Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/mmVE4vl5U-KpCkaYrjbA3e9WrXU.roa
File:                     mmVE4vl5U-KpCkaYrjbA3e9WrXU.roa (raw, json)
Hash identifier:          iiSPMcp8VArdMbKHuLvUBfaBvOzHuBmR6g2Fi1Q4ANk=
Subject key identifier:   9A:65:44:E2:F9:79:53:E2:A9:0A:46:98:AE:36:C0:DD:EF:56:AD:75
Certificate issuer:       /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial:       019121D3F63989FFB994BB2AE044BC813464
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/mmVE4vl5U-KpCkaYrjbA3e9WrXU.roa
Signing time:             Mon 05 Aug 2024 09:17:04 +0000
ROA not before:           Mon 05 Aug 2024 09:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42927
IP address blocks:        185.91.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:21:d3:f6:39:89:ff:b9:94:bb:2a:e0:44:bc:81:34:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
        Validity
            Not Before: Aug  5 09:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a6544e2f97953e2a90a4698ae36c0ddef56ad75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:22:88:11:9f:99:de:20:08:08:3c:6a:ed:4d:
                    42:80:45:d3:95:b7:0c:e3:80:1b:c8:9e:1e:47:9a:
                    e9:83:5a:7f:d1:65:32:28:54:c9:91:00:db:95:82:
                    be:35:ee:04:39:87:de:a5:1b:8b:68:55:27:d8:92:
                    21:d1:26:85:fe:12:17:9a:b8:38:00:e4:36:c3:37:
                    a6:b8:64:2d:61:59:75:44:33:42:9b:6a:eb:5b:04:
                    72:18:65:dd:3a:c5:e2:1d:d2:72:e1:6b:f8:8b:db:
                    f2:42:63:6d:96:df:10:d4:1c:ac:13:8f:bf:91:62:
                    ce:bc:8f:a5:41:f2:ae:c6:c6:f0:6f:b9:12:c7:84:
                    74:4f:5e:81:b9:85:8e:2f:ee:36:e9:cd:e8:ad:30:
                    b7:ad:f4:b9:82:5c:a9:88:26:b2:2d:49:03:e7:e4:
                    30:b7:62:48:f3:81:80:ee:4d:b5:09:48:83:79:ee:
                    67:29:29:e5:c7:34:76:d0:f9:dd:e5:0f:d8:89:ca:
                    57:db:98:8d:eb:63:b4:e8:9a:96:78:1a:52:be:b6:
                    5d:ba:5a:26:5f:1d:91:0e:2d:b8:d2:7f:67:cd:d2:
                    2e:44:92:b1:5a:dc:e8:87:78:5f:9e:52:48:a8:ab:
                    90:f4:33:3d:0e:df:e5:a8:24:92:8a:54:8f:3d:48:
                    dc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:65:44:E2:F9:79:53:E2:A9:0A:46:98:AE:36:C0:DD:EF:56:AD:75
            X509v3 Authority Key Identifier:
                keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/mmVE4vl5U-KpCkaYrjbA3e9WrXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:53:a7:36:56:cd:50:c4:01:e9:67:62:ae:bc:21:90:ca:a8:
         eb:e1:d0:df:fc:cd:01:b3:bf:9c:7a:66:89:e7:b4:7c:2d:f0:
         09:88:a2:83:14:51:c5:cb:ce:05:b2:06:78:24:6b:c5:d8:ef:
         b4:96:88:53:dd:a1:10:9b:a2:80:32:16:6c:8e:fc:4b:56:d9:
         58:b4:4c:b0:23:59:18:52:55:93:5e:5a:20:a9:89:d0:9d:73:
         a1:5f:75:42:33:b7:73:78:d6:ca:d9:60:94:bc:af:85:1a:cc:
         7e:9d:95:9a:49:07:6c:1c:33:38:54:49:ef:d2:9c:d5:26:a1:
         83:f6:b6:bd:e7:4e:34:57:04:6a:1c:7e:f8:55:c2:6f:72:52:
         83:11:82:af:11:20:b4:b1:d7:67:76:66:f9:c7:fc:1b:5e:b6:
         b4:8a:27:ab:d5:dd:a5:58:0e:0c:1f:ab:ca:e9:8d:ab:d8:37:
         84:f3:a2:8b:50:d5:c4:2c:c1:fb:fe:fb:38:e4:a5:90:a1:8c:
         d6:ce:66:36:9e:66:c5:5d:57:17:37:ed:c9:5e:b3:1e:f0:93:
         1a:3d:d9:2b:9a:73:30:af:22:84:f4:1c:bf:90:61:57:71:3f:
         71:81:4b:96:bf:f3:e9:5b:ca:bd:23:8c:e2:ee:a0:ca:f4:a3:
         e5:80:f0:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEh0/Y5if+5lLsq4ES8gTRkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTgzYjNhOTc1OGZjYmU3ODczM2Q5MTU1YWVkMjY2Yzg4
MmEyM2MwHhcNMjQwODA1MDkxNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTY1NDRlMmY5Nzk1M2UyYTkwYTQ2OThhZTM2YzBkZGVmNTZhZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSKIEZ+Z3iAICDxq7U1CgEXTlbcM
44AbyJ4eR5rpg1p/0WUyKFTJkQDblYK+Ne4EOYfepRuLaFUn2JIh0SaF/hIXmrg4
AOQ2wzemuGQtYVl1RDNCm2rrWwRyGGXdOsXiHdJy4Wv4i9vyQmNtlt8Q1BysE4+/
kWLOvI+lQfKuxsbwb7kSx4R0T16BuYWOL+426c3orTC3rfS5glypiCayLUkD5+Qw
t2JI84GA7k21CUiDee5nKSnlxzR20Pnd5Q/YicpX25iN62O06JqWeBpSvrZdulom
Xx2RDi240n9nzdIuRJKxWtzoh3hfnlJIqKuQ9DM9Dt/lqCSSilSPPUjcGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJplROL5eVPiqQpGmK42wN3vVq11MB8GA1UdIwQY
MBaAFMeYOzqXWPy+eHM9kVWu0mbIgqI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEt
MjM4NDA1ZjJjZGU5LzEvbW1WRTR2bDVVLUtwQ2thWXJqYkEzZTlXclhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEtMjM4NDA1ZjJjZGU5
LzEveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVvXMA0G
CSqGSIb3DQEBCwUAA4IBAQCNU6c2Vs1QxAHpZ2KuvCGQyqjr4dDf/M0Bs7+cemaJ
57R8LfAJiKKDFFHFy84FsgZ4JGvF2O+0lohT3aEQm6KAMhZsjvxLVtlYtEywI1kY
UlWTXlogqYnQnXOhX3VCM7dzeNbK2WCUvK+FGsx+nZWaSQdsHDM4VEnv0pzVJqGD
9ra95040VwRqHH74VcJvclKDEYKvESC0sddndmb5x/wbXra0iier1d2lWA4MH6vK
6Y2r2DeE86KLUNXELMH7/vs45KWQoYzWzmY2nmbFXVcXN+3JXrMe8JMaPdkrmnMw
ryKE9By/kGFXcT9xgUuWv/PpW8q9I4zi7qDK9KPlgPAs
-----END CERTIFICATE-----