Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/m-XnaMrHfvFgyun7kji-hXvkMU4.roa
File:                     m-XnaMrHfvFgyun7kji-hXvkMU4.roa (raw, json)
Hash identifier:          rW/hWNTbODWhmxxg4B8ClBj6wWdVAbjtPwV+PbzG2S8=
Subject key identifier:   9B:E5:E7:68:CA:C7:7E:F1:60:CA:E9:FB:92:38:BE:85:7B:E4:31:4E
Certificate issuer:       /CN=b8207697d0b7c24199e6dd1282b49b56cef0244f
Certificate serial:       0192282C0EC50B027DEE860B909455C82207
Authority key identifier: B8:20:76:97:D0:B7:C2:41:99:E6:DD:12:82:B4:9B:56:CE:F0:24:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/m-XnaMrHfvFgyun7kji-hXvkMU4.roa
Signing time:             Wed 25 Sep 2024 07:53:48 +0000
ROA not before:           Wed 25 Sep 2024 07:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199669
IP address blocks:        194.38.10.0/24 maxlen: 24
                          194.38.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:28:2c:0e:c5:0b:02:7d:ee:86:0b:90:94:55:c8:22:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8207697d0b7c24199e6dd1282b49b56cef0244f
        Validity
            Not Before: Sep 25 07:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9be5e768cac77ef160cae9fb9238be857be4314e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c1:df:48:18:15:2f:af:44:bc:c6:7f:da:bd:
                    43:e9:9c:fd:cb:a4:c3:91:ac:66:f4:9d:b6:74:bb:
                    30:da:fb:ec:90:4d:a5:3d:ee:2c:c5:70:e0:8e:1e:
                    93:7b:a8:ba:53:b8:5e:8a:ef:ff:2f:3e:b9:74:d8:
                    54:44:c2:78:cd:55:b6:33:c8:55:aa:ac:c5:1a:36:
                    e0:37:bb:f1:3e:22:68:c9:6e:30:31:08:da:be:4c:
                    c6:6c:5b:47:60:d7:ac:bd:f4:8d:85:bc:9d:62:d6:
                    5b:66:3f:55:76:3d:ea:53:de:3e:4f:17:fd:70:3f:
                    43:2a:00:88:62:7d:44:4b:71:62:79:ea:a1:02:bd:
                    5a:0a:70:8c:a1:ef:72:30:34:17:df:27:8e:43:76:
                    55:f6:6c:2a:16:a5:fc:16:76:56:7a:7e:6c:19:52:
                    75:c3:0a:77:2c:0b:e3:d7:58:21:32:aa:3d:e9:a0:
                    1c:61:9c:68:d2:37:97:30:71:45:b2:68:8d:09:69:
                    23:df:9f:6e:b4:d0:18:97:d6:1d:11:10:1c:ca:5f:
                    15:db:72:3e:26:29:16:36:0c:44:00:f1:c7:1c:b3:
                    0f:3d:5d:0e:e3:4e:a8:66:61:f9:5d:2f:61:6c:e4:
                    50:f8:24:a0:08:98:4d:7d:4f:8b:cd:d3:f0:16:fa:
                    63:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E5:E7:68:CA:C7:7E:F1:60:CA:E9:FB:92:38:BE:85:7B:E4:31:4E
            X509v3 Authority Key Identifier:
                keyid:B8:20:76:97:D0:B7:C2:41:99:E6:DD:12:82:B4:9B:56:CE:F0:24:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/m-XnaMrHfvFgyun7kji-hXvkMU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:80:fd:70:39:70:e3:92:e1:65:2a:2b:6a:d9:5a:34:4c:4a:
         bc:00:7d:ae:6f:63:7c:33:6e:58:03:fc:b9:84:f8:d2:de:c6:
         80:eb:2b:12:cd:a7:0f:21:eb:9b:90:be:b7:34:4e:e1:a4:af:
         c2:66:59:7f:ab:bc:34:3e:0f:93:97:c5:05:69:56:13:cb:2b:
         55:32:9f:de:1b:92:61:15:c9:d8:14:99:fc:13:6c:71:ad:db:
         6d:7b:ac:7e:5a:e7:fc:26:92:4d:69:2a:70:e0:fb:87:5e:58:
         31:f3:ab:9e:95:02:5a:33:10:55:8a:32:cd:17:eb:0f:11:c6:
         f1:b3:2c:32:2b:8c:c1:c8:d6:44:35:7b:ae:ba:b3:1d:b6:5b:
         ee:42:10:1a:42:87:4b:fc:25:56:dc:1c:f9:db:25:02:cd:09:
         6a:fd:c5:48:47:4f:26:f8:aa:f5:f2:e1:b2:2c:2c:1a:29:9a:
         5e:f3:2b:ff:71:ce:68:91:35:a1:da:c1:b1:d0:9d:51:66:f5:
         c4:05:16:18:f0:fd:36:44:25:19:92:c5:d7:81:b5:f6:d0:2e:
         8b:1b:f3:0a:37:77:c8:85:e5:e1:16:e0:7b:cd:74:fc:26:a2:
         db:6a:f6:b0:c9:15:ce:d8:89:5f:33:80:d8:94:37:a4:99:f2:
         c0:ff:e5:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIoLA7FCwJ97oYLkJRVyCIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MjA3Njk3ZDBiN2MyNDE5OWU2ZGQxMjgyYjQ5YjU2Y2Vm
MDI0NGYwHhcNMjQwOTI1MDc1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmU1ZTc2OGNhYzc3ZWYxNjBjYWU5ZmI5MjM4YmU4NTdiZTQzMTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsHfSBgVL69EvMZ/2r1D6Zz9y6TD
kaxm9J22dLsw2vvskE2lPe4sxXDgjh6Te6i6U7heiu//Lz65dNhURMJ4zVW2M8hV
qqzFGjbgN7vxPiJoyW4wMQjavkzGbFtHYNesvfSNhbydYtZbZj9Vdj3qU94+Txf9
cD9DKgCIYn1ES3FieeqhAr1aCnCMoe9yMDQX3yeOQ3ZV9mwqFqX8FnZWen5sGVJ1
wwp3LAvj11ghMqo96aAcYZxo0jeXMHFFsmiNCWkj359utNAYl9YdERAcyl8V23I+
JikWNgxEAPHHHLMPPV0O406oZmH5XS9hbORQ+CSgCJhNfU+LzdPwFvpjvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvl52jKx37xYMrp+5I4voV75DFOMB8GA1UdIwQY
MBaAFLggdpfQt8JBmebdEoK0m1bO8CRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUNCMmw5QzN3a0daNXQwU2dyU2JWczd3SkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9iOTkzZWYtYWFhNy00MDBjLThkYjct
OTZkMzA0YzhkYjAyLzEvbS1YbmFNckhmdkZneXVuN2tqaS1oWHZrTVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9iOTkzZWYtYWFhNy00MDBjLThkYjctOTZkMzA0YzhkYjAy
LzEvdUNCMmw5QzN3a0daNXQwU2dyU2JWczd3SkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiYKMA0G
CSqGSIb3DQEBCwUAA4IBAQBbgP1wOXDjkuFlKitq2Vo0TEq8AH2ub2N8M25YA/y5
hPjS3saA6ysSzacPIeubkL63NE7hpK/CZll/q7w0Pg+Tl8UFaVYTyytVMp/eG5Jh
FcnYFJn8E2xxrdtte6x+Wuf8JpJNaSpw4PuHXlgx86uelQJaMxBVijLNF+sPEcbx
sywyK4zByNZENXuuurMdtlvuQhAaQodL/CVW3Bz52yUCzQlq/cVIR08m+Kr18uGy
LCwaKZpe8yv/cc5okTWh2sGx0J1RZvXEBRYY8P02RCUZksXXgbX20C6LG/MKN3fI
heXhFuB7zXT8JqLbavawyRXO2IlfM4DYlDekmfLA/+W6
-----END CERTIFICATE-----