Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/8dQ0OiRLtZPhu3GEjEb_mugx5KE.roa
File:                     8dQ0OiRLtZPhu3GEjEb_mugx5KE.roa (raw, json)
Hash identifier:          89OURcYF/hYXZlt3wuPoB9EB6Vna11HJsZwd0rNl1Eo=
Subject key identifier:   F1:D4:34:3A:24:4B:B5:93:E1:BB:71:84:8C:46:FF:9A:E8:31:E4:A1
Certificate issuer:       /CN=6fde440c14d9766503cb5c91b950b81062d11029
Certificate serial:       0194266AECAAB69227E453C9342488B06080
Authority key identifier: 6F:DE:44:0C:14:D9:76:65:03:CB:5C:91:B9:50:B8:10:62:D1:10:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b95EDBTZdmUDy1yRuVC4EGLRECk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/8dQ0OiRLtZPhu3GEjEb_mugx5KE.roa
Signing time:             Thu 02 Jan 2025 09:48:49 +0000
ROA not before:           Thu 02 Jan 2025 09:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48868
IP address blocks:        91.209.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/b95EDBTZdmUDy1yRuVC4EGLRECk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/b95EDBTZdmUDy1yRuVC4EGLRECk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b95EDBTZdmUDy1yRuVC4EGLRECk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:ec:aa:b6:92:27:e4:53:c9:34:24:88:b0:60:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fde440c14d9766503cb5c91b950b81062d11029
        Validity
            Not Before: Jan  2 09:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1d4343a244bb593e1bb71848c46ff9ae831e4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:68:5f:e4:2a:02:e2:aa:37:9d:40:c2:77:6e:
                    38:b5:4a:87:1c:7a:4d:30:29:d9:30:8c:49:b8:fa:
                    63:2e:cb:62:b2:6d:20:4f:60:b8:6c:2f:c4:84:18:
                    11:69:80:55:36:76:1f:d5:fd:5d:b6:ea:8e:24:f3:
                    2b:88:bc:9a:13:69:97:23:0c:ba:4a:53:b5:2c:3d:
                    08:1d:11:cc:54:51:0a:62:18:bd:52:fe:10:60:57:
                    92:8a:7c:2d:0d:0a:bd:2c:b4:24:cb:c7:9b:f6:1d:
                    d0:12:3c:17:63:28:5f:8a:e9:b9:13:41:a5:ef:f2:
                    9b:03:19:b8:ed:55:c1:7f:e6:16:a3:d7:71:30:f9:
                    d5:29:fa:80:bd:5f:5d:86:3f:a6:ad:c5:b5:e7:64:
                    d9:dd:e0:4e:0d:5d:0b:90:f5:10:5d:ce:c2:c4:cc:
                    f4:b1:b1:5f:80:c9:19:c5:ff:95:3d:5b:87:64:2f:
                    aa:1d:42:f2:43:3f:ec:82:f2:59:d9:b6:61:4b:f5:
                    8e:85:84:fe:d6:0b:5a:19:f2:ea:2c:e7:c9:e2:80:
                    35:97:c4:83:e6:a2:e4:f9:c3:eb:ae:6d:a8:22:eb:
                    3b:b8:e4:7d:05:38:7b:6d:a9:6e:76:d0:98:63:68:
                    9c:32:44:62:65:3e:9d:9f:d0:e6:dd:74:cf:30:12:
                    8d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D4:34:3A:24:4B:B5:93:E1:BB:71:84:8C:46:FF:9A:E8:31:E4:A1
            X509v3 Authority Key Identifier:
                keyid:6F:DE:44:0C:14:D9:76:65:03:CB:5C:91:B9:50:B8:10:62:D1:10:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b95EDBTZdmUDy1yRuVC4EGLRECk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/8dQ0OiRLtZPhu3GEjEb_mugx5KE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/119951-0959-4c13-9a0e-98128eea3a65/1/b95EDBTZdmUDy1yRuVC4EGLRECk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:d2:f0:10:52:32:ec:fc:9c:bf:f4:b6:52:e8:7e:4e:af:37:
         8c:36:e2:f3:ab:54:20:b3:e7:bb:cb:51:b2:69:12:47:a3:73:
         f0:3a:0b:57:f9:41:08:57:f8:69:9d:78:73:0d:35:5b:ed:33:
         5b:51:d1:34:0a:46:e2:d3:89:00:8e:06:fd:f8:85:f9:01:f7:
         7e:70:dd:c3:ff:1f:88:f7:5b:1c:f6:91:d8:7e:fe:91:97:4f:
         96:6f:e1:49:59:b2:5b:28:35:84:ce:1a:aa:46:06:49:b3:17:
         70:a6:01:4e:ca:8a:8e:fc:67:52:8c:9c:eb:25:48:5f:f6:fd:
         49:2e:d0:cb:11:30:c6:10:ac:e4:5d:47:b1:ae:b3:ca:5c:5b:
         dd:f2:32:cf:2a:b3:a9:9f:a8:d9:6c:f9:c8:27:b1:60:2a:13:
         e6:c5:da:ac:89:49:2e:e0:60:18:4d:0e:88:7f:48:c8:b6:ce:
         57:e9:2c:07:f7:d5:e2:a4:e1:40:eb:14:72:f5:e4:35:f0:43:
         0c:be:3b:df:50:28:fd:e1:ff:bb:d7:ac:26:cd:f7:d7:4b:3c:
         d7:d8:bc:5c:0e:d7:82:c1:54:06:8a:c2:54:c6:58:f4:0b:70:
         83:fa:d5:d6:79:42:18:db:55:4f:a7:26:1e:6d:d2:cc:66:64:
         be:ef:19:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmauyqtpIn5FPJNCSIsGCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZGU0NDBjMTRkOTc2NjUwM2NiNWM5MWI5NTBiODEwNjJk
MTEwMjkwHhcNMjUwMTAyMDk0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ0MzQzYTI0NGJiNTkzZTFiYjcxODQ4YzQ2ZmY5YWU4MzFlNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62hf5CoC4qo3nUDCd244tUqHHHpN
MCnZMIxJuPpjLstism0gT2C4bC/EhBgRaYBVNnYf1f1dtuqOJPMriLyaE2mXIwy6
SlO1LD0IHRHMVFEKYhi9Uv4QYFeSinwtDQq9LLQky8eb9h3QEjwXYyhfium5E0Gl
7/KbAxm47VXBf+YWo9dxMPnVKfqAvV9dhj+mrcW152TZ3eBODV0LkPUQXc7CxMz0
sbFfgMkZxf+VPVuHZC+qHULyQz/sgvJZ2bZhS/WOhYT+1gtaGfLqLOfJ4oA1l8SD
5qLk+cPrrm2oIus7uOR9BTh7baludtCYY2icMkRiZT6dn9Dm3XTPMBKNgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHUNDokS7WT4btxhIxG/5roMeShMB8GA1UdIwQY
MBaAFG/eRAwU2XZlA8tckblQuBBi0RApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjk1RURCVFpkbVVEeTF5UnVWQzRFR0xSRUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xMTk5NTEtMDk1OS00YzEzLTlhMGUt
OTgxMjhlZWEzYTY1LzEvOGRRME9pUkx0WlBodTNHRWpFYl9tdWd4NUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xMTk5NTEtMDk1OS00YzEzLTlhMGUtOTgxMjhlZWEzYTY1
LzEvYjk1RURCVFpkbVVEeTF5UnVWQzRFR0xSRUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9HzMA0G
CSqGSIb3DQEBCwUAA4IBAQB00vAQUjLs/Jy/9LZS6H5OrzeMNuLzq1Qgs+e7y1Gy
aRJHo3PwOgtX+UEIV/hpnXhzDTVb7TNbUdE0Ckbi04kAjgb9+IX5Afd+cN3D/x+I
91sc9pHYfv6Rl0+Wb+FJWbJbKDWEzhqqRgZJsxdwpgFOyoqO/GdSjJzrJUhf9v1J
LtDLETDGEKzkXUexrrPKXFvd8jLPKrOpn6jZbPnIJ7FgKhPmxdqsiUku4GAYTQ6I
f0jIts5X6SwH99XipOFA6xRy9eQ18EMMvjvfUCj94f+716wmzffXSzzX2LxcDteC
wVQGisJUxlj0C3CD+tXWeUIY21VPpyYebdLMZmS+7xlE
-----END CERTIFICATE-----