Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6cf5f4-3d60-41d7-ae1a-cbc331bfcdb2/1/MSRlVcrgT7Zi3Lnk3BdpHCy7cgM.roa
File:                     MSRlVcrgT7Zi3Lnk3BdpHCy7cgM.roa (raw, json)
Hash identifier:          F8gby1E/xKvlvjhd0/wWGig1uY8XA+Zi6VqZfiLhrJg=
Subject key identifier:   31:24:65:55:CA:E0:4F:B6:62:DC:B9:E4:DC:17:69:1C:2C:BB:72:03
Certificate issuer:       /CN=6e4428f7f17b19c15068cab939d377940e8d4c70
Certificate serial:       01912D42E6E69D0B808102B3FF75C37FFB51
Authority key identifier: 6E:44:28:F7:F1:7B:19:C1:50:68:CA:B9:39:D3:77:94:0E:8D:4C:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkQo9_F7GcFQaMq5OdN3lA6NTHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/6cf5f4-3d60-41d7-ae1a-cbc331bfcdb2/1/MSRlVcrgT7Zi3Lnk3BdpHCy7cgM.roa
Signing time:             Wed 07 Aug 2024 14:34:04 +0000
ROA not before:           Wed 07 Aug 2024 14:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49068
IP address blocks:        91.212.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/6cf5f4-3d60-41d7-ae1a-cbc331bfcdb2/1/bkQo9_F7GcFQaMq5OdN3lA6NTHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/6cf5f4-3d60-41d7-ae1a-cbc331bfcdb2/1/bkQo9_F7GcFQaMq5OdN3lA6NTHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bkQo9_F7GcFQaMq5OdN3lA6NTHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2d:42:e6:e6:9d:0b:80:81:02:b3:ff:75:c3:7f:fb:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e4428f7f17b19c15068cab939d377940e8d4c70
        Validity
            Not Before: Aug  7 14:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31246555cae04fb662dcb9e4dc17691c2cbb7203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:88:5e:04:37:b2:2d:0f:e8:cc:74:61:07:e6:
                    3d:93:93:fe:88:72:30:47:88:11:74:bc:9a:11:af:
                    8b:a0:12:73:d8:41:5c:2a:ac:7d:25:1c:a1:91:10:
                    70:b3:3c:4e:20:ba:1d:a5:96:8c:31:2c:ac:41:b9:
                    08:2b:1b:67:2a:9c:de:87:c0:ff:cf:18:43:33:bc:
                    c4:4e:fd:6b:ec:e5:e4:96:23:aa:ec:df:7e:de:8b:
                    b9:a3:4e:d9:9f:04:df:52:7e:a2:e6:7d:af:70:dd:
                    26:9c:cf:2b:af:15:c5:f9:4c:44:99:1d:f5:92:04:
                    de:83:87:b6:3b:d5:ca:ef:af:58:28:d1:9d:ee:b9:
                    1f:5a:22:9b:27:73:a9:4e:c8:46:49:c4:d7:9b:8f:
                    af:2f:14:ee:79:fd:61:67:c2:16:5e:67:94:e7:c8:
                    1b:a8:f6:43:d4:80:0f:f4:04:e2:33:0e:4a:1d:75:
                    4b:db:0d:ef:5c:5c:30:34:1f:d7:6e:50:57:fa:a5:
                    22:73:a0:8f:c9:63:36:b8:ea:1f:ba:dd:4c:1c:60:
                    31:71:41:42:c7:67:e6:e5:b6:7a:d5:ac:3d:2a:a4:
                    03:c5:02:1c:6c:36:b3:89:c6:69:50:c1:c7:9d:2f:
                    fa:f3:91:64:e4:78:8d:f5:76:bb:fd:54:59:f9:ce:
                    5e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:24:65:55:CA:E0:4F:B6:62:DC:B9:E4:DC:17:69:1C:2C:BB:72:03
            X509v3 Authority Key Identifier:
                keyid:6E:44:28:F7:F1:7B:19:C1:50:68:CA:B9:39:D3:77:94:0E:8D:4C:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkQo9_F7GcFQaMq5OdN3lA6NTHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6cf5f4-3d60-41d7-ae1a-cbc331bfcdb2/1/MSRlVcrgT7Zi3Lnk3BdpHCy7cgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6cf5f4-3d60-41d7-ae1a-cbc331bfcdb2/1/bkQo9_F7GcFQaMq5OdN3lA6NTHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:f4:27:84:11:ff:b6:55:b1:d9:e4:9e:7d:c2:54:5e:67:9f:
         fe:b1:53:9d:02:b6:27:ac:74:ba:1f:bb:6a:ce:44:6f:30:a1:
         a6:f6:79:29:e8:41:76:3e:8b:2e:71:24:b2:5d:40:e5:c3:ff:
         c3:6c:69:ff:6a:06:95:a9:64:be:81:7b:15:8e:38:2b:d2:78:
         93:42:50:41:cd:51:c8:a3:00:ff:67:87:95:40:a9:9c:3d:77:
         86:3e:af:01:64:06:59:67:64:d2:00:a9:7b:34:82:65:8a:42:
         d7:37:e5:b0:a3:82:90:8d:27:8c:36:36:7f:76:77:90:d4:83:
         1b:1b:ff:d6:1b:f6:a0:3a:fd:08:9a:fd:f9:24:96:a4:71:da:
         63:b4:a0:90:e0:2b:c5:59:9c:56:5f:bd:f7:05:67:6d:6c:62:
         b0:4e:38:60:85:53:af:f0:21:fc:9a:13:c3:ca:0e:df:c2:c6:
         fb:d3:27:27:85:61:08:11:11:1e:2e:88:9f:8c:3f:60:3a:47:
         b0:95:64:05:1e:91:e6:23:ef:d2:89:7c:c5:48:5b:a8:e8:05:
         4b:e5:4e:32:4b:28:c5:2b:00:ae:83:66:d9:c0:db:64:65:f6:
         de:44:0e:25:d7:0e:aa:8f:12:b0:68:ee:4a:bb:ac:93:ea:92:
         ee:21:55:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEtQubmnQuAgQKz/3XDf/tRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDQyOGY3ZjE3YjE5YzE1MDY4Y2FiOTM5ZDM3Nzk0MGU4
ZDRjNzAwHhcNMjQwODA3MTQzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI0NjU1NWNhZTA0ZmI2NjJkY2I5ZTRkYzE3NjkxYzJjYmI3MjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IheBDeyLQ/ozHRhB+Y9k5P+iHIw
R4gRdLyaEa+LoBJz2EFcKqx9JRyhkRBwszxOILodpZaMMSysQbkIKxtnKpzeh8D/
zxhDM7zETv1r7OXkliOq7N9+3ou5o07ZnwTfUn6i5n2vcN0mnM8rrxXF+UxEmR31
kgTeg4e2O9XK769YKNGd7rkfWiKbJ3OpTshGScTXm4+vLxTuef1hZ8IWXmeU58gb
qPZD1IAP9ATiMw5KHXVL2w3vXFwwNB/XblBX+qUic6CPyWM2uOofut1MHGAxcUFC
x2fm5bZ61aw9KqQDxQIcbDazicZpUMHHnS/685Fk5HiN9Xa7/VRZ+c5eoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEkZVXK4E+2Yty55NwXaRwsu3IDMB8GA1UdIwQY
MBaAFG5EKPfxexnBUGjKuTnTd5QOjUxwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtRbzlfRjdHY0ZRYU1xNU9kTjNsQTZOVEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82Y2Y1ZjQtM2Q2MC00MWQ3LWFlMWEt
Y2JjMzMxYmZjZGIyLzEvTVNSbFZjcmdUN1ppM0xuazNCZHBIQ3k3Y2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82Y2Y1ZjQtM2Q2MC00MWQ3LWFlMWEtY2JjMzMxYmZjZGIy
LzEvYmtRbzlfRjdHY0ZRYU1xNU9kTjNsQTZOVEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9R0MA0G
CSqGSIb3DQEBCwUAA4IBAQAy9CeEEf+2VbHZ5J59wlReZ5/+sVOdArYnrHS6H7tq
zkRvMKGm9nkp6EF2PosucSSyXUDlw//DbGn/agaVqWS+gXsVjjgr0niTQlBBzVHI
owD/Z4eVQKmcPXeGPq8BZAZZZ2TSAKl7NIJlikLXN+Wwo4KQjSeMNjZ/dneQ1IMb
G//WG/agOv0Imv35JJakcdpjtKCQ4CvFWZxWX733BWdtbGKwTjhghVOv8CH8mhPD
yg7fwsb70ycnhWEIEREeLoifjD9gOkewlWQFHpHmI+/SiXzFSFuo6AVL5U4ySyjF
KwCug2bZwNtkZfbeRA4l1w6qjxKwaO5Ku6yT6pLuIVWr
-----END CERTIFICATE-----