Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/mrmBoPQNoYAQ9v8EbfsBtpuNHis.roa
File:                     mrmBoPQNoYAQ9v8EbfsBtpuNHis.roa (raw, json)
Hash identifier:          pJ3JvIjoNVM7UQZbc5xhwzHWTqmyUmQSCchvopQh/QY=
Subject key identifier:   9A:B9:81:A0:F4:0D:A1:80:10:F6:FF:04:6D:FB:01:B6:9B:8D:1E:2B
Certificate issuer:       /CN=e9d880e887077fad82b74c998010fa9b253e0ea8
Certificate serial:       018CC794F4D7BEA0CC9E46F7ED1E639B85B3
Authority key identifier: E9:D8:80:E8:87:07:7F:AD:82:B7:4C:99:80:10:FA:9B:25:3E:0E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/mrmBoPQNoYAQ9v8EbfsBtpuNHis.roa
Signing time:             Tue 02 Jan 2024 00:31:17 +0000
ROA not before:           Tue 02 Jan 2024 00:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        62.201.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 06:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f4:d7:be:a0:cc:9e:46:f7:ed:1e:63:9b:85:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9d880e887077fad82b74c998010fa9b253e0ea8
        Validity
            Not Before: Jan  2 00:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ab981a0f40da18010f6ff046dfb01b69b8d1e2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:26:56:10:f4:50:7b:4e:10:b1:ce:93:63:f0:
                    5a:df:79:a3:7c:26:56:8e:3d:8f:f6:a0:48:28:6e:
                    39:43:fe:18:c1:a8:d3:05:74:4b:d6:6b:58:8d:f3:
                    74:d4:7f:9c:e0:7a:85:e5:dd:b7:a6:1a:c6:11:0d:
                    b9:96:26:66:bb:93:05:cf:dd:fa:df:63:f3:2a:f7:
                    0b:4c:e1:8c:30:ee:ea:63:d2:b5:95:84:43:65:be:
                    3b:34:90:da:b7:90:13:37:33:fe:83:6b:d6:8f:bc:
                    07:6e:79:2c:e0:35:2e:27:59:95:60:1f:b0:c1:76:
                    ec:4d:66:60:58:0c:db:4e:f0:28:80:62:8d:9b:6e:
                    ca:d5:31:2b:f9:65:72:f4:ea:1f:f9:29:d1:28:5f:
                    f4:12:2c:91:5c:2b:86:86:43:6d:7f:2b:69:ab:f6:
                    11:b6:79:fe:4b:75:6f:61:a9:7d:a7:24:d4:a5:52:
                    44:66:7a:ff:f5:41:25:a0:e6:52:c2:89:f0:95:79:
                    96:b3:9b:91:be:ee:64:20:53:26:09:17:76:6d:b4:
                    2c:51:63:bf:6a:40:f1:98:84:c1:2d:df:54:27:07:
                    2d:7b:84:09:59:e2:bf:a6:d3:68:87:03:5a:bb:df:
                    a2:6c:17:68:35:f6:b9:01:bd:30:17:da:ae:16:d2:
                    1e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B9:81:A0:F4:0D:A1:80:10:F6:FF:04:6D:FB:01:B6:9B:8D:1E:2B
            X509v3 Authority Key Identifier:
                keyid:E9:D8:80:E8:87:07:7F:AD:82:B7:4C:99:80:10:FA:9B:25:3E:0E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6diA6IcHf62Ct0yZgBD6myU-Dqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/mrmBoPQNoYAQ9v8EbfsBtpuNHis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/dbdad2-7c43-4cac-b4a6-facf48586249/1/6diA6IcHf62Ct0yZgBD6myU-Dqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.201.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:d6:4b:e5:42:9c:35:af:29:d6:84:ef:6b:0f:06:9d:7a:1f:
         00:cc:04:cf:cf:70:58:59:f6:0f:35:49:e4:54:56:fc:9e:34:
         a1:cf:4b:e9:ca:07:b4:14:ee:4f:03:bf:7c:5c:30:a0:4d:3f:
         82:5c:19:b8:20:04:5b:77:55:24:be:09:14:a3:3f:12:4f:44:
         ee:33:7a:a4:30:7e:91:95:07:79:3a:31:c0:7f:f3:d0:2e:1f:
         e3:69:49:2e:66:59:47:33:ca:02:83:86:fe:67:f8:be:26:52:
         f9:4e:8b:02:4f:58:eb:6b:a5:fc:04:9c:7a:d8:c8:56:40:e2:
         64:e9:63:de:e0:dd:69:57:34:61:2c:90:99:33:ca:41:98:5e:
         4b:90:9d:e4:ed:ce:59:5f:a3:e4:4d:3f:6c:d8:f7:92:c3:48:
         3f:74:7c:28:7d:46:4e:49:cd:91:6f:d7:23:2e:f8:e2:4a:22:
         71:84:23:f3:96:d8:29:4c:c5:d7:c9:95:b8:8d:c9:c0:b5:fd:
         d3:7b:52:28:27:60:89:bd:18:8e:e3:d2:73:13:2e:27:c8:32:
         c5:14:94:51:f8:cd:c7:7a:de:48:f1:a3:8f:b6:97:a0:0d:b8:
         2f:dd:86:1d:83:11:b6:74:6b:58:b8:28:21:92:9f:4c:5c:b5:
         9a:28:bc:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPTXvqDMnkb37R5jm4WzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZDg4MGU4ODcwNzdmYWQ4MmI3NGM5OTgwMTBmYTliMjUz
ZTBlYTgwHhcNMjQwMTAyMDAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWI5ODFhMGY0MGRhMTgwMTBmNmZmMDQ2ZGZiMDFiNjliOGQxZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiZWEPRQe04Qsc6TY/Ba33mjfCZW
jj2P9qBIKG45Q/4YwajTBXRL1mtYjfN01H+c4HqF5d23phrGEQ25liZmu5MFz936
32PzKvcLTOGMMO7qY9K1lYRDZb47NJDat5ATNzP+g2vWj7wHbnks4DUuJ1mVYB+w
wXbsTWZgWAzbTvAogGKNm27K1TEr+WVy9Oof+SnRKF/0EiyRXCuGhkNtfytpq/YR
tnn+S3VvYal9pyTUpVJEZnr/9UEloOZSwonwlXmWs5uRvu5kIFMmCRd2bbQsUWO/
akDxmITBLd9UJwcte4QJWeK/ptNohwNau9+ibBdoNfa5Ab0wF9quFtIe7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJq5gaD0DaGAEPb/BG37AbabjR4rMB8GA1UdIwQY
MBaAFOnYgOiHB3+tgrdMmYAQ+pslPg6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmRpQTZJY0hmNjJDdDB5WmdCRDZteVUtRHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kYmRhZDItN2M0My00Y2FjLWI0YTYt
ZmFjZjQ4NTg2MjQ5LzEvbXJtQm9QUU5vWUFROXY4RWJmc0J0cHVOSGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kYmRhZDItN2M0My00Y2FjLWI0YTYtZmFjZjQ4NTg2MjQ5
LzEvNmRpQTZJY0hmNjJDdDB5WmdCRDZteVUtRHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPsmsMA0G
CSqGSIb3DQEBCwUAA4IBAQCl1kvlQpw1rynWhO9rDwadeh8AzATPz3BYWfYPNUnk
VFb8njShz0vpyge0FO5PA798XDCgTT+CXBm4IARbd1UkvgkUoz8ST0TuM3qkMH6R
lQd5OjHAf/PQLh/jaUkuZllHM8oCg4b+Z/i+JlL5TosCT1jra6X8BJx62MhWQOJk
6WPe4N1pVzRhLJCZM8pBmF5LkJ3k7c5ZX6PkTT9s2PeSw0g/dHwofUZOSc2Rb9cj
LvjiSiJxhCPzltgpTMXXyZW4jcnAtf3Te1IoJ2CJvRiO49JzEy4nyDLFFJRR+M3H
et5I8aOPtpegDbgv3YYdgxG2dGtYuCghkp9MXLWaKLyg
-----END CERTIFICATE-----