Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/mldZ02SgByZkxb9-hN-tKmR0o0s.roa
File:                     mldZ02SgByZkxb9-hN-tKmR0o0s.roa (raw, json)
Hash identifier:          DrkW1wHvYpTjqDlBZkGq/sAaUPB7borOxMsYKMVFock=
Subject key identifier:   9A:57:59:D3:64:A0:07:26:64:C5:BF:7E:84:DF:AD:2A:64:74:A3:4B
Certificate issuer:       /CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
Certificate serial:       0194282625A765945B1DB9323E95D182C3BB
Authority key identifier: 36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/mldZ02SgByZkxb9-hN-tKmR0o0s.roa
Signing time:             Thu 02 Jan 2025 17:52:56 +0000
ROA not before:           Thu 02 Jan 2025 17:52:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.239.147.0/24 maxlen: 24
                          2001:67c:1240::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:25:a7:65:94:5b:1d:b9:32:3e:95:d1:82:c3:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
        Validity
            Not Before: Jan  2 17:52:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a5759d364a0072664c5bf7e84dfad2a6474a34b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7e:a8:95:c9:2c:6b:32:c3:2b:41:1c:4f:ee:
                    e4:ca:95:bb:00:ee:81:54:1f:e9:09:b3:37:56:a5:
                    e8:4e:be:23:32:8c:31:14:5d:0a:05:b9:23:7a:69:
                    ad:d1:09:12:e5:22:bc:dc:d0:dc:73:da:fd:74:21:
                    8a:7e:36:e3:9f:04:32:0a:b5:9a:2c:4e:fa:98:fe:
                    fe:95:e5:74:3c:80:81:1c:b8:b2:f2:f7:0e:c4:fa:
                    19:f7:ae:7e:7f:bc:02:bf:7e:e9:dd:25:33:85:a1:
                    56:4e:b6:d5:71:ce:92:47:b6:84:2b:c3:f7:5d:05:
                    a6:00:28:7f:d0:70:6c:86:61:e6:9b:89:43:03:2c:
                    b0:f7:89:a9:80:f6:d4:17:50:df:9b:3e:e5:3f:3a:
                    f6:47:c8:76:00:01:aa:57:98:b5:27:45:a7:69:43:
                    14:59:1d:86:4e:74:31:dd:cb:17:8e:cd:68:f1:75:
                    cc:40:de:98:af:cf:96:96:e8:38:e0:bf:fa:a3:65:
                    a9:db:9d:2e:09:21:4e:57:38:ec:5e:6f:1b:6e:da:
                    e0:53:69:1e:22:1d:51:1e:2a:ed:86:e9:5c:ac:48:
                    0d:0e:21:e6:5f:8f:18:f8:15:19:3a:7e:2f:81:d5:
                    7c:f9:ad:79:d1:7d:69:3c:34:ad:c7:5d:aa:18:a5:
                    36:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:57:59:D3:64:A0:07:26:64:C5:BF:7E:84:DF:AD:2A:64:74:A3:4B
            X509v3 Authority Key Identifier:
                keyid:36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/mldZ02SgByZkxb9-hN-tKmR0o0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.147.0/24
                IPv6:
                  2001:67c:1240::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:5f:c1:8e:31:78:f8:be:b2:0d:79:b1:09:ff:24:0b:0d:4e:
         f1:1d:df:99:65:ba:1b:0f:15:2d:7b:43:71:ef:14:cd:4f:67:
         33:cb:6e:7a:d0:82:42:63:79:b1:92:8f:6b:50:0a:e3:9d:19:
         b9:61:bc:3d:64:74:9e:db:f1:50:fb:c0:6a:3c:14:d6:8c:6f:
         f1:ea:8f:0d:7f:70:7c:fc:d6:41:72:b8:72:a2:86:0e:0f:24:
         a8:2a:84:a4:84:e7:b6:7d:7a:8b:4b:41:52:c3:24:23:be:49:
         35:d5:9a:0d:4f:5f:1d:51:1b:dd:38:d7:0c:f3:4d:7d:b7:bc:
         db:c4:af:11:3e:a1:7c:27:1d:16:da:73:28:c8:74:fe:1c:e1:
         de:1e:d7:6b:bf:88:b9:53:e1:b1:f6:37:8d:59:2a:03:c2:45:
         12:c9:c9:30:b5:d0:15:f9:69:d4:b0:74:ce:b8:22:65:e6:45:
         60:a7:2b:54:88:51:6a:fc:fe:d8:9e:99:be:d1:87:50:7f:bc:
         e2:03:2c:94:18:12:ea:7a:ee:07:ac:5e:cf:56:11:06:66:bf:
         ec:cf:8d:f1:ed:81:69:d7:12:bc:da:77:9c:ff:90:bc:87:68:
         03:84:d2:51:4a:a7:0e:ae:51:02:4f:4b:b2:60:27:cd:1b:8d:
         86:a8:84:ed
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJiWnZZRbHbkyPpXRgsO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MWFkZjU3YzhkY2I3YmZkMzRlOWFlY2Q4M2UzNjM0MmVj
M2EzYzkwHhcNMjUwMTAyMTc1MjU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTU3NTlkMzY0YTAwNzI2NjRjNWJmN2U4NGRmYWQyYTY0NzRhMzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj36olcksazLDK0EcT+7kypW7AO6B
VB/pCbM3VqXoTr4jMowxFF0KBbkjemmt0QkS5SK83NDcc9r9dCGKfjbjnwQyCrWa
LE76mP7+leV0PICBHLiy8vcOxPoZ965+f7wCv37p3SUzhaFWTrbVcc6SR7aEK8P3
XQWmACh/0HBshmHmm4lDAyyw94mpgPbUF1Dfmz7lPzr2R8h2AAGqV5i1J0WnaUMU
WR2GTnQx3csXjs1o8XXMQN6Yr8+Wlug44L/6o2Wp250uCSFOVzjsXm8bbtrgU2ke
Ih1RHirthulcrEgNDiHmX48Y+BUZOn4vgdV8+a150X1pPDStx12qGKU29wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJpXWdNkoAcmZMW/foTfrSpkdKNLMB8GA1UdIwQY
MBaAFDYa31fI3Le/006a7Ng+NjQuw6PJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmIt
MWExODczOGI0NzQxLzEvbWxkWjAyU2dCeVpreGI5LWhOLXRLbVIwbzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmItMWExODczOGI0NzQx
LzEvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW++TMA8E
AgACMAkDBwAgAQZ8EkAwDQYJKoZIhvcNAQELBQADggEBAKdfwY4xePi+sg15sQn/
JAsNTvEd35lluhsPFS17Q3HvFM1PZzPLbnrQgkJjebGSj2tQCuOdGblhvD1kdJ7b
8VD7wGo8FNaMb/Hqjw1/cHz81kFyuHKihg4PJKgqhKSE57Z9eotLQVLDJCO+STXV
mg1PXx1RG9041wzzTX23vNvErxE+oXwnHRbacyjIdP4c4d4e12u/iLlT4bH2N41Z
KgPCRRLJyTC10BX5adSwdM64ImXmRWCnK1SIUWr8/tiemb7Rh1B/vOIDLJQYEup6
7gesXs9WEQZmv+zPjfHtgWnXErzad5z/kLyHaAOE0lFKpw6uUQJPS7JgJ80bjYao
hO0=
-----END CERTIFICATE-----