlLndzIp5QUruovXI4.roa
File:                     M2OH_WFXBTlLndzIp5QUruovXI4.roa (raw, json)
Hash identifier:          5zo/dRVK4oui7RPJW8l0zbgckgoUxjo1WMoirNDyfEs=
Subject key identifier:   33:63:87:FD:61:57:05:39:4B:9D:DC:C8:A7:94:14:AE:EA:2F:5C:8E
Certificate issuer:       /CN=65d7f0fd622afd6bd4a2d6ce0f1cbcc07a9c41f1
Certificate serial:       018CC871400D186FDB2204D99558D82F0A30
Authority key identifier: 65:D7:F0:FD:62:2A:FD:6B:D4:A2:D6:CE:0F:1C:BC:C0:7A:9C:41:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zdfw_WIq_WvUotbODxy8wHqcQfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/M2OH_WFXBTlLndzIp5QUruovXI4.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.59.96.0/19 maxlen: 19
                          194.59.121.0/24 maxlen: 24
                          2001:67c:67c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/Zdfw_WIq_WvUotbODxy8wHqcQfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/Zdfw_WIq_WvUotbODxy8wHqcQfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zdfw_WIq_WvUotbODxy8wHqcQfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:40:0d:18:6f:db:22:04:d9:95:58:d8:2f:0a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65d7f0fd622afd6bd4a2d6ce0f1cbcc07a9c41f1
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=336387fd615705394b9ddcc8a79414aeea2f5c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:dc:ff:56:bf:71:d7:4c:f5:05:59:58:66:ca:
                    c5:e9:f5:9d:2d:ee:7b:72:95:1b:a4:a7:66:7d:8b:
                    d2:d3:3a:ac:3d:2c:d9:91:e8:c1:03:73:d2:02:4b:
                    4e:48:dc:b9:26:18:ee:dc:22:d2:07:ad:23:bb:85:
                    23:19:ea:c3:72:68:bf:1c:5c:08:dd:7a:69:3b:ec:
                    c2:a9:a9:5d:1a:00:c6:9c:e0:4d:3f:26:5e:96:19:
                    ec:0f:da:d8:aa:ab:6e:6a:79:a2:c1:5b:4d:0e:3e:
                    28:97:a2:98:cf:2f:01:8f:47:23:d0:7b:b4:80:86:
                    30:76:1e:af:8d:20:eb:73:22:f1:15:ee:20:40:39:
                    f1:d1:a2:4e:0e:a6:a2:fe:13:a0:4d:36:ec:15:07:
                    b3:45:56:19:0a:d7:fc:75:42:41:5f:b6:6b:1a:99:
                    17:ae:4d:57:ef:30:9c:ff:e4:4b:c2:f2:84:1a:27:
                    45:5a:c5:0e:a8:ff:79:70:2d:dd:98:27:3d:e7:b4:
                    9e:4d:00:0e:8d:d9:59:2f:c2:7f:46:2c:66:06:bb:
                    83:20:fe:4a:db:4e:18:86:99:d8:e9:8f:45:23:27:
                    4d:ba:ec:51:87:c9:00:eb:18:6e:2d:14:0b:6e:59:
                    63:28:07:83:3f:be:8f:ed:8a:6b:ad:d0:e0:69:fb:
                    65:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:63:87:FD:61:57:05:39:4B:9D:DC:C8:A7:94:14:AE:EA:2F:5C:8E
            X509v3 Authority Key Identifier:
                keyid:65:D7:F0:FD:62:2A:FD:6B:D4:A2:D6:CE:0F:1C:BC:C0:7A:9C:41:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zdfw_WIq_WvUotbODxy8wHqcQfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/M2OH_WFXBTlLndzIp5QUruovXI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/73f36c-f4f7-4065-9d46-8be4ad57773b/1/Zdfw_WIq_WvUotbODxy8wHqcQfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.96.0/19
                IPv6:
                  2001:67c:67c::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:df:18:8a:d0:1f:00:b1:73:e9:3c:bb:16:48:20:0e:99:5b:
         a4:78:a7:1d:24:4d:f3:46:d9:da:88:d4:8f:68:76:b0:ae:1a:
         2b:6f:3e:c9:e4:1a:af:66:48:cd:9d:27:db:7f:c1:62:7d:9d:
         3c:27:02:ac:da:57:33:41:be:7f:f7:fd:22:5c:40:76:49:1c:
         b1:31:14:8f:e0:dc:a4:44:07:bc:a5:eb:2a:18:03:20:9b:01:
         5a:ec:eb:9b:75:b4:ac:3b:c5:65:9a:0b:82:e4:b3:39:87:2f:
         98:60:0f:b2:fb:e6:7f:b7:3d:4d:54:af:5f:9d:6f:80:ad:ee:
         4a:fe:2a:0d:f0:e3:dc:7f:e7:b8:1a:0d:1a:82:d9:d8:f6:df:
         ad:74:0c:1b:aa:73:34:95:84:51:13:f5:42:dd:1f:72:e8:e5:
         15:eb:ae:66:f3:02:bc:00:ca:33:0a:cc:76:b6:c9:ff:7d:43:
         ed:6d:be:1d:78:a2:f2:70:a1:b3:e8:c7:e8:67:50:5a:af:48:
         f2:32:fb:99:9b:2f:94:0d:dd:7f:c0:8c:72:86:f5:87:c1:c7:
         80:0d:a1:2c:ff:97:f1:8d:5f:7a:14:d2:c5:d3:d6:e2:f7:e9:
         07:6f:2e:80:86:e4:00:1e:81:ab:1c:8a:bc:44:76:33:e9:5d:
         61:cd:8f:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIcUANGG/bIgTZlVjYLwowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZDdmMGZkNjIyYWZkNmJkNGEyZDZjZTBmMWNiY2MwN2E5
YzQxZjEwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYzODdmZDYxNTcwNTM5NGI5ZGRjYzhhNzk0MTRhZWVhMmY1YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldz/Vr9x10z1BVlYZsrF6fWdLe57
cpUbpKdmfYvS0zqsPSzZkejBA3PSAktOSNy5Jhju3CLSB60ju4UjGerDcmi/HFwI
3XppO+zCqaldGgDGnOBNPyZelhnsD9rYqqtuanmiwVtNDj4ol6KYzy8Bj0cj0Hu0
gIYwdh6vjSDrcyLxFe4gQDnx0aJODqai/hOgTTbsFQezRVYZCtf8dUJBX7ZrGpkX
rk1X7zCc/+RLwvKEGidFWsUOqP95cC3dmCc957SeTQAOjdlZL8J/RixmBruDIP5K
204YhpnY6Y9FIydNuuxRh8kA6xhuLRQLblljKAeDP76P7YprrdDgaftlcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDNjh/1hVwU5S53cyKeUFK7qL1yOMB8GA1UdIwQY
MBaAFGXX8P1iKv1r1KLWzg8cvMB6nEHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmRmd19XSXFfV3ZVb3RiT0R4eTh3SHFjUWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83M2YzNmMtZjRmNy00MDY1LTlkNDYt
OGJlNGFkNTc3NzNiLzEvTTJPSF9XRlhCVGxMbmR6SXA1UVVydW92WEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83M2YzNmMtZjRmNy00MDY1LTlkNDYtOGJlNGFkNTc3NzNi
LzEvWmRmd19XSXFfV3ZVb3RiT0R4eTh3SHFjUWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQFwjtgMA8E
AgACMAkDBwAgAQZ8BnwwDQYJKoZIhvcNAQELBQADggEBAGffGIrQHwCxc+k8uxZI
IA6ZW6R4px0kTfNG2dqI1I9odrCuGitvPsnkGq9mSM2dJ9t/wWJ9nTwnAqzaVzNB
vn/3/SJcQHZJHLExFI/g3KREB7yl6yoYAyCbAVrs65t1tKw7xWWaC4LkszmHL5hg
D7L75n+3PU1Ur1+db4Ct7kr+Kg3w49x/57gaDRqC2dj23610DBuqczSVhFET9ULd
H3Lo5RXrrmbzArwAyjMKzHa2yf99Q+1tvh14ovJwobPox+hnUFqvSPIy+5mbL5QN
3X/AjHKG9YfBx4ANoSz/l/GNX3oU0sXT1uL36QdvLoCG5AAegascirxEdjPpXWHN
jz4=
-----END CERTIFICATE-----