Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/b800M8UQE_ndSkfHQhV3cPUcjPM.roa
File:                     b800M8UQE_ndSkfHQhV3cPUcjPM.roa (raw, json)
Hash identifier:          MbkUQn3Ix8UmF2oKyZjDZOrZVxkNdqgLjfIY0GRvAPU=
Subject key identifier:   6F:CD:34:33:C5:10:13:F9:DD:4A:47:C7:42:15:77:70:F5:1C:8C:F3
Certificate issuer:       /CN=c2919334ad2ad53616c34fece96ce29230f86349
Certificate serial:       01942369FEFA827F61B75F2FF6129DB88984
Authority key identifier: C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/b800M8UQE_ndSkfHQhV3cPUcjPM.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15083
IP address blocks:        91.201.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fe:fa:82:7f:61:b7:5f:2f:f6:12:9d:b8:89:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2919334ad2ad53616c34fece96ce29230f86349
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fcd3433c51013f9dd4a47c742157770f51c8cf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:62:02:2a:79:22:e3:7e:f3:df:03:aa:8d:da:
                    3d:71:83:8e:e7:69:1f:f7:70:37:80:28:8f:1f:00:
                    28:66:a2:31:ba:da:e0:e1:d5:cc:0c:9a:54:fb:41:
                    67:77:90:fa:dd:44:38:c7:f7:68:0d:0a:cf:33:2b:
                    e3:d4:a6:71:ff:ed:97:c7:61:44:0a:c1:e2:04:71:
                    09:86:c2:c2:d9:00:88:91:10:d1:2b:4a:40:05:5a:
                    17:1d:12:63:ca:c9:a1:e2:61:5e:6e:01:ed:83:f9:
                    33:59:a8:32:57:42:2b:2f:09:88:f7:f0:cf:64:c5:
                    55:52:4d:f7:93:85:7a:22:f9:a6:51:19:4b:1e:d7:
                    63:59:75:93:b6:91:30:10:5f:e6:26:e7:9f:73:6e:
                    d6:88:75:69:43:14:9b:dd:99:8a:da:6f:c4:95:26:
                    78:ec:10:80:4a:b6:e5:7c:3a:d3:87:86:01:be:94:
                    0b:3e:22:21:79:e9:fc:70:74:dc:11:2d:f2:e7:f7:
                    d8:5f:03:65:c9:a6:06:81:93:96:ca:dd:e0:c2:f0:
                    7b:ae:f3:77:17:65:29:59:44:7e:5a:e7:03:1f:9c:
                    a7:60:a5:43:92:c8:d8:f0:fd:fc:1d:cd:3c:a6:88:
                    f5:63:69:55:b5:b4:2b:71:33:4f:e0:3c:85:21:a2:
                    b6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CD:34:33:C5:10:13:F9:DD:4A:47:C7:42:15:77:70:F5:1C:8C:F3
            X509v3 Authority Key Identifier:
                keyid:C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/b800M8UQE_ndSkfHQhV3cPUcjPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e3:03:b2:05:67:86:3e:d0:10:74:6c:f5:65:44:24:fa:eb:
         a0:9f:ef:b2:bc:77:27:09:bd:f1:13:2a:49:0f:73:c0:92:45:
         c6:c5:61:8d:16:d2:83:de:50:e1:e0:8e:c3:41:d4:6b:9e:5c:
         00:f4:03:6f:75:4d:73:34:75:c4:e0:42:4d:37:e6:f6:1e:58:
         2d:82:89:d3:85:40:be:af:d6:89:bd:21:da:5a:67:99:d8:2a:
         97:98:b0:1d:54:f7:13:b3:2a:da:eb:10:9c:4c:d7:d4:23:4f:
         f1:73:40:6f:45:95:17:83:72:d1:08:53:e8:70:86:43:1a:b7:
         c6:4d:d9:ca:6e:34:58:5f:60:e6:0f:37:c8:1b:a9:dd:d0:28:
         f9:5a:06:f8:d8:1f:2f:48:86:a6:e6:6f:b7:1e:b7:f4:6b:f4:
         30:a0:54:16:a6:d0:93:a3:fe:e8:7b:d1:c2:e8:61:55:99:7b:
         cc:fd:8d:43:df:34:ad:00:d6:c0:bf:15:2f:35:3e:77:af:c9:
         d7:9d:fb:13:dd:c8:13:4a:e5:b7:8b:2e:87:65:97:0d:60:12:
         61:69:50:35:c4:dd:52:1b:16:c6:8d:c0:94:3b:65:5f:27:a4:
         18:0b:53:2b:41:21:31:d6:a3:6e:69:27:56:60:d5:9e:13:0d:
         03:de:98:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaf76gn9ht18v9hKduImEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTE5MzM0YWQyYWQ1MzYxNmMzNGZlY2U5NmNlMjkyMzBm
ODYzNDkwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNkMzQzM2M1MTAxM2Y5ZGQ0YTQ3Yzc0MjE1Nzc3MGY1MWM4Y2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGICKnki437z3wOqjdo9cYOO52kf
93A3gCiPHwAoZqIxutrg4dXMDJpU+0Fnd5D63UQ4x/doDQrPMyvj1KZx/+2Xx2FE
CsHiBHEJhsLC2QCIkRDRK0pABVoXHRJjysmh4mFebgHtg/kzWagyV0IrLwmI9/DP
ZMVVUk33k4V6IvmmURlLHtdjWXWTtpEwEF/mJuefc27WiHVpQxSb3ZmK2m/ElSZ4
7BCASrblfDrTh4YBvpQLPiIheen8cHTcES3y5/fYXwNlyaYGgZOWyt3gwvB7rvN3
F2UpWUR+WucDH5ynYKVDksjY8P38Hc08poj1Y2lVtbQrcTNP4DyFIaK20wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/NNDPFEBP53UpHx0IVd3D1HIzzMB8GA1UdIwQY
MBaAFMKRkzStKtU2FsNP7Ols4pIw+GNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDIt
MTY1MzE4OGQ4MTI2LzEvYjgwME04VVFFX25kU2tmSFFoVjNjUFVjalBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDItMTY1MzE4OGQ4MTI2
LzEvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8lXMA0G
CSqGSIb3DQEBCwUAA4IBAQAo4wOyBWeGPtAQdGz1ZUQk+uugn++yvHcnCb3xEypJ
D3PAkkXGxWGNFtKD3lDh4I7DQdRrnlwA9ANvdU1zNHXE4EJNN+b2HlgtgonThUC+
r9aJvSHaWmeZ2CqXmLAdVPcTsyra6xCcTNfUI0/xc0BvRZUXg3LRCFPocIZDGrfG
TdnKbjRYX2DmDzfIG6nd0Cj5Wgb42B8vSIam5m+3Hrf0a/QwoFQWptCTo/7oe9HC
6GFVmXvM/Y1D3zStANbAvxUvNT53r8nXnfsT3cgTSuW3iy6HZZcNYBJhaVA1xN1S
GxbGjcCUO2VfJ6QYC1MrQSEx1qNuaSdWYNWeEw0D3pig
-----END CERTIFICATE-----