Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/ml_p7lYFevyu__sVvFG4bCb03R0.roa
File:                     ml_p7lYFevyu__sVvFG4bCb03R0.roa (raw, json)
Hash identifier:          yMPZSpiXtVh9hTXd+yF6U3TDRXENWznfieRv1m6tVjw=
Subject key identifier:   9A:5F:E9:EE:56:05:7A:FC:AE:FF:FB:15:BC:51:B8:6C:26:F4:DD:1D
Certificate issuer:       /CN=8986e25683302c38270d0f90c4aad1519393d545
Certificate serial:       018CC5DC29DE8763027FFA5B3FA5DB326677
Authority key identifier: 89:86:E2:56:83:30:2C:38:27:0D:0F:90:C4:AA:D1:51:93:93:D5:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/ml_p7lYFevyu__sVvFG4bCb03R0.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48854
IP address blocks:        91.239.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:29:de:87:63:02:7f:fa:5b:3f:a5:db:32:66:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8986e25683302c38270d0f90c4aad1519393d545
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a5fe9ee56057afcaefffb15bc51b86c26f4dd1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:74:36:4f:f0:24:6b:40:52:ca:f8:2c:cb:dc:
                    3a:4b:d5:c1:9f:9b:c6:2c:05:76:16:f5:ee:a3:80:
                    1b:2d:57:b4:10:55:57:bf:45:7f:b4:44:a5:b7:db:
                    0b:44:82:9f:d9:11:cc:81:a2:df:ad:0e:89:74:5e:
                    31:b1:10:0b:b9:6f:0a:fe:98:a8:a6:47:e5:af:dc:
                    3d:bb:f2:8c:53:7b:fa:4f:02:06:38:f3:15:7a:be:
                    1c:7e:5c:84:7d:98:b6:b4:cb:95:13:d5:a7:26:54:
                    d5:ef:8a:46:8d:ec:bd:8d:3d:e2:5d:f5:38:d2:ee:
                    23:4a:fa:8b:f8:1d:fe:f4:0e:ed:fd:5b:64:ba:1d:
                    40:6c:b4:57:dd:0c:99:1a:2a:40:b8:09:be:80:09:
                    ae:30:09:88:0b:77:de:fd:5c:35:55:52:6e:33:ce:
                    c0:52:4d:37:10:c7:3d:98:b6:08:e2:82:8e:8d:df:
                    48:dd:81:da:ac:ae:3c:41:e4:74:4e:71:6b:7e:1c:
                    a3:66:b5:2b:4f:b6:ff:00:4b:ab:16:20:46:52:da:
                    c7:ef:a4:cf:01:ff:d6:66:4f:7f:fd:a9:c1:79:b5:
                    e0:a7:87:fa:5a:42:3d:11:7a:36:0f:7c:d1:9d:ca:
                    22:46:10:30:8a:41:d9:7e:c3:1f:23:13:00:29:8a:
                    c5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:5F:E9:EE:56:05:7A:FC:AE:FF:FB:15:BC:51:B8:6C:26:F4:DD:1D
            X509v3 Authority Key Identifier:
                keyid:89:86:E2:56:83:30:2C:38:27:0D:0F:90:C4:AA:D1:51:93:93:D5:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/ml_p7lYFevyu__sVvFG4bCb03R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/dcf559-afb4-46b9-b2d5-937dcff51e2d/1/iYbiVoMwLDgnDQ-QxKrRUZOT1UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:95:1d:9c:ff:f4:a1:7d:9a:31:26:4b:35:13:fe:f7:63:a1:
         2f:03:ca:9f:0f:ce:2f:bd:03:60:3c:79:6d:96:96:0f:79:59:
         9f:1b:9e:ed:27:bf:f1:ab:f0:11:b3:ad:10:f8:fb:19:e1:c4:
         66:1f:3f:4b:b8:37:36:0e:9d:9a:7e:a1:ab:56:6b:f8:04:32:
         da:a2:dc:30:1c:71:37:52:8b:84:3a:f4:30:58:83:46:67:32:
         e7:26:af:13:d9:78:a6:7e:f4:dc:32:b1:29:9e:73:db:bb:53:
         c9:0e:a0:af:9a:92:d8:83:84:f2:74:74:71:92:ae:41:7e:36:
         d0:82:f9:6c:2f:9c:25:8d:36:b7:3b:a4:23:4d:b8:f9:9f:3e:
         c8:e7:ef:51:54:15:6d:17:db:4e:e0:cf:78:d6:5e:85:22:4f:
         15:b4:ac:40:8d:d6:9f:75:14:c8:de:29:5d:b1:da:e3:cb:66:
         a8:e4:a2:fd:2d:33:6b:7c:40:9d:c1:bf:2b:ee:85:9a:7b:ec:
         38:e1:70:e7:95:7b:54:bd:6f:56:32:3d:d6:a0:e3:d2:a4:99:
         b2:d6:42:36:4c:09:68:12:e3:17:45:79:92:d5:e7:f4:2d:c1:
         bb:4c:df:47:e5:54:a6:d2:7b:68:98:a8:a4:fc:4f:29:38:64:
         ee:82:e6:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Cneh2MCf/pbP6XbMmZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ODZlMjU2ODMzMDJjMzgyNzBkMGY5MGM0YWFkMTUxOTM5
M2Q1NDUwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTVmZTllZTU2MDU3YWZjYWVmZmZiMTViYzUxYjg2YzI2ZjRkZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3Q2T/Aka0BSyvgsy9w6S9XBn5vG
LAV2FvXuo4AbLVe0EFVXv0V/tESlt9sLRIKf2RHMgaLfrQ6JdF4xsRALuW8K/pio
pkflr9w9u/KMU3v6TwIGOPMVer4cflyEfZi2tMuVE9WnJlTV74pGjey9jT3iXfU4
0u4jSvqL+B3+9A7t/Vtkuh1AbLRX3QyZGipAuAm+gAmuMAmIC3fe/Vw1VVJuM87A
Uk03EMc9mLYI4oKOjd9I3YHarK48QeR0TnFrfhyjZrUrT7b/AEurFiBGUtrH76TP
Af/WZk9//anBebXgp4f6WkI9EXo2D3zRncoiRhAwikHZfsMfIxMAKYrFHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpf6e5WBXr8rv/7FbxRuGwm9N0dMB8GA1UdIwQY
MBaAFImG4laDMCw4Jw0PkMSq0VGTk9VFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVliaVZvTXdMRGduRFEtUXhLclJVWk9UMVVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9kY2Y1NTktYWZiNC00NmI5LWIyZDUt
OTM3ZGNmZjUxZTJkLzEvbWxfcDdsWUZldnl1X19zVnZGRzRiQ2IwM1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9kY2Y1NTktYWZiNC00NmI5LWIyZDUtOTM3ZGNmZjUxZTJk
LzEvaVliaVZvTXdMRGduRFEtUXhLclJVWk9UMVVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+96MA0G
CSqGSIb3DQEBCwUAA4IBAQBelR2c//ShfZoxJks1E/73Y6EvA8qfD84vvQNgPHlt
lpYPeVmfG57tJ7/xq/ARs60Q+PsZ4cRmHz9LuDc2Dp2afqGrVmv4BDLaotwwHHE3
UouEOvQwWINGZzLnJq8T2XimfvTcMrEpnnPbu1PJDqCvmpLYg4TydHRxkq5BfjbQ
gvlsL5wljTa3O6QjTbj5nz7I5+9RVBVtF9tO4M941l6FIk8VtKxAjdafdRTI3ild
sdrjy2ao5KL9LTNrfECdwb8r7oWae+w44XDnlXtUvW9WMj3WoOPSpJmy1kI2TAlo
EuMXRXmS1ef0LcG7TN9H5VSm0ntomKik/E8pOGTuguaD
-----END CERTIFICATE-----