Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/MVUh0hcLIjE07dK8EAE-IOh5K_k.roa
File:                     MVUh0hcLIjE07dK8EAE-IOh5K_k.roa (raw, json)
Hash identifier:          h64Mn6MhkYZu/pWDLICKE5G2uu0K1bG/f4Qgol+8E+k=
Subject key identifier:   31:55:21:D2:17:0B:22:31:34:ED:D2:BC:10:01:3E:20:E8:79:2B:F9
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       019425FDA767B524714B732479651C7B87F9
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/MVUh0hcLIjE07dK8EAE-IOh5K_k.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47133
IP address blocks:        91.108.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a7:67:b5:24:71:4b:73:24:79:65:1c:7b:87:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=315521d2170b223134edd2bc10013e20e8792bf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:df:76:00:c0:a2:23:88:06:af:6e:7b:cb:5b:
                    0c:1e:60:fa:c0:0f:69:41:58:c8:71:b0:6a:49:8a:
                    f6:76:b1:22:a7:1f:26:e6:cd:46:fd:c3:11:4d:48:
                    87:b7:06:19:d6:1f:fe:cf:9b:eb:93:dd:0b:5d:6b:
                    33:5b:6a:99:a3:24:24:ab:fb:28:93:14:9a:60:80:
                    28:f6:d0:06:bf:e4:16:5f:53:f0:b4:c4:27:d3:81:
                    de:47:65:ba:03:16:f4:24:97:cf:9b:8e:b5:2d:0e:
                    95:8a:43:25:94:20:c8:a9:d9:86:50:bc:ae:51:5f:
                    98:88:a4:9f:90:00:d0:74:ec:06:2f:a7:a2:02:a1:
                    3b:13:d8:4b:fe:dc:eb:6c:e4:29:09:d2:b1:10:3f:
                    d5:ad:aa:04:78:d2:9d:61:29:c0:3c:8b:cd:1a:95:
                    ad:4f:fb:f9:71:9b:fc:d9:ac:61:a8:dd:2e:28:1f:
                    78:af:9c:14:d3:29:8c:7c:f2:f7:b9:29:57:f7:95:
                    7e:9a:90:e0:79:85:05:bc:51:10:55:05:c1:20:38:
                    5a:f7:be:d6:b2:73:42:62:6f:09:b8:0a:b4:5f:1a:
                    a6:a6:4a:d4:c2:17:41:f2:68:21:a2:88:54:88:0b:
                    d6:7b:13:6a:a9:d8:47:b3:ef:f4:85:dd:9a:eb:28:
                    03:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:55:21:D2:17:0B:22:31:34:ED:D2:BC:10:01:3E:20:E8:79:2B:F9
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/MVUh0hcLIjE07dK8EAE-IOh5K_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:2a:31:2b:fd:55:ae:89:42:38:c6:38:1d:50:8a:99:b1:e0:
         ca:79:cb:20:32:76:b3:ab:71:1a:70:65:c1:14:26:37:ad:c2:
         b8:85:d9:fa:65:6b:ee:a0:2e:c7:66:cb:7a:e6:d2:a7:bc:05:
         81:4c:38:bc:af:3b:a7:35:90:b9:93:5a:b7:83:ba:a9:84:c9:
         55:8f:f0:59:7f:bd:78:5f:91:be:d1:68:00:2b:6b:74:b1:a6:
         21:29:ae:78:64:85:00:20:d9:54:8b:d5:3f:8b:a1:04:ce:c7:
         39:e3:71:bd:69:ee:ed:5f:03:a0:a5:c1:ae:6f:21:f4:81:ff:
         3d:95:42:61:3c:2a:11:09:4d:39:f1:77:29:be:da:b9:94:36:
         d7:42:44:9b:0d:bf:9b:cf:67:dc:74:f5:04:71:7c:b1:29:5c:
         8f:1b:3a:5b:39:1e:86:aa:7a:83:9b:ce:42:b9:18:8f:e9:f7:
         71:27:88:44:7c:ae:b5:f2:14:2e:d7:3c:f5:7b:8b:c6:70:5a:
         d4:43:0e:96:7e:b5:a2:e3:14:ac:4f:23:d3:ac:89:7e:f8:31:
         60:46:6a:c5:fa:a4:b4:87:24:73:bf:25:67:f6:4a:a9:fa:07:
         41:54:1d:72:05:52:26:a1:ee:6f:52:4c:ca:61:bd:3d:84:30:
         4b:6a:7d:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/adntSRxS3MkeWUce4f5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTU1MjFkMjE3MGIyMjMxMzRlZGQyYmMxMDAxM2UyMGU4NzkyYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuN92AMCiI4gGr257y1sMHmD6wA9p
QVjIcbBqSYr2drEipx8m5s1G/cMRTUiHtwYZ1h/+z5vrk90LXWszW2qZoyQkq/so
kxSaYIAo9tAGv+QWX1PwtMQn04HeR2W6Axb0JJfPm461LQ6VikMllCDIqdmGULyu
UV+YiKSfkADQdOwGL6eiAqE7E9hL/tzrbOQpCdKxED/VraoEeNKdYSnAPIvNGpWt
T/v5cZv82axhqN0uKB94r5wU0ymMfPL3uSlX95V+mpDgeYUFvFEQVQXBIDha977W
snNCYm8JuAq0XxqmpkrUwhdB8mghoohUiAvWexNqqdhHs+/0hd2a6ygDuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFVIdIXCyIxNO3SvBABPiDoeSv5MB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvTVZVaDBoY0xJakUwN2RLOEVBRS1JT2g1S19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2wjMA0G
CSqGSIb3DQEBCwUAA4IBAQC0KjEr/VWuiUI4xjgdUIqZseDKecsgMnazq3EacGXB
FCY3rcK4hdn6ZWvuoC7HZst65tKnvAWBTDi8rzunNZC5k1q3g7qphMlVj/BZf714
X5G+0WgAK2t0saYhKa54ZIUAINlUi9U/i6EEzsc543G9ae7tXwOgpcGubyH0gf89
lUJhPCoRCU058Xcpvtq5lDbXQkSbDb+bz2fcdPUEcXyxKVyPGzpbOR6GqnqDm85C
uRiP6fdxJ4hEfK618hQu1zz1e4vGcFrUQw6WfrWi4xSsTyPTrIl++DFgRmrF+qS0
hyRzvyVn9kqp+gdBVB1yBVImoe5vUkzKYb09hDBLan3P
-----END CERTIFICATE-----