Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/1XXMsonda8YlQ1eSTS87-WTDvjk.roa
File:                     1XXMsonda8YlQ1eSTS87-WTDvjk.roa (raw, json)
Hash identifier:          Rh3YuvPKJyfRbM+2zvyeUDzF+D8lxjHkBrOyJUfyQCM=
Subject key identifier:   D5:75:CC:B2:89:DD:6B:C6:25:43:57:92:4D:2F:3B:F9:64:C3:BE:39
Certificate issuer:       /CN=6cb850deb28bdb2f655e2f1b02d37c13c6d43452
Certificate serial:       0191714FD386DE5FF6F750F9502D5AEA633D
Authority key identifier: 6C:B8:50:DE:B2:8B:DB:2F:65:5E:2F:1B:02:D3:7C:13:C6:D4:34:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/1XXMsonda8YlQ1eSTS87-WTDvjk.roa
Signing time:             Tue 20 Aug 2024 19:42:22 +0000
ROA not before:           Tue 20 Aug 2024 19:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56409
IP address blocks:        91.223.128.0/24 maxlen: 24
                          2001:67c:16f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:71:4f:d3:86:de:5f:f6:f7:50:f9:50:2d:5a:ea:63:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cb850deb28bdb2f655e2f1b02d37c13c6d43452
        Validity
            Not Before: Aug 20 19:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d575ccb289dd6bc6254357924d2f3bf964c3be39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:be:9d:54:ab:92:1d:3f:77:90:4d:51:63:0f:
                    01:99:db:45:9a:86:1c:00:4e:22:e3:d8:f8:e8:c9:
                    c4:0c:05:47:d0:6f:7b:5b:26:1d:7a:d7:6d:5e:fa:
                    be:26:aa:fa:67:7e:05:00:98:01:7a:f1:c3:6f:f0:
                    fb:b2:95:5d:1d:9c:23:10:1a:44:5d:37:a9:93:d2:
                    0b:87:f2:25:07:76:2d:5d:50:04:82:27:98:10:1b:
                    d0:77:09:14:a1:7d:a3:9d:13:2a:d2:df:70:0e:f2:
                    27:74:29:4b:49:c6:65:06:1f:5e:2e:e8:fd:6f:b4:
                    4a:70:19:ea:ac:3f:b7:27:4c:aa:a3:e7:33:1d:a9:
                    c1:ab:71:59:31:f3:df:15:9e:aa:46:f3:85:06:8b:
                    82:2c:ef:46:5e:80:da:ec:6d:81:85:48:64:7e:d8:
                    3e:98:a7:ec:d4:84:80:09:6c:da:da:e2:ca:3a:cc:
                    cc:49:be:b7:fb:5f:1f:bc:e2:f9:a2:93:32:02:fc:
                    b1:1a:bc:cc:3d:82:45:66:94:2b:63:7b:72:17:2e:
                    ff:6f:02:1a:ff:28:eb:d3:b9:f1:02:0d:59:dd:96:
                    9e:89:76:16:fb:5c:97:64:71:62:aa:10:cf:5d:21:
                    95:75:40:03:78:c2:5d:54:51:47:a8:c4:56:87:97:
                    52:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:75:CC:B2:89:DD:6B:C6:25:43:57:92:4D:2F:3B:F9:64:C3:BE:39
            X509v3 Authority Key Identifier:
                keyid:6C:B8:50:DE:B2:8B:DB:2F:65:5E:2F:1B:02:D3:7C:13:C6:D4:34:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/1XXMsonda8YlQ1eSTS87-WTDvjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.128.0/24
                IPv6:
                  2001:67c:16f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:b5:ed:13:cd:f4:1e:e2:1e:85:29:0b:78:b1:9b:6c:ca:d3:
         8a:f6:48:59:8e:f6:24:c4:b3:13:a3:49:74:85:ca:be:56:9a:
         c4:5b:d2:59:34:46:7d:67:f2:6c:35:02:c6:3d:65:93:1c:5c:
         90:bb:4c:64:f4:4b:0d:92:5d:29:a5:87:6e:31:1f:05:16:e0:
         b4:af:a5:66:35:35:53:4b:03:3e:8d:60:5b:f4:7b:f4:5d:ad:
         74:09:5f:9e:7f:aa:fc:bc:b3:2a:74:ac:d1:07:88:58:a8:da:
         c3:03:db:c6:2e:09:69:bc:22:18:2f:46:03:9c:c0:74:ab:7b:
         2f:2d:c7:ee:6c:d5:e6:b8:5c:28:8b:ca:7f:48:74:0b:1d:ae:
         73:38:5a:0d:25:a4:c2:e4:26:7e:b3:b0:81:94:1a:ec:56:c9:
         dd:1b:b4:5d:da:17:c8:71:1f:12:73:be:83:68:2e:a5:71:2e:
         77:12:ab:94:75:53:bd:73:43:04:a4:f8:3b:8f:d2:f3:c3:28:
         0a:89:fc:9b:60:11:e7:cf:84:6b:63:bf:21:9d:46:87:ad:5f:
         bb:96:37:3a:90:1d:8c:cb:1e:de:f2:f8:f6:67:f8:74:a7:f2:
         32:3a:62:bc:83:a1:0b:b2:07:ee:3d:52:47:c0:85:3b:0f:9b:
         b1:dc:4e:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZFxT9OG3l/291D5UC1a6mM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjg1MGRlYjI4YmRiMmY2NTVlMmYxYjAyZDM3YzEzYzZk
NDM0NTIwHhcNMjQwODIwMTk0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc1Y2NiMjg5ZGQ2YmM2MjU0MzU3OTI0ZDJmM2JmOTY0YzNiZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm76dVKuSHT93kE1RYw8BmdtFmoYc
AE4i49j46MnEDAVH0G97WyYdetdtXvq+Jqr6Z34FAJgBevHDb/D7spVdHZwjEBpE
XTepk9ILh/IlB3YtXVAEgieYEBvQdwkUoX2jnRMq0t9wDvIndClLScZlBh9eLuj9
b7RKcBnqrD+3J0yqo+czHanBq3FZMfPfFZ6qRvOFBouCLO9GXoDa7G2BhUhkftg+
mKfs1ISACWza2uLKOszMSb63+18fvOL5opMyAvyxGrzMPYJFZpQrY3tyFy7/bwIa
/yjr07nxAg1Z3ZaeiXYW+1yXZHFiqhDPXSGVdUADeMJdVFFHqMRWh5dSXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNV1zLKJ3WvGJUNXkk0vO/lkw745MB8GA1UdIwQY
MBaAFGy4UN6yi9svZV4vGwLTfBPG1DRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxoUTNyS0wyeTlsWGk4YkF0TjhFOGJVTkZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iMmQ3MGQtNDk1My00ZDYxLWI4Yzkt
ODhiMmQyY2Y3YzMxLzEvMVhYTXNvbmRhOFlsUTFlU1RTODctV1REdmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iMmQ3MGQtNDk1My00ZDYxLWI4YzktODhiMmQyY2Y3YzMx
LzEvYkxoUTNyS0wyeTlsWGk4YkF0TjhFOGJVTkZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9+AMA8E
AgACMAkDBwAgAQZ8FvAwDQYJKoZIhvcNAQELBQADggEBAAi17RPN9B7iHoUpC3ix
m2zK04r2SFmO9iTEsxOjSXSFyr5WmsRb0lk0Rn1n8mw1AsY9ZZMcXJC7TGT0Sw2S
XSmlh24xHwUW4LSvpWY1NVNLAz6NYFv0e/RdrXQJX55/qvy8syp0rNEHiFio2sMD
28YuCWm8IhgvRgOcwHSrey8tx+5s1ea4XCiLyn9IdAsdrnM4Wg0lpMLkJn6zsIGU
GuxWyd0btF3aF8hxHxJzvoNoLqVxLncSq5R1U71zQwSk+DuP0vPDKAqJ/JtgEefP
hGtjvyGdRoetX7uWNzqQHYzLHt7y+PZn+HSn8jI6YryDoQuyB+49UkfAhTsPm7Hc
TvQ=
-----END CERTIFICATE-----