Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/66908c-d5cb-47c8-bfce-c9c12b866078/1/gMDuNMP-dwna_4DUTcrE2pMCmTE.roa
File:                     gMDuNMP-dwna_4DUTcrE2pMCmTE.roa (raw, json)
Hash identifier:          bhW+HmUvlmix8E9B8uB1f7EfcgPZq0/l3/eYrLvxL54=
Subject key identifier:   80:C0:EE:34:C3:FE:77:09:DA:FF:80:D4:4D:CA:C4:DA:93:02:99:31
Certificate issuer:       /CN=98fd440cbbb04b969b92bb6b39c0bbb41634cd12
Certificate serial:       018CC6B929B78FA5D4108A80058C8C4A55A5
Authority key identifier: 98:FD:44:0C:BB:B0:4B:96:9B:92:BB:6B:39:C0:BB:B4:16:34:CD:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mP1EDLuwS5abkrtrOcC7tBY0zRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/66908c-d5cb-47c8-bfce-c9c12b866078/1/gMDuNMP-dwna_4DUTcrE2pMCmTE.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15547
IP address blocks:        91.212.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/66908c-d5cb-47c8-bfce-c9c12b866078/1/mP1EDLuwS5abkrtrOcC7tBY0zRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/66908c-d5cb-47c8-bfce-c9c12b866078/1/mP1EDLuwS5abkrtrOcC7tBY0zRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mP1EDLuwS5abkrtrOcC7tBY0zRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:29:b7:8f:a5:d4:10:8a:80:05:8c:8c:4a:55:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98fd440cbbb04b969b92bb6b39c0bbb41634cd12
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80c0ee34c3fe7709daff80d44dcac4da93029931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0a:3a:3c:0c:4e:ee:24:50:4f:f1:4d:9c:e4:
                    1b:1b:93:c8:42:cc:e0:39:94:8b:f1:f1:16:c0:87:
                    3c:a4:03:ad:3d:30:9e:5a:47:1b:ac:37:4f:2e:d4:
                    8b:1f:5a:98:13:80:4a:cc:fd:a5:54:12:ed:d1:54:
                    f9:49:f5:fc:0a:40:2e:aa:a3:e4:c6:b5:ff:14:01:
                    ab:00:17:1c:7d:e1:12:60:5a:f5:24:bc:20:35:9a:
                    95:16:42:d1:69:aa:35:3c:b3:ac:78:8e:68:38:a4:
                    78:ed:c9:01:7e:aa:e0:60:3f:fc:0c:22:b9:77:af:
                    6a:79:48:16:24:7e:0e:55:e9:0c:fe:2e:14:11:70:
                    e9:6c:5c:b2:10:77:d2:17:ad:6a:94:7f:f1:f9:9a:
                    79:2d:2c:7f:d7:92:3d:50:99:0a:47:57:d9:46:51:
                    e8:ee:77:d4:9f:7d:15:2d:8e:4e:d3:1c:81:43:09:
                    a6:8f:44:2f:d9:77:01:c4:c7:7e:bf:76:79:e1:39:
                    4d:66:50:bc:b9:64:e8:aa:8d:77:28:d3:a5:d7:56:
                    c1:0c:8f:24:b2:ce:f0:5f:69:b9:1a:b8:b2:c4:23:
                    84:88:0c:52:af:61:14:33:b9:96:26:f8:e0:b5:1a:
                    a9:f9:f5:a4:e7:df:11:dd:d5:39:98:46:6f:8f:40:
                    93:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C0:EE:34:C3:FE:77:09:DA:FF:80:D4:4D:CA:C4:DA:93:02:99:31
            X509v3 Authority Key Identifier:
                keyid:98:FD:44:0C:BB:B0:4B:96:9B:92:BB:6B:39:C0:BB:B4:16:34:CD:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mP1EDLuwS5abkrtrOcC7tBY0zRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/66908c-d5cb-47c8-bfce-c9c12b866078/1/gMDuNMP-dwna_4DUTcrE2pMCmTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/66908c-d5cb-47c8-bfce-c9c12b866078/1/mP1EDLuwS5abkrtrOcC7tBY0zRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:c3:fc:bb:81:f5:da:98:6f:3b:de:11:11:5c:21:1c:df:2c:
         7e:01:7b:03:fe:80:b6:95:1b:b7:57:44:71:11:07:c6:cf:94:
         a7:45:36:35:ac:a1:77:74:d2:e8:aa:6f:8f:d4:4f:c2:71:a4:
         08:b8:ef:2a:3f:b8:d4:22:cd:5d:fa:f2:2d:d7:ca:9e:e1:56:
         32:b8:41:97:a1:cc:48:cd:0e:48:63:a6:c8:5f:81:ce:62:3f:
         8f:4f:00:61:51:d3:05:f7:07:99:b0:4a:c1:82:0c:ba:9b:1c:
         45:39:38:e4:ff:1d:50:8e:69:05:46:eb:79:95:35:03:41:5e:
         e6:74:e4:f9:15:42:5c:06:68:4b:de:37:ce:62:cb:62:a6:f9:
         d7:6a:f3:71:37:2d:23:f5:ae:01:f2:0a:66:9f:b7:57:36:4e:
         16:f8:fc:3d:b3:e6:ba:52:57:51:8d:75:bb:ae:66:13:b6:c2:
         68:86:21:2b:7f:cb:15:4c:91:2e:be:a0:d4:a6:75:df:e8:85:
         ea:46:ab:81:a3:3c:7c:f7:b3:38:6b:f0:a5:21:58:5d:a7:8c:
         cb:22:01:9b:61:df:c7:61:96:5c:87:3f:d1:d8:be:77:50:d2:
         e7:19:d5:bb:c4:30:91:65:93:f2:70:2a:00:41:44:2c:e1:21:
         ff:ac:7d:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSm3j6XUEIqABYyMSlWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZmQ0NDBjYmJiMDRiOTY5YjkyYmI2YjM5YzBiYmI0MTYz
NGNkMTIwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMwZWUzNGMzZmU3NzA5ZGFmZjgwZDQ0ZGNhYzRkYTkzMDI5OTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngo6PAxO7iRQT/FNnOQbG5PIQszg
OZSL8fEWwIc8pAOtPTCeWkcbrDdPLtSLH1qYE4BKzP2lVBLt0VT5SfX8CkAuqqPk
xrX/FAGrABccfeESYFr1JLwgNZqVFkLRaao1PLOseI5oOKR47ckBfqrgYD/8DCK5
d69qeUgWJH4OVekM/i4UEXDpbFyyEHfSF61qlH/x+Zp5LSx/15I9UJkKR1fZRlHo
7nfUn30VLY5O0xyBQwmmj0Qv2XcBxMd+v3Z54TlNZlC8uWToqo13KNOl11bBDI8k
ss7wX2m5GriyxCOEiAxSr2EUM7mWJvjgtRqp+fWk598R3dU5mEZvj0CTWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDA7jTD/ncJ2v+A1E3KxNqTApkxMB8GA1UdIwQY
MBaAFJj9RAy7sEuWm5K7aznAu7QWNM0SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVAxRURMdXdTNWFia3J0ck9jQzd0QlkwelJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS82NjkwOGMtZDVjYi00N2M4LWJmY2Ut
YzljMTJiODY2MDc4LzEvZ01EdU5NUC1kd25hXzREVVRjckUycE1DbVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS82NjkwOGMtZDVjYi00N2M4LWJmY2UtYzljMTJiODY2MDc4
LzEvbVAxRURMdXdTNWFia3J0ck9jQzd0QlkwelJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SYMA0G
CSqGSIb3DQEBCwUAA4IBAQApw/y7gfXamG873hERXCEc3yx+AXsD/oC2lRu3V0Rx
EQfGz5SnRTY1rKF3dNLoqm+P1E/CcaQIuO8qP7jUIs1d+vIt18qe4VYyuEGXocxI
zQ5IY6bIX4HOYj+PTwBhUdMF9weZsErBggy6mxxFOTjk/x1QjmkFRut5lTUDQV7m
dOT5FUJcBmhL3jfOYstipvnXavNxNy0j9a4B8gpmn7dXNk4W+Pw9s+a6UldRjXW7
rmYTtsJohiErf8sVTJEuvqDUpnXf6IXqRquBozx897M4a/ClIVhdp4zLIgGbYd/H
YZZchz/R2L53UNLnGdW7xDCRZZPycCoAQUQs4SH/rH30
-----END CERTIFICATE-----