Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/M2NmvdhSM3EX3n7mklEywVTyVrw.roa
File:                     M2NmvdhSM3EX3n7mklEywVTyVrw.roa (raw, json)
Hash identifier:          EiNDORA1jr02kWYXyuVqjP/9QzFPy9+u0jJrIsRG5fo=
Subject key identifier:   33:63:66:BD:D8:52:33:71:17:DE:7E:E6:92:51:32:C1:54:F2:56:BC
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       018CC94CEE89FFBA73C96893D0C729D96557
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/M2NmvdhSM3EX3n7mklEywVTyVrw.roa
Signing time:             Tue 02 Jan 2024 08:31:51 +0000
ROA not before:           Tue 02 Jan 2024 08:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60594
IP address blocks:        155.133.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:ee:89:ff:ba:73:c9:68:93:d0:c7:29:d9:65:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Jan  2 08:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=336366bdd852337117de7ee6925132c154f256bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ab:ec:16:84:2f:32:1a:27:e9:72:a4:45:b4:
                    ef:a0:52:3c:22:58:f4:a6:d7:83:28:2e:49:50:41:
                    00:d5:7f:f2:b4:0d:f2:1e:8f:08:0b:21:f0:dc:74:
                    ed:56:bf:7b:1b:5f:17:4c:53:4b:af:a4:56:44:6e:
                    b2:df:9b:db:30:be:a1:64:7d:64:61:14:b5:fe:31:
                    cd:4a:44:0a:26:c7:17:ce:e4:8e:3c:22:4b:a6:66:
                    d3:47:80:bc:47:62:61:c9:bf:a3:f0:ae:dc:ed:c4:
                    54:33:7a:48:06:91:32:c1:f1:91:9f:9c:75:0e:9b:
                    f4:ea:a3:56:16:df:23:e2:24:59:e9:1c:07:16:80:
                    12:c0:07:ac:3d:1f:e6:20:f2:c1:00:aa:0c:8f:db:
                    4a:fe:a7:bd:aa:e6:03:8d:98:06:f1:fa:ac:f2:4f:
                    e2:0a:69:5f:41:14:b0:d4:55:62:9c:52:80:8c:9d:
                    45:50:e2:f9:33:ad:91:3d:d8:29:d7:ff:f6:e3:09:
                    a0:d7:f6:14:21:c6:09:89:05:03:dd:3e:c0:b7:c9:
                    10:21:45:47:0c:7c:0b:93:fe:7c:4a:11:64:b0:8b:
                    d0:3f:ab:88:e0:a9:a0:0c:22:cf:ab:ea:27:60:91:
                    66:91:6c:6a:7a:32:c4:58:6d:59:46:c7:d1:20:a3:
                    89:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:63:66:BD:D8:52:33:71:17:DE:7E:E6:92:51:32:C1:54:F2:56:BC
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/M2NmvdhSM3EX3n7mklEywVTyVrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.133.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:23:31:5d:72:63:bd:6c:14:30:5f:6e:a9:39:38:b1:a9:0f:
         06:b2:41:32:8d:df:90:21:6f:ef:c8:71:4c:14:51:4b:0c:86:
         79:a9:f9:ee:5a:a6:a9:d7:33:74:bf:60:c4:a3:7c:ce:36:4e:
         cc:b5:a5:c4:f9:b8:63:04:e4:92:cc:af:94:ae:62:dd:ba:9e:
         97:35:38:42:51:5f:f5:b0:42:d6:68:9f:72:f4:c8:ee:c8:bc:
         33:c7:61:82:f0:6b:15:e7:e1:00:80:89:82:b9:ca:88:ea:45:
         c1:a8:87:81:03:40:87:1e:d6:67:14:67:39:59:ec:86:0c:f9:
         b1:89:f2:04:fe:2c:de:7c:12:40:e6:c0:f9:ae:75:34:31:a7:
         69:00:7a:9d:4d:aa:46:30:fa:f2:da:b2:25:dc:94:f8:30:b4:
         03:a0:19:90:ec:c6:30:54:0c:f1:e2:6d:d2:91:5e:40:12:81:
         00:c1:f8:3e:17:a3:13:c7:77:4e:74:03:a7:7c:d6:4a:aa:dd:
         6a:50:03:0a:3b:a3:35:fb:8e:4b:0d:01:00:7c:68:8b:22:ab:
         e5:40:6c:47:d9:2e:bc:24:a3:13:5b:36:73:05:13:07:ff:ec:
         83:c8:2e:02:39:eb:cc:53:e8:b7:18:17:4a:20:0e:69:ef:60:
         e6:ee:cf:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTO6J/7pzyWiT0Mcp2WVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjQwMTAyMDgzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYzNjZiZGQ4NTIzMzcxMTdkZTdlZTY5MjUxMzJjMTU0ZjI1NmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqvsFoQvMhon6XKkRbTvoFI8Ilj0
pteDKC5JUEEA1X/ytA3yHo8ICyHw3HTtVr97G18XTFNLr6RWRG6y35vbML6hZH1k
YRS1/jHNSkQKJscXzuSOPCJLpmbTR4C8R2Jhyb+j8K7c7cRUM3pIBpEywfGRn5x1
Dpv06qNWFt8j4iRZ6RwHFoASwAesPR/mIPLBAKoMj9tK/qe9quYDjZgG8fqs8k/i
CmlfQRSw1FVinFKAjJ1FUOL5M62RPdgp1//24wmg1/YUIcYJiQUD3T7At8kQIUVH
DHwLk/58ShFksIvQP6uI4KmgDCLPq+onYJFmkWxqejLEWG1ZRsfRIKOJnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNjZr3YUjNxF95+5pJRMsFU8la8MB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvTTJObXZkaFNNM0VYM243bWtsRXl3VlR5VnJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm4UgMA0G
CSqGSIb3DQEBCwUAA4IBAQAKIzFdcmO9bBQwX26pOTixqQ8GskEyjd+QIW/vyHFM
FFFLDIZ5qfnuWqap1zN0v2DEo3zONk7MtaXE+bhjBOSSzK+UrmLdup6XNThCUV/1
sELWaJ9y9MjuyLwzx2GC8GsV5+EAgImCucqI6kXBqIeBA0CHHtZnFGc5WeyGDPmx
ifIE/izefBJA5sD5rnU0MadpAHqdTapGMPry2rIl3JT4MLQDoBmQ7MYwVAzx4m3S
kV5AEoEAwfg+F6MTx3dOdAOnfNZKqt1qUAMKO6M1+45LDQEAfGiLIqvlQGxH2S68
JKMTWzZzBRMH/+yDyC4COevMU+i3GBdKIA5p72Dm7s9J
-----END CERTIFICATE-----